In the first two posts of this series (Part 1 and Part 2) I discussed the system configuration we put in place at The Stan Hagen Centre for Families and then started exploring the details of the Server 2012 R2 Server Essentials Experience role and how to perform basic configuration. In this post I’m going to focus on what is termed Anywhere Access inside Essentials, also known as Remote Web Access (I’m going to refer to it as RWA going forward).
RWA/Anywhere Access is basically the wizard and web-frontend that the Essentials role enables. The web frontend provides access to internal server resources (shares, folder, files) as well as machine access (RDP) to authorized users across the web. VPN configuration and support is also provided through this piece.
Before we start I need to point out that you need the following in order to be able to make all of the configuration steps required to successfully bring up RWA:
– you need to have a static IP on your firewall that you can bind port 443 (HTTPS) to
– you need to have an external domain with DNS management that you control (mine is beagledom.ca as an example; something.local is not acceptable) as you need to verify domain ownership for the SSL certificate purchase
– you need to understand how to configure your firewall or have a PNP-enabled firewall that the wizard can configure for you
– you need to be able to purchase an SSL certificate for the RWA site, eg: remote.beagledom.ca (I suggest rapidsslonline.com as a good place to purchase your cert)
If you have all of this you can go ahead and click on the Setup Anywhere Access link on the Dashboard homepage.
If you want to let the wizard attempt to set up your firewall just click Next. If you are like me you’d rather do this yourself so you can tick the Skip router setup box. I recommend making the firewall changes yourself as it will help you better understand what needs to be done at the firewall level.
The above questions are very important so let’s look at them in detail.
The choice in the red box is made if you already HAVE a domain name on the Internet, eg mine is beagledom.ca. We’ll look at that shortly.
The choice in the green box is made if you don’t already have a domain name. If you make this choice the wizard will run you through the process of picking a domain name provider:
I would not recommend the second choice!
These are the two providers that Microsoft works with and that are integrated into the wizard. I’m not going to go further with this as I already have my domain (which I did purchase through GoDaddy, BTW). The point here is that you MUST have an external domain to make all of this work.
Now I’ll loop back to picking my “owned” domain and we’ll proceed.
I’m picking the manual method as I want full control. You can choose to use the automatic method, it will attempt to plug you back in to GoDaddy or enom. I personally think you are better to do things the manual way and maintain absolute control.
When you go the manual route Microsoft will give you instructions that you get by clicking on the “I want to set up my domain name manually” link above. Here’s the web page:
https://technet.microsoft.com/library/jj628152.aspx (This is the link for the above web page)
When you have completed the steps, you come back to the previous screen and tick the box then click Next.
The info in the red box is completely under your control. The “traditional” FQDN for RWA installations has always been “remote.yourdomain.com” (as you can see above) but you can make it whatever you want by clicking on the Change button. Just remember that you have to make a DNS entry for the FQDN in your external DNS manager for whatever you make the name and it will have to point back to whatever WAN IP you will be using to bind HTTPS to for the FQDN.
The info in the green box is straightforward. If you do NOT already have an SSL cert for your FQDN then you pick the “purchase” option. If you already have a cert for the FQDN that you can reuse then pick the second choice. I’m going to pick the purchase option.
This is where the fun starts! The information in the red box is the generated certificate request (CSR) for your FQDN. You will need to copy the CSR information (use the Copy button) and provide that to the SSL Cert provider that you have selected. Once you have copied the data you can click Next.
Your choice on this screen is dependant on the cert provider’s processing. Some are very quick on turnaround (like rapidsslonline) so you could just stay at this screen while you wait. Others can take their time so you could pick the middle option which allows you to come back to this screen later. The last option simply cancels the whole cert request process.
If you have your cert back from your provider you can select the first option to go ahead and install the cert which is what I am going to select.
Depending on the method your cert provider uses to provide the cert you will either paste the contents of the encoded cert text into the box or you’ll import the provided *.cer file then click Next.
I don’t have a real cert to apply here so I’ll not go to the next screen but once you click Next the system will import the cert, install it into the appropriate certificate store and apply the cert to the RWA.
Looking at a properly installed system (The Stan Hagen Centre, as an example), we can see this from the Settings link on the Dashboard:
As you can see, it knows the domain was set up manually and it does NOT know anything about the router (that was also a manual set up).But it is happy at this point. The Customize button lets you “tweak” the RWA somewhat.
You can set the title, a background image and a logo for the RWA splash page. I have a log set.
You can set custom links on the RWA Home Page, I have added a link for the Exchange OWA page, I could add others that I want. NOTE: I have removed the Microsoft default links as I didn’t want them posted.
This final choice is only for Admin users as it defines what is accessible by default for the RDP connection to the Essentials server form the Home page. The default is to take the user directly to the Dashboard, you can change it to be a “regular” RDP session to the server desktop.
The end result of all your configuration work should be something like this:
This is the splash page. As you can see it has the title I gave it as well as the logo, there is no background image. Down on the bottom left is some very interesting stuff. You can select Desktop or Mobile web page access which sets the system to display properly based on your device. Mobile works extremely well with iPads and Windows and Android tablets as well as with iPhone, Android and Windows phones. Desktop is exactly what you expect it to be. Even better, the whole RWA experience is pretty much browser agnostic, use your favourite browser (just make sure it is a modern version, old versions of IE, as an example, are a no non).
I’m going to login as an admin user.
And there you have all your choices … machine access (RDP) via Devices. File access via Shared Folders. Web links via Links.
If you were an SBS user the above should look pretty familiar. The next post in this series will look at how you build out Exchange and plug it into all of this.