For information about how to configure TS Gateway to use NAP for health policy enforcement for Terminal Services clients that connect to TS Gateway servers, see the TS Gateway Server Ste
Trang 1In Windows Server 2008, administrators can now choose to install a minimal environment that avoids extra overhead Although this option limits the roles that can be performed by the server, it can improve security and reduce management This type of installation is called a Server Core installation option
To learn more,
please turn to
7.05 Server
Trang 2Section 3: Centralized Application Access
3.01 Centralized Application Access Introduction 25
Scenario Value Proposition 25
Special Hardware Requirements 25
3.02 Terminal Services Core Functionality 26
Remote Desktop Connection 6.1 26
Plug and Play Device Redirection for Media Players and Digital Cameras 27
Microsoft Point of Service for NET Device Redirection 27
Configuring a Remote Desktop Protocol File 28
Using Redirected Microsoft POS for NET Devices 28
Remote Desktop Connection Display 28
Custom Display Resolutions 29
Monitor Spanning 29
Desktop Experience 29
Desktop Composition 30
Adjusting Additional Settings 30
Client Configuration 30
Font Smoothing 31
Display Data Prioritization 31
Single Sign-On 32
Prerequisites for Deploying Single Sign-On 32
Recommended Configuration of a Terminal Server When Using Single Sign-On 33
3.03 Terminal Services Gateway 34
TS CAPs 37
Computer Groups Associated With TS RAPs 37
TS RAPs 38
Monitoring Capabilities 38
Group Policy Settings for TS Gateway 39
3.04 Terminal Services RemoteApp 41
Additional References 42
3.05 Terminal Services Web Access 43
Lets You Easily Deploy RemoteApps Over the Web 44
Deployment 44
List of RemoteApps Is Dynamically Updated 44
Includes the TS Web Access Web Part 45
3.06 Terminal Services Printing 46
Group Policy Settings 47
3.07 Terminal Services Session Broker 49
Group Policy Settings 50
Additional Information 51
3.08 Terminal Services Licensing 52
3.09 Windows System Resource Manager 54
Installing Terminal Server 54
Resource-Allocation Policies 54
Monitoring Performance 55
Trang 3For information about how to configure TS Gateway to use NAP for health policy enforcement for Terminal Services clients that connect to TS Gateway servers, see the TS Gateway Server Step-by-Step Setup Guide
(ISA) Server to enhance security In this scenario, you can host TS Gateway servers
in a private network rather than a perimeter network (also known as a DMZ, demilitarized zone, and screened subnet), and host ISA Server in the perimeter network The SSL connection between the Terminal Services client and ISA Server can be terminated at the ISA Server, which is Internet-facing
For information about how to configure ISA Server as an SSL termination device for TS Gateway server scenarios, see the TS Gateway Server Step-by-Step Setup Guide (http://go.microsoft.com/fwlink/?linkid=79605)
Gateway connection status, health and events By using TS Gateway Manager, you can specify events (such as unsuccessful connection attempts to the TS Gateway server) that you want to monitor for auditing purposes
If your organization makes Terminal Services-based applications and computers that run Remote Desktop available to users from outside your network perimeter, TS Gateway can simplify network administration and reduce your exposure to security risks
TS Gateway can also make it easier for users because they do not have to configure VPN connections and can access nextref_ts_gateway servers from sites that can otherwise block outbound RDP or VPN connections
You should review this section and the additional supporting documentation about TS Gateway if you are in any of the following groups:
mobile solution products
desktops For TS Gateway to function correctly, you must meet these prerequisites:
want to configure as a TS Gateway server
Gateway to function:
Trang 4o The remote procedure call (RPC) over HTTP Proxy service
o Web Server (IIS) (Internet Information Services 7.0) (IIS 7.0 must be installed and running for the RPC over HTTP Proxy service to function.)
as a Remote Authentication Dial-In User Service (RADIUS) server — is already deployed for remote access scenarios such as VPN and dial-up networking, you can use the existing NPS server for TS Gateway scenarios
as well By using NPS for TS Gateway, you can centralize the storage, management, and validation of Terminal Services connection authorization policies (TS CAPs)
When you use Server Manager to install the TS Gateway role service, these additional role services and features are automatically installed
one already By default, on the TS Gateway server, the RPC/HTTP Load Balancing service and the IIS service use TLS 1.0 to encrypt communications between clients and TS Gateway servers over the Internet For TLS to function correctly, you must install an SSL certificate on the TS Gateway server
The certificate must meet these requirements:
o The name in the Subject line of the server certificate (certificate name, or CN) must match the name that is configured on the TS Gateway server
o The certificate is a computer certificate
Extended Key Usage (EKU) is Server Authentication (1.3.6.1.5.5.7.3.1)
Trang 5including those on Windows Server 2008, Windows Server 2003, Windows Vista and Windows XP–based computers
To access RemoteApp programs that are deployed as rdp files or as Windows Installer packages, the client computer must be running Remote Desktop Connection (RDC) 6.0 or RDC 6.1 (RDC 6.1 supports Remote Desktop Protocol 6.1.) A supported version of the RDC client is included with Windows Vista and Windows Server 2008
Note
The RDC version 6.0 software is available for use on Windows XP with SP2 and Windows Server 2003 with SP1 You can download the installer package from article 925876 in the Microsoft Knowledge Base
To access RemoteApp programs through TS Web Access, the client computer must be running RDC 6.1 RDC 6.1 is included with Windows Server 2008 and Windows Vista with SP1