Interpreting Windows2008: Terminal Server gateways

A Terminal Server gateway is a service role in the Windows Server 2008 Terminal Server role that allows authorized remote users to connect to a resource on a company's internal or proprietary network from any device connected to the Internet. A network resource can be a Terminal server, a terminal server running a remote application, or a computer with Remote Desktop enabled.

What can TS gateway do?

The TS Gateway offers a number of conveniences, including:

1, TS Gateway is a remote user can connect to the intranet through the Internet resources, by using an encrypted connection, without the need to configure VPN connections;

2. TS Gateway provides a comprehensive security configuration model that allows you to control access to specific internal network resources;

3, TS Gateway provides a point-to-point RDP connection, rather than allowing remote users access to all internal resources;

4. TS Gateway enables most remote users to connect to internal network resources hosted behind the internal network firewall using network address translation (NAT), and you do not need to perform additional configuration for TS Gateway or client for this scenario.

Before this Windows Server is published, the security measures prevent remote users from connecting to internal network resources through firewalls or NAT. This is port 3389, the port used for RDP connections, and is usually blocked for security purposes on the firewall. The TS gateway is changed to transmit RDP traffic to port 443 by using an HTTP SSL/TLP channel. Because most companies open 443 ports to enable Intelnet connectivity, TS Gateway uses this network design to provide remote access connections across multiple firewalls.

The TS Gateway plug-in console enables you to configure authorization policies to define conditions that must conform to the internal resources of a remote user connection. For example, you can specify:

1, who can connect network resources (in other words, is able to connect the user group);

2, what network resources (computer group) users can connect;

3. Whether the client computer must be a member of the Active Directory security group;

4, whether to allow the device and disk redirection;

5, whether the client needs smart card authentication or password verification, or whether they are using other methods.

You can configure the TS Gateway server and the Terminal Services client to use NAP to enhance security. NAP is a healthy policy creation, execution, remediation technology, included in Windows XP Service Pack 2, Windows Vista, and Windows Server 2008, and with NAP, system administrators can enforce health requests, including software requests, Security upgrade requests, required computer configuration, and other settings.

Note: Computers running Windows Server 2008 when the TS Gateway enforces NAP cannot be used as NAP clients, only computers running Windows XP SP2 and Windows Vista can be used as NAP clients.