MCTS Windows 7 Configuration Migrating Objects

03.02.2012 | Author: Devon Aoki | Posted in Business and Industry
Print Email More

Terminal Services Gateway servers are a new and extremely neat feature available only in Windows Server 2008; they allow external clients to connect to internal Terminal Services servers via a gateway that redirects traffic to the appropriate areas of an infrastructure. Before the days of TS Gateway servers, users had to connect directly to Terminal Services within the infrastructure via a virtual A+ Certification private network.

This could get unwieldy, because you could authenticate only to the Terminal Services server after the VPN was engaged and authenticated. This was tiring and more than a little tedious. So, part of the goal of Windows Server 2008 was to create a secure system of com- munication that allows for single sign-ons in one location that authenticate throughout the enterprise. In the following sections, we?ll brie?y review some of the technology concepts used in Terminal Services Gateway servers and then discuss the role they play in the enter- prise in terms of placement.

You can access Terminal Services Gateway servers in one of two ways. The first is via Remote Desktop Protocol (RDP), and the second is via RDP over HTTPS. Each of these has ben- e?ts and restrictions, which are outlined in Table 4.1.

TABLE 4.1 TS Gateway Protocols
Authentication Method Advantages Disadvantages
TS Gateway RDP Easy to set up Requires port 3389 to
be open
TS Gateway RDP over HTTPS
Easy NAT, no open ports, more secure
More difficult to set up

Terminal Services Gateway requires you to do some initial setup once you decide to install it. Normally, these requirements will be added automatically, but if you decide to plan for Terminal Services early on, it’s a good idea to keep the A+ Exams following in mind:
RPC over HTTP proxy Internet Information Services (IIS) 7.0
Network Policy and Access Services
Once these requirements are met and the gateway itself is installed, a lot of options are at your disposal. You can give speci?c users and groups access to the Terminal Services server through the use of Terminal Services connection authorization policies (TS CAPs). Additionally, you can use TS CAPs to set a number of conditions for security purposes (such as smart card authentication) for an individual device. On top of TS CAPs, you can install a Terminal Services resource authorization policy (TS RAP). This, as the name implies, allows you to allocate a speci?c resource to which users have access in your infrastructure.

Processing your request, Please wait....

Additional Articles From "Business and Industry"