Microsoft Forefront TMG - Publish RD Web Access using RD Gateway (Part 1)

In this article we will show you how to publish Remote Desktop Web Access with the Remote Desktop Gateway on Microsoft Forefront TMG.

In this article we will show you how to publish Remote Desktop Web Access with the Remote Desktop Gateway on Microsoft Forefront TMG .

In this short series we will show you how to publish Remote Desktop Web Access with the Remote Desktop Gateway on Microsoft Forefront TMG. Part of this series will introduce you to the configuration of the RD Web Access and RD Desktop Gateway service. In part two, I will show you how to publish RD Web Access with Forefront TMG.

Let's begin

Windows Server 2008 R2 has a number of new features and some features that still exist to access Terminal Services. Starting with Windows Server 2008 R2, Microsoft has changed the name of Terminal Server components. For example, the Terminal Server feature in previous versions of Windows Server was renamed to Remote Desktop Session Host. One of the new features in Windows Server 2008 is the Remote Desktop Gateway, which allows Remote Desktop clients to set up an RDP connection via HTTPS protocol using the Remote Desktop Gateway, and work as an RPC on HTTPS proxy. The Remote Desktop Gateway will connect the RDP client with the RDP protocol with the Remote Desktop Session Host inside. This is a great feature because HTTPS (Universal Firewall Bypass Protocol) is widely allowed and is not blocked by firewalls or other devices. Combined with the Remote Desktop Web Access feature, users can connect to a website to access the published applications. To increase security for Remote Desktop access, we can use Forefront TMG to publish Remote Desktop Web Access with the Remote Desktop Gateway.

This article admits that the Remote Desktop Session Host feature is properly installed and configured, so we only need to install and configure the Remote Desktop Web Access and Remote Desktop Gateway components.

For the examples in this article, we will use a lab environment as follows:

A Windows 7 Ultimate client to access the Remote Desktop client
A Forefront TMG Server for Remote Desktop publishing and working as the Remote Desktop Gateway with Remote Desktop Web Access feature.
A Windows Server 2008 R2 has installed the Remote Desktop Session Host services.

Microsoft Forefront TMG - Publish RD Web Access using RD Gateway (Part 1) Picture 1
Figure 1: Installing the Remote Desktop role service

After installing the Remote Desktop Web Access feature, you must log in to the Remote Desktop Web Access configuration to change some settings.

Microsoft Forefront TMG - Publish RD Web Access using RD Gateway (Part 1) Picture 2
Figure 2: Log in to the Remote Desktop Web Access configuration website

You must configure RD Web Access to allow users to access RemoteApp and Remote Desktop connections. Select an RD Connection Broker Server or a Remote App Server as the source as you see in the picture below. We select the RemoteApp to receive published RD applications from the Remote Desktop Session Host.

Microsoft Forefront TMG - Publish RD Web Access using RD Gateway (Part 1) Picture 3
Figure 3: Specify the source for RD Web Access

After these settings are saved, you'll see the RemoteApp in RD Web access programs.

Microsoft Forefront TMG - Publish RD Web Access using RD Gateway (Part 1) Picture 4
Figure 4: RemoteApp programs in RD Web Access

Because Forefront TMG works as an SSL Bridging Gateway in the upcoming Secure Webserver publishing, it is important to implement a correct certificate infrastructure. You need to make sure that the issued certificates and all the servers involved in the publishing process (Forefront TMG, RD Session Host Server and Windows 7 client) trust the issuing CA. For the example in this series, we use the DNS webmail.trainer.de name to access the RD Web Access and RD Gateway services, so we need to issue a certificate where the Common Name (CN) of The certificate that matches the public URL will be used to access RD Web Access or must be entered in the Remote Desktop client connection from the Windows 7 computer on the Internet. The following figure shows the correct certificate used by RD Web Access and RD Gateway services. This certificate must also be imported with a private key on the Forefront TMG Server acting as a SSL Bridging device. We will show you how to do this in part two.

Microsoft Forefront TMG - Publish RD Web Access using RD Gateway (Part 1) Picture 5
Figure 5: The correct SSL certificate for RD WebAccess

After installing the RD Gateway service component, you must choose the correct SSL certificate for the RD Gateway service as shown in the figure below.

Microsoft Forefront TMG - Publish RD Web Access using RD Gateway (Part 1) Picture 6
Figure 6: The correct SSL certificate for the RD Gateway service

Another important configuration part is to specify SSL Bridging settings for the RD Gateway service. With a lab environment, we will use SSL Bridging in the form of 'HTTPS to HTTPS Bridging'.

Microsoft Forefront TMG - Publish RD Web Access using RD Gateway (Part 1) Picture 7
Figure 7: Choose SSL Bridging options

The RD Web Access configuration and the RD Gateway service components are finished. In the second part of this article series, I will show you how to configure Webserver Publishing safely with Forefront TMG to publish RD Web Access to the Internet and introduce how to connect directly to the RD Gateway service with your computer's Remote Desktop client Windows 7 in the lab.

Conclude

In the first part of this series, we gave you an overview of configuring the Remote Desktop Web Access and Remote Desktop Gateway Manager. In this article, I will also explain the steps needed to prepare these features for publishing using Forefront TMG.

[#RelatedNews (7) #]