RDP with SSL via CSS

Unanswered Question
Nov 13th, 2009
User Badges:
  • Silver, 250 points or more

I have been asked about providing this as a way to secure RDP connections - has anyone done this?

I can see two potential ways, but do not know much about RDP.

How is the SSL part of RDP initialised? would it be prractical to terminate the SSL on the CSS in a similar manner to SSl for HTTP?

The other option would be to "blind" load balance the encrypted traffic straight to the servers, and let them sort SSL.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ppoouellet Fri, 11/13/2009 - 12:37
User Badges:

Hi Paul,

what we have done here is to deploy an MS ISA Server farm behind the CSS: client SSL connection terminate at ISA external interface, and ISA starts a new internal SSL connection to a MS TS_Gateway . So RDP over SSL traffic is: internet client ---> Firewall ---> CSS ---> ISA farm (in DMZ) ---> Firewall ---> TS_Gateway (internal network)---> TS Server (internal network)

(see for example: http://technet.microsoft.com/en-us/library/cc731353(WS.10).aspx)


This Discussion