Install the TS Gateway Role Service
The
TS Gateway role service requires that IIS already be installed on the
server where you will install TS Gateway. This role service also
installs additional components in IIS. To install the TS Gateway role
service, perform the following steps:
1. | In Server Manager go to the Terminal Server role, scroll down to the role services, and click Add Role Services.
| 2. | Choose
the TS Gateway role service. The Add Role Services and Features pop-up
box appears. This pop-up explains the additional role services and
features that must be installed in order to install TS Gateway. Click
Add Required Role Services and then click Next.
| 3. | The
next screen is for the Server Authentication Certificate. TS Gateway
uses the SSL protocol for encrypting network traffic. The recommended
method is to choose an existing SSL certificate, which can be issued by
an external Certificate Authority (CA) or issued by your internal CA.
You can create a self-signed certificate from this terminal server.
This certificate must be added manually to each client that will
connect to the terminal server. The last option is to choose to assign
an SSL certificate later. Choose this option if you plan to request a
certificate from a CA and will import it later. TS Gateway requires
that a valid SSL certificate be configured on the server before it will
function. Click Next.
| 4. | Create
Terminal Services connection authorization policies (TS CAPs) and
Terminal Services resource authorization policies (TS RAPs).
Note
TS
CAPs let you specify the users who can connect to this TS Gateway
server. TS RAPs let you specify User Groups and the computers they can
connect to through TS Gateway.
You can choose to
create the authorization policies now or later. Users cannot access
resources through TS Gateway until TS CAPs and TS RAPs have been
created. Choose to set up authorization policies now and click Next.
| 5. | Select
and Add the User Groups that can connect through TS Gateway. The
Administrators group is the default. Add other user groups to allow
users to access resources through TS Gateway. Click Next.
| 6. | Create
a TS CAP in this screen, enter a name for this TS CAP, and choose to
authenticate via password, smart card, or both. Click Next.
| 7. | Create
a TS RAP in this screen, enter a name for this TS RAP, and then specify
which computers are accessible. You can choose to allow access to
computers in a particular group, or you can choose to allow access to
any computer through Remote Desktop. Click Next.
| 8. | Next
is the Network Policy and Access Services informational screen, which
provides an Introduction to Network Policy and Access Services, Things
to Note, and links to additional information. Click Next.
| 9. | Choose the role services for Network Policy and Access Services. These are the choices:
- Network Policy Server (NPS):
You can create and enforce network access policies for clients, and you
can set organizationwide policies for client health and for
connection-request authentication and authorization. You can also
deploy Network Access Protection (NAP) in your organization.
- Routing and Remote Access Services (RRAS): This
role service provides users access to resources over a VPN connection.
It is made up of two parts: the Remote Access Service, which provides
access to an internal network through a VPN, and the Routing portion,
which provides support for NAT, RIP, and multicast routers.
- Health Registration Adding Authority (HRA):
This role service validates requests from clients and issues health
certificates for connectivity to resources for clients who meet the
health criteria. Adding HRA requires the additional step of selecting a
valid CA before HRA is functional.
- Host Credential Authorization Protocol (HCAP):
This role service allows you to integrate Microsoft’s NAP solution with
Cisco’s NAP solution. Deploying HCAP, NPS, and NAP allows NPS to
perform authorization of Cisco Network Access Control clients. To add
HCAP, you must assign a CA-issued SSL certificate before HCAP is
functional.
Choose the Network Policy and Access Services you want to add to your terminal servers and click Next.
| 10. | The
next screen is another information screen about IIS. It includes an
introduction to IIS, Things to Note, and links to Additional Resources.
When you are ready to proceed, click Next.
| 11. | TS Gateway adds the additional IIS role services (see Figure 1)
necessary to make TS Gateway function. Some selections are added based
on how you have configured TS Gateway. Check these services and Click
Next.
Note
It
is important to confirm all your installation selections in this
screen. Ensure that all the parts that are necessary have been added
and are configured correctly.
| 12. | This
screen can be printed, e-mailed, or saved to refer to later, if
necessary. When you are sure the selections are correct, click Install.
| 13. | Check that all the components installed correctly and pay special attention to any informational alerts that exist. Click Close.
|
Install the TS Web Access Role Service
To install the TS Web Access role service, perform the following steps:
1. | In Server Manager, go to the Terminal Server role, scroll down to the role services, and click Add Role Services.
| 2. | Choose the TS Web Access role service and then click Next.
Note
If
all the necessary services are not installed, you will receive the
Additional Role Services pop-up. When you accept this, the Web Server
IIS page appears. After reading the Things to Note and Additional
Information page, click Next.
| 3. | In
the Confirm Selections screen, take note of the default web access
site, which is generally http://<servername>/ts. Click Install.
| 4. | When the results screen show that the installation has succeeded, click Close and restart the server. |
|