SSTP or Secure Socket Tunneling Protocol is a new type of VPN connection that uses port 443. SSTP is part of Windows Server 2008 RRAS (Routing and Remote Access). On the client side, you need Vista SP1.

The setup is very simple. Just setup RRAS on Windows Server 2008 and follow the wizard. When you setup the VPN, ports will be created for PPTP, L2TP and SSTP:

The RRAS wizard does not help you with the required certificate. It does not matter how you get the certificate (online CA, public CA, ...) but you need to make sure you store the certificate in the Computer store (Personal):

On the client side, make sure that the computer (not the user) recognizes the SSTP certificate. If you used your own CA, make sure that the CA certificate is in the Trusted Roots store of the computer. Then make a new VPN connection and select SSTP in the Networking tab:

That's it. You can now establish a VPN connection using only port 443 and forget about those typical NAT problems with IPSec VPNs or PPTP passthough issues.

If you would like to publish applications with Windows Server 2008 and you would like to have the Windows Vista look and feel, take a look below.

You can get access to a published application from an .rdp file or from an .msi but in this case, I made the application available using TS Web Access:

When the user goes to the TS Web Access page and clicks the icon, a few dialogs will pop up because you have to authenticate. After that, Paint should appear in a seamless window like below:

This is fine but I would like the Vista look and feel because my client runs Vista. This is very simple to accomplish:

1. On the Terminal Server, set the Themes service to automatic and start it.
2. Force the Aero theme with a Group Policy: the setting is in User Configuration / Administrative Templates / Control Panel / Display / Desktop Themes and the setting is called: Load a specific visual style file or force Windows Classic. Then set the path to the theme file. It is %windir%\resources\Themes\aero\aero.msstyles.

When a user starts the Paint application from TS Web Access he/she will now get:

At first, I thought I had to install the Desktop Experience feature of Windows Server 2008 but that feature just adds client programs such as Windows Calendar, Mail, Photo Gallery etc...

As an additional tip: if you are trying this yourself and you use Windows Server 2008 RC0 or higher, make sure that you use Vista SP1 beta or Windows Server 2008 as the client for TS Web Access. For more info see this.