Hyper-V hosts, start/stop VMs, and gather information from within to enable client
connections. The RD Virtualization Host role also enables the use of RemoteFX GPU
virtualization.
RD Gateway
The RD Gateway allows RDP traffic to be encapsulated in HTTPS packets, allowing
secure RDP connection through corporate firewalls without having to open up firewall
ports or use additional VPN solutions. Figure 11.5 shows a high-level overview.
Figure 11.5 How RD Gateway works
The RD Gateway is placed in the DMZ (or, more securely, behind some kind of
firewall/proxy). The clients connect to the RDP destination via the RD Gateway, which
is accomplished by adding the RD Gateway server as part of the RDP file configuration
that is given to the client. The client encapsulates the RDP traffic in HTTPS and sends
it to the RD Gateway, which extracts the RDP and forwards it to the RDP destination.
When traffic comes back from the RDP destination bound for the client, the RD
Gateway encapsulates it in HTTPS and sends it to the client. With this technology,
users outside the corporate network can still access all RDP resources without
additional steps or software. Users who are on the corporate network would bypass
the RD Gateway and communicate directly with the RDP destination.
Using RD Gateway, you can configure who can connect through the RD Gateway
service, what they can connect to, the supported RDP settings such as device
redirection, and so on. This allows access from outside the organization without the
use of a separate VPN-type technology while still maintaining control of the levels of
access. RD Gateway can be used with any RDP connection, which means that it can be
used with session virtualization, VDI, and application publishing.