What is more secure, Direct Mode or Regular Gateway Mode

Hi again. I have configured two servers 2008 in direct mode with web access. All ok but anybody user can to do a conection with tsclient to my server with Active Directory, 2x and IIS7, and he can to be my web configuration. I have configured my server for restrict that but I can not avoid it.

I read the other configuration in the blog http://www.2x.com/blog/2009/11/products ... th-as-vds/. It say Regular Gateway Mode is ideal when the clients lack direct access to physical servers and no special security requirements are needed. I think this configuration is better that Direct Mode, because the RDP session is tunneled and my server with IIS and Active Directory dont have Terminal Services enable.

Is that true?

Thanks

 

Yes effectively gateway mode is a tat more secure but it has a down side.
the gateway becomes a TPOF (temporary point of failure) for the connections going through it and if the service restarts the connections will be disconnected ( though of course they can reconnect through another gateway if that is not available anymore) Thant would be the secondary connections.

Direct mode can be secured by using the TS encryption and forcing it on the client side, ( 2X client option Authentication dictates how the 2X client behaves if authentication is not available).

Rule of thumb is Direct mode works great on trusted networks. On the cloud .. use gateway in SSL mode for more security, there are also direct SSL if the TS is available to the internet (but that is still not an isolated TS so other services might constitute a weakness).

Hope this helps

 

thanks

 

The safest and most efficient connection mode is Direct SSL. You need also to select "warn" in the Authentication tab.

In this way the connection to the gateway is established using an ssl connection, then the connection to the terminal server is also secured over ssl but is direct to the server.