Can someone cleanly delineate the following services/roles for me? I'm lost in the MS TechNet explanations.
- Terminal Services Web Access
- Terminal Services Gateway
- Terminal Services Remote App
What are the pros/cons of each, especially from a security standpoint? If I just connect to a remote server over port 3389 using my Remote Desktop Client, what is Microsoft-speak for that? Does it fit into any of the above categorizations? Is the main draw of TS Web Access versus a direct connection using RDC over 3389 just that one can use TLS encryption while the other uses RC4?
Best Answer
main benefit:
With TS Web Access, a user does not have to start the Remote Desktop Connection (RDC) client to start a RemoteApp program. Instead, they access the Web page, and then click a program icon. For details see Terminal Services Web Access (TS Web Access)
main benefit:
TS Gateway transmits all RDP traffic (that typically would have been sent over port 3389) to port 443 by using an HTTPS tunnel. This also means that all traffic between the client and TS Gateway is encrypted while in transit over the Internet.
See Terminal Services Gateway (TS Gateway)
main benefit:
Users can run programs from a terminal server and have the same experience as if the programs were running on the end user's local computer, including resizable windows, drag-and-drop support between multiple monitors, and notification icons in the notification area
See Terminal Services RemoteApp (TS RemoteApp)
Each of these technologies provides different functionality so it depends on your business requirement. They don't compete so it's not a this or that choice, you could implement them all if you have the need for the functionality provided. Security wise all of these technologies are or can be encrypted.
Remote desktop
Only in the context that it's a remote connection, if you wanted to connect over the internet than you would also use TS gateway, or web access depending on how you wanted to present the connection.
RDP can be encrypted via TLS see Configure Server Authentication and Encryption Levels ,so the draw of web access is ...(wait for it)... web access. You still need the client installed, but with web access I can give you a secure webpage of links to connect to either a full desktop or just a remoteapp. Note that remote desktop alone will only give you a full desktop.