You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/lab-services/configure-lab-remote-desktop-gateway.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,7 +40,7 @@ This approach is more secure because the lab user authenticates directly to the
40
40
To work with the DevTest Labs token authentication feature, there are a few configuration requirements for the gateway machines, domain name services (DNS), and functions.
41
41
42
42
### Requirements for remote desktop gateway machines
43
-
- SSL certificate must be installed on the gateway machine to handle HTTPS traffic. The certificate must match the fully qualified domain name (FQDN) of the load balancer for the gateway farm or the FQDN of the machine itself if there's only one machine. Wild-card SSL certificates don't work.
43
+
-TLS/SSL certificate must be installed on the gateway machine to handle HTTPS traffic. The certificate must match the fully qualified domain name (FQDN) of the load balancer for the gateway farm or the FQDN of the machine itself if there's only one machine. Wild-card TLS/SSL certificates don't work.
44
44
- A signing certificate installed on gateway machine(s). Create a signing certificate by using [Create-SigningCertificate.ps1](https://github.com/Azure/azure-devtestlab/blob/master/samples/DevTestLabs/GatewaySample/tools/Create-SigningCertificate.ps1) script.
45
45
- Install the [Pluggable Authentication](https://code.msdn.microsoft.com/windowsdesktop/Remote-Desktop-Gateway-517d6273) module that supports token authentication for the remote desktop gateway. One example of such a module is `RDGatewayFedAuth.msi` that comes with [System Center Virtual Machine Manager (VMM) images](/system-center/vmm/install-console?view=sc-vmm-1807). For more information about System Center, see [System Center documentation](https://docs.microsoft.com/system-center/) and [pricing details](https://www.microsoft.com/cloud-platform/system-center-pricing).
46
46
- The gateway server can handle requests made to `https://{gateway-hostname}/api/host/{lab-machine-name}/port/{port-number}`.
@@ -55,7 +55,7 @@ Azure function handles request with format of `https://{function-app-uri}/app/ho
55
55
56
56
## Requirements for network
57
57
58
-
- DNS for the FQDN associated with the SSL certificate installed on the gateway machines must direct traffic to the gateway machine or the load balancer of the gateway machine farm.
58
+
- DNS for the FQDN associated with the TLS/SSL certificate installed on the gateway machines must direct traffic to the gateway machine or the load balancer of the gateway machine farm.
59
59
- If the lab machine uses private IPs, there must be a network path from the gateway machine to the lab machine, either through sharing the same virtual network or using peered virtual networks.
60
60
61
61
## Configure the lab to use token authentication
@@ -76,7 +76,7 @@ Configure the lab to use the token authentication by using these steps:
76
76
1. From the list of labs, select your **lab**.
77
77
1. On the lab's page, select **Configuration and policies**.
78
78
1. On the left menu, in the **Settings** section, select **Lab settings**.
79
-
1. In the **Remote desktop** section, enter the fully qualified domain name (FQDN) or IP address of the remote desktop services gateway machine or farm for the **Gateway hostname** field. This value must match the FQDN of the SSL certificate used on gateway machines.
79
+
1. In the **Remote desktop** section, enter the fully qualified domain name (FQDN) or IP address of the remote desktop services gateway machine or farm for the **Gateway hostname** field. This value must match the FQDN of the TLS/SSL certificate used on gateway machines.
80
80
81
81
82
82
1. In the **Remote desktop** section, for **Gateway token** secret, enter the name of the secret created earlier. This value isn't the function key itself, but the name of the secret in the lab’s key vault that holds the function key.
@@ -107,7 +107,7 @@ The [Azure DevTest Labs GitHub repository](https://github.com/Azure/azure-devtes
107
107
Follow these steps to set up a sample solution for the remote desktop gateway farm.
108
108
109
109
1. Create a signing certificate. Run [Create-SigningCertificate.ps1](https://github.com/Azure/azure-devtestlab/blob/master/samples/DevTestLabs/GatewaySample/tools/Create-SigningCertificate.ps1). Save the thumbprint, password, and Base64 encoding of the created certificate.
110
-
2. Get an SSL certificate. FQDN associated with the SSL certificate must be for the domain you control. Save the thumbprint, password, and Base64 encoding for this certificate. To get thumbprint using PowerShell, use the following commands.
110
+
2. Get a TLS/SSL certificate. FQDN associated with the TLS/SSL certificate must be for the domain you control. Save the thumbprint, password, and Base64 encoding for this certificate. To get thumbprint using PowerShell, use the following commands.
@@ -129,9 +129,9 @@ Follow these steps to set up a sample solution for the remote desktop gateway fa
129
129
- instanceCount – Number of gateway machines to create.
130
130
- alwaysOn – Indicates whether to keep the created Azure Functions app in a warm state or not. Keeping the Azure Functions app will avoid delays when users first try to connect to their lab VM, but it does have cost implications.
131
131
- tokenLifetime – The length of time the created token will be valid. Format is HH:MM:SS.
132
-
- sslCertificate – The Base64 encoding of the SSL certificate for the gateway machine.
133
-
- sslCertificatePassword – The password of the SSL certificate for the gateway machine.
134
-
- sslCertificateThumbprint - The certificate thumbprint for identification in the local certificate store of the SSL certificate.
132
+
- sslCertificate – The Base64 encoding of the TLS/SSL certificate for the gateway machine.
133
+
- sslCertificatePassword – The password of the TLS/SSL certificate for the gateway machine.
134
+
- sslCertificateThumbprint - The certificate thumbprint for identification in the local certificate store of the TLS/SSL certificate.
135
135
- signCertificate – The Base64 encoding for signing certificate for the gateway machine.
136
136
- signCertificatePassword – The password for signing certificate for the gateway machine.
137
137
- signCertificateThumbprint - The certificate thumbprint for identification in the local certificate store of the signing certificate.
@@ -154,7 +154,7 @@ Follow these steps to set up a sample solution for the remote desktop gateway fa
154
154
- The {utc-expiration-date} is the date, in UTC, at which the SAS token will expire and the SAS token can no longer be used to access the storage account.
155
155
156
156
Record the values for gatewayFQDN and gatewayIP from the template deployment output. You'll also need to save the value of the function key for the newly created function, which can be found in the [Function app settings](../azure-functions/functions-how-to-use-azure-function-app-settings.md) tab.
157
-
5. Configure DNS so that FQDN of SSL cert directs to IP address of gatewayIP from previous step.
157
+
5. Configure DNS so that FQDN of TLS/SSL cert directs to IP address of gatewayIP from previous step.
158
158
159
159
After the Remote Desktop Gateway farm is created and appropriate DNS updates are made, it's ready to be used by a lab in DevTest Labs. The **gateway hostname** and **gateway token secret** settings must be configured to use the gateway machine(s) you deployed.
0 commit comments