Jump to content

Can TS Gateway run on the same Server as TS itself ?

Guest zaz

By Guest zaz
in Windows NT Server

 Share

Recommended Posts

Guest zaz

Guest zaz

Posted
Posted

We have a small network with under 30 users and only 10 external staff want

to implement a TS with TS Gateway for external SSL connections and to save us

having to open up port 3389 to the internet in general. It seems overkill to

use 2 servers to do this so ... is it possible to run TS Gateway on the same

server as the actual Terminal Server itself?

We are thinking of this to save the need for a 2nd TS gateway server when

just one well specified server will do the job.

I understand that we would have to open the TS up to the internet on port

443, but for a small user this seems acceptable assuming we

configure/patch/harden the server properly.

Thank in advance :>

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: Can TS Gateway run on the same Server as TS itself ?

 

It can but it would be security risk. The whole idea of TSGateway is to act

as a man in the middle for TS in the DMZ while the terminal server is in the

protected networks. By doing what you plan on, your exposing the internal

network which seems risky considering the small requirements of TSGateway

which would easily run on a workstation class machine.

 

--

Jeff Pitsch

Microsoft MVP - Terminal Services

 

"zaz" <bramblewood@noemail.noemail> wrote in message

news:28EAFF81-C279-43D1-80BA-FB7D0E2AB9E7@microsoft.com...

> We have a small network with under 30 users and only 10 external staff

> want

> to implement a TS with TS Gateway for external SSL connections and to save

> us

> having to open up port 3389 to the internet in general. It seems overkill

> to

> use 2 servers to do this so ... is it possible to run TS Gateway on the

> same

> server as the actual Terminal Server itself?

> We are thinking of this to save the need for a 2nd TS gateway server when

> just one well specified server will do the job.

> I understand that we would have to open the TS up to the internet on port

> 443, but for a small user this seems acceptable assuming we

> configure/patch/harden the server properly.

> Thank in advance :>

>

Guest moncho

Guest moncho

Posted
Posted

Re: Can TS Gateway run on the same Server as TS itself ?

 

zaz wrote:

> We have a small network with under 30 users and only 10 external staff want

> to implement a TS with TS Gateway for external SSL connections and to save us

> having to open up port 3389 to the internet in general. It seems overkill to

> use 2 servers to do this so ... is it possible to run TS Gateway on the same

> server as the actual Terminal Server itself?

> We are thinking of this to save the need for a 2nd TS gateway server when

> just one well specified server will do the job.

> I understand that we would have to open the TS up to the internet on port

> 443, but for a small user this seems acceptable assuming we

> configure/patch/harden the server properly.

> Thank in advance :>

>

 

I second Jeff's reply.

 

As an alternative, you can install an SSL-VPN to proxy the RDP

session.

 

moncho

Guest zaz

Guest zaz

Posted
Posted

Re: Can TS Gateway run on the same Server as TS itself ?

 

Jeff,

 

Thank you for your response, I do see your point but surely doing this would

be no more of a security risk than publishing webmail on port 443 a single

SBS server (something that MS seems to support by configuring this "out of

the box") ?

 

Zaz.

 

"Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message

news:eA8Pes4FJHA.1000@TK2MSFTNGP05.phx.gbl...

> It can but it would be security risk. The whole idea of TSGateway is to

> act as a man in the middle for TS in the DMZ while the terminal server is

> in the protected networks. By doing what you plan on, your exposing the

> internal network which seems risky considering the small requirements of

> TSGateway which would easily run on a workstation class machine.

>

> --

> Jeff Pitsch

> Microsoft MVP - Terminal Services

>

> "zaz" <bramblewood@noemail.noemail> wrote in message

> news:28EAFF81-C279-43D1-80BA-FB7D0E2AB9E7@microsoft.com...

>> We have a small network with under 30 users and only 10 external staff

>> want

>> to implement a TS with TS Gateway for external SSL connections and to

>> save us

>> having to open up port 3389 to the internet in general. It seems overkill

>> to

>> use 2 servers to do this so ... is it possible to run TS Gateway on the

>> same

>> server as the actual Terminal Server itself?

>> We are thinking of this to save the need for a 2nd TS gateway server when

>> just one well specified server will do the job.

>> I understand that we would have to open the TS up to the internet on port

>> 443, but for a small user this seems acceptable assuming we

>> configure/patch/harden the server properly.

>> Thank in advance :>

>>

>

>

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: Can TS Gateway run on the same Server as TS itself ?

 

Just because you can doesn't mean you should. I don't agree with what MSFT

does with SBS either. It is a security risk and even worse risk on a SBS

box because of all the info it holds.

 

--

Jeff Pitsch

Microsoft MVP - Terminal Services

 

"zaz" <bramblewood@noemail.noemail> wrote in message

news:OFgMeNCGJHA.2456@TK2MSFTNGP06.phx.gbl...

> Jeff,

>

> Thank you for your response, I do see your point but surely doing this

> would be no more of a security risk than publishing webmail on port 443 a

> single SBS server (something that MS seems to support by configuring this

> "out of the box") ?

>

> Zaz.

>

> "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message

> news:eA8Pes4FJHA.1000@TK2MSFTNGP05.phx.gbl...

>> It can but it would be security risk. The whole idea of TSGateway is to

>> act as a man in the middle for TS in the DMZ while the terminal server is

>> in the protected networks. By doing what you plan on, your exposing the

>> internal network which seems risky considering the small requirements of

>> TSGateway which would easily run on a workstation class machine.

>>

>> --

>> Jeff Pitsch

>> Microsoft MVP - Terminal Services

>>

>> "zaz" <bramblewood@noemail.noemail> wrote in message

>> news:28EAFF81-C279-43D1-80BA-FB7D0E2AB9E7@microsoft.com...

>>> We have a small network with under 30 users and only 10 external staff

>>> want

>>> to implement a TS with TS Gateway for external SSL connections and to

>>> save us

>>> having to open up port 3389 to the internet in general. It seems

>>> overkill to

>>> use 2 servers to do this so ... is it possible to run TS Gateway on the

>>> same

>>> server as the actual Terminal Server itself?

>>> We are thinking of this to save the need for a 2nd TS gateway server

>>> when

>>> just one well specified server will do the job.

>>> I understand that we would have to open the TS up to the internet on

>>> port

>>> 443, but for a small user this seems acceptable assuming we

>>> configure/patch/harden the server properly.

>>> Thank in advance :>

>>>

>>

>>

>

>

 Share
Go to topic listing
×
×
  • Create New...