Windows ACI: Terminal Server Gateway

I've elected to setup a Terminal Server Gateway as the entry point for access to the ACIs. This server role was introduced with Windows Server 2008 and provides several benefits that will help with the management and security of the ACIs. First and foremost, a TS Gateway provides a means to encapsulate the Remote Desktop Protocol (RDP) traffic through an SSL tunnel using HTTPS over port 443. In turn the TS Gateway facilitates a standard RDP connection, over port 3389, to the requested resource. This allows us to configure the firewall of our cloud service provider account and the individual server instances to isolate the ACIs to only be reachable via the TS Gateway and a few IP addresses here at ICPSR. The TS Gateway also provides for the implementation of client and resource access policies to control which resources can be accessed and by whom, therefore we can restrict access to individual ACIs to strictly the users identified in the associated research request. Additionally, the TS Gateway can be configured to utilize a Network Access Protection (NAP) health policy. This technology allows for us to define client "health" condition in order to be permitted to connect, for example that the client's firewall is enabled, current for operating system security patches, has anti-virus software.

Implementation of this server role should help to simplify support in a production scenario where there could be a large number of ACIs active at any given time.