Uploaded byJuanchi_43
518 views

10215 A 14

This document provides an overview of extending remote desktop services outside an organization using Remote Desktop Gateway (RD Gateway) and Remote Desktop Web Access (RD Web Access). It discusses configuring the RD Gateway to enable secure remote access to internal resources over the internet. It also covers installing and configuring RD Web Access to enable launching remote apps and desktops from a web interface. The document includes demonstrations of configuring these technologies.

Embed presentation

Module 14 Extending Remote Desktop Services Outside the Organization
Module Overview Configuring the RD Gateway Configuring RD Web Access
Lesson 1 : Configuring the RD Gateway How RD Gateway Works Benefits of RD Gateway Requirements for Installing and Configuring RD Gateway Demonstration: Installing RD Gateway Securing the RD Gateway Authorization Policies with RD Gateway Demonstration: Configuring Connection and Resource Authorization Policies Implementing NAP Remediation with RD Gateway Considerations for Implementing Certificates for RD Gateway
Internet Corporate LAN Business Partner/ Client Site Hotel Home External Firewall Internal Firewall Remote Desktop Services Remote Desktop Services Remote Desktop– enabled host Network Policy Server Active Directory How RD Gateway Works Tunnels RDP over HTTPs Strips off HTTPs Passes RDP traffic to RDS
Benefits of RD Gateway RD Gateway provides the following benefits: Enables remote users to connect to internal network resources over the Internet Provides a comprehensive security configuration model Provides a secure and flexible RDP connection Enforces authorization policies Provides tools to help you monitor the RD Gateway connection status, health, and events Remote users can connect to RDS-based resources on an internal network from the Internet through Remote Desktop Gateway
Requirements for Installing and Configuring RD Gateway To install and configure RD Gateway: Log on as a local Administrator Obtain an SSL server certificate to enable TLS Joining the computer to an AD DS domain Install the Web Server (IIS) server role and the RPC over HTTP Proxy feature Install or enable access to an Network Policy Server
Demonstration: Installing the RD Gateway In this demonstration , your instructor will show you how to install the RD Gateway
 
Securing the RD Gateway Configurable idle and session timeouts Background session authentication and authorization Pluggable authentication and authorization System and logon messages Network Access Protection (NAP) remediation Device redirection enforcement
Authorization Policies with RD Gateway Connection Authorization Policies: Define which users can access the RD Gateway Can include additional conditions Resource Authorization Policies: Define which RD Session Host and RD-enabled computers can be accessed through RD Gateway Requires RD Gateway or AD DS computer groups
Demonstration: Configuring Connection and Resource Authorization Policies In this demonstration , your instructor will show you how to create Connection Authorization Policies and Resource Authorization Policies
 
