Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
Michael Pietrzak

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 64
Reply with quote  #1 
Hi folks,

We have been pretty happy with our MS RemoteApp infrastructure and will probably be moving forward with it again when we need to upgrade the server.

With increased security a priority on my campus, everything is now firewalled to the hilt. I have been tasked with looking at options to make RemoteApp published applications available via the web.

I realize that RemoteApp has a browser based landing page but that simply opens of 3389 to the server.

I understand I need to run a RemoteApp Gateway (in addition to some other stuff) if I want an application published via 443.

Does anyone have a recommendation for performing\completing this type of task? I see a company called Cameyo but not much else besides that.

We want to eliminate the need to VPN into our network for RemoteApp access.

Thanks in advanced if anyone has any thoughts!

Regards,
Michael 


0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 260
Reply with quote  #2 
Hi, my advice : go for it !
You should not publish RDP (TCP/3389) on the Internet, but instead use Remote Desktop Gateway.
It's a role in the MS Remote Desktop Services Suite. RD Gateway encapsulates TCP/3389 in a HTTPS (TCP/443) packet.  No need for third party stuff (unless you extra have requirements of course).

External RDP Client (over Internet) --443--> Firewall --443--> RDGateway server --3389--> RD Session Host server (full desktop or app).

Here is a good tutorial for RDS : https://nedimmehic.org/2017/01/21/deploying-remote-desktop-services-2016-step-by-step/
Part 13 is about the Gateway, but I advise you to read it all.

Good luck!

__________________
Pieter Demeulemeester
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 313
Reply with quote  #3 
+1 on RDG and you can also offer a HTML5 Client if you implement that. In fact, your powers that be might just be a little happier if you ONLY publish the HTML5 client to the Internet. It has a somewhat limited functionality but in your scenario, it could actually be viewed as an advantage ;-)
__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
Michael Pietrzak

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 64
Reply with quote  #4 
Sounds good everyone. I will take a shot at it this week!

Are there issues anyone knows about if I run all the services on a single machine?
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 260
Reply with quote  #5 
It is possible tot run all RDS files on one single server. In fact it's one of the default scenario's in the installation wizard.
__________________
Pieter Demeulemeester
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 313
Reply with quote  #6 
Quote:
Originally Posted by Michael Pietrzak
Are there issues anyone knows about if I run all the services on a single machine?


If "no redundancy" isn't an issue per se, think about security. You would be putting a domain joined system on the perimeter which, in my world, boils down to opening your LAN to the world.

Within the Microsoft product portfolio, you can do one of two things:
  1. utilize WAP to publish both RDG and RDWeb
  2. create a DMZ forest with a one way trust to production and put RDG in that. You still need a reverse proxy for RDWeb, though.

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.