Solved

How to makeTerminal Server 2008 more secure

Posted on 2009-06-29
5
545 Views
Last Modified: 2012-05-07
How to makeTerminal Server 2008 more secure

Right now we have a Terminal Server, Terminal Server web and terminal server Licensing on the same box. In order for this set up to work we have to open port 443 and 3389 on the firewall to allow incoming  connection. I would like to create a terminal server gateway server to allow only https traffic into the gateway server and from this server accessing other terminal servers via RDP. What is the best method for this?? Build a new terminal server. Install terminal server and terminal server web on this machine and then configure it to talk to the existing terminal server?
0
Comment
Question by:moonzappa
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:JohnmenZ
ID: 24739845
There are two ways to securely publish terminal service on Windows Server 2008, using TS remoteapp or TS gateway.  TS gateway gives you more flexibility.

Have a read throught these two links:
TS gateway step-by-stepy (http://technet.microsoft.com/en-us/library/cc771530(WS.10).aspx)
TS remoteapp step-by-step (http://technet.microsoft.com/en-us/library/cc730673(WS.10).aspx)
0
 

Author Comment

by:moonzappa
ID: 24739885
I am a little confused. I do have remote app installed but on the same box. So in order for the remote app to work i would still have to open port 3389 on the firewall to allow RDC to come into this server

Huy
0
 
LVL 5

Expert Comment

by:JohnmenZ
ID: 24739974
Sorry my mistake, the TS remote app should be used in conjunction with the publishing the app to a website in order for external user to access it via HTTPS.

I think TS gateway should be the preferred option for you. It is essentially a RDP wrapper that encapsulates RDP data into HTTPS tunnel.
0
 

Author Comment

by:moonzappa
ID: 24798113
Can you be more specific on what it the best approach for our environment.  Make a new TS server gateway server and terminal server web server. Then convert the existing terminal server into the application servers??


Huy
0
 
LVL 5

Accepted Solution

by:
JohnmenZ earned 500 total points
ID: 24798969
You are correct, considering your network is small, the setup can be this way:

1st physical server: TS web access and TS gateway (share the same SSL certificate)
2nd physical server: TS server that runs applications

What you needed to do is:

1. Setup a new server with both TS web access and TS gateway roles installed by following the step by step guides above

2. Uninstall the TS web access role from the exising TS server, so that it becomes a TS server

I presume you don't have DMZ network, in which case TS web access / gateway server will talk to TS server directly without any firewall sitting in between.

There is a white paper that talks about how Microsoft implements TS technologies on Windows 2008 is quite useful, you may want to go throug it before commencing any work.
http://technet.microsoft.com/en-us/library/cc304366.aspx
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question