Remote Desktop Web Access and Resulting Internet Communication in Windows Server 2008 R2
Updated: December 16, 2009
Applies To: Windows 7, Windows Server 2008 R2
In this section
This section provides overview information and suggestions for other sources of information about balancing your organization’s requirements for communication across the Internet with your organization’s requirements for protection of networked assets. It is beyond the scope of this document to describe all aspects of maintaining appropriate levels of security in an organization running servers that use Remote Desktop Web Access (RD Web Access) to offer applications across the Internet.
Remote Desktop Web Access (RD Web Access), formerly Terminal Services Web Access (TS Web Access), enables users to access RemoteApp and Desktop Connection through the Start menu on a computer that is running Windows® 7 or Windows Server® 2008 R2 or through a Web browser. RemoteApp and Desktop Connection provides a customized view of RemoteApp programs and virtual desktops to users.
Additionally, RD Web Access includes Remote Desktop Web Connection, which enables users to connect remotely from a Web browser to the desktop of any computer where they have Remote Desktop access.
When a user starts a RemoteApp program, a Remote Desktop Services session is started on the Remote Desktop Session Host (RD Session Host) server that hosts the RemoteApp program. If a user connects to a virtual desktop, a remote desktop connection is made to a virtual machine that is running on a Remote Desktop Virtualization Host (RD Virtualization Host) server.
The Web Server (IIS) role is installed as a required component when you install RD Web Access. For information about some of the security-related features in IIS, and links to additional information, see Internet Information Services and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2 in this document.
In addition, you can deploy RD Web Access with the Remote Desktop Gateway (RD Gateway) role service to enable users to connect from the Internet without having to first establish a virtual private network (VPN) connection. RD Gateway helps you secure remote connections to resources on your corporate network, such as RD Session Host servers, RemoteApp programs, or virtual desktops. For information about some of the security-related features in RD Gateway, and links to additional information, see Remote Desktop Gateway and Resulting Internet Communication in Windows Server 2008 R2 in this document.
When you install RD Web Access, the following default settings apply:
The RD Web Access Web site uses Forms-based authentication.
The RD Web Access Web site is configured to use HTTPS for client connections to the Web site. The default port that is used for Secure Sockets Layer (SSL) connections is TCP port 443.
When you install RD Web Access, Windows Firewall is automatically configured to allow Windows Management Instrumentation (WMI) traffic. The RD Web Access server must be able to communicate through WMI to the RD Session Host source server that hosts the RemoteApp programs. Therefore, if the RD Web Access server is located in the perimeter network to allow access from the Internet, you must ensure that the firewall rules allow WMI traffic from the RD Web Access server to the RD Session Host source server in the internal network.
|To view the firewall rules that are created for WMI when you install RD Web Access, open Windows Firewall with Advanced Security (available in the Administrative Tools folder).|
Remote Desktop Web Access Help in the Windows Server 2008 R2 Technical Library
Remote Desktop Services in the Windows Server 2008 R2 Technical Library
Remote Desktop Gateway and Resulting Internet Communication in Windows Server 2008 R2
Remote Desktop Licensing and Resulting Internet Communication in Windows Server 2008 R2