Remote Management Options Flashcards
Remote Desktop
A Windows utility that displays the graphical user interface of a remote device. You can use Remote Desktop solutions to remotely manage a computer or allow support personnel to view and troubleshoot a remote user’s system.
Remote Desktop Protocols
Remote desktop connections can use multiple protocols.
Virtual Network Computing (VNC) was originally developed for UNIX. Applications using VNC include RealVNC, TightVNC, UltraVNC, and Vine Server.
Independent computing architecture (ICA) with HDX (High-definition experience) is the protocol used by Citrix products (XenApp, XenDesktop, NetScaler Gateway, etc.). ICA/HDX uses TCP and UDP port 1494 and 2598 for Session Reliability.
The remote desktop protocol (RDP) is the protocol developed by Microsoft and used in Microsoft Remote Desktop Services and Remote Assistance solutions. Aqua Connect has licensed RDP and created a version for macOS Server. RDP uses TCP and UDP port 3389.
Most remote desktop protocols support the following features:
Client software for a variety of operating systems.
Server software for a limited number of operating systems.
The ability to show a remote desktop in a browser without installing client software.
The redirection of printing, sound, or storage from the server to devices connected to the client.
RD Gateway
RD Gateway is a role service that allows users with the Remote Desktop Connection client and an internet connection to securely access computers on an internal network.
RD Gateway enables connections to Remote Desktop Session Hosts and connections to other computers running Remote Desktop.
RD Gateway encrypts the Remote Desktop Protocol (RDP) data using SSL over HTTP. This means that Remote Desktop communications use port 443, a port that is already allowed through most firewalls. This enables the remote connection without having to configure a separate VPN connection.
RD Gateway restricts access to computers on the private network that is running RDP. Additionally, you can further restrict access to specific servers.
RD Gateway Configuration
To configure access using RD Gateway.
Obtain an SSL certificate for the RD Gateway server.
The subject name in the certificate must match the name of the server that has the RD Gateway role service installed.
The RD Gateway must be configured with a certificate that is issued from a certificate authority (CA) that is trusted by the client computers.
Add the RD Gateway role service to a Windows Server 2016 server.
In a production deployment, the RD Gateway server will have a connection to both the internet and the private network.
The RD Gateway server typically does not run the Remote Desktop Session Host role service.
The RD Gateway server must be a domain member if it uses Active Directory accounts in an RD Connection Authorization Policy (CAP) or RD Remote Authorization Policy (RAP), or if you are using a load-balanced RD Gateway server farm.
Make sure the following services are added if necessary:
Remote Procedure Call (RPC) over HTTP Proxy
IIS 7.5
Network Policy and Access Services with the Network Policy Server (NPS) role service
Open port 443 in the external firewall and port 3389 (or the custom port you specified in the RD RAP) in the internal firewall.
Connection and Authorization Policy (RD CAP)
A Connection Authorization Policy identifies the users who can establish a connection through the RD Gateway server. The policy can restrict access based on:
User group membership.
Computer group membership.
Supported authentication method (either password or smart card.)