This topic describes how to publish Desktop Connections via Forefront Unified Access Gateway (UAG).
Forefront UAG provides the following two options for publishing Desktop Connections:
- Publishing a predefined
Desktop connection—When using the Remote Desktop option, the
administrator configures all of the settings for the user-initiated
connection to the remote desktop. When users access this
application from the portal, they connect to the specific remote
desktop defined by the administrator. This option is recommended
when users connect to a computer using Virtual Desktop
Infrastructure (VDI).
- Publishing a
user-defined Desktop Connection—When using the Remote Desktop
(Selective RD Host) option, the administrator configures all of the
desktops to which a user can connect remotely. When users access
this application from the portal, they must choose the remote
desktop to which they want to connect. This option is recommended
when users connect to a physical computer.
Publishing a predefined Desktop Connection
To publish a predefined Desktop Connection
-
In the Forefront UAG Management console, select the portal in which you want to publish predefined Desktop Connections. In the Applications area of the main portal properties page, click Add. The Add Application Wizard opens.
-
On the Select Application page of the wizard, select Terminal Services (TS)/Remote Desktop Services (RDS). In the list, select Remote Desktop (Predefined).
-
On the Configure Application page of the wizard, enter a name for the Desktop Connection.
-
On the Select Endpoint Policies page of the wizard, do the following:
- In Access policy, select a Forefront
UAG policy with which the endpoints must comply in order to access
the published Desktop Connection in the portal. In Printers,
Clipboard, and Drives, select access policies with
which endpoints must comply to access these local resources during
remote desktop sessions.
- If the trunk through which you are publishing
the Desktop Connection uses Network Access Protection (NAP)
policies, and a Network Policy Server (NPS) is configured, do the
following:
- Select Require Network Access Protection
(NAP) compliance, to specify that only endpoints that comply
with NAP policy can access the remote desktop.
- Select Require NAP compliance for RDS
device redirection only, to specify that only endpoints that
comply with NAP policy can access devices and resources on RDS
servers, such as drives, printers, and the clipboard. Access to
other resources and applications on RDS servers does not require
NAP compliance.
- Select Do not require NAP compliance,
if you do not require clients to use NAP to access the published
Desktop Connection.
- Select Require Network Access Protection
(NAP) compliance, to specify that only endpoints that comply
with NAP policy can access the remote desktop.
- In Access policy, select a Forefront
UAG policy with which the endpoints must comply in order to access
the published Desktop Connection in the portal. In Printers,
Clipboard, and Drives, select access policies with
which endpoints must comply to access these local resources during
remote desktop sessions.
-
On the Configure Server Settings page of the wizard, do the following:
- In RD Session Host or RD Connection Broker, specify the
name of an RD Session Host, or the name of the
RD Connection Broker server.
- If you are using an RD Connection Broker server, in IP
addresses, IP address ranges, FQDNs, or subnets, add the names
of all RD Session Hosts that might be used by the
RD Connection Broker. To specify multiple servers, use an IP
address range or subnet.
- In RD Session Host or RD Connection Broker, specify the
name of an RD Session Host, or the name of the
RD Connection Broker server.
-
On the Configure Client Settings page of the wizard, specify how the remote desktop should be displayed. You can set a display resolution and color, or select to use the default settings.
-
Complete the Add Application Wizard.
Publishing a user-defined Desktop Connection
To publish a user-defined Desktop Connection
-
In the Forefront UAG Management console, select the portal in which you want to publish predefined Desktop Connections. In the Applications area of the main portal properties page, click Add. The Add Application Wizard opens.
-
On the Select Application page of the wizard, select Terminal Services (TS)/Remote Desktop Services (RDS). In the drop-down list, select Remote Desktop (User defined).
-
On the Configure Application page of the wizard, enter a name for the Desktop Connection.
-
On the Select Endpoint Policies page of the wizard, do the following:
- In Access policy, select a Forefront
UAG policy with which endpoints must comply in order to access the
published Desktop Connection in the portal. In Printers,
Clipboard, and Drives, select access policies with
which endpoints must comply to access these local resources during
remote desktop sessions.
- If the trunk through which you are publishing
the Desktop Connection uses Network Access Protection (NAP)
policies, and a Network Policy Server (NPS) is configured, do the
following:
- Select Require Network Access Protection
(NAP) compliance, to specify that only endpoints that comply
with NAP policy can access the remote desktop.
- Select Require NAP compliance for RDS
device redirection only, to specify that only endpoints that
comply with NAP policy can access devices and resources on RDS
servers, such as drives, printers, and the clipboard. Access to
other resources and applications on RDS servers does not require
NAP compliance.
- Select Do not require NAP compliance,
if you do not require clients to use NAP to access the published
Desktop Connection.
- Select Require Network Access Protection
(NAP) compliance, to specify that only endpoints that comply
with NAP policy can access the remote desktop.
- In Access policy, select a Forefront
UAG policy with which endpoints must comply in order to access the
published Desktop Connection in the portal. In Printers,
Clipboard, and Drives, select access policies with
which endpoints must comply to access these local resources during
remote desktop sessions.
-
On the Configure Server Settings page of the wizard, in IP addresses, IP address ranges, FQDNs, or subnets, add the names of all RD Session Hosts to which you want to provide access through this application. To specify multiple servers, use an IP address range or subnet.
-
On the Configure Client Settings page of the wizard, specify how the remote desktop should be displayed. You can set a display resolution and color, or select to use the default settings.
-
Complete the Add Application Wizard.