Windows Services 2008 Terminal Services Gateway
For the last year or so, I have been using my Laptop to allow me to connect to my server hosted in VM at my home.
I had to use port forwarding to forward 3389 to my machine but I was reasonably happy (not thrilled) with the performance over Verizon’s EVDO rev A broadband network.
I have been in a constant struggle of wanting a powerful laptop to host the 4-5 virtual machines on the road and portability. I could go out and get a T61P and load it up with 8GB of RAM. But, lately I have been thinking that I don’t want to carry my laptop around, I actually am thinking of something like the MSI Wind netbook to satisfy my need for always connected.
The other issue is that I now have an Amazon Kindle and I don’t want to carry anything big around anymore. The Kindle is a topic for another post.
So, enter RDP over HTTPS, sound familiar? Well it basically uses the RPC over HTTPS that Outlook 2007 uses and tunnels your Terminal Services connection. Cool right? Now you tunnel through your corporate firewall to your home machine.
First you need to use the RDC (Remote Desktop Client) 6.1 that comes with Vista, or you can download an update for Windows XP from Microsoft.
Notice on the advanced tab you can specify the Terminal Service Proxy server. This is usually the server that is Internet facing. (You only need to open port 443 SSL, Yippee!)
On your server you will need to install the Terminal Services Role and then select TS Gateway. I am not going to go through the whole setup, as there are many detailed guides on the net.
Sample Status screen
RDC Screenshot
So every solution has some issues, here are some that you may face.
1. TS Gateway doesn’t support RDC sessions within a session. Yes I know many people including myself like to RDP into a machine and then from that machine traverse the internal network.
2. You cannot connect to machines that are not in the domain that the TS Gateway is in. Sadly there is no way to connect to a machine in a workgroup with this method. Nor is there a way to connect to another group of machines in another domain if there is NO trust. I had a few development VMs so I had to enable a forest trust so I could authenticate to the machines.