1.4.1. Lab 3.1: Microsoft RDS proxy¶
The purpose of this lab is access an internal RDS server from an external client.
1.4.1.1. Task 1 – Access Terminal Server from external network¶
Figure 10 - BIG-IP proxy RDP connection
Deploy the iApp
From “corporate-pc”
Connect to the F5 config GUI
https://f5-bigip1a.demosifun.net
- Username:
admin
- Password:
password
Create an NTLM Machine Account
Access >>Authentication>>NTLM>>Machine Account
Name AD1-f5-bigip1a Machine Account Name f5-bigip1a Domain FQDN demoisfun.net Domain Controller FQDN dif-ad1.demoisfun.net Admin User administrator Password password
Click the JOIN button to create the machine account
Create a new Application Service by selecting iApps -> Application Services and selecting Create
- iApps >> Application Services
- Press the Create button
- Name the Application Service
VM_LAB_3_RDS
- Select
f5.microsoft_rds_remote_access.v1.0.2
for the - template
- Select
1.4.1.1.1. iApp Configuration¶
Review the Welcome to the iApp template for Remote Desktop Gateway
Template Options
Do you want to deploy BIG-IP APM as an RDP proxy? Yes, deploy BIG-IP Access Policy Manager Access Policy Manager
Do you want to create a new AAA server, or use an existing AAA server? AD1 Which NTLM machine account should be used for Kerberos delegation? AD1-f5-bigip1a SSL Encryption
Which SSL certificate do you want to use? wild.demoisfun.net.crt Which SSL private key do you want to use? wild.demoisfun.net.key Virtual Servers and Pools
What IP address do you want to use for the virtual server(s)? 192.168.3.156 How would you like to secure your hosts? Allow any host Press the Finished button
1.4.1.1.2. Test the RDS proxy functionality using RDS Client¶
From “home-pc”
Launch RDS client (on desktop).
Select the “Show Options” Pulldown
Select the “Advanced” tab
Click the Settings button
In the “RDS Gateway…” window,
Under “General” tab, in the “Computer” field, type in the name of the host you want to RDP to which is
dif-termsvr.demoisfun.net
When prompted for credentials
- Username:
demo01
- Password:
password
- Username:
Accept Certificate warning
You are connected to dif-termsvr.demoisfun.net
From “corporate-pc”, open IE to Connect to BIG-IP GUI at
https://f5-bigip1a.demoisfun.net
On the left side menu, click Access -> Overview -> Active Sessions
Click on the session to view details
Log off using the windows start icon in the lower left corner
1.4.1.1.3. FINAL GRADE¶
…for this “VDI the F5 Way” lab team. Please complete the SURVEY to let us know how we did. We value your feedbacks and continuously looking for ways to improve.
THANK YOU FOR CHOOSING F5 !!!