Share via

Forefront UAG: About Publishing Remote Desktop Services (RDS)

  • Article

Forefront UAG integrates a Remote Desktop Gateway (RD Gateway) to provide an application-level gateway for RDS services and applications. RD Gateway transmits RDP traffic on port 443 using an HTTP SSL/TLS tunnel. Most corporations open this port for Internet connectivity. Forefront UAG uses this traversal capability to allow users to connect to internal applications and resources hosted behind firewalls in private networks, and across network address translation (NAT) devices, without the need to install additional software on the client endpoint. Using this capacity you can allow access to the following:

  • Remote Desktops - you can provide full access to Remote Desktops within the organization
  • RemoteApp applications - you can publish single or multiple RemoteApps on a single RDS server, or multiple servers by using a Remote Desktop Connection Broker (RD Connection Broker)

Publishing RDS via UAG provides the following benefits:

  • Authentication ─ UAG enhances authentication by providing a wide range of additional authentication methods, including smartcards, one-time passwords, and token authentication. You can require users to authenticate to the  UAG server, ensuring that only authenticated traffic reaches backend RDS servers. In addition, you can configure single sign on to pass credentials used for session log on to authenticate to RemoteApps.
  • Access control and endpoint health ─ UAG enhances the authorization checks of the RD Gateway by enabling client computer (a.k.a. endpoint) health checks. This is important when determining which remote application capabilities (drive mapping, printers, or clipboard integration), other than the basic screen and keyboard, are available to end users. You can verify endpoint health by using inbuilt access policies, Network Access Protection (NAP) policies, or a combination of inbuilt policies and NAP policies. You can create proprietary Forefront UAG access policies, or use access policies downloaded from a Network Policy Server (NPS).
  • Single point of access ─ You can provide access to all Remote Desktops and RemoteApps from a single Forefront UAG portal.
  • Ease-of-management — RD Gateway integration allows you to configure and manage RD Gateway from within the Forefront UAG Management console.
  • Deployment and high-availability ─ By deploying an array of Forefront UAG servers to publish RDS, and implementing Forefront UAG integrated network load balancing across the array nodes, you can provide high availability to the RemoteApps and Desktop Connections that you publish.

Where can I get more information?

UAG with RDS Solution Guide - http://technet.microsoft.com/en-us/library/dd861391.aspx

UAG with RDS Solution Guide as a download - http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=d192c703-e30b-4d47-9992-12b84c7554cb