Ninja Feature: Remote Web Workplace in SBS2003
Remote Web Workplace is (in my humble opinion) The Ninja Feature of SBS2003. In fact, it gets the inaugural EBTDF Ninja Feature award for being so cool.
Use Remote Web Workplace instead. It's (often) as simple as "running the CEICW", which SBS people tell me that other SBS people will understand (the Email and Internet Wizard).
What Is Remote Web Workplace?
It's a web portal through which authenticated users can access:
- Remote Desktop to internal WinXP Pro boxen and Terminal Servers (on tcp port 4125)
- Outlook Web Access
- Sharepoint (on port 444)
In short, the idea is that using one or all of the above, you can do anything you can do while in the office, from anywhere (alright, close to anywhere!).
The portal looks a lot like this when you're connected as a user:
Now, I'm assuming everyone's familiar with OWA; if not, there's a plethora of information on it, ready for the searching (start at http://www.microsoft.com/exchange/owa/) - in really simple terms, it's a browser-based version of Outlook connected to your Exchange server.
While OWA's cool and all, the bit I'm really impressed/happy/interested with is the Remote Desktop access to internal computers. Without having to hax0r the TSWeb connection page or forward ports manually!
Not Your Father's TSWeb
In real simple terms, RWW provides an RDP Proxy for incoming RDP connections. So the same external port can be used by multiple internal clients, which isn't otherwise possible.
RDP is Remote Desktop Protocol. It's the protocol that all the little TS Clients use to draw the screens from the big Terminal Servers, and also how the Remote Desktop client connects to a Windows XP Pro machine with Remote Desktop enabled.
Once you've got it set up, here's how RWW works: (note: my brand-new understanding - if in doubt, believe the docs over me).
Using IE, you make an HTTPS connection to the Remote website on the SBS box (https://www.example.com/remote).
You submit your user credentials (which are protected from external snooping using SSL), and these are used to authenticate you and work out what options you'll be given on the RWW page.
Once authenticated, you're staring at something akin to the screenshot above.
You click the "Connect to my computer at work" item, and are presented with a list of Remote Desktop enabled computers in the Active Directory:
You pick the computer you're interested in, and hit Connect.
What happens here is even more interesting: you're directed to a TSWeb connection URL, the TSWeb ActiveX control fires up (it may need to be installed on the way), and then it connects to the RDP proxy on tcp port 4125 - not the regular TS port of 3389 (remote administration of the SBS box itself still happens on 3389, though).
The RDP Proxy creates a connection to the target computer, at which point you're prompted for your username and password again to log you onto the computer (unless you've ticked the "Log on to selected computer" option, as above). Then, you can do whatever you want, as if you were sitting at your work PC. Magic.
I need to note at this point that you're using straight RDP from the client to the SBS server, with RDP encryption (RC4, up to 128-bit keys) - the RDP is not additionally encrypted over an SSL tunnel - the connection to the RWW portal is made over SSL, but this is a different connection again.
This does mean that if you're on a network that doesn't allow 4125/tcp outbound (and let's face it - it's not exactly a port everyone recognizes yet), you might need to politely request that you're allowed to use it. Please. Nice Mr Firewall Man.
More info on RWW:
For more information, start with the Support Webcast. Then set it up!
!Highly Recommended! Remote Web Workplace: The Support Webcast
(if the images seem familiar, well, that's because they are...)
Help Your Team Work From Home (without breaking their legs)
Matt Hyunh's mentioned RWW before - in fact, to date a whopping 50% of his blog posts have mentioned it. Might be worth watching!
It's good. Go play.