Deploying Remote Desktop Gateway Step-by-Step Guide
Applies To: Windows 7, Windows Server 2008 R2
About this guide
This step-by-step guide walks you through the process of setting up a working Remote Desktop Session Host (RD Session Host) server accessible by using Remote Desktop Gateway (RD Gateway) in a test environment. During this process, you will create a test deployment that includes the following components:
An RD Gateway server
An RD Session Host server
A Remote Desktop Connection client computer
This guide assumes that you previously completed the steps in the Installing Remote Desktop Session Host Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=147292), and that you have already deployed the following components:
An RD Session Host server
A Remote Desktop Connection client computer
An Active Directory Domain Services domain controller
This guide includes the following topics:
The goal of RD Gateway is to enable authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be RD Session Host servers, RD Session Host servers running RemoteApp programs, or computers with Remote Desktop enabled.
What this guide does not provide
This guide does not provide the following:
An overview of Remote Desktop Services.
Guidance for setting up Active Directory Domain Services or an RD Session Host server. This information can be found in the Installing Remote Desktop Session Host Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=147292). For a downloadable version of this document, see the Installing Remote Desktop Session Host Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkId=147293) in the Microsoft Download Center.
Important
If you have previously configured the computers in the Installing Remote Desktop Session Host Step-by-Step Guide, you should repeat the steps in that guide with new installations.
Guidance for setting up a perimeter network or firewall rules. This information can be found in the RD Gateway deployment in a perimeter network & Firewall rules (https://go.microsoft.com/fwlink/?LinkId=210571).
Complete technical reference for Remote Desktop Services.
Technology review
RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to help establish a secure, encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run.
To function correctly, RD Gateway requires several role services and features to be installed and running. When you use Server Manager to install the RD Gateway role service, the following additional roles, role services, and features are automatically installed and started, if they are not already installed:
Remote procedure call (RPC) over HTTP Proxy
Web Server (IIS) [Internet Information Services]
IIS must be installed and running for the RPC over HTTP Proxy feature to function.
Network Policy and Access Services
Scenario: Deploying Remote Desktop Gateway
We recommend that you first use the steps provided in this guide in a test lab environment. Step-by-step guides are not necessarily meant to be used to deploy Windows ServerĀ® features without additional deployment documentation and should be used with discretion as a stand-alone document.
Upon completion of this step-by-step guide, you will have an RD Session Host server that users can connect to with the Remote Desktop client computer by using RD Gateway. You can then test and verify this functionality by connecting to the RD Session Host server by using RD Gateway from the Remote Desktop client as an authorized remote user.
The test environment described in this guide includes four computers connected to a private network using the following operating systems, applications, and services.
Computer name | Operating system | Applications and services |
---|---|---|
CONTOSO-DC |
Windows Server 2008 R2 |
Active Directory Domain Services (AD DS), DNS |
RDSH-SRV |
Windows Server 2008 R2 |
RD Session Host |
CONTOSO-CLNT |
Windows 7 |
Remote Desktop Connection |
RDG-SRV |
Windows Server 2008 R2 |
RD Gateway |
The computers form a private network and are connected through a common hub or Layer 2 switch. This step-by-step exercise uses private addresses throughout the test lab configuration. The private network ID 10.0.0.0/24 is used for the network. The domain controller is named CONTOSO-DC for the domain named contoso.com. The following figure shows the configuration of the test environment.