A company has Remote Desktop Services (RDS) servers that run Windows Server 2008 R2 and client computers that run Windows 7.
You are designing a non-production remote desktop infrastructure that you will use for evaluation purposes for 180 days. The remote desktop infrastructure must meet the following requirements:
– Maximize the security of remote desktop connections.
– Minimize changes to the company’s firewall configuration.
– Provide external users with a secure connection from the Windows 7 Remote Desktop client to the RDS environment.
You need to design a temporary remote desktop infrastructure that meets the requirements.
Which services should you recommend? (More than one answer choice may achieve the goal.
Select the BEST answer.)
A.
Remote Desktop Gateway, Remote Desktop Licensing, and Remote Desktop Session Host
B.
Remote Desktop Licensing, Remote Desktop Session Host, and Remote Desktop Web Access
C.
Only Remote Desktop Gateway and Remote Desktop Session Host
D.
Only Remote Desktop Session Host and Remote Desktop Web Access
Explanation:
There’s a lot of debate about this answer, is it A or C?
Its true that the evaluation period for RD is only 120 days and your requirements are 180 days. Maybe the question is inaccurate and it actually states 120 days?
but if you read http://technet.microsoft.com/en-us/library/cc738962%28WS.10%29.aspx it says
To allow ample time for you to deploy a Terminal Server license server, Terminal Server provides a licensing grace period, during which no license server is required. During this grace period, a terminal server can accept connections from unlicensed clients without contacting a license server. The grace period begins the first time the terminal server accepts a client connection. It ends after you deploy a license server and that license server issues its first permanent client access license (CAL), or after 120 days, whichever comes first.
In order for a license server to issue permanent CALs, you must activate the license server and then purchase and install the appropriate number of permanent CALs.If a license server is not activated, it issues temporary licenses. These temporary licenses allow clients to connect to the terminal server for 90 days.So is that the solution?
If you feel licensing is required then A is your answer, if you don’t then C is your answer.______________________________
Remote Desktop Gateway (RD Gateway), formerly Terminal Services Gateway (TS Gateway), is a role service in the Remote Desktop Services server role included with Windows Server 2008 R2 that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running RemoteApp programs, or computers and virtual desktops with Remote Desktop enabled. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and internal network resources
Why use Remote Desktop Gateway?
RD Gateway provides many benefits, including:
RD Gateway enables remote users to connect to internal network resources over the Internet, by using an encrypted connection, without needing to configure virtual private network (VPN) connections.
RD Gateway provides a comprehensive security configuration model that enables you to control access to specific internal network resources. RD Gateway provides a point-to-point RDP connection, rather than allowing remote users access to all internal network resources.
RD Gateway enables most remote users to connect to internal network resources that are hosted behind firewalls in private networks and across network address translators (NATs). With RD Gateway, you do not need to perform additional configuration for the RD Gateway server or clients for this scenario.
Prior to this release of Windows Server, security measures prevented remote users from connecting to internal network resources across firewalls and NATs. This is because port 3389, the port used for RDP connections, is typically blocked for network security purposes. RD Gateway transmits RDP traffic to port 443 instead, by using an HTTP Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel. Because most corporations open port 443 to enable Internet connectivity, RD Gateway takes advantage of this network design to provide remote access connectivity across multiple firewalls.
The Remote Desktop Gateway Manager enables you to configure authorization policies to define conditions that must be met for remote users to connect to internal network resources. For example, you can specify:
Who can connect to internal network resources (in other words, the user groups who can connect).
What network resources (computer groups) users can connect to.
Whether client computers must be members of Active Directory security groups.
Whether device redirection is allowed.
Whether clients need to use smart card authentication or password authentication, or whether they can use either method.
You can configure RD Gateway servers and Remote Desktop Services clients to use Network Access Protection (NAP) to further enhance security. NAP is a health policy creation, enforcement, and remediation technology that is included in Windows Server 2008 R2, Windows Server 2008, Windows 7, Windows Vista, and Windows XP Service Pack 3. With NAP, system administrators can enforce health requirements, which can include software requirements, security update requirements, required computer configurations, and other settings. .
A Remote Desktop Session Host (RD Session Host) server is the server that hosts Windows-based programs or the full Windows desktop for Remote Desktop Services clients. Users can connect to an RD Session Host server to run programs, to save files, and to use network resources on that server. Users can access an RD Session Host server by using Remote Desktop Connection or by using RemoteApp.
Remote Desktop Licensing
http://technet.microsoft.com/en-us/library/hh553157%28v=ws.10%29Operating System Grace Period
Windows Server 2008 R2 120 days
Windows Server 2008 120 days
Windows Server 2003 R2 / Windows Server 2003 120 days
Windows 2000 Server 90 days
There has been some debate about licensing and some suggest you needed a license server. however take a look here: http://support.microsoft.com/kb/948472
Evaluating Windows Server 2008 software does not require product activation. Any edition of Windows Server 2008 may be installed without activation, and it may be evaluated for 60 days. Additionally, the 60-day evaluation period may be reset (re-armed) three times. This action extends the original 60-day evaluation period by up to 180 days for a total possible evaluation time of 240 days.