Implementing NAP Integration with RD Gateway To implement NAP integration with RD Gateway: Install a Network Policy Server Configure the RD Gateway server to enable NAP health policy checking Remove all RD CAPs that do not use NAP enforcement Configure the Windows Security Health Validator in NPS Configure the NAP policies in NPS Configure the Remote Desktop client computers to enable NAP protection Test the configuration NAP integration with RD Gateway ensures that only NAP compliant client computers can access the RD Gateway server
Considerations for Implementing Certificates for RD Gateway RD Gateway servers must be configured with an SSL certificate that is trusted by all RD client computers Certificate Option Considerations Self-signed certificates Installed by default on the RD Gateway server Not trusted by default by client computers Recommended for testing only Internal CA certificates Can be issued by AD CS CAs Can be automatically trusted by domain client computers Recommended for organizations with only domain members connecting to RD Gateway Public CA certificates Issued by trusted public CAs Automatically trusted by client computers Recommended for organizations with non-domain member client computers
Lesson 2: Configuring RD Web Access What Is RD Web Access? Installing RD Web Access Configuring RD Web Access Configuring User Access to RD Web Access Configuring Internet Access to RD Web Access Demonstration: Configuring RD Web Access
What Is RD Web Access? RD Web Access enables: Populating the list of available RemoteApps or virtual desktops in the RemoteApp and Desktop Connection application Launching RemoteApps or virtual desktops from the RD Web Access Web site Launching the Remote Desktop Web Connection which provide Remote Desktop connections to servers or client computers RD Web Access only enables users to launch applications or Remote Desktop sessions, it does not proxy RDP sessions
Installing RD Web Access To install RD Web Access: Install the role service on the appropriate Windows Server 2008 R2 edition Install the Web Services (IIS) server role Consider combining the role service with the RD Session Host role service Configure SSL for the RD Web Access virtual directories Log on as a local Administrator
Configuring RD Web Access
Configuring User Access to RD Web Access To enable user access to RD Web Access: Provide users with the URL for the RD Web Access server Configure RemoteApp and Desktop Connections to subscribe to a feed from the RD Web Access server To configure RemoteApp and Desktop Connections: Configure the URL for the RD Web Access server Create a client configuration file in RD Connection Manager and distribute the file to clients
Configuring Internet Access To RD Web Access To configure Internet access to RD Web Access: Configure forms-based authentication Publish RemoteApp programs to use a RD Gateway server Configure RD Web virtual directory settings
Demonstration: Configuring RD Web Access In this demonstration, you will learn how to configure Remote Desktop Web Access
L ab : Integrating RD Web Access into the Desktop Virtualization Infrastructure Exercise 1 : Installing and Configuring Remote Desktop Gateway Exercise 2 : Configuring Remote Desktop Web Access Exercise 3 : Integrating RemoteApp and Desktop Connection with Remote Desktop Web Access Logon information: Estimated time: 75 minutes NYC-Host1, NYC-Host2 Host machines Virtual machines NYC-DC1, NYC-CL1, NYC-SVR4, NYC, SVR5, NYC-SVR6 User name Administrator Password Pa$$w0rd
Lab Scenario You are a server administrator at Contoso, Ltd. Your organization has deployed Remote Desktop Services to internal users. However, many users who work outside the office or who travel frequently also need to be able to access the remote applications. You now need to enable access to some of the applications for remote users.
Lab Review You installed RDS in a testing environment. After 120 days, you are no longer able to connect to the RDS server. What is the most probable reason for this? Name the two types of Virtual Desktop Infrastructure? How is the use of RemoteApp and Desktop Connection different from simply accessing RemoteApp from RD Web Access?
Module Review and Takeaways Review Questions Tools
Course Evaluation

More Related Content

PDF
Remote Desktop Services Component Architecture
byPaulo Freitas
 
PDF
AAA & RADIUS Protocols
byPeter R. Egli
 
PPT
Implementing Cisco AAA
bydkaya
 
PPTX
Radius server,PAP and CHAP Protocols
byDhananjay Aloorkar
 
PDF
The Three Musketeers (Authentication, Authorization, Accounting)
bySarah Conway
 
PDF
radius dhcp dot1.x (802.1x)
byrinnocente
 
PPT
10215 A 13
byJuanchi_43
 
ODP
AAA in a nutshell
byMohamed Daif
 
Remote Desktop Services Component Architecture
byPaulo Freitas
 
AAA & RADIUS Protocols
byPeter R. Egli
 
Implementing Cisco AAA
bydkaya
 
Radius server,PAP and CHAP Protocols
byDhananjay Aloorkar
 
The Three Musketeers (Authentication, Authorization, Accounting)
bySarah Conway
 
radius dhcp dot1.x (802.1x)
byrinnocente
 
10215 A 13
byJuanchi_43
 
AAA in a nutshell
byMohamed Daif
 

What's hot

PPT
Remote Desktop Services and Virtual Desktop infrastructure in Windows Server ...
byctc TrainCanada
 
PPT
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
byConcentrated Technology
 
PDF
Routing host certificates in eduroam/govroam
byKarri Huhtanen
 
PPT
Implementing 802.1x Authentication
bydkaya
 
PDF
EAP-TLS (extended version)
byKarri Huhtanen
 
PDF
802.1x Implementation Plan for Seacoast
bySithideth Banavong
 
PDF
Radius Protocol
byNetwax Lab
 
PDF
Security issues in RADIUS based Wi-Fi AAA
byKarri Huhtanen
 
PPTX
Terminal Services in Windows Server® 2008
bySergi Duró
 
PDF
EAP-TLS
byKarri Huhtanen
 
PPTX
Deploy and Configure an Enterprise Root CA & Subordinate CA in Windows Server...
byMd. Abdul Barek
 
