�����s really easy to set up and works quite well in my experience. There are only a couple of potential gotchas that I found.
1) Each TS Gateway user or device requires a TS CAL. 2) Wildcard certs work fine, but you need to have XP SP����s RDP client on XP, or Service Pack 1 on Vista. I do����t think you can download the Vista SP1 RDP client by itself. From: Tom Miller [mailto:[email protected]] Sent: Thursday, April 30, 2009 3:39 PM To: NT System Admin Issues Subject: Re: Remote access options TS 2008, Gateway Role, is over SSL only. I set up a nat on my firewall and https only to the gateway server and that's all you need to do (other than configuring the Gateway role, getting a certificate for the farm, blah blah blah.........) >>> Jeff Brown <[email protected]> 4/30/2009 1:29 PM >>> Our firewall allows for a relatively simple ssl connection, which then grants access to a TS server. Very simple to deploy and use, and (I think) more secure than a hole straight through to a TS server on network or DMZ. On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller <[email protected]> wrote: Terminal Server 2008 has the Gateway role for external users. Still clunky compared to Citrix, but much less costly. I have a Citrix farm for external users, and starting to use Terminal Server for internal users. I'd go 100% Citrix if it were not so ridiculously expensive. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 >>> "Erik Goldoff" <[email protected]> 4/30/2009 12:23 PM >>> You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Joe Heaton [mailto:[email protected]] Sent: Thursday, April 30, 2009 12:17 PM To: NT System Admin Issues Subject: RE: Remote access options That���s more the way ����m leaning as well, d�����t want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I do����t have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From: Erik Goldoff [mailto:[email protected]] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Joe Heaton [mailto:[email protected]] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With the ���pandem�����,�����ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I���ve decided to ask you guys what y�����re using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN ��� simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix���� same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I���d want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [email protected] Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
