Which services should you recommend?

A company has Remote Desktop Services (RDS) servers that run Windows Server 2008 R2 and client
computers that run Windows 7. You are designing a non-production remote desktop infrastructure
that you will use for evaluation purposes for 180 days. The remote desktop infrastructure must meet
the following requirements:
• Maximize the security of remote desktop connections.
• Minimize changes to the company’s firewall configuration.
• Provide external users with a secure connection from the Windows 7 Remote Desktop client
to the RDS environment.
You need to design a temporary remote desktop infrastructure that meets the requirements.
Which services should you recommend? (More than one answer choice may achieve the goal. Select
the BEST answer.)

A company has Remote Desktop Services (RDS) servers that run Windows Server 2008 R2 and client
computers that run Windows 7. You are designing a non-production remote desktop infrastructure
that you will use for evaluation purposes for 180 days. The remote desktop infrastructure must meet
the following requirements:
• Maximize the security of remote desktop connections.
• Minimize changes to the company’s firewall configuration.
• Provide external users with a secure connection from the Windows 7 Remote Desktop client
to the RDS environment.
You need to design a temporary remote desktop infrastructure that meets the requirements.
Which services should you recommend? (More than one answer choice may achieve the goal. Select
the BEST answer.)

A.
Remote Desktop Gateway, Remote Desktop Licensing, and Remote Desktop Session Host

B.
Remote Desktop Licensing, Remote Desktop Session Host, and Remote Desktop Web Access

C.
Only Remote Desktop Gateway and Remote Desktop Session Host

D.
Only Remote Desktop Session Host and Remote Desktop Web Access

Explanation:

There’s a lot of debate about this answer, is it A or C?
It’s true that the evaluation period for RD is only 120 days and your requirements are 180 days.
Maybe the question is inaccurate and it actually states 120 days?
But if you read http ://technet.microsoft.com/en-us/library/cc738962%28WS.10%29.aspx it says To
allow ample time for you to deploy a Terminal Server license server, Terminal Server provides a
licensing grace period, during which no license server is required. During this grace period, a
terminal server can accept connections from unlicensed clients without contacting a license server.
The grace period begins the first time the terminal server accepts a client connection. It ends after
you deploy a license server and that license server issues its first permanent client access license
(CAL), or after 120 days, whichever comes first.
In order for a license server to issue permanent CALs, you must activate the license server and then
purchase and install the appropriate number of permanent CALs. If a license server is not activated,
it issues temporary licenses. These temporary licenses allow clients to connect to the terminal server
for 90 days.
So is that the solution?
If you feel licensing is required then A is your answer, if you don’t then C is your answer.
Remote Desktop Gateway (RD Gateway), formerly Terminal Services Gateway (TS Gateway), is a role
service in the Remote Desktop Services server role included with Windows Server® 2008 R2 that
enables authorized remote users to connect to resources on an internal corporate or private
network, from any Internetconnected device that can run the Remote Desktop Connection (RDC)
client. The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD
Session Host servers running RemoteApp programs, or computers and virtual desktops with Remote
Desktop enabled. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a
secure, encrypted connection between remote users on the Internet and internal network resources
Why use Remote Desktop Gateway?
RD Gateway provides many benefits, including:

RD Gateway enables remote users to connect to internal network resources over the Internet, by
using an encrypted connection, without needing to configure virtual private network (VPN)
connections.
RD Gateway provides a comprehensive security configuration model that enables you to control
access to specific internal network resources. RD Gateway provides a point-to-point RDP connection,
rather than allowing remote users access to all internal network resources.
RD Gateway enables most remote users to connect to internal network resources that are hosted
behind firewalls in private networks and across network address translators (NATs). With RD
Gateway, you do not need to perform additional configuration for the RD Gateway server or clients
for this scenario.
Prior to this release of Windows Server, security measures prevented remote users from connecting
to internal network resources across firewalls and NATs. This is because port 3389, the port used for
RDP connections, is typically blocked for network security purposes. RD Gateway transmits RDP
traffic to port 443 instead, by using an HTTP Secure Sockets Layer/Transport Layer Security (SSL/TLS)
tunnel. Because most corporations open port 443 to enable Internet connectivity, RD Gateway takes
advantage of this network design to provide remote access connectivity across multiple firewalls.
The Remote Desktop Gateway Manager enables you to configure authorization policies to define
conditions that must be met for remote users to connect to internal network resources. For
example, you can specify:
Who can connect to internal network resources (in other words, the user groups who can connect).
What network resources (computer groups) users can connect to.
Whether client computers must be members of Active Directory security groups.
Whether device redirection is allowed.
Whether clients need to use smart card authentication or password authentication, or whether they
can use either method.
You can configure RD Gateway servers and Remote Desktop Services clients to use Network Access
Protection (NAP) to further enhance security. NAP is a health policy creation, enforcement, and
remediation technology that is included in Windows Server® 2008 R2, Windows Server® 2008,
Windows® 7, Windows Vista®, and Windows® XP Service Pack 3. With NAP, system administrators
can enforce health requirements, which can include software requirements, security update
requirements, required computer configurations, and other settings. .
A Remote Desktop Session Host (RD Session Host) server is the server that hosts Windows-based
programs or the full Windows desktop for Remote Desktop Services clients. Users can connect to an
RD Session Host server to run programs, to save files, and to use network resources on that server.
Users can access an RD Session Host server by using Remote Desktop Connection or by using
RemoteApp.
Remote Desktop Licensing
http ://technet.microsoft.com/en-us/library/hh553157%28v=ws.10%29
Operating System Grace Period
Windows Server 2008 R2 120 days
Windows Server 2008 120 days
Windows Server 2003 R2 / Windows Server 2003 120 days
Windows 2000 Server 90 days
There has been some debate about licensing and some suggest you needed a license server.
however take a look here: http ://support.microsoft.com/kb/948472
Evaluating Windows Server 2008 software does not require product activation. Any edition of
Windows Server 2008 may be installed without activation, and it may be evaluated for 60 days.
Additionally, the 60-day evaluation period may be reset (re-armed) three times. This action extends

the original 60-day evaluation period by up to 180 days for a total possible evaluation time of 240
days.



Leave a Reply 0

Your email address will not be published. Required fields are marked *