Jaa


Introduction to SBS 2011 Standard Remote Web Access (RWA)

[Today’s post comes to us courtesy of Moloy Tandon and Richard Pulliam from Commercial Technical Support]

Remote Web Workplace (RWW) has been a key feature for the SBS line of products since SBS 2003. It provides a central web location for remote workers to access corporate resources no matter where they are. With the onset of Windows Small Business Server (SBS) 2011 Standard, the new name for RWW is RWA or Remote Web Access. In SBS 2011 Standard Remote Web Access (RWA) has been revamped for greater usability, customizations and additional features such as file sharing.

For full access to the RWA feature set from the internet, you must ensure the following:

  • TCP 443 and TCP 987 are open on your internet firewall
  • Clients are running Internet Explorer 6.0 SP2 or higher
  • The RDP 6.1 or higher is installed on the client machine
  • The client must trust the SSL certificate that is installed on the Default Web Site
  • The client must connect using the URL that matches the common name on the certificate


User Interface

The user interface has gone through some significant upgrades to provide a more up to date look and feel. It is also customizable on a per user basis, to give the end sure some flexibility on how they want the User Interface to be organized. The logon screen shown below will use Forms Based Authentication similar to previous versions.

clip_image002

Once you are authenticated you will be brought to a customized page, both based on your user preference and your account access level.

clip_image004

From one centralized location, users can perform the following task:

  • Check their e-mail by launching OWA
  • Access the company’s Internal Web Site (Companyweb)
  • Access Shared Folders – This is a new feature introduced in SBS 2011 and will be discussed in detail in a separate blog post
  • Access internal computers (leverages RD Gateway, explained later in this blog post)
  • Change their domain password
  • Access Organizational and Administrative Links as defined by your company’s network administrator


RWA Gadget Configuration

Upon logging into RWA, you will notice that email, computers, shared folders, links, and such are organized in different groupings, which known as “gadgets”. Each loads independently of each other, allowing you to choose which gadgets/links are displayed on the RWA home page by accessing the Remote Web Access Properties page from Windows SBS Console > Shared Folders and Web Sites tab > Web Sites sub-tab. Changes made to the RWA Home page links will affect all users.

clip_image006

When users log into RWA they will see Organization Links. If they are a member of the “Windows SBS Admin Tools Group”, they will also see the Administrative Links list. You can control what links appear in the Organization and Administrative Links lists. To edit this list from Windows SBS Console.

clip_image007

Gadget Location Customization

The gadgets on the home page of RWA can be moved freely around the screen to give the end user the ability to customize the look to their preference. All of the user preferences are stored in an XML files located in “C:\Program Files\Windows Small Business Server\Data\RemoteAccessProfiles\”. The filename is based on the user SID + username. We will talk more about gadget customization in a separate blog post.

clip_image009


File Sharing

File Sharing is a new component of RWA introduced in SBS 2011 Standard. It will allow remote users to access files on SBS server shares. This feature will be discussed in detail in a separate blog post.


Connect to Computer

The Connect to Computer feature of RWA allows users to connect to their work computer from anywhere in the world as long as they have internet connection. This feature hasn’t changed much from SBS 2008. You can refer to this blog post for detailed understanding of this feature under the section ‘Connect to a Computer’.

Remote Desktop Gateway (RDP Gateway), formerly called TS Gateway in SBS 2008, is the technology used on the backend to accomplish the ‘Connect to Computer’ functionality in SBS 2011 Standard. RD Gateway allows TS clients to establish secure connections over SSL (443) using RPC Proxy, also known as RDP over HTTPS. To learn more about Remote Desktop Gateway see the following TechNet link:

https://technet.microsoft.com/en-us/library/dd560672(WS.10).aspx

Certificates

In order for clients to be able to establish a connection to the Remote Desktop Gateway server, the following must be true:

  • The Name of the certificate must match your public URL that the clients are using to connect to.
  • The Certificate chain must be trusted by your client machine.
  • The Certificate needs to be valid in terms of the date/time.

You can choose to either use the self-signed certificate for RWA generated by the Internet Address Management Wizard, or purchase a trusted 3rd party SSL certificate issued from a public authority. If you choose the self-signed certificate, you need to ensure the client machines have the root certificate installed. Refer to the following post, which also applies to SBS 2011 Standard, for further instructions:

How Do I Distribute the SBS 2008 Self-Signed SSL Certificate to My Users?

If you want to use a trusted public cert, you’ll need to run the Add a Trusted Certificate Wizard to install it on the server. The advantage of this method over the first is that there will be no need to install a certificate on the client. For further information about the wizard, refer to the following post which also applies to SBS 2011 Standard:

Introducing the “Add a Trusted Certificate Wizard” in SBS 2008

Comments

  • Anonymous
    January 01, 2003
    Hi Mustafa, You'll need to install the RDP gateway console first, using the procedure found insupport.microsoft.com/default.aspx.  You can then open the console, go to the properties of the server object, and click on the "SSL Certificate" tab where you can import the existing cert.

  • Anonymous
    March 10, 2011
    Hi I've just completed a migration from SBS 2003 to SBS 2011. I've installed a wild card certificate from GoDaddy, but i have used the Exchange management console to install it and then selected the SMTP and IIS services for assignment. OWA, RWW, etc works well. However when a user tries to connect to an internal computer, the server prompts a security warning saying the certificate is untrusted (this is because the server is picking up the self-signed certificate). I've tried re installing the GoDaddy SSL certificate using the Add a trusted certificate wizard, but still receive the same warning. Is there a way in the RDP gateway to specify which server to use (like in the TS gateway manager in SBS 2008) ?

  • Anonymous
    October 28, 2014
    I have a client with SBS 2011, using RWA for a while, about 2 weeks now as soon they login to RWA and click ok, and session close, without any error. help please

  • Anonymous
    December 01, 2015
    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    http://showboxandroids.com/showbox-apk/
    http://showboxappandroid.com/
    Latest version of Showbox App download for all android smart phones and tablets. http://movieboxappdownloads.com/ - It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    http://showboxappk.com/showbox-for-ipad-download/
    http://showboxappk.com/showbox-for-iphone/
    Showbox for PC articles:
    http://showboxandroids.com/showbox-for-pc/
    http://showboxappandroid.com/showbox-for-pc-download/
    http://showboxforpcs.com/
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment it doesn't charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android. The above all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on 'Obscure sources'.

  • Anonymous
    January 21, 2016
    Love the work that we have here dealing with remove access. This is a big part of most companies that want to have some sort of flexibility with working from home. Furthermore this allows companies to save space by not going to constantly expanding their office. This is something interest, and something I would suggest any company, especially if they do mobile development work, likehttp://novusapp.com, to adopt.

  • Anonymous
    January 28, 2016

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?

    http://www.movieboxapkdownload.com/ - It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.



    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?

    http://www.aptoideapkdownload.com/ - It’s just 2 MB file you can easily get it on your android device without much trouble.

    http://www.vidmatedownloadapk.com/

    Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.

    http://www.shareitforpccdownload.com/

    http://www.shareitforpccdownload.com/shareit-for-pc-windows-10-8-1-7-mac-free-download/

    SHAREit for PC lets you transfer files between devices like phones, tablets and computers. With the wide area of sharing compatibility, sharing across anything is easy now. This is the best and the fastest alternative for USB sharing.