[Today’s post comes to us courtesy of Moloy Tandon and Richard Pulliam from Commercial Technical Support]
Remote Web Workplace (RWW) has been a key feature for the SBS line of products since SBS 2003. It provides a central web location for remote workers to access corporate resources no matter where they are. With the onset of Windows Small Business Server (SBS) 2011 Standard, the new name for RWW is RWA or Remote Web Access. In SBS 2011 Standard Remote Web Access (RWA) has been revamped for greater usability, customizations and additional features such as file sharing.
For full access to the RWA feature set from the internet, you must ensure the following:
- TCP 443 and TCP 987 are open on your internet firewall
- Clients are running Internet Explorer 6.0 SP2 or higher
- The RDP 6.1 or higher is installed on the client machine
- The client must trust the SSL certificate that is installed on the Default Web Site
- The client must connect using the URL that matches the common name on the certificate
The user interface has gone through some significant upgrades to provide a more up to date look and feel. It is also customizable on a per user basis, to give the end sure some flexibility on how they want the User Interface to be organized. The logon screen shown below will use Forms Based Authentication similar to previous versions.
Once you are authenticated you will be brought to a customized page, both based on your user preference and your account access level.
From one centralized location, users can perform the following task:
- Check their e-mail by launching OWA
- Access the company’s Internal Web Site (Companyweb)
- Access Shared Folders – This is a new feature introduced in SBS 2011 and will be discussed in detail in a separate blog post
- Access internal computers (leverages RD Gateway, explained later in this blog post)
- Change their domain password
- Access Organizational and Administrative Links as defined by your company’s network administrator
RWA Gadget Configuration
Upon logging into RWA, you will notice that email, computers, shared folders, links, and such are organized in different groupings, which known as “gadgets”. Each loads independently of each other, allowing you to choose which gadgets/links are displayed on the RWA home page by accessing the Remote Web Access Properties page from Windows SBS Console > Shared Folders and Web Sites tab > Web Sites sub-tab. Changes made to the RWA Home page links will affect all users.
When users log into RWA they will see Organization Links. If they are a member of the “Windows SBS Admin Tools Group”, they will also see the Administrative Links list. You can control what links appear in the Organization and Administrative Links lists. To edit this list from Windows SBS Console.
Gadget Location Customization
The gadgets on the home page of RWA can be moved freely around the screen to give the end user the ability to customize the look to their preference. All of the user preferences are stored in an XML files located in “C:\Program Files\Windows Small Business Server\Data\RemoteAccessProfiles\”. The filename is based on the user SID + username. We will talk more about gadget customization in a separate blog post.
File Sharing is a new component of RWA introduced in SBS 2011 Standard. It will allow remote users to access files on SBS server shares. This feature will be discussed in detail in a separate blog post.
Connect to Computer
The Connect to Computer feature of RWA allows users to connect to their work computer from anywhere in the world as long as they have internet connection. This feature hasn’t changed much from SBS 2008. You can refer to this blog post for detailed understanding of this feature under the section ‘Connect to a Computer’.
Remote Desktop Gateway (RDP Gateway), formerly called TS Gateway in SBS 2008, is the technology used on the backend to accomplish the ‘Connect to Computer’ functionality in SBS 2011 Standard. RD Gateway allows TS clients to establish secure connections over SSL (443) using RPC Proxy, also known as RDP over HTTPS. To learn more about Remote Desktop Gateway see the following TechNet link:
In order for clients to be able to establish a connection to the Remote Desktop Gateway server, the following must be true:
- The Name of the certificate must match your public URL that the clients are using to connect to.
- The Certificate chain must be trusted by your client machine.
- The Certificate needs to be valid in terms of the date/time.
You can choose to either use the self-signed certificate for RWA generated by the Internet Address Management Wizard, or purchase a trusted 3rd party SSL certificate issued from a public authority. If you choose the self-signed certificate, you need to ensure the client machines have the root certificate installed. Refer to the following post, which also applies to SBS 2011 Standard, for further instructions:
If you want to use a trusted public cert, you’ll need to run the Add a Trusted Certificate Wizard to install it on the server. The advantage of this method over the first is that there will be no need to install a certificate on the client. For further information about the wizard, refer to the following post which also applies to SBS 2011 Standard: