Fortrak
asked on
Terminal Server Gateway Serving Multiple VLANs
Is it possible to setup a Server 2008 tsgateway to serve multiple vlans? So configuration would be from the firewall;
FW--->TSGateway--->Router-
|--->VLAN2
|--->VLAN3
Therefore using one gateway to direct to mulitple terminals on different VLANs?
FW--->TSGateway--->Router-
|--->VLAN2
|--->VLAN3
Therefore using one gateway to direct to mulitple terminals on different VLANs?
ASKER
If each VLAN is configured with its own domain is it possible to configure the tsgateway to service connections to each domain? We are setting up the VLANs as separate networks with their own DC's etc.... Would like one gateway to authenticate users to RDP sessions.
You can certainly do that. You need to simply ensure that the TS Gateway server is able to resolve the DNS names of each server in each separate domain, as that is how users will connect via the TS Gateway. If not, users would have to use the internal IP address of each server they wished to connect to.
You will also need to consider how users will authenticate to the TS Gateway itself. You can either maintain a separate database of usernames and passwords specifically for logging into the TS Gateway, or use a trust relationship between its domain and the other domains, to enable users to use their domain credentials to authenticate with the TSG. The benefit with using trusts is the connection via the TSG can use passed-through credentials, whereby the credentials used to access the TSG are also used to access the remote server.
-Matt
You will also need to consider how users will authenticate to the TS Gateway itself. You can either maintain a separate database of usernames and passwords specifically for logging into the TS Gateway, or use a trust relationship between its domain and the other domains, to enable users to use their domain credentials to authenticate with the TSG. The benefit with using trusts is the connection via the TSG can use passed-through credentials, whereby the credentials used to access the TSG are also used to access the remote server.
-Matt
ASKER
OK, the gateway is now functional in a workgroup and is serving sessions to terminal servers on the other domains. As a test I created the same user logon locally on the TSGateway as is on the domain terminal. When logging in through the web interface of the TS Gateway the user is prompted twice for logon. Once when you logon to the gateway and once again when logging on to the domain terminal server. Yet when using the Remote Desktop Connection giving the domain credentials logs the user right through with no prompting a second time. In the Remote Desktop Connection settings for the TS Gateway the box is checked for "Use my TS Gateway credentials for the remote computer." Is there a similar setting that can be made for the TS Gateway web access so that there is no prompting for logon a second time?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help with this.
That is most definitely possible. The TS Gateway does not know about nor care about your underlying VLAN configuration.
Provided you have good DNS resolution at the TSG server, to enable it to resolve the IPs of internal workstations/servers, and port 3389 is accessible between TSG and the back-end stations which will be accessed remotely.
-Matt