发布时间 : 星期二 文章堡垒机应用服务器(remoteapp)配置手册- V2006更新完毕开始阅读
目录
1应用服务器介绍 ············································································································· 1-1
1.1支持Windows server 2008的版本 ·················································································· 1-1 1.2 RemoteApp应用发布介绍 ···························································································· 1-1 1.3 RemoteApp对终端的要求 ···························································································· 1-1 1.4 RemoteApp对终端的要求 ···························································································· 1-1 1.5应用服务器授权许可介绍 ······························································································ 1-2
2安装前的准备 ················································································································ 2-1
2.1注意事项 ··················································································································· 2-1 2.2 RDS授权码(仅限合同客户) ······················································································· 2-1
3应用服务器安装步骤 ······································································································· 3-1
3.1安装远程桌面服务(必须步骤) ····················································································· 3-1 3.2应用服务器激活和授权(如果是测试客户,可忽略此操作) ··············································· 3-17
3.2.1激活应用服务器 ······························································································· 3-17 3.2.2安装应用服务器授权许可证 ················································································ 3-28 3.3调整应用服务器的策略(必须步骤) ············································································· 3-39
3.3.1调整本地组策略 ······························································································· 3-39 3.3.2设置RD授权模式 ···························································································· 3-45 3.3.3允许用户在初始连接时启动列出和未列出的程序 ····················································· 3-49 3.3.4关闭windows防火墙 ························································································ 3-51 3.3.5关闭IE增强的安全配置 ····················································································· 3-52 3.3.6开启远程桌面 ·································································································· 3-54 3.4发布RemoteApp程序 ································································································ 3-56
4运维审计系统与应用服务器结合使用 ·················································································· 4-1
4.1 rdp文件应用发布 ········································································································ 4-1 4.2 IE代填应用发布 ······································································································· 4-11
i
1 应用服务器介绍
应用服务器由windows server 2008服务器平台搭建的。
应用服务器用于安装应用程序,并能通过RemoteApp服务发布应用程序。
1.1 支持Windows server 2008的版本
Windows Server 2008 Standard Windows Server 2008 Enterprise Windows Server 2008 Datacenter
1.2 RemoteApp应用发布介绍
RemoteApp是微软在Windows Server 2008之后,在其系统中集成的一项服务功能,使用户可以通过远程桌面访问远端的桌面与程序,客户端本机无须安装系统与应用程序的情况下也能正常使用远端发布的各种的桌面与应用。
1.3 RemoteApp对终端的要求
客户在自行搭建应用服务器(windows server2008)前,需要选取相应的硬件配置,为了更好的使用应用服务器推荐以下配置:
1、如果采购USM200型号,推荐应用服务器的硬件配置:
至少8G内存、四核CPU、250G磁盘空间(给操作系统150G)、两块网卡。
2、如果采购USM500型号,推荐应用服务器的硬件配置:
至少16G内存、四核CPU、250G磁盘空间(给操作系统150G)、两块网卡。
3、如果采购USM1000型号,推荐应用服务器的硬件配置:
至少32G内存、六核CPU、300G磁盘空间(给操作系统200G)、两块网卡。
4、如果采购USM3000型号,推荐应用服务器的硬件配置:
至少64G内存、八核CPU、500G磁盘空间(给操作系统300G)、两块网卡
1.4 RemoteApp对终端的要求
由于是采用RDP协议访问应用服务器提供的应用程序,所以对终端平台有以下要求: (1) 终端操作系统必须为windows操作系统。 (2) windows的RDP版本至少6.1版本。
(3) 如果终端操作系统为windows XP或windows server 2003,请检查RDP版本,如果版本
过低请升级RDP版本。
1-1
1.5 应用服务器授权许可介绍
应用服务器授权许可证是用于对windows server 2008的远程桌面服务(RDS)进行授权许可,只有正确RDS授权许可成功之后,运维审计系统访问应用服务器的远程桌面服务就没有时间限制;未进行RDS授权许可的应用服务器只有120天的使用有效期。
1-2
2 安装前的准备
安装应用服务器需要准备的工作。
2.1 注意事项
为了确保应用服务器配置成功,请遵从以下的注意事项:
(1) Windows server 2008可以直接在本服务器配置里安装RemoteApp服务。 (2) Windows server 2008可以安装在物理设备里,也可以安装在虚拟机里。
(3) 准备好windows server 2008操作系统,使用正确的产品ID激活windows server 2008;否则
会影响应用服务器的正常使用。
2.2 RDS授权码(仅限合同客户)
(1) 每台正式销售(即合同客户)的运维审计系统可以向安恒公司的相关负责人申请一套RDS授
权码。如下图:
2-1