.NET Information center: Terminal Services Gateway (TS Gateway)

Friday, June 11, 2010

Terminal Services Gateway (TS Gateway)

Terminal Services Gateway (TS Gateway) is a role service in the Terminal Services server role of Windows Server® 2008 that allows authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device. The network resources can be terminal servers, terminal servers running RemoteApp programs, or computers with Remote Desktop enabled.

TS Gateway uses Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run.

What does TS Gateway do?

TS Gateway provides many benefits, including:

TS Gateway enables remote users to connect to internal network resources over the Internet, by using an encrypted connection, without needing to configure virtual private network (VPN) connections.
TS Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources.
TS Gateway provides a point-to-point RDP connection, rather than allowing remote users access to all internal network resources.
TS Gateway enables most remote users to connect to internal network resources that are hosted behind firewalls in private networks and across network address translators (NATs). With TS Gateway, you do not need to perform additional configuration for the TS Gateway server or clients for this scenario.
Prior to this release of Windows Server, security measures prevented remote users from connecting to internal network resources across firewalls and NATs. This is because port 3389, the port used for RDP connections, is typically blocked for network security purposes at the firewalls. TS Gateway transmits RDP traffic to port 443 instead, by using an HTTP Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel. Because most corporations open port 443 to enable Internet connectivity, TS Gateway takes advantage of this network design to provide remote access connectivity across multiple firewalls.