This topic describes how to publish Desktop Connections via Forefront Unified Access Gateway (UAG).

Forefront UAG provides the following two options for publishing Desktop Connections:

Publishing a predefined Desktop Connection

To publish a predefined Desktop Connection

  1. In the Forefront UAG Management console, select the portal in which you want to publish predefined Desktop Connections. In the Applications area of the main portal properties page, click Add. The Add Application Wizard opens.

  2. On the Select Application page of the wizard, select Terminal Services (TS)/Remote Desktop Services (RDS). In the list, select Remote Desktop (Predefined).

  3. On the Configure Application page of the wizard, enter a name for the Desktop Connection.

  4. On the Select Endpoint Policies page of the wizard, do the following:

    • In Access policy, select a Forefront UAG policy with which the endpoints must comply in order to access the published Desktop Connection in the portal. In Printers, Clipboard, and Drives, select access policies with which endpoints must comply to access these local resources during remote desktop sessions.

    • If the trunk through which you are publishing the Desktop Connection uses Network Access Protection (NAP) policies, and a Network Policy Server (NPS) is configured, do the following:

      • Select Require Network Access Protection (NAP) compliance, to specify that only endpoints that comply with NAP policy can access the remote desktop.

      • Select Require NAP compliance for RDS device redirection only, to specify that only endpoints that comply with NAP policy can access devices and resources on RDS servers, such as drives, printers, and the clipboard. Access to other resources and applications on RDS servers does not require NAP compliance.

      • Select Do not require NAP compliance, if you do not require clients to use NAP to access the published Desktop Connection.

  5. On the Configure Server Settings page of the wizard, do the following:

    1. In RD Session Host or RD Connection Broker, specify the name of an RD Session Host, or the name of the RD Connection Broker server.

    2. If you are using an RD Connection Broker server, in IP addresses, IP address ranges, FQDNs, or subnets, add the names of all RD Session Hosts that might be used by the RD Connection Broker. To specify multiple servers, use an IP address range or subnet.

  6. On the Configure Client Settings page of the wizard, specify how the remote desktop should be displayed. You can set a display resolution and color, or select to use the default settings.

  7. Complete the Add Application Wizard.

Publishing a user-defined Desktop Connection

To publish a user-defined Desktop Connection

  1. In the Forefront UAG Management console, select the portal in which you want to publish predefined Desktop Connections. In the Applications area of the main portal properties page, click Add. The Add Application Wizard opens.

  2. On the Select Application page of the wizard, select Terminal Services (TS)/Remote Desktop Services (RDS). In the drop-down list, select Remote Desktop (User defined).

  3. On the Configure Application page of the wizard, enter a name for the Desktop Connection.

  4. On the Select Endpoint Policies page of the wizard, do the following:

    • In Access policy, select a Forefront UAG policy with which endpoints must comply in order to access the published Desktop Connection in the portal. In Printers, Clipboard, and Drives, select access policies with which endpoints must comply to access these local resources during remote desktop sessions.

    • If the trunk through which you are publishing the Desktop Connection uses Network Access Protection (NAP) policies, and a Network Policy Server (NPS) is configured, do the following:

      • Select Require Network Access Protection (NAP) compliance, to specify that only endpoints that comply with NAP policy can access the remote desktop.

      • Select Require NAP compliance for RDS device redirection only, to specify that only endpoints that comply with NAP policy can access devices and resources on RDS servers, such as drives, printers, and the clipboard. Access to other resources and applications on RDS servers does not require NAP compliance.

      • Select Do not require NAP compliance, if you do not require clients to use NAP to access the published Desktop Connection.

  5. On the Configure Server Settings page of the wizard, in IP addresses, IP address ranges, FQDNs, or subnets, add the names of all RD Session Hosts to which you want to provide access through this application. To specify multiple servers, use an IP address range or subnet.

  6. On the Configure Client Settings page of the wizard, specify how the remote desktop should be displayed. You can set a display resolution and color, or select to use the default settings.

  7. Complete the Add Application Wizard.