A. By default, Virtual Server communication operates over two basic ports: port 1024 for the Web connection to the Virtual Server Administration Web site and port 5900 for the Virtual Machine Remote Control (VMRC) server, which allows the Web-based access to the virtual machine (VM) sessions.
To enable SSL for the Virtual Server administration Web site, you need to install a Web certificate via the Internet Information Services (IIS) Manager for the Virtual Server Web site, and when accessing the virtual server use the https protocol identifier instead of http and the port specified in the properties of the Web site for SSL, as the figure shows.
You can also require SSL via the Directory Security tab of the Web site Properties. Click Edit under the Secure Communications section and select "Require secure channel (SSL)," as the figure shows.
For the VMRC server communication, which is used to view actual sessions via the Web, you must use the Virtual Server Administration Web site:
- Connect to the Virtual Server Administration Web site.
- Click the Server Properties link under the Virtual Server section on the left side of the page.
- Under Server Properties, click the "Virtual Machine Remote Control (VMRC) Server" link, as the figure shows.
- On the Server Properties page, select the "SSL 3.0/TLS 1.0 encryption" enable check box. Select Request for the certificate and type in details about your company (hostname, organization, unit, city, as the figureshows. Click OK.
- The certificate request will be shown on screen, as the figureshows. Cut and save the displayed certificate request text.
Send this text to your external Certificate Authority (CA), or if you're using an internal Windows-based CA, navigate to the certsrv Web page (e.g., http://
/certsrv) and click the "Request a certificate" link. On the "Request a Certificate" page, click the "advanced certificate request" link. Select "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file." In the Saved Request box, paste in the certificate request text and set the Certificate Template to Web Server, as the figure at http://www.windowsitpro.com/articles/images/vssecure5.gif shows. Click Submit. - Select "DER encoded" and click "Download certificate." Select a location to save the generated certnew.cer file.
- On the Virtual Server Administration Web page, select the "Virtual Machine Remote Control (VMRC) Server" link as you did in step 3.
- Under "SSL 3.0/TLS 1.0 certificate" select Upload and click Browse to select the .cer file supplied by the CA, as the figure at http://www.windowsitpro.com/articles/images/vssecure6.gif shows, then click OK.
All Virtual Server communication is now encrypted. In my examples, I use different ports from the standard, and you can use whatever ports you require. If you want to access Virtual Server from across a firewall, you need to open the two ports selected for the administration Web site SSL and the VMRC Server (430 and 431 in this example), which are actually reserved officially for UTMPSD and UTMPCD so I don't want to encourage using them.
