Remote Desktop Gateway – What Is It and How To Set It Up - V2 Cloud

Tech Tutorials

Remote Desktop Gateway – What Is It and How To Set It Up

  • January 4, 2022
  • Author: V2 Cloud

Background Image

Remote Desktop Gateway
What Is It and How To Set It Up

Note: A self-signed certificate was used for the purpose of this tutorial.

What is Remote Desktop Gateway

Remote Desktop Gateway also known as RD Gateway is a role service that enables authorized remote users to connect to resources on an internal or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running RemoteApp programs, or computers with Remote Desktop enabled.

Advantages of Remote Desktop Gateway

Remote Desktop(RD) Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run.

With Remote Desktop Gateway installed, you can give your clients the address or DNS name of the gateway server. Give them the name or private IP address of the Remote Desktop server that you want your client to connect to. It doesn’t matter that the name of the RD Server is not resolvable on the internet, or the IP address is from a private range. As long as the RD Gateway can resolve the name, and the appropriate rights are given to the user credentials which your clients are using, they can connect to the Remote Desktop Server.

However, to use RD Gateway, you will need to install a valid SSL certificate. Buying an SSL certificate is best instead of using a self-signed certificate i.e., you can get an SSL certificate from Comodo, InstantSSL, Verisign, etc.

In this tutorial, you will learn:

-How to install a SSL certificate

-How to set up RD Gateway

-How to create authorization and resource authorization policy.

-How to test your RD Gateway connection

How to setup remote desktop gateway

Install the Remote Desktop Role

STEP 1

Sign into the target server with an administrator’s credentials

ET PB Image

STEP 2

In Server Manager, Select Manage, then Select Add Roles and Features. The Add Roles and Features installer will open.

ET PB Image

STEP 3

Before You Begin, Select Next and Select Role-Based or feature-based installation, then select Next.

ET PB Image

STEP 4

For Select destination server, select Select a server from the server pool. For Server Pool, select the name of your local computer. When you’re done, select Next.

ET PB Image

STEP 5

In Select Server Roles > Roles, select Remote Desktop Services and Select Next.

ET PB Image

STEP 6

From Select role services, Select only Remote Desktop Gateway.

ET PB Image

STEP 7

When you’re prompted to add required features, select Add Features.

ET PB Image

STEP 8

From Network Policy and Access Services, select Next.

ET PB Image

STEP 9

From Web Server Role (IIS), Select Next.

ET PB Image

STEP 10

From Role services, Select Next.

ET PB Image

STEP 11

From Confirm installation selections, select Install. Don’t close the installer while the installation process is happening.

STEP 12

Installation Successful.

ET PB Image

Create the Connection Authorization Policy and the Resource Authorization Policy

STEP 13

Open the Remote Desktop Gateway Manager. This is done from the Tools menu from Server Manager.

ET PB Image

STEP 14

Go to Servers, right-click the name of your server, then select RD Gateway Manager.

ET PB ImageET PB Image

STEP 15

Create Authorization Policies for RD Gateway

A- In the left pane, navigate to Policies

B- Click on Connection Authorization Policies.

C- On the Actions pane on the right, right click Create New Policy, and select Wizard.

ET PB Image

STEP 16

Select Create a RD CAP and a RD RAP (recommended) and click Next.

ET PB Image

Connection Authorization Policy

STEP 17

Connection Authorization Policy ensures only selected groups (i.e., group members) are allowed to use the Remote Desktop Gateway to access resources.

You can use groups based on active directory users or groups based on the active directory computer objects. To provide flexibility in terms of what machines users can remote desktop from, we recommend using user groups.

Give the policy a name. An intuitive name is Allowed-To-Use-RDGateway, click Next.

ET PB Image

For the purposes of this tutorial on how to setup a RD gateway, We will select the Domain Admins group. Best practice is to create another user group which you add users that you want to allow to use the Remote Desktop Gateway. You can create groups based on what resources the users need to access. In this way, you can add those groups here and then use these groups in the Resource Authorization Policy later on.

