RD Gateway on AWS
RD Gateway Quick Start

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Step 2. Launch the Quick Start

Note

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start. For full details, see the pricing pages for each AWS service you will be using in this Quick Start.

  1. Choose one of the following options to launch the AWS CloudFormation template into your AWS account. For help choosing an option, see Deployment Options earlier in this guide.

    Option 1

    Deploy RD Gateway into a new VPC on AWS

    
            Quick Start launch button for RD Gateway in new VPC

    Option 2

    Deploy RD Gateway into an existing VPC – standalone

    
            Quick Start launch button for standalone RD Gateway instances in existing
             VPC

    Option 3

    Deploy RD Gateway into an existing VPC – domain-joined

    
            Quick Start launch button for domain-joined RD Gateway instances in existing
             VPC

    Important

    If you’re deploying RD Gateway into an existing VPC (option 2 or 3), make sure that your VPC has two private subnets in different Availability Zones for the database instances. These subnets require NAT gateways or NAT instances in their route tables, to allow the instances to download packages and software without exposing them to the internet. You’ll also need the domain name option configured in the DHCP options as explained in the Amazon VPC documentation. You’ll be prompted for your VPC settings when you launch the Quick Start.

    If you’re domain-joining the RD Gateway instances (option 3), make sure that the DHCP options set for the VPC specifies the Active Directory domain as the domain name, and the Active Directory domain controllers as the domain name servers for the VPC. This enables the RD Gateway instance to find the domain to join via DNS.

    Each deployment takes about 30 minutes to complete.

  2. Check the region that’s displayed in the upper-right corner of the navigation bar, and change it if necessary. The template is launched in the US East (Ohio) Region by default.

  3. On the Select Template page, keep the default setting for the template URL, and then choose Next.

  4. On the Specify Details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require your input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.

    In the following tables, parameters are listed by category and described separately for the three deployment options:

    Option 1: Parameters for deploying RD Gateway into a new VPC

    View template

    VPC Network Configuration:

    Parameter label Parameter name Default Description
    Availability Zones AvailabilityZones Requires input The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify.
    VPC CIDR VPCCIDR 10.0.0.0/16 CIDR block for the VPC to create.
    Private Subnet 1 CIDR PrivateSubnet1CIDR 10.0.0.0/19 CIDR block for the private subnet located in Availability Zone 1.
    Private Subnet 2 CIDR PrivateSubnet2CIDR 10.0.32.0/19 CIDR block for the private subnet located in Availability Zone 2.
    Public Subnet 1 CIDR PublicSubnet1CIDR 10.0.128.0/20 CIDR block for the public (DMZ) subnet located in Availability Zone 1.
    Public Subnet 2 CIDR PublicSubnet2CIDR 10.0.144.0/20 CIDR block for the public (DMZ) subnet located in Availability Zone 2.
    Allowed Remote Desktop Gateway External Access CIDR RDGWCIDR Requires input The CIDR IP range that is permitted to access the RD Gateway instances. We recommend that you set this value to a trusted IP range. For example, you might want to grant only your corporate network access to the software.

    Amazon EC2 Configuration:

    Parameter label Parameter name Default Description
    Key Pair Name KeyPairName Requires input Public/private key pair, which allows you to connect securely to your instance after it launches. When you created an AWS account, this is the key pair you created in your preferred region.
    Remote Desktop Gateway Instance Type RDGWInstanceType t2.large EC2 instance type for RD Gateway instances.

    Microsoft Remote Desktop Gateway Configuration:

    Parameter label Parameter name Default Description
    Number of RDGW Hosts NumberOfRDGWHosts 1 The number of RD Gateway instances to create. You can choose 1-4 instances.
    Admin User Name AdminUser StackAdmin User name for the new local administrator account.
    Admin Password AdminPassword Requires input Password for the new administrator account. This must be a complex password that’s at least 8 characters long.
    Domain DNS Name DomainDNSName example.com Fully qualified domain name (FQDN) of the forest root domain.

