0

This is my first question so I apologize in advance for any misconstrued colloquialisms.

My dilemma is simple: I was in charge of decommissioning our SBS 2011 server. My solution was to virtualize each of the SBS roles into different servers -- we now have separate DCs, File Servers, Exchange servers, and a RD Gateway server. My problem is that both Exchange and RDS servers use 443, but they are behind the same public IP. Currently, I am forwarding 443 to the RDS server, which causes off-site exchange services to be unavailable.

What would be the best way to accomplish making both of these services available?

I've explored the following options, but am not sure which route to take:

  • URL Rewrite for mail.domain.com and remote.domain.com
  • Obtaining a second public static IP address from our ISP and NATing it
  • Creating a VPN and requiring users to establish a VPN connection and use RDP over the VPN. If I understand correctly this would also remove the necessity for the RD Gateway.

Any help/guidance would be greatly appreciated.

Caepher
  • 1

3 Answers3

1

The simple way to provide HTTPS-based services from multiple servers behind a NAT is to set up a reverse proxy like HAProxy or Nginx in front of them.

Otherwise your idea of only allowing RDS via VPN isn’t bad and would have the added benefit of some extra security.

Mikael H
  • 5,031
  • 2
  • 9
  • 18
1

An option you might want to consider is using Apache Guacamole. It's a clientless server for RDP, SSH, and VNC that works directly from the browser. In using it, you won't need your RD Gateway and your users can connect with nothing more than a modern web browser. It also makes provisioning access for auditors and contractors very easy given that you don't require any VPN software.

The VPN route is, as mentioned before, an added security layer, but you will have to configure all your users' machines with it, which, depending on your infrastructure, might be difficult.

DevinM
  • 21
  • 1
  • While I like your recommendation to use Guacamole instead of a Remote Desktop Gateway, it doesn't by itself answer the original question of how to deal with multiple services that by default want to listen on the same port. – Mikael H Dec 12 '19 at 15:07
-1

According to this similar case, it suggests that you need to use a different IP address.

Hope this help.

Joy Zhang
  • 1,057
  • 1
  • 5
  • 5
  • Your link contains a "Best answer" which recommends setting up a reverse proxy as one possible solution. – Mikael H Dec 12 '19 at 15:01