Windows Server 2008 introduced a new service called Terminal Services Gateway. It was renamed Remote Desktop Gateway in Windows Server 2008 R2. Its main purpose is to tunnel RDP traffic from a Remote Desktop Client to a Terminal Server farm. However you can also use it as an endpoint for any Windows workstation or server with Remote Desktop enabled via a single public IP address.
All you have to do is add all computers that you wish to remotely access to the TS RAP (resource allocation policy) in the TS Gateway configuration. Install an SSL certificate and publish the TS Gateway server out to the Internet allowing port 443 into it.
Then on the Remote Desktop Client click on Advanced tab and then the Settings button under “Connect from anywhere”. Finally enter the server name that you published out for the TS Gateway server. You can now go back to the General tab and enter any computer name that you added to the TS RAP policy and connect.
That’s it. No VPN’s, only a single publishing rule on your firewall and everything is encrypted via SSL.