Terminal Services Gateway (TS Gateway) is a role service in the Terminal Services server role of Windows Server® 2008 that allows authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device. The network resources can be terminal servers, terminal servers running RemoteApp programs, or computers with Remote Desktop enabled.
TS Gateway uses Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run.
What does TS Gateway do?
TS Gateway provides many benefits, including:
•TS Gateway enables remote users to connect to internal network resources over the Internet, by using an encrypted connection, without needing to configure virtual private network (VPN) connections.
•TS Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources.
•TS Gateway provides a point-to-point RDP connection, rather than allowing remote users access to all internal network resources.
•TS Gateway enables most remote users to connect to internal network resources that are hosted behind firewalls in private networks and across network address translators (NATs).. With TS Gateway, you do not need to perform additional configuration for the TS Gateway server or clients for this scenario.
Prior to this release of Windows Server, security measures prevented remote users from connecting to internal network resources across firewalls and NATs. This is because port 3389, the port used for RDP connections, is typically blocked for network security purposes at the firewalls. TS Gateway transmits RDP traffic to port 443 instead, by using an HTTP Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel. Because most corporations open port 443 to enable Internet connectivity, TS Gateway takes advantage of this network design to provide remote access connectivity across multiple firewalls.
•The TS Gateway Manager snap-in console enables you to configure authorization policies to define conditions that must be met for remote users to connect to internal network resources. For example, you can specify:
•Who can connect to network resources (in other words, the user groups who can connect).
•What network resources (computer groups) users can connect to.
•Whether client computers must be members of Active Directory security groups.
•Whether device and disk redirection is allowed.
•Whether clients need to use smart card authentication or password authentication, or whether they can use either method.
•You can configure TS Gateway servers and Terminal Services clients to use Network Access Protection (NAP) to further enhance security. NAP is a health policy creation, enforcement, and remediation technology that is included in Windows® XP Service Pack 2 (SP2), Windows Vista®, and Windows Server 2008. With NAP, system administrators can enforce health requirements, which can include software requirements, security update requirements, required computer configurations, and other settings.
Terminal Services Gateway (TS Gateway)
TS Gateway is new features on Windows Server 2008. You must install a Windows Server 2008 to do this.
TS Gateway uses Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run.
What does TS Gateway do?
TS Gateway provides many benefits, including:
•TS Gateway enables remote users to connect to internal network resources over the Internet, by using an encrypted connection, without needing to configure virtual private network (VPN) connections.
•TS Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources.
•TS Gateway provides a point-to-point RDP connection, rather than allowing remote users access to all internal network resources.
•TS Gateway enables most remote users to connect to internal network resources that are hosted behind firewalls in private networks and across network address translators (NATs).. With TS Gateway, you do not need to perform additional configuration for the TS Gateway server or clients for this scenario.
Prior to this release of Windows Server, security measures prevented remote users from connecting to internal network resources across firewalls and NATs. This is because port 3389, the port used for RDP connections, is typically blocked for network security purposes at the firewalls. TS Gateway transmits RDP traffic to port 443 instead, by using an HTTP Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel. Because most corporations open port 443 to enable Internet connectivity, TS Gateway takes advantage of this network design to provide remote access connectivity across multiple firewalls.
•The TS Gateway Manager snap-in console enables you to configure authorization policies to define conditions that must be met for remote users to connect to internal network resources. For example, you can specify:
•Who can connect to network resources (in other words, the user groups who can connect).
•What network resources (computer groups) users can connect to.
•Whether client computers must be members of Active Directory security groups.
•Whether device and disk redirection is allowed.
•Whether clients need to use smart card authentication or password authentication, or whether they can use either method.
•You can configure TS Gateway servers and Terminal Services clients to use Network Access Protection (NAP) to further enhance security. NAP is a health policy creation, enforcement, and remediation technology that is included in Windows® XP Service Pack 2 (SP2), Windows Vista®, and Windows Server 2008. With NAP, system administrators can enforce health requirements, which can include software requirements, security update requirements, required computer configurations, and other settings.
Terminal Services Gateway (TS Gateway)
TS Gateway is new features on Windows Server 2008. You must install a Windows Server 2008 to do this.
Comments