Requirement : Remoteapp only to be published to internet with SSO- using Server 2012 RS / 2016
Without RD gateway
1. Do we need a RDGateway still or can we manage with only RD Webaccess role . i.e. Reverseproxy (from DMZ) just RDS WebAccess (internal domain joined network)
If RD gateway is required
2. Forest trust model: One-way trust between the perimeter network AD DS and the internal network AD DS. RDG is joined to perimeter AD DS.
Does it work? researched to find "RD Gateway is not supported in one-way forest trust AD DS model. This is because RD Gateway wont be able to check for user group membership in RAP. Hence one gets a RAP failure with domain user." your feedback pls
3. Extended corporate forest model: Can we leverage ADFS already in DMZ/perimeter, instead of allowing ports from DMZ to internal AD or even placing RODC
Is it possible?any article which can be referred
Best recommended Design on RDSGateway/RDS Webaccess placement
4. Like Lync Edge server which is in DMZ and on workgroup .Has there been any improvement on server 2016 RDS Gateway which can work on workgroup?
or for SSO do we still have a dependency RDS Gateway to be Internal AD DS joined
5. Currently Best RDS design from what I could gather seems to have all RDS farm internal AD DS joined and in internal network.Have DMZ Reverseproxy pass on the traffic to RD Gateway.Is there a better approach that I am missing
(most of the articles are'nt updated I still find is on majorly referring to server 2008 R2 ,very few on 2012,almost none on 2016.)
Your suggestion is greatly valued