For RD Gateway to function correctly, you must meet these prerequisites:
- You must have a server with Windows
Server 2008 R2 installed.
- Membership in the local Administrators
group, or equivalent, on the RD Gateway server that you plan
to configure, is the minimum required to complete this
procedure. Review details about using the appropriate accounts
and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.
- You must obtain a Secure Sockets Layer (SSL)
certificate for the RD Gateway server if you do not have one
already. By default, on the RD Gateway server, the Internet
Information Services (IIS) service uses Transport Layer Security
(TLS) 1.0 to encrypt communications between clients and
RD Gateway servers over the Internet. For TLS to function
correctly, you must install an SSL certificate on the
RD Gateway server.
You do not need a certification authority (CA) infrastructure within your organization if you can use another method to obtain an externally trusted certificate that meets the requirements for RD Gateway. If your company does not maintain a stand-alone CA or an enterprise CA and you do not have a compatible certificate from a trusted public CA, you can create and import a self-signed certificate for your RD Gateway server for technical evaluation and testing purposes. For more information, see Create a Self-Signed Certificate for the Remote Desktop Gateway Server.
- If you configure an RD Gateway
authorization policy that requires that users on client computers
be members of an Active Directory security group to connect to the
RD Gateway servers, the RD Gateway servers must also be
members of an Active Directory domain.
Role, role service, and feature dependencies
To function correctly, RD Gateway requires several role services and features to be installed and running. When you use Server Manager to install the RD Gateway role service, the following additional roles, role services, and features are automatically installed and started, if they are not already installed:
- Remote procedure call (RPC) over HTTP
- Web Server (IIS) [Internet Information
IIS must be installed and running for the RPC over HTTP Proxy feature to function.
- Network Policy and Access Services
You can also configure RD Gateway to use Remote Desktop connection authorization policies (RD CAPs) that are stored on another server that runs the Network Policy Server (NPS) service. By doing this, you are using the server running NPS, formerly known as a Remote Authentication Dial-In User Service (RADIUS) server, to centralize the storage, management, and validation of RD CAPs. If you have already deployed a server running NPS for remote access scenarios such as VPN and dial-up networking, using the existing server running NPS for RD Gateway scenarios as well can enhance your deployment.