ET PB Image

STEP 18

Accept the default setting for device redirection and click Next.

ET PB Image

STEP 19

Enter the timeout values as per below. Click Next.

ET PB Image

STEP 20

Click Next.

ET PB Image

Create Resource Authorization Policy

STEP 21

The Resource Authorization Policy is used to restrict access to servers based on group memberships. You will need to create active directory groups and add servers as members of these groups.

ET PB Image

STEP 22

Select User Groups which are allowed access to network resources i.e., can remote desktop to servers on the network. For this tutorial, I will select the Domain Admins group as I have already selected Domain Admins as the group which can use the Remote Desktop Gateway. Then click Next.

ET PB Image

STEP 23

Select a group that contains the servers that you want the above user groups to be able to remote desktop to.

Click Browse.

ET PB Image

For this tutorial on how to setup a remote desktop gateway, we will use the built-in group called Domain Controllers. You can create additional groups containing servers that are related or belong to particular departments. In this way, in the previous steps you can assign groups based on department users and allow them only to access particular servers.

STEP 24

Click Check Name to make sure the group is found, and then click OK, then Next.

ET PB Image

STEP 25

If the remote desktop port on the servers were changed from the default, use this screen to specify the port. Otherwise, select Allow connections only to port 3389. Click Next, then Finish.

ET PB Image

STEP 26

Confirm creation of the Authorization policies, then click Close.

ET PB Image

SSL Certificate

The Remote Desktop Gateway needs to have an SSL certificate installed. You can purchase an SSL certificate for the fully qualified internet domain name of the Remote Desktop Gateway or purchase a wildcard SSL certificate for the domain.

For the purpose of this tutorial on setting up a remote desktop gateway, a Self-Signed Certificate was used.

STEP 27

To install the SSL certificate, firstly click on the remote desktop server name in the Remote Desktop Gateway management console, Right-click on the name of your gateway server, Select Properties.

ET PB Image

STEP 28

Open the SSL Certificate tab, select the Import a certificate into the RD Gateway bubble, then select Browse and Import Certificate.

ET PB Image

STEP 29

Select the name of your PFX file, then select Open.

ET PB Image

STEP 30

Enter the password for the PFX file when prompted and if the password entered is correct, the import will be successful.

ET PB Image

We have now successfully installed a self-signed SSL certificate on TCP Port 443 (Default SSL port).

Test RD Gateway connection

We must test connectivity from the Remote Desktop Gateway to the network resources that clients will need to connect to. Specifically, we need to test RDP traffic by using a remote desktop client to connect to the allowed servers.

We’ve allowed the domain controllers to be accessed by the Domain Admins group through the Remote Desktop Gateway, and we’ve allowed the Domain Admins group to be able to use the Remote Desktop Gateway by using the Authorization policies.

ET PB ImageET PB Image

With Remote Desktop Gateway installed, it gives you or your users an extra layer of security to connect over an address or DNS name of your gateway server.

All you need to do is to provide the name or private IP address of the Remote Desktop server that you want your users to connect to. It doesn’t matter that the name of the RD Server is not resolvable on the internet, or the IP address is from a private range. As long as the RD Gateway can resolve the name, and the appropriate rights are given to the user credentials which your clients are using, they can connect to the Remote Desktop Server.

There is a better way to do IT with V2 Cloud

By using V2 Cloud, you get access to a fully-integrated virtual desktop solution, without the traditional complexity of other cloud providers.
There is an easier way to enable secure remote access to employees without sacrificing end-user experience and performance.

V2 Cloud offers a cloud desktop infrastructure with

    • No hidden fees

    • No complicated setup

    • No contracts

    • Flat-rate pricing model

We’re the #1 virtualization solution for small businesses. Create virtual desktops, servers, and applications to improve productivity and significantly reduce your IT costs.

Learn more about V2 Cloud and our cloud VDI solution. Get started with a risk-free 7-day trial, and experience the simplicity, scalability and power of V2 Cloud.

Back to top

Let us help you find the solution that fits your business needs