PDF
Cisco acs configuration guide
byRichardsCCNA
 
PPT
Radius1
bybalamurugan.k Kalibalamurugan
 
PDF
TLS and Certificates
byKarri Huhtanen
 
PPT
RADIUS
byamogh_ubale
 
PPTX
Server 2012 r2 remote desktop services
byNihat ALTINMAKAS
 
PPTX
802.1x Authentication Standard
byDan Miller
 
PDF
At8000 s configurando_8021x
byNetPlus
 
PDF
Ieee 802.1 x
byMohamed Gamel
 
PPT
Radiojungle AAA RADIUS introduction
bysmoscato
 
Remote Desktop Services and Virtual Desktop infrastructure in Windows Server ...
byctc TrainCanada
 
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
byConcentrated Technology
 
Routing host certificates in eduroam/govroam
byKarri Huhtanen
 
Implementing 802.1x Authentication
bydkaya
 
EAP-TLS (extended version)
byKarri Huhtanen
 
802.1x Implementation Plan for Seacoast
bySithideth Banavong
 
Radius Protocol
byNetwax Lab
 
Security issues in RADIUS based Wi-Fi AAA
byKarri Huhtanen
 
Terminal Services in Windows Server® 2008
bySergi Duró
 
EAP-TLS
byKarri Huhtanen
 
Deploy and Configure an Enterprise Root CA & Subordinate CA in Windows Server...
byMd. Abdul Barek
 
Cisco acs configuration guide
byRichardsCCNA
 
Radius1
bybalamurugan.k Kalibalamurugan
 
TLS and Certificates
byKarri Huhtanen
 
RADIUS
byamogh_ubale
 
Server 2012 r2 remote desktop services
byNihat ALTINMAKAS
 
802.1x Authentication Standard
byDan Miller
 
At8000 s configurando_8021x
byNetPlus
 
Ieee 802.1 x
byMohamed Gamel
 
Radiojungle AAA RADIUS introduction
bysmoscato
 

Similar to 10215 A 14

PDF
Download Microsoft Windows Server 2022 RDS
byDirect Deals, LLC
 
PPTX
510412424-WS-011T00A-011T00A-011T00A-M09.pptx
byAbdellahELMAMOUN
 
PPTX
Administration & Gestion de Windows Server 2019
byamouwawa
 
PDF
Blue Gradient Modern Illustration Computer Presentation.pdf.pdf
byvuiiwhwudh
 
PDF
Blue Gradient Modern Illustration Computer Presentation.pdf.pdf
byvuiiwhwudh
 
PPTX
Deploy & Configure Remote Desktop Gateway in Windows Server 2008 R2 By Barek-IT
byMd. Abdul Barek
 
PDF
Microsoft India - Windows Server 2008 R2 Remote Desktop Services Whitepaper
byMicrosoft Private Cloud
 
PDF
Microsoft Remote Desktop Services
byRonnie Isherwood
 
PPTX
Desktop and client virtualization new workstyles with microsoft vdi
byDotNetCampus
 
PPT
Securely connecting to apps over the internet using rds
byConcentrated Technology
 
PPTX
17 roles of window server 2008 r2
byIGZ Software house
 
PPTX
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
byHoneywell
 
PDF
Download Integrating Novell Open Enterprise Server for Linux ebook All Chapte...
bymiflorshahde
 
PPTX
"An Introduction to Remote Login Systems .
byVishalDubey815672
 
PPTX
DESKTOP AND CLIENT VIRTUALIZATION: NEW WORKSTYLES WITH MICROSOFT VDI
byDotNetCampus
 
PDF
How Can Remote Desktop Services Help You?
byDirect Deals, LLC
 
PPTX
Windows 7 For Itpro
byEduardo Castro
 
PPT
4966709.ppt
byImXaib
 
PPTX
Efficient Management with Remote Desktop Managers
byBert Blevins
 
PDF
Ibm system storage ds8000 ldap authentication redp4505
byBanking at Ho Chi Minh city
 
Download Microsoft Windows Server 2022 RDS
byDirect Deals, LLC
 
510412424-WS-011T00A-011T00A-011T00A-M09.pptx
byAbdellahELMAMOUN
 
Administration & Gestion de Windows Server 2019
byamouwawa
 
Blue Gradient Modern Illustration Computer Presentation.pdf.pdf
byvuiiwhwudh
 
Blue Gradient Modern Illustration Computer Presentation.pdf.pdf
byvuiiwhwudh
 
Deploy & Configure Remote Desktop Gateway in Windows Server 2008 R2 By Barek-IT
byMd. Abdul Barek
 
Microsoft India - Windows Server 2008 R2 Remote Desktop Services Whitepaper
byMicrosoft Private Cloud
 
