Which of the following options would you choose to accomplish the desired task?

You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers in the domain run either Windows Server 2003 or Windows Server 2008 and all client computers run Windows Vista.
The network contains five Windows Server 2003 servers that have the Terminal Server component installed and a firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006.
You have been assigned the task to create a remote access strategy for the terminal server users and ensure that the access of the network is restricted to the specific users only. You also need to ensure that only minimum number of ports should be opened on the firewall and all remote connections to the terminal servers are encrypted.
Which of the following options would you choose to accomplish the desired task? (Select Two. Each correct answer will present a part of the answer.)

You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. All the servers in the domain run either Windows Server 2003 or Windows Server 2008 and all client computers run Windows Vista.
The network contains five Windows Server 2003 servers that have the Terminal Server component installed and a firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006.
You have been assigned the task to create a remote access strategy for the terminal server users and ensure that the access of the network is restricted to the specific users only. You also need to ensure that only minimum number of ports should be opened on the firewall and all remote connections to the terminal servers are encrypted.
Which of the following options would you choose to accomplish the desired task? (Select Two. Each correct answer will present a part of the answer.)

A.
Implement port forwarding on the ISA Server.

B.
Implement SSL bridging on the ISA Server.

C.
Require authentication on all inbound connections to the ISA Server.

D.
Upgrade a Windows Server 2003 server to Windows Server 2008.

E.
Configure the Terminal Services Gateway (TS Gateway) role and a Terminal Services connection authorization policy (TS CAP) on the server.

F.
Configure the Terminal Services Gateway (TS Gateway) role and a Terminal Services resource authorization policy (TS RAP) on the server.

Explanation:

To create a remote access strategy with desired requirements for the terminal server users, you need to implement the Terminal Services Gateway (TS Gateway) role, and configure a Terminal Services connection authorization policy (TS CAP). For this you need to upgrade a Windows Server 2003 server to Windows Server 2008.
TS Gateway feature is available in Windows Server 2008. It allows the connection to internal Terminal servers and RDP-enabled machines from the outside, but unlike the term “gateway” used in the previous scenario, the Windows Server 2008 TS Gateway is a dedicated Terminal server using a specific service role called TS Gateway
This enables the external vendors to connect to it via SSL, pass a certain authentication process and policy evaluation, and only if allowed, it passes the RDP traffic to specified internal machines.
These machines return the required data, and the TS Gateway then encrypts the data with SSL and passes it back to the remote user. The benefits in this scenario include the ability to use SSL-based encryption, which easily passes through most firewalls without the need to open specific ports.
For remote clients to successfully connect to internal network resources (computers) through a Terminal Services Gateway (TS Gateway) server, the TS Gateway server must be configured correctly. The TS Gateway server must be configured to use an appropriate Secure Sockets Layer (SSL)-compatible X.509 certificate, and authorization policy settings must be configured correctly. Terminal Services connection authorization policies (TS CAPs) specify who can connect to the TS Gateway server. The use of TS CAP will ensure that the access of the network is restricted to specific users only.
http://www.petri.co.il/creating-secure-auditable-remote-access-management-environment-windows-server-security.htm
http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-Services-Gateway-Part2.html



Leave a Reply 0

Your email address will not be published. Required fields are marked *