We are developing a product that runs on Windows Server 2008. This product gets installed into a customers environment running on dedicated hardware (that we own or at least service) using Server 2008. We consider this an 'appliance', though it is basically a set of X high-end machines running Server 2008. Anyway, we need to remotely manage these servers in the customers environment and are looking of the easiest secure way of managing them.
A VPN is the obvious solution but because each customer implements their own choice of VPN it makes it very hard for us to support that (we'd need many different VPN software setups here to remote in). Another choice is having the customer open a port for RDP traffic so we can just remote in to our servers. But that of course is risky (even if we choose a non-standard port) and customer IT guys really don't like that.
So recently I was reading about TS Gateway (now RD Gateway in R2). I am wondering if it might be the perfect solution for us. If we set this up on one of our servers in the customer site and then had them open up port 443 directly to that server, would this be a secure mechanism for us to RDP into all of our servers at the customer site? It seems like their IT guys might be more receptive to this.
Note that our 2008 servers in the customer environment are not domain joined, they are a simple workgroup.
Thoughts? Am I missing something? Are there better solutions out there?
So TS-Gateway actually is different then RDP over TLS and RDP protocol security (both which have been mentioned in this thread. It's a similar protection of the protocol stream as it's tunneling the traffic using SSL to secure (1024, 2048 you generate your own cert and decide how secure you want it) The key difference for this particular topic is how many internal<->external translations you perform and how much of the internal network gets exposed to the outside. TS-Gateway was not so much presented as a better way to secure the traffic but instead to meet the need that many had to ensure that much like a SSH bridge or SSL vpn endpoint you had an easy single point to connect from the outside to your internal network. TS-Gateway was designed to allow you to establish a secure connection to your border and from that point secondarily control authorization to your internal network resources. TS-Gateway provides the ability to maintain granular control over which people (once authenticated to the gateway) can connect to which systems inside the border. It is meant to create a buffer that prevents direct attacks against your internal systems using the RDP protocol as a vector. By your description TS-Gateway services was designed to help answer this specific need.
I'm not sure how TS Gateway would be any less-risky than setting up RDP. In fact, it might be more risky as it hasn't been in the marketplace as long.
Another option is setting up SSH on the servers, then using SSL Tunneling for your RDP session. That would add a layer of security if you use SSH authentication keys.
Another layer of security you could add is setting up something like RSA SecureID, though I'm not sure if that would be cost prohibitive in your setup.