A. RDG allows Remote Desktop Protocol data to be embedded in HTTPS packets, allowing transport over port 443 and therefore successfully traversing most firewalls. As part of the RDG feature, it's possible to control which computers can communicate via RDG and how they authenticate. Out of the box, RDG supports authentication via password or smart card (user certificates), but doesn't support machine certificates. If you need to control which machines can connect, you can use Active Directory groups to specify that computers must be members of specific groups to connect via RDG.

If you need to use machine certificates, you could use Forefront User Access Gateway, which can base access on many different attributes of the connecting machine, including the presence of certain machine certificates.

You can create your own authentication and authorization schemes with RDG in Windows Server 2008 R2, per the Microsoft blog. But that's probably more than most organizations want to do.