sglee
asked on
Setting up Remote Desktop Server to allow users to connect from outside of the network
Hi,I am trying to create Remote Desktop Server 2016 where users can connect to their office computers from their home computers or travelling laptops.
As seen in Server role screenshot, I have installed (1) Remote Desktop Licensing (2) Remote Desktop Session Host so far.
I have not actually purchased RD licenses yet. If necessary, I will purchase some Remote Desktop User CAL. (*Please let me know if this is necessary in this test environment)
From here, what do I need to install to allow outside computers to connect to the computers inside the network?
I have Domain Controller and two member servers. They are all domain joined and running Windows Server 2016 Standard in this test environment.
As I understand it, I need to purchase some type of certificate? Also I understand "free" version is available, but needs complicated setup process and only lasts for 90 days?
I don't mind buying one if they are that expensive. It would be nice if I can reused it in production environment.
Thank you.
ASKER
"Broker, Gateway, and Web component" --> Have I selected components correctly?
Yes, that looks right.
We tend to put Broker, Gateway, and Web on its own VM and Session Host(s) on another or others. Then, if we need to reboot the Session Host(s) we can do so without losing our RD Gateway proxy.
If it's all on one, it can be done. It's just not as management friendly for updates and reboots.
EDIT: We do it all in PowerShell thus the "it looks right". ;)
We tend to put Broker, Gateway, and Web on its own VM and Session Host(s) on another or others. Then, if we need to reboot the Session Host(s) we can do so without losing our RD Gateway proxy.
If it's all on one, it can be done. It's just not as management friendly for updates and reboots.
EDIT: We do it all in PowerShell thus the "it looks right". ;)
ASKER
I will separate installation on two servers in production environment. In the test environment, I will just put them all in domain controller.
Anyway, what steps do I need to take next, now Broker, Gateway, and Web roles have been installed.
Anyway, what steps do I need to take next, now Broker, Gateway, and Web roles have been installed.
Server Manager --> Remote Desktop Services --> Buttons are there.
We use IIS to create the CSR for the SSL certificate (GoGetSSL RapidSSL is decently priced).
Use the RDS Certificates wizard to generate a self-issued certificate for the top two services (publishing and SSO IIRC). Put the generated certificate in c:\Temp\Self_Cert.pfx and set a password. Then use the Existing option and choose it for the second service.
The trusted cert gets done in IIS, export to PFX with public key, then use the wizard above to seat for both RD Web and Gateway.
We split the DNS for the URL. remote.domain.com is internal IP and external DNS IP for folks outside.
We use IIS to create the CSR for the SSL certificate (GoGetSSL RapidSSL is decently priced).
Use the RDS Certificates wizard to generate a self-issued certificate for the top two services (publishing and SSO IIRC). Put the generated certificate in c:\Temp\Self_Cert.pfx and set a password. Then use the Existing option and choose it for the second service.
The trusted cert gets done in IIS, export to PFX with public key, then use the wizard above to seat for both RD Web and Gateway.
We split the DNS for the URL. remote.domain.com is internal IP and external DNS IP for folks outside.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
There is absolutely no way a RDP listener on any port should ever be published straight to the web.
A third party SSL would be used for Gateway and Web while Publishing and SSO can be self-issued.