Accomplished systems administrator/engineer with 10+ years of experience managing server infrastructures and data-center operations.
Why Do You Need to Use a Proxy Server?
Small to medium companies often allow all outbound traffic. However, an increasing number of medium to large companies are filtering outbound traffic, including RDP traffic, and often have the need for such a connection to go through a proxy server. In such situations, clients can no longer Remote Desktop directly across to the Terminal Servers using the Microsoft Remote Desktop Client or other variations.
In such organisations, a type of proxy server needs to be installed. Most web browsers and some applications have settings for a proxy server to be entered so that users can access the Internet services provided by the web browsers and applications.
The standard Microsoft Remote Desktop Client software does not have this option.
The infrastructure must contain the following servers:
1. A Server with the Remote Desktop Services Role installed and the Remote Desktop Session Host and Remote Desktop Web Access Role Services installed. This is the actual Remote Desktop Server from which clients will run remote desktop to and run the published apps.
2. A Server with the Remote Desktop Services Role installed and the Remote Desktop Gateway and Remote Desktop Web Access Role Services installed. This will be the landing page where the users will connect to via Internet Explorer. It will connect to the server's Remote Desktop Web Access portal, and once logged in, users will see the published apps they have permissions to. One of the applications that can be enabled for users to use is the Remote Desk Client Active X version.
3. A Server with the Remote Desktop Services Role installed and the Remote Desktop Connection Broker Role Services installed. This is used to configure the Source.
Configurations Required on the Remote Desktop Session Host and Web Access Server
- Install the necessary application on the server i.e. the application you want to publish.
- Run Remote App Manager to publish the application.
- Make sure the RD Gateway Settings are configured. This is the key to making it possible to Remote Desktop through a proxy server.
- Repeat the above steps on all RD Session Host servers.
Configurations Required on the Remote Desktop Gateway
RD Gateway Manager is used to configure the following:
- A valid SSL certificate needs to be purchased (or a self-signed one created) and installed on the Remote Desktop Gateway.
- Connection authorization policies: This determines which users or groups have access to use the Remote Desktop Gateway. It's better to use groups.
- Resource authorization policies: This determines which resources on the network can be accessed by which users or groups.
- Run remote desktop web access configuration to configure the Source of the Remote App Programs. They can be the name of the individual Remote Desktop Session Host Servers or the name of the Remote Desktop Session Host Farm, or alternatively, if you have set up a Remote Desktop Session Broker (i.e. you are using session broker for load balancing), specify the name of the server with the Session Broker role.
Configurations Required on the Remote Desktop Connection Broker (in Using Session Broker)
Run Remote Desktop Connection Manager: In the Remote App Sources section, Add the Remote App Source, which is the name of the Remote Desktop Session Host Farm.
You should now have an idea of how to setup a Remote Desktop through a Proxy Server. The key in all of this is the Remote Desktop Gateway. While Remote Desktop Web Access allows accessing the application via a web portal, it is only the Remote Desktop Gateway that allows a user to connect to it via a proxy server, and then can connect to the Remote Desktop Session Host on the client's behalf without the client needed to be able to access it directly.
- How to Setup a Remote Desktop Gateway
- Load Balancing Remote Desktop Servers Using Remote Desktop Session Broker
- How to Remote Desktop to a Terminal Server via a Web Proxy
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.
sengstar2005 (author) from Sydney on June 22, 2018:
You just need a browser that can run ActiveX such as IE or Chrome.
Reji on June 21, 2018:
Does this requires a special configuration in the client machine ?
the client is using proxy in the browser settings and it just use HTTPs traffic , right !
sengstar2005 (author) from Sydney on December 05, 2016:
The article was meant for a situation where a company is hosting an application which runs under Remote Desktop services for their clients. Some companies do not mind their employees remote desktop directly to the internet to connect to services. Some companies restrict outgoing traffic altogether and allow only http/https traffic via a proxy server to the internet. Therefore, the company hosting the application need to come up with a solution so that they can offer their application to the client who is only allowed to use http/https traffic. This article shows how to setup the Microsoft Remote Desktop services environment so that it can be accessed by a web browser (Internet Explorer) via a proxy server from a client's premise. By a web browser, I don't mean one person accessing it. I mean many users all connecting simultaneously into their own Remote Desktop sessions but done via their own web browser.
Prasun Bose on December 05, 2016:
The above steps seems to be too technical. Instead, I would recommend use of remote support tools like logmein, R-HUB remote support servers, teamviewer etc. They are easy to use and work well.