IT tutorials
 
Technology
 

Windows Server 2012 : Access virtually anywhere, from any device (part 2) - Unified remote access - Deploying remote access

3/15/2014 2:35:43 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

DirectAccess enhancements

Besides simplified deployment and unified management, DirectAccess has been enhanced in other ways in Windows Server 2012. For example:

  • You can implement DirectAccess on a server that has only one network adapter. If you do this, IP-HTTPS will be used for client connections because it enables DirectAccess clients to connect to internal IPv4 resources when other IPv4 transition technologies such as Teredo cannot be used. IP-HTTPS is implemented in Windows Server 2012 using NULL encryption, which removes redundant SSL encryption during client communications to improve performance.

  • You can access a DirectAccess server running behind an edge device such as a firewall or network address translation (NAT) router, which eliminates the need to have dedicated public IPv4 addresses for DirectAccess. Note that deploying DirectAccess in an edge configuration still requires two network adapters, one connected directly to the Internet and the other to your internal network. Note also that the NAT device must be configured to allow traffic to and from the Remote Access server.

  • DirectAccess clients and servers no longer need to belong to the same domain but can belong to any domains that trust each other.

  • In Windows Server 2008 R2, clients had to be connected to the corporate network in order to join a domain or receive domain settings. With Windows Server 2012 however, clients can join a domain and receive domain settings remotely from the Internet.

  • In Windows Server 2008 R2, DirectAccess always required establishing two IPsec connections between the client and the server; in Windows Server 2012 only one IPsec connection is required.

  • In Windows Server 2008 R2, DirectAccess supported both IPsec authentication and two-factor authentication by using smart cards; Windows Server 2012 adds support for two-factor authentication using a one-time password (OTP) in order to provide interoperability with OTP solutions from third-party vendors. In addition, DirectAccess can now use the Trusted Platform Module (TPM)–based virtual smart card capabilities available in Windows Server 2012, whereby the TPM of clients functions as a virtual smart card for two-factor authentication. This new approach eliminates the overhead and costs incurred by smart card deployment.

Deploying remote access

To see unified remote access at work, let’s walk through the initial steps of deploying a DirectAccess solution. Although we’ve used the UI for performing the steps described below, you can also use Windows PowerShell. You can also deploy the Remote Access role on a Windows Server Core installation of Windows Server 2012.

After making sure that all the requirements have been met for deploying a DirectAccess solution (for example, by making sure your server is domain-joined and has at least one network adapter), you can start the Add Roles And Features Wizard from Server Manager. Then, on the Select Installation Type page, begin by selecting the Role-based Or Feature-based Installation option, as shown here:

image with no caption

After choosing the server(s) you want to install remote access functionality on, select the Remote Access role on the Select Server Roles page:

image with no caption

On the Select Role Services page, select the DirectAccess And VPN (RAS) option, as shown here:

image with no caption

Continue through the wizard to install the Remote Access server role. Once this is finished, click the Open The Getting Started Wizard link on the Installation Progress page shown here to begin configuring remote access:

image with no caption

Windows Server 2012 presents you with three options for configuring remote access:

  • Deploying both DirectAccess and VPN server functionality so that DirectAccess can be used for clients running Windows 7 or later while the VPN server can be used so that clients that don’t support DirectAccess can connect to your corporate network via VPN

  • Deploying only DirectAccess, which you might choose if all your clients are running Windows 7 or later

  • Deploying only a VPN server, which you might use if you’ve invested heavily in third-party VPN client software and you want to continue using these investments

Let’s choose the recommended option by selecting the Deploy Both DirectAccess And VPN option:

image with no caption

On the Remote Access Server Setup page of the Configure Remote Access wizard, you now choose the network topology that best describes where your DirectAccess server is located. The three options available are:

  • Edge, which requires that the server have two network interfaces, one connected to the public Internet and one to the internal network

  • Behind An Edge Device (With Two Network Adapters), which again requires that a server has two network interfaces with the DirectAccess server being located behind a NAT device

  • Behind An Edge Device (Single Network Adapter), which only requires the server (located behind a NAT device) to have one network interface connected to the internal network

Because the server used in this walkthrough has only one network adapter and is located behind a NAT inside, we’ll choose the third option listed here. We’ll also specify Corpnet.contoso.com as the Domain Name System (DNS) name to which the DirectAccess clients will connect:

image with no caption

Note that if the server has two network interfaces, with one connected to the Internet, the Configure Remote Access wizard will detect this and configure the two interfaces as needed.

When you are ready to finish running the Configure Remote Access wizard, you will be presented with a web-based report of the configuration changes that the wizard will make before you apply them to your environment. For example, performing the steps previously described in this walkthrough will result in the following changes:

  • A new GPO called DirectAccess Server Settings will be created for your DirectAccess server.

  • A new GPO called DirectAccess Client Settings will be created for your DirectAccess clients.

  • DirectAccess settings will be applied to all mobile computers in the CONTOSO\Domain Computers security group.

  • A default web probe will be created to verify internal network connectivity.

  • A connection name called Workplace Connection will be created on DirectAccess clients.

  • The remote access server has DirectAccess configured to use Corpnet.contoso.com as the public name to which remote clients connect.

  • The network adapter connected to the Internet (via the NAT device) will be identified by name.

  • Configuration settings for your VPN server will also be summarized; for example, how VPN client address assignment will occur (via DHCP server) and how VPN clients will be authenticated (using Windows authentication).

  • The certificate used to authenticate the network location server deployed on the Remote Access server, which in the above walkthrough was CN=DirectAccess-NLS.contoso.com, is identified.
 
Others
 
- Windows Server 2012 : Access virtually anywhere, from any device (part 1) - Unified remote access - Simplified DirectAccess
- SQL Server 2012 : Locking and Concurrency (part 6) - THE DANGERS OF CONCURRENCY - Double Reads
- SQL Server 2012 : Locking and Concurrency (part 5) - THE DANGERS OF CONCURRENCY - Phantom Reads
- SQL Server 2012 : Locking and Concurrency (part 4) - THE DANGERS OF CONCURRENCY - Dirty Reads
- SQL Server 2012 : Locking and Concurrency (part 3) - THE DANGERS OF CONCURRENCY - Dirty Reads
- SQL Server 2012 : Locking and Concurrency (part 2) - THE DANGERS OF CONCURRENCY - Lost Updates
- SQL Server 2012 : Locking and Concurrency (part 1) - TRANSACTIONS, DATABASE TRANSACTIONS
- Microsoft Exchange Server 2013 : Site mailboxes (part 2) - The life cycle of site mailboxes, Site mailbox provisioning policy
- Microsoft Exchange Server 2013 : Site mailboxes (part 1) - How site mailboxes work - Synchronization between Exchange and SharePoint
- Getting started with SharePoint 2013 sites : Changing the navigation tree view settings - Change tree view settings
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us