Solved

Securing a terminal server VM Environment

Posted on 2013-01-15
1
328 Views
Last Modified: 2013-01-24
Hi,

We have a cloud environment where users log on to a terminal server through a TS Gateway
and TS Session broker that load balances users to various terminal services.  We want to secure this environment so that the users don't have a chance to compromise the security, such as disabling RDP to the Domain Controllers or Exchange servers on this virtual environment (right now admins have access as they are allowed to do some administration on their own cloud)  we're thinking to create a VPN for them to access the DC's and Exchanges and critical servers, and not be directly accessible from the terminal services, is that a viable policy? what else could we do to secure?  thanks!
0
Comment
Question by:sbsc
1 Comment
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 38782090
In general, to provide secure remote access, keep Terminal Servers in the private network, behind a firewall and access these machines via a reverse proxy or SSL VPN Device placed in a DMZ.

Good read on this as well. Critical server if possible should not be remotely managed unless necessary. If so there should be some form if second factor authentication using smartcard via the vpn client. The TS gateway can serves as gatekeeper but better to have ssl vpn gateway to front it and offload that. Such secure gateway will query ldap to identity store or perform radius check before graoting access...

http://www.petri.co.il/securing-rdp-remote-desktop-and-terminal-server-connections.htm
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question