Hi,
Is the remote desktop gateway made only to log in via RDP to session hosts or log in with RDP to any physical computer in my network?
-
Remote Desktop gateway
-
@Sam , I hope all is well. The Remote Desktop Gateway can be used to access resources (plural) behind it on a LAN, depending on how some architecture choices you make.
The three primary purposes of the RD Gateway, in the order of the connection sequence, are:
Establish an encrypted SSL tunnel between the end-user's device and the RD Gateway Server - In order to connect through any RD Gateway server, the RD Gateway server must have a certificate installed that the end-user's device recognizes. In testing and proofs of concepts, self-signed certificates can be used, but only publicly trusted certificates from a certificate authority should be used in any production environment.
Authenticate the user into the environment - The RD Gateway uses the inbox IIS service to perform authentication and can even utilize the RADIUS protocol to leverage multi-factor authentication solutions such as Azure MFA. Aside from the default policies created, you can create additional RD Resource Authorization Policies (RD RAPs) and RD Connection Authorization Policies (RD CAPs) to more specifically define which users should have access to which resources within the secure environment.
Pass traffic back and forth between the end-user's device and the specified resource - The RD Gateway continues to perform this task for as long as the connection is established. You can specify different timeout properties on the RD Gateway servers to maintain the security of the environment in case the user walks away from the device.
You can take a look at the following for overview & deeper discussions on architecture for Remote Services:
Hope that helps you to get started...
If you have additional questions, please let us know.
Good Luck !!!
Cheers,
Adam