3

I have a Windows Server 2008 R2 box running RDS and a remote system that needs to connect to it. It seems like I have two options to open it up to the world:

  1. Use the RDS Web Gateway
  2. Setup a VPN to my remote site

Does it really matter which option I choose? I assume they're both plenty secure, but will I see any noticable performance differences?

Jonathan
  • 395
  • 2
  • 3
  • 13

1 Answers1

6

Gateway wins for me every time. If your clients are running a modern OS (read: XP SP3 or above) with NLA, you can expose dozens or hundreds of terminal servers behind a single interface with a single point of entry. This makes applying NAP much easier, along with controlling who can go where and connect to what.

A VPN is more universally accepted (I.e. works on ANY OS that has a supported RDP client) but is much more complicated to set up, and depending on your implementation, can be more difficult to control who can log on to which servers.

There is no decent RDP Gateway clients for Linux and only one for OSX (iTap). Thankfully the Windows one is very good, and RDCMan is even better.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • We're in the same boat here. RD Gateway is the official method of connecting to our terminal servers, but we also have Cisco AnyConnect for those who absolutely must connect from tables etc. – pauska Aug 15 '12 at 10:29
  • @Garett it's not very well publicised for some reason; but it's great. I have about a hundred servers behind about a dozen gateways for different clients all accessible in one convenient interface. – Mark Henderson Jul 24 '13 at 22:29