Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Deploying 2008 R2 RDS an a Hurry! Help Please

  • Filter
  • Time
  • Show
Clear All
new posts

  • Deploying 2008 R2 RDS an a Hurry! Help Please

    We have run Citrix fgor many years, but after some proof of concept testing decided to buy into 2008 R2 RDS to allow us to deploy applications.

    We have purchased the licences etc. and are ready to go - I was waiting for a convenient time but my Citrix server has died a death and I have got a window of downtime I can use to put RDS in place.

    Small user base of 150 users (never more than about 30 max on at any one time and that is rare).

    With the current (dead) citrix setup they hit the Citrix web interface (server in DMZ) and launch an app (using Secure Gateway - again in DMZ - as the ticket broker) and then we had PS4 on the LAN. Worked great when working.

    I want the same functionality with RDS - and from limited testing a few months ago know I can have it one way or another.

    Unfortunately due to the Citrix failure I am going to do this in a hurry and training is not an option - nor is contractor help as my company won't pay, so it's all down to me!

    I have 2 servers at present - 1 in LAN and 1 in DMZ. I have rebuilt both with 2008 R2 on and patched them to the hilt.

    Can someone please advise on what to install where and what basics need configuring?

    I have done a lot of bouncing round on Google today and there seem to be suggestions that I can do the following:

    DMZ Server - Install TS Gateway and TS WebAccess
    LAN Server - Install TS Session Host and Connection Broker
    TS Licence server is taken care of elsewhere on another box.

    All I want to have is a web front end my internet-based users can hit and for them to be able to launch an application. They don't need full desktops or anything fancy at this stage and the apps don't need installing to their start menu etc. It would be nice if staff on the LAN could use it as well, but if that complicates the install then I am more than happy to just have my internet-based users accessing it - they are my priority.

    Some things I read suggested that having TS Gateway in DMZ would give me a world of pain as I need to open ports to LAN for AD etc. (which doesn't sound particularly safe), and that I should take DMZ out of the chain and put everything in LAN with only HTTPS and RDP open through firewall (but this gives me a worry about ports open straight to LAN).

    Advice and suggestions would be much appreciated.

    I know people will say wait and plan it, or get someone in who know what they are doing , but these are just not options I have - I must do it and I must do it no unfortunately.

    I also know there are thousands of documents out on the internet (lots from MS direct) with details of this but they are very in depth and heavy going - I don;'t have time for reading them all. I am MCSE and know TS (from 2003 days) as well as Citrix so will pick it up quickly with some hands on - I am really wanting to get some pointers on what goes where and what talks to what and I will take it from there hopefully.

    Thank you in advance.

  • #2
    Re: Deploying 2008 R2 RDS an a Hurry! Help Please


    First of all, why you don't restore a backup of the Citrix to VM etc. and then handle the migration process?
    Second, Citrix provide the best solution for most of the customers. The only "issue" is the price. But in the end, the ROI of Citrix is excellent, so there is no real reason why not to use it.
    Third, you should read the following documents:

    • You can skip on the Virtual Desktop sections.
    Best Regards,

    Yuval Sinay

    LinkedIn:, Blog:


    • #3
      Re: Deploying 2008 R2 RDS an a Hurry! Help Please

      This is something I would be interesting in an opinion on (although I am not in a rush like the OP). Don't want to hijack the thread but I am looking at splitting it with Gateway and Web in DMZ and opening ports for AD etc. I figure that the firewall protects the server in the DMZ so unless that becomes compromised (and my organisation is not a target as such and the chance of casual hackers hitting us are slim I suspect) then the open ports from DMZ to LAN are not really an issue.


      • #4
        Re: Deploying 2008 R2 RDS an a Hurry! Help Please

        Its depand on your company policy. I would use Juniper SSL VPN instead, but again, this a risk that your company should consider.
        Best Regards,

        Yuval Sinay

        LinkedIn:, Blog: