To enhance security for an RD Gateway server, you can configure Microsoft Internet Security and Acceleration (ISA) Server or a non-Microsoft product to function as a Secure Sockets Layer (SSL) bridging device. The SSL bridging device can enhance security by terminating SSL sessions, inspecting packets, and re-establishing SSL sessions.

You can configure ISA Server communication with the RD Gateway server in either of the two following ways:

  • HTTPS-HTTPS bridging. In this configuration, the RD Gateway client initiates an SSL (HTTPS) request to the SSL bridging device. The SSL bridging device initiates a new HTTPS request to the RD Gateway server, for maximum security.

  • HTTPS-HTTP bridging. In this configuration, the RD Gateway client initiates an SSL (HTTPS) request to the SSL bridging device. The SSL bridging device initiates a new HTTP request to the RD Gateway server.

To use HTTPS-HTTPS or HTTPS-HTTP bridging, you must enable the Use SSL Bridging setting on the RD Gateway server, as described in this procedure.

Important

To use an SSL bridging device with RD Gateway, you must also enable external SSL termination on the SSL bridging device that you plan to use and you must configure it to connect to the RD Gateway server. For detailed instructions about configuring ISA Server for use as an external SSL bridging device for RD Gateway, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (https://go.microsoft.com/fwlink/?LinkId=140433).

Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at https://go.microsoft.com/fwlink/?LinkId=83477.

To enable HTTPS-HTTP bridging on the Remote Desktop Gateway server
  1. On the RD Gateway server, open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.

  2. In the Remote Desktop Gateway Manager console tree, right-click the local RD Gateway server, and then click Properties.

  3. In the Properties dialog box for the RD Gateway server, on the SSL Bridging tab, select the Use SSL bridging check box, click HTTPS-HTTP bridging (terminate SSL requests and initiate new HTTP requests), and then click OK.

  4. In the RD Gateway dialog box, select one of the following options:

    • To recycle the default application pool now, click Yes.

      Caution

      You must recycle the default application pool of IIS for the SSL bridging settings to take effect. Selecting to recycle the IIS application pool containing RD Gateway will disconnect all active connections of all applications placed in this pool.

    • To recycle the default application pool manually later, click No.

    If you are using ISA Server as the external SSL bridging device for RD Gateway, for more information see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (https://go.microsoft.com/fwlink/?LinkId=140433).

To enable HTTPS-HTTPS bridging on the Remote Desktop Gateway server
  1. On the RD Gateway server, open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.

  2. In the Remote Desktop Gateway Manager console tree, right-click the local RD Gateway server, and then click Properties.

  3. In the Properties dialog box for the RD Gateway server, on the SSL Bridging tab, select the Use SSL bridging check box, click HTTPS-HTTPS bridging (terminate SSL requests and initiate new HTTPS requests), and then click OK.

  4. In the RD Gateway dialog box, select one of the following options:

    • To recycle the default application pool now, click Yes.

      Caution

      You must recycle the default application pool of IIS for the SSL bridging settings to take effect. Selecting to recycle the IIS application pool containing RD Gateway will disconnect all active connections of all applications placed in this pool.

    • To recycle the default application pool manually later, click No.

    If you are using ISA Server as the external SSL bridging device for RD Gateway, for more information, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (https://go.microsoft.com/fwlink/?LinkId=140433).


Table Of Contents