Forefront Unified Access Gateway (UAG) allows you to provide access to published RemoteApps and Remote Desktops, by integrating a Remote Desktop Gateway (RD Gateway) to provide an application-level gateway for RDS services and applications. Previously, RDS was published by tunneling Remote Desktop Protocol (RDP) traffic from the endpoint to RDS servers using the Socket Forwarding component; tunneled traffic was not controlled or inspected, and client endpoints required installation of the Socket Forwarding endpoint component.
The following sections describe:
For information about the benefits of publishing RDS via Forefront UAG, see Why publish Remote Desktop Services with Forefront UAG?.
For the steps required to publish RDS, see Publishing Remote Desktop Services.
How Forefront UAG integrates with RD Gateway
Forefront UAG integrates with RD Gateway, as follows:
- Remote access─Remote users can access
Remote Desktops and RemoteApp applications via a Forefront UAG
portal using a single RDS server, or by using a Remote Desktop
Connection Broker (RD Connection Broker):
- Remote Desktops─Allow full access to
Remote Desktops within the organization. The remote desktops can be
physical computers or virtual computers that are available through
Virtual Desktop Infrastructure (VDI).
- RemoteApp applications─Publish a
single or multiple RemoteApps.
- Remote Desktops─Allow full access to Remote Desktops within the organization. The remote desktops can be physical computers or virtual computers that are available through Virtual Desktop Infrastructure (VDI).
- Firewall traversal─RD Gateway
transmits RDP traffic on port 443 using an HTTP SSL/TLS tunnel.
Most corporations open this port for Internet connectivity.
Forefront UAG uses this traversal capability to allow users to
connect to internal applications and resources hosted behind
firewalls in private networks, and across network address
translation (NAT) devices, without the need to install additional
software on the client endpoint.
How Forefront UAG handles RDC client requests
Forefront UAG handles requests from RDC clients to the RDS hosts, as follows:
- A client accesses a Forefront UAG portal using a Web
- The client logs in. The client authenticates as required for
the portal session, and Forefront UAG evaluates the settings and
features of the endpoint against its session access policies.
- The end user starts a RemoteApp or Remote Desktop application
in the portal.
- The portal uses the RDS ActiveX component to activate the RDC
client software running on the endpoint.
Note: The ActiveX component is activated with parameters that are based on the health of the endpoint to ensure that only the features that are available on that endpoint are presented to the end user.
- The RDC client on the endpoint initiates an RDP-over-HTTPS
connection with the Forefront UAG server.
- The HTTPS connection terminates on the Forefront UAG server.
Forefront UAG uses its integrated RD Gateway to handle the
connection. Forefront UAG verifies that the user logged on to the
portal successfully, and was authenticated using a session cookie,
and then enforces the endpoint access policies.
- An RDP session is established from Forefront UAG to the backend