Tuesday, November 1, 2016

Remote Desktop access from Mobile Hotspot

       [This post is a work in progress] 

       I have Windows 2008 servers hosted on Amazon AWS. I use AWS Security groups to restrict access to the servers by ip address.

When I am on the road, I often use a 4G mobile broadband hotspot with my laptop to connect to the Internet. 

That's a  problem because the  public ip address of my mobile hotspot changes frequently.

 When I am using my hotspot for internet access, I want to connect from my laptop to my Windows 2008 servers on AWS but I still want to restrict access to the servers to just me and not the entire world. 

I connect to my Windows servers using Windows Remote Desktop with  128 bit SSL. 

Now, the Windows Remote Desktop login page is fairly difficult to break into if you have a strong password. Still, I would prefer the login page not be  globally  accessible  from any ip address, where bots and scripts can hammer away at it.

I could put the Windows servers in a private subnet on AWS and then connect to them via a VPN connection. 

But  here's  another  possibility:

--Setup Windows Remote Desktop Gateway Server on AWS ---

http://windows.microsoft.com/en-us/windows7/what-is-a-remote-desktop-gateway-server



From the Windows Server 2008  Help File  for  Remote Desktop Services 

Why use RD Gateway?

RD Gateway provides these benefits:
  • RD Gateway enables remote users to connect to internal network resources over the Internet by using an encrypted connection, without needing to configure virtual private network (VPN) connections.

  • RD Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources.

  • RD Gateway enables remote users to connect to internal network resources that are hosted behind firewalls in private networks and across network address translators (NATs).

  • Remote Desktop Gateway Manager (RD Gateway Manager) enables you to configure authorization policies to define conditions that must be met for remote users to connect to internal network resources.

  • RD Gateway Manager provides tools to help you monitor RD Gateway connection status, health, and events.

  • You can configure RD Gateway servers and Remote Desktop Services clients to use Network Access Protection (NAP) to enhance security.

  • You can use an RD Gateway server with Microsoft Internet Security and Acceleration (ISA) Server to further enhance security.
For more information about RD Gateway, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (http://go.microsoft.com/fwlink/?LinkId=140433).

==And THIS IS COOL :   From   WIndows Help File  - Remote Desktop Services Overview :==

You can configure Remote Desktop Services to use Hyper-Vâ„¢ to either assign virtual machines to users or have Remote Desktop Services dynamically assign an available virtual machine to a user upon connection

===More ...  to be continued ....



1.









2.



3.

You need to create a Computer Group in AD to use this.

Or Select "Any computer on the Network"




4.






5.






Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)