Guest zaz Posted September 15, 2008 Posted September 15, 2008 We have a small network with under 30 users and only 10 external staff want to implement a TS with TS Gateway for external SSL connections and to save us having to open up port 3389 to the internet in general. It seems overkill to use 2 servers to do this so ... is it possible to run TS Gateway on the same server as the actual Terminal Server itself? We are thinking of this to save the need for a 2nd TS gateway server when just one well specified server will do the job. I understand that we would have to open the TS up to the internet on port 443, but for a small user this seems acceptable assuming we configure/patch/harden the server properly. Thank in advance :>
Guest Jeff Pitsch Posted September 15, 2008 Posted September 15, 2008 Re: Can TS Gateway run on the same Server as TS itself ? It can but it would be security risk. The whole idea of TSGateway is to act as a man in the middle for TS in the DMZ while the terminal server is in the protected networks. By doing what you plan on, your exposing the internal network which seems risky considering the small requirements of TSGateway which would easily run on a workstation class machine. -- Jeff Pitsch Microsoft MVP - Terminal Services "zaz" <bramblewood@noemail.noemail> wrote in message news:28EAFF81-C279-43D1-80BA-FB7D0E2AB9E7@microsoft.com... > We have a small network with under 30 users and only 10 external staff > want > to implement a TS with TS Gateway for external SSL connections and to save > us > having to open up port 3389 to the internet in general. It seems overkill > to > use 2 servers to do this so ... is it possible to run TS Gateway on the > same > server as the actual Terminal Server itself? > We are thinking of this to save the need for a 2nd TS gateway server when > just one well specified server will do the job. > I understand that we would have to open the TS up to the internet on port > 443, but for a small user this seems acceptable assuming we > configure/patch/harden the server properly. > Thank in advance :> >
Guest moncho Posted September 16, 2008 Posted September 16, 2008 Re: Can TS Gateway run on the same Server as TS itself ? zaz wrote: > We have a small network with under 30 users and only 10 external staff want > to implement a TS with TS Gateway for external SSL connections and to save us > having to open up port 3389 to the internet in general. It seems overkill to > use 2 servers to do this so ... is it possible to run TS Gateway on the same > server as the actual Terminal Server itself? > We are thinking of this to save the need for a 2nd TS gateway server when > just one well specified server will do the job. > I understand that we would have to open the TS up to the internet on port > 443, but for a small user this seems acceptable assuming we > configure/patch/harden the server properly. > Thank in advance :> > I second Jeff's reply. As an alternative, you can install an SSL-VPN to proxy the RDP session. moncho
Guest zaz Posted September 16, 2008 Posted September 16, 2008 Re: Can TS Gateway run on the same Server as TS itself ? Jeff, Thank you for your response, I do see your point but surely doing this would be no more of a security risk than publishing webmail on port 443 a single SBS server (something that MS seems to support by configuring this "out of the box") ? Zaz. "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message news:eA8Pes4FJHA.1000@TK2MSFTNGP05.phx.gbl... > It can but it would be security risk. The whole idea of TSGateway is to > act as a man in the middle for TS in the DMZ while the terminal server is > in the protected networks. By doing what you plan on, your exposing the > internal network which seems risky considering the small requirements of > TSGateway which would easily run on a workstation class machine. > > -- > Jeff Pitsch > Microsoft MVP - Terminal Services > > "zaz" <bramblewood@noemail.noemail> wrote in message > news:28EAFF81-C279-43D1-80BA-FB7D0E2AB9E7@microsoft.com... >> We have a small network with under 30 users and only 10 external staff >> want >> to implement a TS with TS Gateway for external SSL connections and to >> save us >> having to open up port 3389 to the internet in general. It seems overkill >> to >> use 2 servers to do this so ... is it possible to run TS Gateway on the >> same >> server as the actual Terminal Server itself? >> We are thinking of this to save the need for a 2nd TS gateway server when >> just one well specified server will do the job. >> I understand that we would have to open the TS up to the internet on port >> 443, but for a small user this seems acceptable assuming we >> configure/patch/harden the server properly. >> Thank in advance :> >> > >
Guest Jeff Pitsch Posted September 16, 2008 Posted September 16, 2008 Re: Can TS Gateway run on the same Server as TS itself ? Just because you can doesn't mean you should. I don't agree with what MSFT does with SBS either. It is a security risk and even worse risk on a SBS box because of all the info it holds. -- Jeff Pitsch Microsoft MVP - Terminal Services "zaz" <bramblewood@noemail.noemail> wrote in message news:OFgMeNCGJHA.2456@TK2MSFTNGP06.phx.gbl... > Jeff, > > Thank you for your response, I do see your point but surely doing this > would be no more of a security risk than publishing webmail on port 443 a > single SBS server (something that MS seems to support by configuring this > "out of the box") ? > > Zaz. > > "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message > news:eA8Pes4FJHA.1000@TK2MSFTNGP05.phx.gbl... >> It can but it would be security risk. The whole idea of TSGateway is to >> act as a man in the middle for TS in the DMZ while the terminal server is >> in the protected networks. By doing what you plan on, your exposing the >> internal network which seems risky considering the small requirements of >> TSGateway which would easily run on a workstation class machine. >> >> -- >> Jeff Pitsch >> Microsoft MVP - Terminal Services >> >> "zaz" <bramblewood@noemail.noemail> wrote in message >> news:28EAFF81-C279-43D1-80BA-FB7D0E2AB9E7@microsoft.com... >>> We have a small network with under 30 users and only 10 external staff >>> want >>> to implement a TS with TS Gateway for external SSL connections and to >>> save us >>> having to open up port 3389 to the internet in general. It seems >>> overkill to >>> use 2 servers to do this so ... is it possible to run TS Gateway on the >>> same >>> server as the actual Terminal Server itself? >>> We are thinking of this to save the need for a 2nd TS gateway server >>> when >>> just one well specified server will do the job. >>> I understand that we would have to open the TS up to the internet on >>> port >>> 443, but for a small user this seems acceptable assuming we >>> configure/patch/harden the server properly. >>> Thank in advance :> >>> >> >> > >
Recommended Posts