Microsoft Remote Desktop Services
byRonnie Isherwood
 
Desktop and client virtualization new workstyles with microsoft vdi
byDotNetCampus
 
Securely connecting to apps over the internet using rds
byConcentrated Technology
 
17 roles of window server 2008 r2
byIGZ Software house
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
byHoneywell
 
Download Integrating Novell Open Enterprise Server for Linux ebook All Chapte...
bymiflorshahde
 
"An Introduction to Remote Login Systems .
byVishalDubey815672
 
DESKTOP AND CLIENT VIRTUALIZATION: NEW WORKSTYLES WITH MICROSOFT VDI
byDotNetCampus
 
How Can Remote Desktop Services Help You?
byDirect Deals, LLC
 
Windows 7 For Itpro
byEduardo Castro
 
4966709.ppt
byImXaib
 
Efficient Management with Remote Desktop Managers
byBert Blevins
 
Ibm system storage ds8000 ldap authentication redp4505
byBanking at Ho Chi Minh city
 

More from Juanchi_43

PPT
10215 A 01
byJuanchi_43
 
PPT
10215 A 11
byJuanchi_43
 
PPT
ITIL FOUNDATION
byJuanchi_43
 
PPT
Mof
byJuanchi_43
 
PPT
10215 A 02
byJuanchi_43
 
PPT
10215 A 08
byJuanchi_43
 
PPT
10215 A 00
byJuanchi_43
 
PPT
10215 A 09
byJuanchi_43
 
PPT
10215 A 03
byJuanchi_43
 
PPT
10215 A 04
byJuanchi_43
 
PPT
10215 A 05
byJuanchi_43
 
PPT
10215 A 12
byJuanchi_43
 
PPT
10215 A 10
byJuanchi_43
 
PPT
10215 A 07
byJuanchi_43
 
PPTX
Configurando Private Cloud con System Center 2012
byJuanchi_43
 
PPT
10215 A 06
byJuanchi_43
 
PDF
VDI Infraestructure
byJuanchi_43
 
PPTX
System Center 2012
byJuanchi_43
 
PDF
020811 Introduction To Virtualization 279337
byJuanchi_43
 
10215 A 01
byJuanchi_43
 
10215 A 11
byJuanchi_43
 
ITIL FOUNDATION
byJuanchi_43
 
Mof
byJuanchi_43
 
10215 A 02
byJuanchi_43
 
10215 A 08
byJuanchi_43
 
10215 A 00
byJuanchi_43
 
10215 A 09
byJuanchi_43
 
10215 A 03
byJuanchi_43
 
10215 A 04
byJuanchi_43
 
10215 A 05
byJuanchi_43
 
10215 A 12
byJuanchi_43
 
10215 A 10
byJuanchi_43
 
10215 A 07
byJuanchi_43
 
Configurando Private Cloud con System Center 2012
byJuanchi_43
 
10215 A 06
byJuanchi_43
 
VDI Infraestructure
byJuanchi_43
 
System Center 2012
byJuanchi_43
 
020811 Introduction To Virtualization 279337
byJuanchi_43
 

10215 A 14

  • 1.
    Module 14 ExtendingRemote Desktop Services Outside the Organization
  • 2.
    Module Overview Configuringthe RD Gateway Configuring RD Web Access
  • 3.
    Lesson 1: Configuring the RD Gateway How RD Gateway Works Benefits of RD Gateway Requirements for Installing and Configuring RD Gateway Demonstration: Installing RD Gateway Securing the RD Gateway Authorization Policies with RD Gateway Demonstration: Configuring Connection and Resource Authorization Policies Implementing NAP Remediation with RD Gateway Considerations for Implementing Certificates for RD Gateway
  • 4.
    Internet CorporateLAN Business Partner/ Client Site Hotel Home External Firewall Internal Firewall Remote Desktop Services Remote Desktop Services Remote Desktop– enabled host Network Policy Server Active Directory How RD Gateway Works Tunnels RDP over HTTPs Strips off HTTPs Passes RDP traffic to RDS
  • 5.
    Benefits of RDGateway RD Gateway provides the following benefits: Enables remote users to connect to internal network resources over the Internet Provides a comprehensive security configuration model Provides a secure and flexible RDP connection Enforces authorization policies Provides tools to help you monitor the RD Gateway connection status, health, and events Remote users can connect to RDS-based resources on an internal network from the Internet through Remote Desktop Gateway
  • 6.
    Requirements for Installingand Configuring RD Gateway To install and configure RD Gateway: Log on as a local Administrator Obtain an SSL server certificate to enable TLS Joining the computer to an AD DS domain Install the Web Server (IIS) server role and the RPC over HTTP Proxy feature Install or enable access to an Network Policy Server
  • 7.
    Demonstration: Installing theRD Gateway In this demonstration , your instructor will show you how to install the RD Gateway
  • 8.
  • 9.
    Securing the RDGateway Configurable idle and session timeouts Background session authentication and authorization Pluggable authentication and authorization System and logon messages Network Access Protection (NAP) remediation Device redirection enforcement
  • 10.
    Authorization Policies withRD Gateway Connection Authorization Policies: Define which users can access the RD Gateway Can include additional conditions Resource Authorization Policies: Define which RD Session Host and RD-enabled computers can be accessed through RD Gateway Requires RD Gateway or AD DS computer groups
