churchIT

I must admit that Windows Server 2008 is a product release that I have looked forward to for a long time.  Terminal Services, Hyper-V, Group Policy Preferences, RODC, Server Core and other features really make this a great upgrade from a technology standpoint.

One of the technologies that I wanted to test right away was Terminal Services Gateway.  This has been available through 3rd party software like Citrix for years.  At Sagemont, our use of Terminal Services is limited to thin clients and access to Shelby V5 for our user that that office outside our main campus.  I also allowed a few test users RDP access to Terminal Services outside the firewall but this is not very secure.

I am starting to get more feedback from staff that want to be able to work from home.  Especially when they found out about our test RDP users.  Now with Terminal Services Gateway (TSG) I can securely and easily deploy Terminal Services to all employees.  It allows an employee to access Terminal Services over the Internet via RPC over HTTPS.  RPC/HTTPS is the same technology that Outlook uses for Outlook Anywhere.  What is great about TSG is that you can create policies that control user access to specific resources.  There is a Connection Authorization Policy (CAP) that specifies what users and or computers can connect to the gateway and what type of Device Redirection is allowed.  For us we will probably just allow printer redirection for users connection from non-trusted computers.  For users that connect from a church issued laptop that is a domain client then we could allow drive redirection.  Then Resource Authorization Policies (RAP) are created to allow users access to Terminal Server groups.

So far TSG has tested out very well and I will have several users test it out this week.  The next steps will be to activate Windows Server 2008 on the gateway server.  Then I will be acquiring a certificate from a well known CA to make things easier on the staff when they connect.