How do you do....it? Thread, Network entry in Technical; Hello,
I'd like to create a single point of entry to our network from the outside and to be able ...
23rd December 2008, 10:34 AM #1
I'd like to create a single point of entry to our network from the outside and to be able to publish/set up some kind of routing system to access devices/services within.
I'm looking at I suppose an ISA style set up but whether this will do what I'm after I don't know; and I'd like some best practice.
Things it needs to allow me to do:
1) Single login (authenticated against AD) through some kind of webpage/applet?
2) Allow RDP to 'any' internal IP or have a list of boxes to choose from.
3) Allow HTTP access to 'any' internal IP or have a list of sites/services to choose from.
I guess really a VPN solution might be easier, but I'm just wondering whether there is some means of achieving this?
I'm imagining it'd need to create some kind of port redirect if I had say 3 open ports on the firewall it could dynamically ssh tunnel or something?
Or would it just be easier to have a box running ISA with Terminal Services web connector to RDP to itself and from there to wherever?
Many thanks for your time.
IDG Tech News
23rd December 2008, 10:43 AM #2
Microsoft Windows 2008 TS Gateway, HTTPS page, so you don't have to worry about NAT\Firewall to the end user, you only also need to open\forward port 443 on your firewall.
Thanks to matt40k from:
kmount (23rd December 2008)
23rd December 2008, 10:55 AM #3
Wow, that sounds like the ticket!
23rd December 2008, 10:59 AM #4
If you want to make it a little more shiny for users TSWeb Access lets you run applications as though they're local, rather than having a second desktop. They're still running on the server and have normal access to the network, but appear on your own desktop.
23rd December 2008, 11:39 AM #5
RemoteApps.... looks a cool feature. Might be good to allow staff a copy of office at home, without giving them the CD. Yes, you Office license allows you a copy at home and at work. This would be a nice way to limit it to current staff only.
23rd December 2008, 02:26 PM #6
24th December 2008, 10:32 AM #7
Server 2008 TS Gateway will do the job just fine.
Currently our IT Support team members use Remote Desktop to access their office workstations while at home, rather than using a VPN, directly RDP'ing to the workstations was just easy and simple.
However, I have always worried about the level of security of RDP traffic through our primary Internet connection. So when we started to roll out 2008 boxes in the server farm I decided to setup a TS Gateway Server just for a play around - Now we all use it by standard!
Basically the RDP packet payload is encapsulated in SSH then bundled into an SSL session, essentially making the Remote Desktop session impossible to listen to on the wire Plus it gives the added bonus of allowing anyone with an external workstation that has port 443 access to the Internet can remote into their office machine (providing the client has the latest version of the MS RDP application).
Last edited by Zimmer; 24th December 2008 at 10:34 AM.
24th December 2008, 02:19 PM #8
Native RDP without going through any form of security / encryption is being closed down within Northants, hence Kim's look at other methods.
Now all I need to do is to dig out which schools are using native RDP, find out which servers they are going to (some might actually be connecting directly to DCs or the MIS box) and give them some advice / example of how other local / national schools are doing things.
28th February 2012, 10:20 AM #9
TS Gateway works well....
28th February 2012, 11:22 AM #10
I would just go all out with either a VPN (we use TMG for ours) - that way you will have full seamless remote access to your network (has been a big hit with out teaching staff).
That or have a look at Forefront UAG - it gives you that 'web portal' like experiance you have described.
By jcs808 in forum Windows
Last Post: 28th February 2012, 10:57 AM
By Gatt in forum BETT 2013
Last Post: 15th January 2009, 05:02 PM
By djmiles in forum MIS Systems
Last Post: 26th November 2008, 07:12 PM
By Gibbo in forum Windows
Last Post: 23rd July 2008, 03:12 PM
By mark80 in forum MIS Systems
Last Post: 7th June 2007, 02:53 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread