Introduction to SBS 2011 Standard Remote Web Access (RWA)

Introduction to SBS 2011 Standard Remote Web Access (RWA)

  • Comments 2
  • Likes

[Today’s post comes to us courtesy of Moloy Tandon and Richard Pulliam from Commercial Technical Support]

Remote Web Workplace (RWW) has been a key feature for the SBS line of products since SBS 2003. It provides a central web location for remote workers to access corporate resources no matter where they are. With the onset of Windows Small Business Server (SBS) 2011 Standard, the new name for RWW is RWA or Remote Web Access. In SBS 2011 Standard Remote Web Access (RWA) has been revamped for greater usability, customizations and additional features such as file sharing.

For full access to the RWA feature set from the internet, you must ensure the following:

  • TCP 443 and TCP 987 are open on your internet firewall
  • Clients are running Internet Explorer 6.0 SP2 or higher
  • The RDP 6.1 or higher is installed on the client machine
  • The client must trust the SSL certificate that is installed on the Default Web Site
  • The client must connect using the URL that matches the common name on the certificate


User Interface

The user interface has gone through some significant upgrades to provide a more up to date look and feel. It is also customizable on a per user basis, to give the end sure some flexibility on how they want the User Interface to be organized. The logon screen shown below will use Forms Based Authentication similar to previous versions.

clip_image002

Once you are authenticated you will be brought to a customized page, both based on your user preference and your account access level.

clip_image004

From one centralized location, users can perform the following task:

  • Check their e-mail by launching OWA
  • Access the company’s Internal Web Site (Companyweb)
  • Access Shared Folders – This is a new feature introduced in SBS 2011 and will be discussed in detail in a separate blog post
  • Access internal computers (leverages RD Gateway, explained later in this blog post)
  • Change their domain password
  • Access Organizational and Administrative Links as defined by your company’s network administrator


RWA Gadget Configuration

Upon logging into RWA, you will notice that email, computers, shared folders, links, and such are organized in different groupings, which known as “gadgets”. Each loads independently of each other, allowing you to choose which gadgets/links are displayed on the RWA home page by accessing the Remote Web Access Properties page from Windows SBS Console > Shared Folders and Web Sites tab > Web Sites sub-tab. Changes made to the RWA Home page links will affect all users.

clip_image006

When users log into RWA they will see Organization Links. If they are a member of the “Windows SBS Admin Tools Group”, they will also see the Administrative Links list. You can control what links appear in the Organization and Administrative Links lists. To edit this list from Windows SBS Console.

clip_image007


Gadget Location Customization

The gadgets on the home page of RWA can be moved freely around the screen to give the end user the ability to customize the look to their preference. All of the user preferences are stored in an XML files located in “C:\Program Files\Windows Small Business Server\Data\RemoteAccessProfiles\”. The filename is based on the user SID + username. We will talk more about gadget customization in a separate blog post.

clip_image009


File Sharing

File Sharing is a new component of RWA introduced in SBS 2011 Standard. It will allow remote users to access files on SBS server shares. This feature will be discussed in detail in a separate blog post.


Connect to Computer

The Connect to Computer feature of RWA allows users to connect to their work computer from anywhere in the world as long as they have internet connection. This feature hasn’t changed much from SBS 2008. You can refer to this blog post for detailed understanding of this feature under the section ‘Connect to a Computer’.

Remote Desktop Gateway (RDP Gateway), formerly called TS Gateway in SBS 2008, is the technology used on the backend to accomplish the ‘Connect to Computer’ functionality in SBS 2011 Standard. RD Gateway allows TS clients to establish secure connections over SSL (443) using RPC Proxy, also known as RDP over HTTPS. To learn more about Remote Desktop Gateway see the following TechNet link:

http://technet.microsoft.com/en-us/library/dd560672(WS.10).aspx

Certificates

In order for clients to be able to establish a connection to the Remote Desktop Gateway server, the following must be true:

  • The Name of the certificate must match your public URL that the clients are using to connect to.
  • The Certificate chain must be trusted by your client machine.
  • The Certificate needs to be valid in terms of the date/time.

You can choose to either use the self-signed certificate for RWA generated by the Internet Address Management Wizard, or purchase a trusted 3rd party SSL certificate issued from a public authority. If you choose the self-signed certificate, you need to ensure the client machines have the root certificate installed. Refer to the following post, which also applies to SBS 2011 Standard, for further instructions:

How Do I Distribute the SBS 2008 Self-Signed SSL Certificate to My Users?

If you want to use a trusted public cert, you’ll need to run the Add a Trusted Certificate Wizard to install it on the server. The advantage of this method over the first is that there will be no need to install a certificate on the client. For further information about the wizard, refer to the following post which also applies to SBS 2011 Standard:

Introducing the “Add a Trusted Certificate Wizard” in SBS 2008

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
Comments
  • Hi

    I've just completed a migration from SBS 2003 to SBS 2011. I've installed a wild card certificate from GoDaddy, but i have used the Exchange management console to install it and then selected the SMTP and IIS services for assignment. OWA, RWW, etc works well. However when a user tries to connect to an internal computer, the server prompts a security warning saying the certificate is untrusted (this is because the server is picking up the self-signed certificate). I've tried re installing the GoDaddy SSL certificate using the Add a trusted certificate wizard, but still receive the same warning.

    Is there a way in the RDP gateway to specify which server to use (like in the TS gateway manager in SBS 2008) ?

  • Hi Mustafa,

    You'll need to install the RDP gateway console first, using the procedure found in support.microsoft.com/default.aspx.  You can then open the console, go to the properties of the server object, and click on the "SSL Certificate" tab where you can import the existing cert.