?
Solved

What is TS Gateway? (mstsc option)

Posted on 2009-05-05
3
Medium Priority
?
1,946 Views
Last Modified: 2013-11-21
Can someone please explain to me what is exactly TS gateway is and provide some links to review and setup guides?

I've just found about it in MSTSC options, and it seems this has nice security features, so it might be nice to implement it.

Thank you.
tsgateway.jpg
0
Comment
Question by:mrmut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Accepted Solution

by:
TheFlyingCorpse earned 2000 total points
ID: 24309428
Hello mrmut,

I found this TechNet article for you, by Microsoft:
http://technet.microsoft.com/en-us/library/cc731264.aspx

This should explain the technical side of the TS Gateway.


I quote Windows IT Pro in this question:
Q. What is Terminal Services Gateway?
A. Windows Server Terminal Services uses Remote Desktop Protocol (RDP) to enable the connections from clients to the terminal server, which uses port 3389. If you need to access a terminal server from outside the internal network (intranet), you have two options for doing so. You can either enable port 3389 through your firewall to specific servers (which isnt a good idea), or, more commonly, clients connect to the corporate network via VPN, which can then enable the RDP session in a secure manner.

In general, technologies are moving away from requiring VPN connections. For example, remote procedure call (RPC) over HTTP Secure (HTTPS) is used for for Microsoft Exchange Server connections and Microsoft Office SharePoint Server and Microsoft Office Groove access. Windows Server 2008 includes Terminal Services (TS) Gateway, a new technology that allows secure RDP connections from outside a corporate intranet without requiring a VPN connection.

TS Gateway allows RDP traffic to be encapsulated in HTTPS. Essentially the client outside the network makes a configuration change on their Remote Desktop client to instruct the client to communicate via a TS Gateway. The RDP traffic on the client is encapsulated in HTTPS, encrypted using the TS Gateways Secure Sockets Layer (SSL) certificate, and sent to the TS Gateway. The TS Gateway extracts the RDP traffic from the HTTPS and forwards it on to the destination target. The Remote Desktop client sends responses via the TS Gateway in normal RDP, and once again the TS Gateway encapsulates the RDP in HTTPS and sends it back to the RDP client. The diagram below illustrates the TS Gateway communications process.

Configuring a system to use TS Gateway is simple. Note that the RDP target can be any Remote Desktop targetit doesnt have to be a Server 2008 terminal server, and a system can connect to any target via the TS Gateway.

You would normally place the TS Gateway in your networks demilitarized zone (DMZ). However, an alternative option is to place a Microsoft ISA Server system or other SSL terminator in the DMZ and place the TS Gateway in the internal network to perform the RDP encapsulation and extraction duties.
Source: http://windowsitpro.com/article/articleid/100370/q-what-is-terminal-services-gateway.html


I hope this answers what you were looking for :)
0
 

Author Comment

by:mrmut
ID: 24309466
Yeah :)

Thanks Corpse!
0
 
LVL 1

Expert Comment

by:jjoz
ID: 25167627
Hi there,

Do we still have to open the following port from DMZ to the Domain Controller servers ?

Global Catalog Server TCP 3269
Global Catalog Server TCP 3268
LDAP Server TCP 389
LDAP Server UDP 389
LDAP SSL TCP 636
LDAP SSL UDP 636
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description: Actually I found the below issue with some customers after migration from SMS 2003 to SCCM 2007 and epically if they change site code, some clients may appear in the console with old site code, plus old sites still appearing …
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question