Domain-Joined
      Back to home
      1. Knowledge Base
      2. Deployments
      3. Domain-Joined

      (Classic) RDS deployment with Network Policy Server

      Learn how to integrate an RDS deployment with a Network Policy Server (NPS).

      This article refers to the MyCloudIT Gen 2 platform, which was launched in 2015. Look for MyCloudIT Gen 3 to be launched in early 2021.

      Overview

      This guide will show you how to integrate an RDS deployment with a Network Policy Server (NPS).

      First, sign in to the Network Policy Server and open the Network Policy Server tool

      1. Expand Templates Management tab, right-click Shared Secrets and select New
        • Type a name that can be easily tied to the RD Gateway role that it will fulfill
        • Use the Generate option to create the shared secret
        • Copy the shared secret and paste it on a notepad file
      2. Expand RADIUS Clients and Servers tab, right-click RADIUS Clients and select New
        • Type a friendly name for the RD gateway server
        • Type and validate the RD gateway server’s IP address
        • Select the shared secret created in the previous step
      3. Expand Policies tab, right-click on Network Policies and select New
        Follow the wizard making sure to apply the following settings:
        • Type of network access server: Remote Desktop Gateway
        • In the Conditions section, add a User Groups condition and add the Domain Users group. If you want to enable the policy for a different set of users, feel free to do it
        • Set access permission to Access granted
      4. Expand Policies tab, right-click on Connection Request Policies and select New
        Follow the wizard making sure to apply the following settings:
        • Type of network access server: Remote Desktop Gateway
        • In the Conditions section, add a Client IPv4 Address condition and add the IP addresses of all the RD gateways in the deployment
        • In the Forwarding Connection Request – Authentication section, select Accept users without validating credentials

      Then, sign in to the RD Gateway Server and open the RD Gateway Manager tool

      1. Right-click on the server name and select Properties, go to the RD CAP Store tab and specify to use a Central server running NPS. Type the DNS name of the server, or its IP address
      2. Enter the shared secret generated previously in the NPS
      3. Repeat these steps on every RD gateway server

      If you have any questions about this configuration, please contact us at support@mycloudit.com.