Terminal Server Gateway is a service role in the Windows Server 2008 Terminal Server role that allows authorized remote users to connect to resources on a company's internal or private network from any Internet-connected device. The network resource can be a terminal server, a terminal server running a remote application, or a remote desktop-enabled computer.
What can TS Gateway do?
TS Gateway provides many conveniences, including:
1. TS Gateway is a resource that enables remote users to connect to intranet resources through the Internet, using an encrypted connection without the need to configure a VPN connection;
2. TS Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources;
3. TS Gateway provides a point-to-point RDP connection instead of allowing remote users to access all internal resources;
4. TS Gateway enables most remote users to connect to internal network resources hosted behind the internal network firewall through Network Address Translation (NAT). Using TS Gateway, you do not need to perform additional steps for TS Gateway or clients for this scenario. configuration.
Before the release of Windows Server , security measures prevented remote users from connecting to internal network resources through firewalls or NAT. This should be port 3389, which is the port used for RDP connections and is usually blocked on firewalls for security purposes. TS Gateway instead transmits RDP traffic to port 443, using an HTTP SSL/TLP tunnel. Since most companies open port 443 to enable Intelnet connections, TS Gateway takes advantage of this network design to provide remote access connections across multiple firewalls.
The TS Gateway plug-in console enables you to configure authorization policies to define the conditions that remote users must meet to connect to internal resources. For example, you can specify:
1. Who can connect to network resources (in other words, the user group that can connect);
2. What network resources (computer groups) users can connect to;
3. Whether the client computer must be a member of the Active Directory security group;
4. Whether to allow device and disk redirection;
5. Whether the client requires smart card authentication or password authentication, or whether they use other methods.
You can configure TS Gateway servers and Terminal Services clients to use NAP to enhance security. NAP is a health policy creation, enforcement, and remediation technology included in Windows XP Service Pack 2, Windows Vista?, and Windows Server 2008. Using NAP, system administrators can enforce health requests, including software requests and security upgrade requests. Required computer configuration, and other settings.
Note: When TS Gateway forces NAP, computers running Windows Server 2008 cannot be used as NAP clients. Only computers running Windows XP SP2 and Windows VIsta can be used as NAP clients.