Terminal Services Gateway
Terminal Services Gateway enables you to access RDP servers on your protected network from clients on the Internet without implementing a full VPN solution. Although you will use this technology primarily to grant remote access to Terminal Services servers, it is also possible to allow Remote Desktop access to clients and servers through TS Gateway. Hence, a person can connect from his or her home computer over the Internet to his or her workstation or to a Terminal Services server in the office without having to make a successful VPN connection.
TS Gateway uses RDP over Secure Hypertext Transfer Protocol (HTTPS). As you learned in Chapter 3, "Network Access Configuration," using the SSL port (443) to carry connection data greatly simplifies client connectivity. As is the case with Secure Socket Tunneling Protocol (SSTP), clients can make Terminal Services Gateway connections from behind any firewall that allows HTTPS traffic. A client connects across the Internet to the TS Gateway server by using RDP over HTTPS. The TS Gateway server, which sits behind a perimeter firewall, then makes a standard RDP connection, using port 3389, to the RDP server on the internal network. Most TS Gateway servers will be located on an organization's perimeter network and will be directly addressable by hosts on the Internet.
Gateway access to clients on the Internet. When you do this, the client connects to ISA Server using RDP over HTTPS. ISA Server then creates an SSL-to-SSL bridge, forwarding traffic on to the TS Gateway server. The advantage of this configuration is that it allows application layer examination traffic as ISA Server decrypts and then re-encrypts the SSL stream as part of the SSL bridge. If ISA Server locates problematic traffic, the connection can be dropped before it reaches the TS Gateway server.
Post a comment