  • 11.
    Demonstration: Configuring Connectionand Resource Authorization Policies In this demonstration , your instructor will show you how to create Connection Authorization Policies and Resource Authorization Policies
  • 12.
  • 13.
    Implementing NAP Integrationwith RD Gateway To implement NAP integration with RD Gateway: Install a Network Policy Server Configure the RD Gateway server to enable NAP health policy checking Remove all RD CAPs that do not use NAP enforcement Configure the Windows Security Health Validator in NPS Configure the NAP policies in NPS Configure the Remote Desktop client computers to enable NAP protection Test the configuration NAP integration with RD Gateway ensures that only NAP compliant client computers can access the RD Gateway server
  • 14.
    Considerations for ImplementingCertificates for RD Gateway RD Gateway servers must be configured with an SSL certificate that is trusted by all RD client computers Certificate Option Considerations Self-signed certificates Installed by default on the RD Gateway server Not trusted by default by client computers Recommended for testing only Internal CA certificates Can be issued by AD CS CAs Can be automatically trusted by domain client computers Recommended for organizations with only domain members connecting to RD Gateway Public CA certificates Issued by trusted public CAs Automatically trusted by client computers Recommended for organizations with non-domain member client computers
  • 15.
    Lesson 2: ConfiguringRD Web Access What Is RD Web Access? Installing RD Web Access Configuring RD Web Access Configuring User Access to RD Web Access Configuring Internet Access to RD Web Access Demonstration: Configuring RD Web Access
  • 16.
    What Is RDWeb Access? RD Web Access enables: Populating the list of available RemoteApps or virtual desktops in the RemoteApp and Desktop Connection application Launching RemoteApps or virtual desktops from the RD Web Access Web site Launching the Remote Desktop Web Connection which provide Remote Desktop connections to servers or client computers RD Web Access only enables users to launch applications or Remote Desktop sessions, it does not proxy RDP sessions
  • 17.
    Installing RD WebAccess To install RD Web Access: Install the role service on the appropriate Windows Server 2008 R2 edition Install the Web Services (IIS) server role Consider combining the role service with the RD Session Host role service Configure SSL for the RD Web Access virtual directories Log on as a local Administrator
  • 18.
  • 19.
    Configuring User Accessto RD Web Access To enable user access to RD Web Access: Provide users with the URL for the RD Web Access server Configure RemoteApp and Desktop Connections to subscribe to a feed from the RD Web Access server To configure RemoteApp and Desktop Connections: Configure the URL for the RD Web Access server Create a client configuration file in RD Connection Manager and distribute the file to clients
  • 20.
    Configuring Internet AccessTo RD Web Access To configure Internet access to RD Web Access: Configure forms-based authentication Publish RemoteApp programs to use a RD Gateway server Configure RD Web virtual directory settings
  • 21.
    Demonstration: Configuring RDWeb Access In this demonstration, you will learn how to configure Remote Desktop Web Access
  • 22.
    L ab :Integrating RD Web Access into the Desktop Virtualization Infrastructure Exercise 1 : Installing and Configuring Remote Desktop Gateway Exercise 2 : Configuring Remote Desktop Web Access Exercise 3 : Integrating RemoteApp and Desktop Connection with Remote Desktop Web Access Logon information: Estimated time: 75 minutes NYC-Host1, NYC-Host2 Host machines Virtual machines NYC-DC1, NYC-CL1, NYC-SVR4, NYC, SVR5, NYC-SVR6 User name Administrator Password Pa$$w0rd
  • 23.
    Lab Scenario Youare a server administrator at Contoso, Ltd. Your organization has deployed Remote Desktop Services to internal users. However, many users who work outside the office or who travel frequently also need to be able to access the remote applications. You now need to enable access to some of the applications for remote users.
  • 24.
    Lab Review Youinstalled RDS in a testing environment. After 120 days, you are no longer able to connect to the RDS server. What is the most probable reason for this? Name the two types of Virtual Desktop Infrastructure? How is the use of RemoteApp and Desktop Connection different from simply accessing RemoteApp from RD Web Access?
  • 25.
    Module Review andTakeaways Review Questions Tools
  • 26.

