How do users access a Remote Desktop Services Connection Broker/Server Farm from outside the domain?

Built out a remote connection broker server (RDCB) and two remote desktop services session host servers (RDS1) and (RDS2). Created a server farm called farm01.test.local and added A host records in DNS on the Domain controller for the farm01.test.local pointing to both IPs of RDS1 and RDS2.  The server farm works great from INSIDE the domain.  Now how do I make it accessible to users outside the domain?  It'd be great to set up some A records to point to an IP (which IP) and then open ports on the firewall but I dont know if thats possible?  Do I need to setup a Remote desktop gateway? Any other solutions?
bmcconnAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSenior Systems AdminCommented:
RD Gateway is probably your best bet from both a technical and security standpoint. If you use HTTPS on it, you will be able to encrypt the traffic using a higher quality encryption system than is used for traditional RDP. There are other solutions, such as using a VPN to allow external users to connect to the network and pointing them to your internal DNS for address resolution, but that can involve more equipment and more technical work. If by "Outside the domain" you mean computers connecting to the LAN that aren't a part of the Domain, you just need to make sure they are getting proper DNS information.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Krzysztof PytkoSenior Active Directory EngineerCommented:
As it was told, you need TS Gateway role for that. Then your clients will be able accessing the farm from the Internet. VPN is also a solution but Microsoft released TS Gateway for that purpose :]

Here you can find some help for TS Gateway configuring

http://technet.microsoft.com/en-us/library/cc771530%28WS.10%29.aspx

http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-Services-Gateway-Part1.html

Regards,
Krzysztof
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.