Even if they aren't accessed externally I think a cert from a public CA makes sense because you don't have to distribute an internal cert to the devices that need it. If for some reasons down the track the apps are made available externally then there is no work to do. Personal choice of cause but all up including labour hours I think a public cert is cheaper, quicker and easier.
You can put the web front end and RDG(if you are going to use it which it sounds like you may not) on a separate server. You would only need one for the type of load you have indicated. They sit in front of the connection broker as such. I agree with Ken on the HA side of things. Do the users browse to a website now to access the apps and this is what you want with Remote desktop services? I ask as if it is just for internal use you may like to just publish the apps to the desktops. James. -----Original Message----- From: Michael Leone [mailto:[email protected]] Sent: Friday, 22 March 2013 3:07 AM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Wed, Mar 20, 2013 at 7:53 PM, James Hill <[email protected]> wrote: > Get a cert from a public CA. Far less hassle and they are very inexpensive. These are internals apps, so they won't be accessed by the public, or over a public Internet (well, perhaps over VPN). And being a government agency, we can get certs for free from another agency. > Why do you want to separate the web front end? Load balancing by our hardware Cisco ACE appliance. Also it then enables use to send the session to any available session host. Separating out the web front end from the back end RDSH servers (aka the server farm) is also the current configuration we have with our Citrix environment, and is I believe the recommended design for something like this. (I am told). What we want, or will have, is 2 web front ends and 3-4 back end session hosts. > > James. > > -----Original Message----- > From: Michael Leone [mailto:[email protected]] > Sent: Thursday, 21 March 2013 4:40 AM > To: NT System Admin Issues > Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! > > SO I am making progress! I had already installed the RDS as a role, > but that didn't configure the deployment. So I went to Server Manager, > clicked on RDS, and clicked on Deploy. It then went into what seemed > like an install of RDS as a service (which had failed before). This > time, however, the deploy step went through without error. I rebooted > at the end, and after I logged back in, I was able to install an app > (Notepad++), and then I was able to add it to a Quick Session > Collection, publish it as a RemoteApp, and I was able to access it remotely. > > w00t! > > Definite progress. So now I need to make my own collection, add an app > to it. Then investigate how to use a separate web server front end for > it (to separate the RDS hosts from the web access). > > And probably give it our self-signed internal certificate, to stop it > complaining about untrusted publishers of the app. > > So I am definitely further along than I was. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