    AWS Quick Start Configuration:

    Parameter label Parameter name Default Description
    Quick Start S3 Bucket Name QSS3BucketName aws-quickstart S3 bucket where the Quick Start templates and scripts are installed. Use this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen.
    Quick Start S3 Key Prefix QSS3KeyPrefix quickstart-microsoft-rdgateway/ The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes.

    Option 2: Parameters for deploying RD Gateway into an existing VPC (standalone)

    View template

    Network Configuration:

    Parameter label Parameter name Default Description
    VPC ID VPCID Requires input ID of the existing VPC where you want to deploy RD Gateway (e.g., vpc-0343606e).
    Public Subnet 1 ID PublicSubnet1ID Requires input ID of the public subnet in Availability Zone 1 in your existing VPC (e.g., subnet-a0246dcd).
    Public Subnet 2 ID PublicSubnet2ID Requires input ID of the public subnet in Availability Zone 2 in your existing VPC (e.g., subnet-e3246d8e).
    Allowed Remote Desktop Gateway External Access CIDR RDGWCIDR Requires input The CIDR IP range that is permitted to access the RD Gateway instances. We recommend that you set this value to a trusted IP range. For example, you might want to grant only your corporate network access to the software.

    Amazon EC2 Configuration:

    Parameter label Parameter name Default Description
    Key Pair Name KeyPairName Requires input Public/private key pair, which allows you to connect securely to your instance after it launches. When you created an AWS account, this is the key pair you created in your preferred region.
    Remote Desktop Gateway Instance Type RDGWInstanceType t2.large EC2 instance type for RD Gateway instances.

    Microsoft Remote Desktop Gateway Configuration:

    Parameter label Parameter name Default Description
    Number of RDGW Hosts NumberOfRDGWHosts 1 The number of RD Gateway instances to create. You can choose 1-4 instances.
    Admin User Name AdminUser StackAdmin User name for the new local administrator account.
    Admin Password AdminPassword Requires input Password for the new administrator account. This must be a complex password that’s at least 8 characters long.
    Domain DNS Name DomainDNSName example.com Fully qualified domain name (FQDN) of the forest root domain.

    AWS Quick Start Configuration:

    Parameter label Parameter name Default Description
    Quick Start S3 Bucket Name QSS3BucketName aws-quickstart S3 bucket where the Quick Start templates and scripts are installed. Use this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen.
    Quick Start S3 Key Prefix QSS3KeyPrefix quickstart-microsoft-rdgateway/ The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes.

    Option 3: Parameters for deploying RD Gateway into an existing VPC (domain-joined)

    View template

    The template for the domain-joined RD Gateway deployment provides the same parameters as the template for the standalone deployment, except for the following RD Gateway and Active Directory settings.

    Microsoft Active Directory Configuration:

    Parameter label Parameter name Default Description
    Domain DNS Name DomainDNSName example.com Fully qualified domain name (FQDN) of the forest root domain.
    Domain NetBIOS Name DomainNetBIOSName example NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Windows.
    Domain Member Security Group ID DomainMemberSGID Requires input ID of the domain member security group (e.g., sg-7f16e910).
    Domain Admin User Name DomainAdminUser StackAdmin User name for the domain administrator. This is separate from the default administrator account.
    Domain Admin Password DomainAdminPassword Requires input Password for the domain administrator user. This must be a complex password that’s at least 8 characters long.

    Microsoft Remote Desktop Gateway Configuration:

    Parameter label Parameter name Default Description
    Number of RDGW Hosts NumberOfRDGWHosts 1 The number of RD Gateway instances to create. You can choose 1-4 instances.
  5. On the Options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you're done, choose Next.

  6. On the Review page, review and confirm the template settings. Under Capabilities, select the check box to acknowledge that the template will create IAM resources.

  7. Choose Create to deploy the stack.

  8. Monitor the status of the stack. When the status is CREATE_COMPLETE, the deployment is ready.

  9. Use the URLs displayed in the Outputs tab for the stack to view the resources that were created.