Enhance TS Gateway Security with ISA Server 2006

Following on the success of Outlook Anywhere in Exchange Server 2007, Windows Server 2008 in turn delivers the capability to access your desktop from anywhere in a secure and controlled manner.

The new Terminal Server Gateway service (TS Gateway) in Windows Server 2008 offers the flexibility of Windows Terminal Server Services plus the ability to connect to a Terminal Server from anywhere over an HTTP connection. This service uses Remote Desktop Protocol (RDP) over HTTPS (SSL) to increase security while providing a single client interface for accessing Terminal Services resources.

image

This new TS Gateway service offers significant benefits to those who need to access their computers remotely:

  • No need to establish a Virtual Private Network (VPN) session prior to connecting to internal resources using RDP.
  • Enhanced security using Network Access Protection (NAP) and Windows Security Health Checks to control RDP connections.
  • No need to open TCP port 3389 inbound to enable more secure Web publishing through firewalls.

You can use Microsoft Internet Security and Acceleration (ISA) Server 2006 to enhance the security of TS Gateway service while allowing external access to internal resources. You can set up an SSL-to-SSL bridging scenario in which ISA Server 2006 receives requests and passes them to the internal TS Gateway service, also using HTTPS. While bridging the request, the ISA firewall decrypts the SSL communications and performs application-layer inspection.

If the HTTP protocol stream passes inspection, then the communication is re-encrypted and forwarded to the Terminal Services proxy. If the protocol stream fails inspection, the connection is dropped.

Check out the details in the rest of this article that I wrote together with Yuri Diogenes for TechNet magazine.

http://technet.microsoft.com/en-us/magazine/2008.09.tsg.aspx

Thanks!

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP – Forefront Edge Security (ISA/TMG/IAG)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top