The terminal server is designed for remote provision of various services to users via the remote desktop or console. In most cases, one terminal server provides services to several or even hundreds of users. However, users of a terminal server can be difficult to identify, since they share the same IP address and UserGate cannot track their network connections properly. To address this issue, consider using a special agent of the terminal service.
The terminal service agent should be installed on all terminal servers where you are going to identify users. Basically, this agent is a service that transfers information about users and their network connections from the terminal server to the UserGate server. Due to nature of TCP/IP protocol, the terminal service agent is able to identify user traffic only at the level of the TCP and UDP protocols. Traffic sent through all other protocols, such as ICMP, cannot be identified.
Active directory connector is required for correct identification of terminal server users.
To set up the user identification on terminal servers, perform the following steps:
|
Name |
Description |
|---|---|
|
Step 1. Allow the Authorization agent service in the required zone. |
Go to Network-->Zones, edit the access control parameters for the zone where terminal servers reside and allow the Authorization agent service in this zone. |
|
Step 2. Set up a password for terminal server agents |
In the UserGate console, go to the Users and devices-->Terminal servers section, click Configure and then specify the password for terminal server agents. |
|
Step 3. Install the terminal server agent |
Install the terminal server agent on all servers where you want to identify users During installation, make sure to specify the IP address of the UserGate server and the password that you have set on the previous step. |
|
Step 4. Enable the necessary servers in the UserGate console |
Once the agents are installed, the UserGate console will display a list of terminal servers. By clicking Enable or Disable, you can enable or disable identification of users from the selected servers. |
Now UserGate is able to receive information of terminal users.
All IP addresses assigned to the terminal server will be used for users authentication. To exclude some IPs from authentication, change configuration file C:\ProgramData\Entensys\Terminal Server Agent\tsagent.cfg and set excluded IP addresses as:
ExcludeIP=IP1;IP2