RAP and Terminal Server Licensing

[KenWooD]

Sorry if this was posted someplace but I wasn't able to find anything that quited answered my question.

1 - As I understand it, I can use RAP to access my TS server behind my UT, by utilizing the RDP client, correct?
2 - If this is indeed possible, how the terminal server handle the connection as far as licening is concerned?

Will a single TS Device CAL work for all users via the RAP as if all the connections are coming from the UT box? Or is the RDP connection routed transparently through the UT box, therefore requiring user TS cals for each user that has access to the RAP?

Basically, I want my management team to be able to use RAP to access the terminal server instead of having to leave their computers on all the time to allow RDP access 24/7.

Anyone with experience, any info would be greatly appreciated.
Thanks, Ken.

[mrunkel]

no, the licensing requirements are not changed by remote access portal.

[sky-knight]

I suggest you implement OpenVPN. If RDP is online for each of their desktops, you can easily create a VPN client for each user, and use the firewall to contain access to a reserved IP that is assigned to each workstation.

RWW would be ideal here as well, but that is only on SBS server. We should have a working TS gateway service in server 2010 but that is a ways off still.

[KenWooD]

My problem with OpenVPN, is that it requires more inteligence on the users side of things. I will admit that the openVPN's pre-built config installer in UT works pretty well the times i have tested it, but it still requires the users to install another program and ultimately for me to field the calls when it doesn't work.
The SSL RAP portal allows us give simple, easy access to a desktop, while preventing the security risks that giving them traditional VPN access would open up.
I couldn't dream of having to teach my "mostly computer illiterate" users about how to connect via openvpn.

[sky-knight]

Yet they connect with RDP? I have zero complaints from my end users about a "right click connect" then "double click this icon". Then again, I always do the setup for them.

I think you need to look into Microsoft SBS 2008s RWW feature.

[KenWooD]

I'm going to guess that RRW is not available outside the SBS realm?
I already have our domain setup on 2003 and 2008 std servers.

Thanks for the info.

[KenWooD]

Just another quick thought... is there a way for RAP to "wake up" PCs in standby?

[sky-knight]

No... RAP needs some major work in several areas.

And No to the RWW being there outside of SBS... it drives me nuts because that feature is EXACTLY what you asked for. I hate SBS server... but that one feature can only be found there.

If you have 2008 servers take a look at the terminal server gateway feature, it may be able to do what you need as well.

[jzero]

Did you considerd OpenVPN client as Service?
For NO MOBILE users can be a solution.

[YeOldeStonecat]

Quote:

Originally Posted by KenWooD

My problem with OpenVPN, is that it requires more inteligence on the users side of things. I will admit that the openVPN's pre-built config installer in UT works pretty well the times i have tested it, but it still requires the users to install another program and ultimately for me to field the calls when it doesn't work.
The SSL RAP portal allows us give simple, easy access to a desktop, while preventing the security risks that giving them traditional VPN access would open up.
I couldn't dream of having to teach my "mostly computer illiterate" users about how to connect via openvpn.

Might want to reconsider..or at least take a look at the OpenVPN client...it's literally the easiest setup out there. Right click..connect...BAM done!

If your users can work with RDP client, they can do the VPN.