External Access - RD Gateway Manager Really Necessary

hi,

i have configured following on windows 2008 r2 servers. take note won't implementing multiple rd session host managers down track.
rd session host manger
rd connection broker
remote desktop web access

end-users can access rd web access & utilise remoteapp programs internally. have specific domain group specified allow appropriate end-users authenticate rd web access.

do technically need rd gateway allow end-users access rd web access externally? if no answer on router nat external
ip address rd desktop web access server & allow https & http?

thanks

hi,

if not have multiple rdsh servers there no need rd connection broker.  single rdsh server environment rd gateway not needed, however, recommended security reasons because provides layer attackers need go through.  real-world example recent rdp vulnerability.  a rdsh server available directly internet affected/compromised if unpatched whereas if behind rd gateway or vpn fine.

if choose not use rd gateway need forward tcp port 443 rdweb server , tcp port 3389 rdsh server.

if choose use rd gateway install on rdweb server.  in case need forward tcp port 443 rdweb/rdg server.

-tp

Windows Server  >  Remote Desktop Services (Terminal Services)