1.4.1. Lab 3.1: Microsoft RDS proxy¶

The purpose of this lab is access an internal RDS server from an external client.

1.4.1.1. Task 1 – Access Terminal Server from external network¶

Figure 10 - BIG-IP proxy RDP connection

Deploy the iApp

From “corporate-pc”
Connect to the F5 config GUI
- https://f5-bigip1a.demosifun.net
- Username: admin
- Password: password
Create an NTLM Machine Account
- Access >>Authentication>>NTLM>>Machine Account
  
  Name AD1-f5-bigip1a
  
  Machine Account Name f5-bigip1a
  
  Domain FQDN demoisfun.net
  
  Domain Controller FQDN dif-ad1.demoisfun.net
  
  Admin User administrator
  
  Password password
Click the JOIN button to create the machine account
Create a new Application Service by selecting iApps -> Application Services and selecting Create
- iApps >> Application Services
- Press the Create button
- Name the Application Service VM_LAB_3_RDS
- Select f5.microsoft_rds_remote_access.v1.0.2 for the
  
  template

Name	AD1-f5-bigip1a
Machine Account Name	f5-bigip1a
Domain FQDN	demoisfun.net
Domain Controller FQDN	dif-ad1.demoisfun.net
Admin User	administrator
Password	password

1.4.1.1.1. iApp Configuration¶

Review the Welcome to the iApp template for Remote Desktop Gateway
Template Options

Do you want to deploy BIG-IP APM as an RDP proxy? Yes, deploy BIG-IP Access Policy Manager
Access Policy Manager

Do you want to create a new AAA server, or use an existing AAA server? AD1

Which NTLM machine account should be used for Kerberos delegation? AD1-f5-bigip1a
SSL Encryption

Which SSL certificate do you want to use? wild.demoisfun.net.crt

Which SSL private key do you want to use? wild.demoisfun.net.key
Virtual Servers and Pools

What IP address do you want to use for the virtual server(s)? 192.168.3.156

How would you like to secure your hosts? Allow any host
Press the Finished button

Do you want to create a new AAA server, or use an existing AAA server?	AD1
Which NTLM machine account should be used for Kerberos delegation?	AD1-f5-bigip1a

Which SSL certificate do you want to use?	wild.demoisfun.net.crt
Which SSL private key do you want to use?	wild.demoisfun.net.key

What IP address do you want to use for the virtual server(s)?	192.168.3.156
How would you like to secure your hosts?	Allow any host

1.4.1.1.2. Test the RDS proxy functionality using RDS Client¶

From “home-pc”
Launch RDS client (on desktop).
- Select the “Show Options” Pulldown
- Select the “Advanced” tab
- Click the Settings button
- In the “RDS Gateway…” window,
  - In Server name field, type in msft-proxy-rds.demoisfun.net. Note this address resolves to the address 192.168.3.156 which was configured in the iApp
  - Verify the other default settings on this window
  - Click OK
Under “General” tab, in the “Computer” field, type in the name of the host you want to RDP to which is dif-termsvr.demoisfun.net
- In the “User name” field, type in demoisfun\demo01
- Click “Save”
- Click “Connect”
When prompted for credentials
- Username: demo01
- Password: password
Accept Certificate warning
You are connected to dif-termsvr.demoisfun.net
From “corporate-pc”, open IE to Connect to BIG-IP GUI at
- https://f5-bigip1a.demoisfun.net
On the left side menu, click Access -> Overview -> Active Sessions
Click on the session to view details
Log off using the windows start icon in the lower left corner

1.4.1.1.3. FINAL GRADE¶

…for this “VDI the F5 Way” lab team. Please complete the SURVEY to let us know how we did. We value your feedbacks and continuously looking for ways to improve.

THANK YOU FOR CHOOSING F5 !!!

Previous Next