I currently host multiple terminal servers, ranging from Server 2008 R2 to Server 2016 - I plan on upgrading them all to 2016 and then keeping them within two versions of the latest server OS.
Each customer gets their own terminal server ‘hosted desktop’ which all their users log on to. Some of these will have an active directory, some are a standalone RDS with local users only.
I would like to have a single forest, with each customer having their own domain. That way they only need one server of their own, but get all the features of active directory, which would allow me to configure an RD gateway which when they log in connects them to their own server. This would also allow them to login via the web rather than just an RDP file.
Can anyone think of any security implications of this? I wouldn’t want people to be able to see that any other domains exist and I would want them to be completely secure.
I can create multiple domains within a forest etc, but have never gone this far on such a scale.
I appreciate this is an open-ended question, but I would like to get expert opinions before I go and try it out, as I can then use that information to determine where and what to research.
Has anyone got any examples of similar things or any suggestions on what to research first?
To give you some background information,, we have rackspace in three datacentres, all linked via site-to-site VPN. Each customer is vLAN’d from each other currently, but I could set up routes to a central AD server.