Remote Desktop IP address

This is pretty easy to setup however, do you have access to the firewall for the new rack server? If the server is going to have a public IP and has the proper port 3389 open then you should be able to connect to the server without the need to establish a tunnel.

RDP gateway?

//alittlestrange.com/tfoa/2009/11/06/intro-to-windows-2008-r2-remote-desktop-gateway

I would recommend either the gateway or a VPN product. Having a public IP with the RDP port open is just asking for trouble, especially if you have multiple users and passwords that are not changed on the account every 3 months with sophisticated logging and monitoring to detect intrusions.

OpenVPN is a pretty good tool for cheap secure connectivity.

As Astral mentioned, you will need to open port 3389 [Default RDP Port] on our firewall. Depending on your setup, you will mostly likely need to setup NAT on the firewall and assign a static public IP to the internal address of the server and then make sure port 3389 is open for that NAT translation.

I would advise against that, especially if it's a server you are doing this for. Possibly setup an old workstation as the machine you login into first if you want to avoid the VPN.

Russell_W wrote:

I would recommend either the gateway or a VPN product. Having a public IP with the RDP port open is just asking for trouble, especially if you have multiple users and passwords that are not changed on the account every 3 months with sophisticated logging and monitoring to detect intrusions.

OpenVPN is a pretty good tool for cheap secure connectivity.

I highly agree with Russell. We once had access to our terminal server via an open 3389 port, and all of a sudden I noticed connections from Taiwan and Japan. I quickly closed that port and required a VPN connection, or RWW.

I agree with Nick.. get yourself a VPN or SSL product like the sonicwall SSL200

its easy as pie, and wicked secure

echoing what came before.
I use our ClearOS firewall and use security thru obscurity and have a random port forwarded to 3389 on the server. It was super simple to set up.

Thanks for the replies. So the easiest/less secure route is to simply open up port 3389 on the firewall and that should then allow me to access the server via public IP?

YoungITPro wrote:

Thanks for the replies. So the easiest/less secure route is to simply open up port 3389 on the firewall and that should then allow me to access the server via public IP?

Yes. It is insecure, but it will allow you connect remotely via RDP w/ IP address. If you are doing it short term, have strong passwords, etc then it is ok, but for a long term solution, use a VPN.

You can also use a non-standard port to the cloud and use your firewall to translate to 3389 internally [i.e. connect from remote on port 46712 and your firewall knows to forward that as 3389 internally to your destination server].

If you are going to do the public IP route, I would at least change the port number. It is a quick fix in the registry, so then people wouldn't have an idea of the RDP port at least, then just set a forward up in the router to the server.

Thanks for all the info guys. Was my first time messing around with the firewall. A good learning experience. Thanks for everything.

and don't forget to make sure the server your are RDP-ing TO has March's MS-updates installed so you're exposing a know vulnerability in RDP to an internet facing connection.