Windows7 Remote Desktop Host

Remote Desktop over Internet

Desktop / December 21, 2021

This documentation is archived and is not being maintained.

Applies To: Windows Server 2008 R2

What is Remote Desktop Gateway?

Remote Desktop Gateway (RD Gateway) is a role service that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running RemoteApp programs, or computers with Remote Desktop enabled.

RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run.

Why use Remote Desktop Gateway?

RD Gateway provides many benefits, including:

  • RD Gateway enables remote users to connect to internal network resources over the Internet, by using an encrypted connection, without needing to configure virtual private network (VPN) connections.
  • RD Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources. RD Gateway provides a point-to-point RDP connection, rather than allowing remote users access to all internal network resources.
  • RD Gateway enables most remote users to connect to internal network resources that are hosted behind firewalls in private networks and across network address translators (NATs). With RD Gateway, you do not need to perform additional configuration for the RD Gateway server or clients for this scenario.

    Prior to this release of Windows Server, security measures prevented remote users from connecting to internal network resources across firewalls and NATs. This is because port 3389, the port used for RDP connections, is typically blocked for network security purposes. RD Gateway transmits RDP traffic to port 443 instead, by using an HTTP Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel. Because most corporations open port 443 to enable Internet connectivity, RD Gateway takes advantage of this network design to provide remote access connectivity across multiple firewalls.

  • The Remote Desktop Gateway Manager enables you to configure authorization policies to define conditions that must be met for remote users to connect to internal network resources. For example, you can specify:
  • Who can connect to internal network resources (in other words, the user groups who can connect).
  • What network resources (computer groups) users can connect to.
  • Whether client computers must be members of Active Directory security groups.
  • Whether device redirection is allowed.
  • Whether clients need to use smart card authentication or password authentication, or whether they can use either method.
  • You can configure RD Gateway servers and Remote Desktop Services clients to use Network Access Protection (NAP) to further enhance security. NAP is a health policy creation, enforcement, and remediation technology that is included in Windows Server® 2008 R2, Windows Server® 2008, Windows® 7, Windows Vista®, and Windows® XP Service Pack 3. With NAP, system administrators can enforce health requirements, which can include software requirements, security update requirements, required computer configurations, and other settings.

    Computers running Windows Server 2008 R2 or Windows Server 2008 cannot be used as NAP clients when RD Gateway enforces NAP. Only computers running Windows 7, Windows Vista, or Windows XP SP3 can be used as NAP clients when RD Gateway enforces NAP.

    For information about how to configure RD Gateway to use NAP for health policy enforcement for Remote Desktop Services clients that connect to RD Gateway servers, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter.

  • You can use RD Gateway server with Microsoft Internet Security and Acceleration (ISA) Server to enhance security. In this scenario, you can host RD Gateway servers in a private network rather than a perimeter network, and host ISA Server in the perimeter network. The Secure Sockets Layer (SSL) connection between the Remote Desktop Services client and ISA Server can be terminated at the ISA Server, which is Internet-facing.

    For information about how to configure ISA Server as an SSL termination device for RD Gateway server scenarios, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter.

  • cute pets all pets animal hospital bakersfield craigslist pets pets palace the wonder pets secret life of pets cast pets for adoption craigslist kansas city pets craigslist columbus pets best carpet cleaner for pets zuzu pets craigslist oahu pets craigslist springfield mo pets rx pets stockton craigslist pets world of pets craigslist portland pets tri cities craigslist pets craigslist stockton pets pets movie adopt me pets pictures dc league of super pets free adopt me pets craigslist oc pets craigslist reno pets craigslist denver pets craigslist cleveland pets pets home craigslist pets bakersfield craigslist indianapolis pets dog tags for pets secret life of pets 2 cast incredible pets one of a kind pets all pets club craigslist san diego pets chewys pets craigslist pittsburgh pets cbd for pets amazon pets pratt's pets craigslist seattle pets pets in need spotify for pets pets market pets best insurance dallas craigslist pets priceless pets pets near me craigslist omaha pets nj exotic pets monster pets best pets pets warehouse all pets pets farm adopt me free pets best air purifier for pets harris county pets san antonio pets alive atlanta craigslist pets lost and found pets pets r inn wet pets craigslist colorado springs pets craigslist pets reno league of legends pets wonder pets! prehistoric pets preuss pets pets 2 cast craigslist pets tacoma all about pets yakima craigslist pets friendly pets visalia craigslist pets craigslist pets knoxville craigslist sacramento pets exotic pets for sale penthouse pets nude craigslist fort wayne pets chattanooga craigslist pets conan exiles pets craigslist syracuse pets entirely pets albuquerque craigslist pets pets r us are ferrets good pets terraria pets pets place reptile pets memphis craigslist pets ithaca craigslist pets lol pets craigslist pets for sale next day pets lizard pets wow pets

    Source: technet.microsoft.com