Editor's Notes

  • #2 Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A Presentation: 60 minutes Lab: 60 minutes This module helps students extend Remote Desktop Services outside the organization. After completing this module, students will be able to: Configure the Remote Desktop Gateway Configure Remote Desktop Web Access Required materials To teach this module, you need the Microsoft Office PowerPoint® file 10215A_14.ppt. Important It is recommended that you use PowerPoint 2002 or a later version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides might not be displayed correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations and the lab exercises. Work through the Module Review and Takeaways section and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance. Make sure that students are aware that there are additional online resources for the module on the Course CD.
  • #3 Briefly present module content. Since RDS is new with Windows Server 2008 R2, ask the students if they have had any experience with previous versions of Terminal Services . Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #4 Introduce the lesson content. Emphasize that this is an overview of Remote Desktop Services Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #5 Explain the RDP/HTTPS flow when an external user is connecting to RDS through RD Gateway. Explain how and why RDP traffic is encapsulated to HTTPS and the prerequisites for encapsulation, such as defining digital certificate on the RD Gateway, RD CAP, and RD RAP policies. Review the benefits of RD Gateway. Students should be able to explain that RDP traffic (port 3389) is usually blocked on the firewall. Using RD Gateway, you can use HTTPS (port 443), which is allowed through a firewall. Point out that RDP traffic is encapsulated into HTTPS only to RD Gateway. RDS traffic is transmitted from RD Gateway to RDS host. Mention that RD Gateway role service is installed on the server in DMZ. Question : Does RD Gateway provide full end-to-end protection of RDP traffic? Answer : No; RD Gateway protects RDP traffic between RD client and RD Gateway. From RD Gateway to RDS host, the traffic is transmitted through RDP. Hence, RD Gateway does not provide additional protection there. You should be aware that RDP uses encryption, and from RD Gateway to RDS host, is a local network; not a public network like Internet. Course 10159A Module 6: Configuring Remote Desktop Services and Virtual Desktop Infrastructure in Windows Server 2008 R2
  • #6 If students are familiar with the RD Gateway role service, make the session more interactive by asking for their experience with RD Gateway. Question: In which situations would you use RD Gateway? Answer: You can use RD Gateway if you need to provide remote users with access to RDS hosts over the Internet. Local users can access RDS hosts directly, but remote users need to establish a connection to the local network. Earlier, remote users needed to first establish a VPN connection to access RDS hosts, but with RD Gateway, they can access internal RDS hosts without establishing a VPN connection. Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #7 Cover the requirements needed for RD Gateway: Permissions – Local Admins group Certificates – SSL Certificate required Domain Membership – RD Gateway must be domain member of require users in CAP to be domain members IIS Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #8 On LON-SVR1, install the Remote Desktop Services server role by using the Server Manager console with the following information: Role Services: Remote Desktop Session Host, Remote Desktop Connection Broker, Remote Desktop Gateway , and Remote Desktop Web Access Authentication Method for Remote Desktop Session Host: Do not require Network Level Authentication Licensing Mode: Configure later Server Authentication Certificate for SSL Encryption: LON-SVR1.Contoso On the Start menu of LON-SVR1, point to Administrative Tools , and then click Server Manager . In the tree pane of the Server Manager console, click Roles . In the Role Summary area of the Roles result pane, click Add Roles . On the Before You Begin page of the Add Roles Wizard, click Next . On the Select Server Roles page, under Roles , select the Remote Desktop Services check box, and then click Next . On the Remote Desktop Services page, click Next . On the Select Role Services page, under Role services , select the Remote Desktop Session Host, Remote Desktop Connection Broker , and Remote Desktop Gateway check boxes. On the Select Role Services page, under Role services , select the Remote Desktop Web Access check box. On the Select Role Services page, click Next . On the Uninstall and Reinstall Applications for Compatibility page, click Next . On the Specify Authentication Method for Remote Desktop Session Host page, click Do not require Network Level Authentication , and then click Next . On the Specify Licensing Mode page, ensure that the Configure later option is selected, and then click Next . On the Select User Groups Allowed Access To This RD Session Host Server page, click Next . On the Configure Client Experience page, click Next . On the Start menu of LON-SVR1, click Run . In the Open box of the Run dialog box, type mmc , and then click OK . On the File menu of the Console1- [Console Root] console, click Add/Remove Snap-in . In the Available snap-ins area of the Add or Remove Snap-ins dialog box, in the Snap-in list, click Certificates , and then click Add . Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #9 In the Certificates snap-in wizard, click Computer account , click Next . In the Select Computer wizard, click Finish . In the Add or Remove Snap-ins dialog box, click OK . In the tree pane of the Console1- [Console Root] console, expand Certificates (Local Computer) , expand Personal , and then click Certificates . On the Action menu, point to All Tasks , and then click Request New Certificate . On the Before You Begin page of the Certificate Enrollment wizard, click Next . On the Select Certificate Enrollment Policy page, click Next . On the Request Certificates page, select the DirectAccess check box, and then click More information is required to enroll for this certificate . Click here to configure settings. In the Subject Name area of the Certificate Properties dialog box, in Type box, click Common name , in the Value box, type external.contoso.com , and then click Add . In the Alternative name area, in the Type box, click DNS , in the Value box type external.contoso.com , click Add , and then click OK . On the Request Certificates page, click Enroll . On the Certificate Installation Results page, click Finish . Note : Verify that certificate for external.contoso.com is listed in the Certificates result pane. In the Console1 - [Console Root\\Certificates (Local Computer)\\Personal\\Certificates] console, click the Close button. In the Microsoft Management Console message box, click No . Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #10 Cover the new security features of RD Gateway in Windows Server 2008 R2. Enhancements are security related and require RDC 7.0. This connection client is included in Windows 7 and Windows Server 2008 R2, and it is available as a download for Windows Vista SP1 and Windows XP SP3. Cover the improvements in RD Gateway and why they are important. Ask for input on new functionalities and provide scenarios that can benefit from the new RD Gateway functionalities. Question: What should you do to take advantage of the RD Gateway functionality introduced in Windows Server 2008 R2? Answer: You must use RDC 7.0 to take advantage of the new RD Gateway functionality. Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #11 Discuss the purpose and creation of: Connection Authorization Policies Resource Authorization Policies Discuss how RAPs can be used to control access to internal resources. Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #12 On LON-SVR1, create a Connection Authorization Policy (CAP) to restrict the users from accessing the RD Gateway Server with the following information: Type a name for the RD CAP: Authorized Remote Users User group membership: RD Users On LON-SVR1, in the tree pane of the Server Manager console, under RD Gateway Manager , expand LON-SVR1 (Local) , expand Policies , and then click Connection Authorization Policies . In the Actions pane, click Create New Policy , and then click Wizard . On the Create Authorization Policies for RD Gateway page of the Create New Authorization Policies Wizard, click Next In the Type a name for the RD CAP box of the Create an RD CAP page, type Authorized Remote Users , and then click Next . In the User group membership (required) area of the Select Requirements page, click Add Group In the Enter the object names to select (examples) box of the Select Groups dialog box, type RD Users , and then click OK . On the Select Requirements page, click Next . On the Enable or Disable Device Redirection page, click Next . On the Set Session Timeouts page, click Next . On the RD CAP Settings Summary page, click Finish . On the Confirm Creation of Authorization Policies page, click Close . On LON-SVR1, create a Resource Authorization Policy to control the connection between the internal resources and the Remote Desktop Gateway with the following information: Type a name for the RD RAP: Authorized Target Computers User Groups: RD Users Network Resources: RD Web Computers On LON-SVR1 server, in the tree pane of the Server Manager console, under Policies , click Resource Authorization Policies . In the Actions pane, click Create New Policy , and then click Wizard . On the Create Authorization Policies for RD Gateway page of the Create New Authorization Policies Wizard, click Next . In the Type a name for the RD RAP box of the Create an RD RAP page, type Authorized Target Computers , and then click Next . Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #13 On the Select User Groups page, click Add Group . In the Enter the object names to select (examples) box of the Select Groups dialog box, type RD Users , and then click OK . On the Select User Groups page, click Next . On the Select Network Resources page, ensure that the Select an Active Directory Domain Services network resource group option is selected, and then click Browse . In the Enter the object names to select (examples) box of the Select Group dialog box, type RD Web Computers , and then click OK . On the Select Network Resources page, click Next . On the Select Allowed TCP Ports page, click Next . On the RD RAP Settings Summary page, click Finish On the Confirm Creation of Authorization Policies page, click Close . In the Server Manager console, click the Close button. Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #14 Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #15 Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #16 Introduce the lesson content. Emphasize that this is an overview of Remote Desktop Services Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #17 Cover how a user might use RD Web access for remote users or access a Remote Desktop Web Access session. Explain process that happens when a user accesses a RemoteApp program. Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #18 Cover the roles required, the clients that can access a RD Web Access. Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #19 Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #20 Explain how the published RemoteApp applications, to which we subscribe through feed, are available on the Start menu. Explain that RemoteApp and Remote Desktops are available only on Window 7 and Windows Server 2008 R2. Clients using older versions can access the same applications through RD Web Access or shortcuts, but they will not be integrated on the Start menu. Question: When would you use RDS Web Access to access RemoteApp applications, instead of RemoteApp and Desktop Connection? Answer : RemoteApp and Desktop Connection requires Windows 7 as a client. If your client is running an older operating system, you cannot use RemoteApp and Desktop Connection, but you can still access the RDS Web portal and run RemoteApps from there. The RD Connection Broker will ensure that the same RemoteApps are available through both interfaces. Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #21 Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #23 In this lab, students will plan the implementation of Remote Desktop Services. Exercise 1 In this exercise, students will install the Remote Desktop Gateway . Exercise 2 In this exercise, students will install Remote Desktop Web Access Exercise 3 In this exercise, students will configure remote Desktop Web Access Exercise 4 In this exercise, students will integrate RemoteApp and Desktop Connection with Remote Desktop Web Access Before the students begin the lab, read the scenario associated with each exercise to the class. This will reinforce the broad issue that the students are troubleshooting and will help to facilitate the lab discussion at the end of the module. Remind the students to complete the discussion questions after the last lab exercise. Note: The lab exercise answer keys are provided on the Course Companion CD. To access the answer key, click the link located at the bottom of the relevant lab exercise page. Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #24 Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #25 Use the questions on the slide to guide the debriefing after students have completed the lab exercises. Question 1 : How Contoso will benefit from deploying Remote Desktop Services ? Answer: The period of 120 days is the grace period to install RD Licensing, after installing RDS Session Host. You probably did not install the RD Licensing role service in the testing environment, and when the grace period expired, you are no longer able to connect to the RDS Session Host server Question 2: How will you restrict the user from viewing the icon for RemoteApp program? Answer: Virtual Desktop Infrastructure types are personal virtual desktops and pooled virtual desktops. When using personal virtual desktops, each user has a unique virtual machine. When using pooled virtual desktops, user can connect to any virtual machine in a pool Question 3: How will the deployment of Remote Desktop Connection Virtualization benefit Contoso Ltd Answer: RemoteApp and Desktop Connection will integrate published RemoteApps and Desktop Connections with the Start menu of Windows 7 computers. When using RD Web Access, you must open the Web page and run RemoteApps from there Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #26 Review Questions 1 You installed RDS in a testing environment. After 120 days, you are no longer able to connect to the RDS server. What is the most probable reason for this? Answer : The period of 120 days is the grace period to install RD Licensing, after installing RDS Session Host. You probably did not install the RD Licensing role service in the testing environment, and when the grace period expired, you are no longer able to connect to the RDS Session Host server. 2. Why must you have a certificate for the Remote Desktop Gateway server? Answer : The certificate is used to encrypt communications between Remote Desktop clients and RD Gateway servers over the Internet. 3. How is the use of RemoteApp and Desktop Connection different from simply accessing RemoteApp from RD Web Access? Answer : RemoteApp and Desktop Connection will integrate published RemoteApps and Desktop Connections with the Start menu of Windows 7 computers. When using RD Web Access, you must open the Web page and run RemoteApps from there. Module 14: Extending Remote Desktop Services Outside the Organization Course 10215A
  • #27 Module x: Title Course xxxxy Remind students to complete the course evaluation.