Announcement

Collapse
No announcement yet.

Info on Remote App server for SBS 2011

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Info on Remote App server for SBS 2011

    I am in the testing stages for a project this winter for a customer. They have Small Business Server 2003 and I will likely have them upgraded to SBS 2011 by then.

    They have a stand-alone server with Consoma ERP that is a business management program for their organization. ERP is SQL Server driven and each workstation has an ERP client installed that connects to the ERP server.

    I will be upgrading the ERP server. Consoma has customers using terminal services to connect to the ERP client. Consoma ERP has features for both internal workers as well as outside sales workers and customers.

    I intend to virtualize thei with Hyper-V. I will put the ERP server on one VM and the terminal server in a second VM. I want the local users to have a RemoteApp icon on their desktop that I will deploy locally as an .msi.

    I also want the sales team (four users) to have access to the ERP server. I did not want the local users to have to go to the TS Web Access screen to launch their client just for the simplicty of having a RemoteApp icon on their desktop. I am expecting to deploy the RemoteApps to the sales force using TS Gateway.

    TS Gateway uses port 443 so I am curious what kind of conflict I am going to have with the SBS server as it has port 443 direct to the SBS server.

    Anyone have any experience with this senario?
    Network Engineers do IT under the desk

  • #2
    Re: Info on Remote App server for SBS 2011

    I can recommanded to install addtional server for TS gateway. Due the fact that you use HyperV-, this may require: 80 GB disk + 8 GB RAM.
    Also, I recommanded to buy a public certificate for the TS gateway (If the TS gateway will use from internal + external - you may need a SAN
    certificate so it will includes: servername + vpn.internaldomain.local + vpn.externaldomain.com)
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: Info on Remote App server for SBS 2011

      Port 443 has to be forwarded to the Terminal Services Gateway but SBS 2011 also needs port 443. Not sure about this at this point. Still researching.
      Network Engineers do IT under the desk

      Comment


      • #4
        Re: Info on Remote App server for SBS 2011

        Usually the TCP 443 is used for OWA SSL + RemoteApp/TS Gateway etc.
        For this task you will need a SAN certificate. However, I usually recommended customers to install TS gateway on the DMZ with unique public IP.

        http://blogs.technet.com/b/sbs/archi...-sbs-2008.aspx

        http://technet.microsoft.com/en-us/l.../cc626198.aspx
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment


        • #5
          Re: Info on Remote App server for SBS 2011

          I notice TS Gateway is installed on SBS 2008 by default but it isn't on SBS 2011. I installed it and did some experimenting from a remote site.

          A couple of observations. I have to install the SBS 2011 certificate package on the remote computer in order for my self-signed certificate mail.mydomin.local to work and a RDP connect to succeed.

          My terminal server is called 'Remote'. I noticed during the RDP connection process, a certificate is issued by remote.mydomain.local that is not secure and I am asked if i want to continue any. I click OK and I am able to make a secure TS connection.

          I am not certain where this remote.mydomain.local certificate is coming from. When settting up SBS 2011 by web presence is resolved from mail.mydomain.com instead of remote.mydomain.com. I notice in the DNS server there is still an entry for 'remote' so maybe I should have given my TS a different name.

          The terminal server 'Remote' is configured in the TS Gateway policies as a network resource.
          Network Engineers do IT under the desk

          Comment


          • #6
            Re: Info on Remote App server for SBS 2011

            Did you set certificate on the Windows TS side? Why you dont use offical certificats or install a ROOT and publish it as trust root in the domain/computers?

            http://serverfault.com/questions/765...-a-certificate
            Best Regards,

            Yuval Sinay

            LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

            Comment


            • #7
              Re: Info on Remote App server for SBS 2011

              yuval14, do I hadn't. Thanks for the valuable information.
              Network Engineers do IT under the desk

              Comment

              Working...
              X