We use an IAG (soon to be upgraded to a UAG) to do this. It does endpoint checking for any number of things like AV, updates, etc....
John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 From: Guyer, Don [mailto:[email protected]] Sent: Tuesday, June 28, 2011 1:30 PM To: NT System Admin Issues Subject: RE: TS Gateway I would be too.... Don't ask me how (as I am not in charge of end-user systems here), but ours do a "check" of some sort to verify it's a company laptop prior to letting you in. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv [email protected] Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com<http://www.fiserv.com/> From: James Kerr [mailto:[email protected]] Sent: Tuesday, June 28, 2011 12:44 PM To: NT System Admin Issues Subject: Re: TS Gateway In this case the users will be accessing the TS machines from their personal PCs at home or where ever. I'm actually a little apprehensive about it as the machines in question contain private health information. On Tue, Jun 28, 2011 at 12:15 PM, Guyer, Don <[email protected]<mailto:[email protected]>> wrote: We have a half dozen or so 2k8 TS servers, accessible via VPN. Business units are directed to utilize their "own" TS and from there can reach only what/where they need to. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv [email protected]<mailto:[email protected]> Office: 1-800-523-7282 x 1673<tel:1-800-523-7282%20x%201673> Fax: 610-233-0404<tel:610-233-0404> www.fiserv.com<http://www.fiserv.com/> From: David Lum [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, June 28, 2011 12:10 PM To: NT System Admin Issues Subject: RE: TS Gateway It can be on same or different machine, probably should have a firewall between the gateway and the TS app server, so separate is preferable. Dave From: James Kerr [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, June 28, 2011 9:08 AM To: NT System Admin Issues Subject: TS Gateway Heh guys, I have a need to give access to some of our terminal servers to external users. In order to do this I have determined a TS gateway needs to be in place for this. Any advice? Is this something I can add as a role service on an existing TS or does it have to be on a separate machine? Can it be on a DC (just looking at options)? Idealy I would like to point my firewall the the TS gateway server and from there users can connect to the server/apps they need. Obviously I know very little about TS gateways but it looks like that's about to change. Thanks guys, James ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ________________________________ CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
