Task 1 – Access Terminal Server from external network

../_images/image_lab4task1.png

BIG-IP proxy RDP connection

Create and bind NTLM Machine Account

  1. From “corporate-pc”

  2. Open IE to access F5 Admin GUI at, https://f5-bigip1a.demoisfun.net

    • Username: admin
    • Password: password

  3. Create on BIG-IP and bind to an NTLM Machine Account. On the left menu,

    • Click Access -> Authentication -> NTLM -> Machine Account

    • Click the Create button on the upper right corner

      Name AD1-f5-bigip1a
      Machine Account Name f5-bigip1a
      Domain FQDN demoisfun.net
      Domain Controller FQDN dif-ad1.demoisfun.net
      Admin User administrator
      Password password

  4. Click the JOIN button to create the machine account

Deploy iApp

  1. Create a new Application Service.

  2. iApps -> Application Services -> Applications

  3. Click the Create button

  4. In the Name field, type in lab4-rds

  5. In the Template pulldown, select f5.microsoft_rds_remote_access.v1.0.3

    Welcome to the iApp template for Remote Desktop Gateway Please review
    Template Options
    Do you want to deploy BIG-IP APM as an RDP proxy? Yes, deploy BIG-IP Access Policy…
    Access Policy Manager
    Do you want to create…or use an existing AAA server? AD1
    Which NTLM machine account…for Kerberos delegation? AD1-f5-bigip1a
    SSL Encryption
    Which SSL certificate do you want to use? wild.demoisfun.net.crt
    Which SSL private key do you want to use? wild.demoisfun.net.key
    Virtual Servers and Pools
    What IP address do you want to use for the virtual server(s)? 192.168.3.156
    How would you like to secure your hosts? Allow any host

  6. Click Finished button

Test the RDS proxy functionality using RDS Client

  1. From “home-pc”

  2. Launch RDS client (on desktop)

  3. Click Show Options pulldown

  4. Click Advanced tab

  5. Click Settings button

  6. In “RDS Gateway…” window,

    • Select “Use these RD Gateway…” radio button

    • In Server name field, type in msft-proxy-rds.demoisfun.net. Note this address resolves to the address 192.168.3.156 which was configured in the iApp

    • Select “Use my RD Gateway credential…” checkbox

    • Click OK

      image16

  7. Under “General” tab, in “Computer” field, type in the name of the host you want to RDP to which is dif-termsvr.demoisfun.net

    • In User name field, type in demoisfun\demo01

    • Click Save

    • Click Connect

      image17

  8. When prompted for credentials

    • Username: demo01
    • Password: password

  9. Click Yes to the Certificate warning

    image18

  10. You are connected to dif-termsvr.demoisfun.net server

  11. You can verify this connection through the BIG-IP. From “corporate-pc”, open IE to Connect to BIG-IP GUI

  12. On the left side menu, click Access -> Overview -> Active Sessions

  13. Click on the session to view details

    image19

  14. Log off RDS session by clicking Start -> Logoff