OTP/Radius-Authentication on Publishing TS-Gateway over ISA 2006
the publishing of ts-web-access , ts-gateway on isa 2006 works fine described in step-by-step-guide microsoft. want integrate strong-authentication using otp-system vasco or rsa, based on radius. know how realized?
i sending doc configuring ts gateway otp. please let me know if run issues.
thanks, vikash
configuring ts gateway otp scenario
this scenario discusses how configure 1 time password (otp) authentication terminal services gateway (ts gateway). in scenario, network policy server (nps) used remote authentication dial-in user service (radius) server authenticate users on microsoft internet security , acceleration (isa) server 2006-based edge server. note nps can replaced third-party solution such rsa securid® (from rsa security inc.).
nps enables provide local , remote network access services , define , enforce policies network access authentication, authorization, , client health. nps role service in windows server 2008 replacement internet authentication service (ias) in windows server 2003. deploying nps radius server enables users supported clients authenticate on edge server using otp authentication. after otp authentication, users allowed cross corporate perimeter , authenticated again access corporate resources. therefore, users need provide 2 forms of credentials before allowed connect corporate resource.
note
if use otp client authentication, configuration not allow digitally sign e-mail messages or share identities between different organizations.
the instructions scenario assume familiar ts gateway. overview of ts gateway , information how configure ts gateway additional scenarios, see "ts gateway server step-by-step guide" (http://go.microsoft.com/fwlink/?linkid=85872).
system configuration scenario
this example scenario uses following configuration:
| computer | configuration |
| isa server (“contoso-fw.contoso.com”) | · the server running windows server 2003. · the server running isa server 2006. · the isa server contains server certificate installed local computer certificate store. · the isa server 2006 supportability update package installed following web site: http://go.microsoft.com/fwlink/?linkid=115136. · the server has following name , ip addresses assigned: name: contoso-fw.contoso.com internal ip address: 192.168.1.1 external ip address: 10.10.1.1 |
| ts gateway/ts web access server (“www.contoso.com”) | · the server running windows server 2008. · the server running ts gateway , ts web access role services, ts web access web site accessible at: https://www.contoso.com/ts · ts web access configured populate list of remoteapp programs terminal server “contoso-ts.contoso.com”. · the server has following name , ip address assigned: name: www.contoso.com ip address: 192.168.2.1 |
| nps (radius) server (“contoso-otp.contoso.com”) | · the server running windows server 2008. · the server running nps role service. · the server has following name , ip address assigned: name: contoso-otp.contoso.com internal ip address: 192.168.2.2 |
| terminal server (“contoso-ts.contoso.com”) | · the server running windows server 2008. · the server running terminal server role service. · the terminal server has remoteapp programs installed available through ts web access. remoteapp programs configured use ts gateway. more information how configure terminal services remoteapp, see “terminal services remoteapp step-by-step guide” (http://go.microsoft.com/fwlink/?linkid=84895). · the server has following name , ip address assigned: name: contoso-ts.contoso.com ip address: 192.168.2.3 |
| client computer | · the client computer running windows vista service pack 1 (sp1). · the computer has following configuration: name: client1 ip address: 10.10.1.2 |
important
the otp scenario supported remote desktop connection (rdc) 6.1 clients. rdc 6.1 available in windows vista sp1, windows xp service pack 3 (sp3), , windows server 2008.
Windows Server > Remote Desktop Services (Terminal Services)
Comments
Post a Comment