05 Jan 2011 by Ray Heffer
Creating a Remote Desktop Gateway (RD Gateway) is straight forward and can be used to securely access your Windows servers over port 443 using the Remote Desktop Connection Client. I use this to access my home lab when I’m on the road or at work, and it saves exposing your machines to the internet directly over RDP (TCP 3389). The RD Gateway isn’t new, in fact it was available on Windows Server 2008 as TS Gateway, and the installation is the same. For this article, I will be using Windows Server 2008 R2.
I run my RD Gateway on a virtual machine located inside a DMZ that I have created using Vyatta, a free virtual appliance. I won’t go into the firewall configuration here, as this is a quick configuration guide for creating your RDS Gateway.
Step 1: Build a new virtual machine and install Windows Server 2008 R2.
Step 2: Click on Add Roles (in Server Manager). You will then be presented with the following wizard dialog boxes. Click on each image for full screen.
a) Click next
b) Select “Remote Desktop Services” and click next
c) Click next
d) Select “Remote Desktop Gateway and click next”
e) Click “Add Required Role Services”
f) Select “Choose a certificate for SSL encryption later”
g) Select “Create authorization policies” “Now” and click next
h) Add the group(s) that you wish to grant access through the RD Gateway or leave the default “Administrators” and click next
i) Leave the default “Password” selected and click next
j) Click “Browse” to choose which computers RD Gateway users can connect to, or select “Allow users to connect to any computer on the network” and click next
k) Click next on the “Introduction to Network Policy and Access Services” screen
l) Leave the default “Network Policy Server” selected and click next
m) Click next on the “Introduction to Web Server (IIS)” screen
n) Leave the defaults selected and click next
o) Click Install to begin the installation.
When the installation is finished you should be presented with the following screen:
Step 3: Configuring the RD Gateway
As this is a self-signed certificate, you will need to import the certificate to your machine that you are accessing the RD Gateway from. To do this, follow these steps:
Note: You will need to ensure that the internet (DNS) host name can be resolved to the internet IP address of the RD Gateway server, so make sure that this is the case. This domain name must match the certificate name (E.g. rdg.mydomain.com)
Step 4: Configuring the Remote Desktop Connection Client
Your connection will be tunnelled over SSL, providing your firewall configuration permits TCP port 443 from the internet to your RD Gateway server and TCP port 3389 from the RD Gateway server to your internal network.
Comments are closed for this post.