Book Image

Windows Server 2012 Unified Remote Access Planning and Deployment

Book Image

Windows Server 2012 Unified Remote Access Planning and Deployment

Overview of this book

DirectAccess, introduced in Windows Server 2008 R2, has been a ground breaking VPN-like connectivity solution, adopted by thousands of organizations worldwide. Allowing organizations to deploy without manually configuring every client and providing always-on connectivity has made this technology world-famous. Now, with Windows Server 2012, this has been made even easier to deploy, with a new friendly user interface, easy-start wizard and built in support tools.With Unified Remote Access, Windows server 2012 offers a unique way to provide remote access that is seamless and easier to deploy than traditional VPN solutions. With URA, the successor to DirectAccess, your users can have full network connectivity that is always-on. If you have deployed Windows Server 2012 or are planning to, this book will help you implement Unified Remote Access from concept to completion in no time!Unified Remote Access, the successor to DirectAccess, offers a new approach to remote access, as well as several deployment scenarios to best suit your organization and needs. This book will take you through the design, planning, implementation and support for URA, from start to finish."Windows Server 2012 Unified Remote Access Planning and Deployment" starts by exploring the mechanisms and infrastructure that are the backbone of URA, and then explores the various available scenarios and options. As you go through them, you will easily understand the ideal deployment for your own organization, and be ready to deploy quickly and easily. Whether you are looking into the simplest deployment, or a complex, multi-site or cloud scenario, "Windows Server 2012 Unified Remote Access Planning and Deployment" will provide all the answers and tools you will need to complete a successful deployment.

Related Content you might be interested in

Current Title:

Small book image
Windows Server 2012 Unified Remote Access Planning and Deployment
Dec, 2012 | 328 pages
No titles found
Table of Contents (17 chapters)
Windows Server 2012 Unified Remote Access Planning and Deployment
Windows Server 2012 Unified Remote Access Planning and Deployment
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Understanding IPv6 and IPv4-IPv6 Interoperability
Understanding IPv6 and IPv4-IPv6 Interoperability
My network's fine, so if it ain't broken, why fix it?
The IPv6 addressing schemes
IPv6 address assignment
IPv6 and name resolution
A little more about DNS
Multiple stacks
Operating system compatibility
Protocol transition technologies
Practical considerations for IPv6 and IPv4
Unified Remote Access and Group Policy
Public Key Infrastructure (PKI)
Summary
2
Planning a Unified Remote Access Deployment
Planning a Unified Remote Access Deployment
Server requirements and placement
Basic scenarios
PKI
Group Policy
Client platforms (and unsupported clients)
Cloud scenarios
Advanced scenarios
How much can my server handle?
Summary
3
Preparing a Group Policy and Certificate Infrastructure
Preparing a Group Policy and Certificate Infrastructure
Deploying GPO in an organization
New features with Windows Server 2012 and Windows 8 Group Policy
Planning group membership for URA clients and servers
GPO management policies and authorities
Managing GPO on URA servers and clients
Basic GPO problems and troubleshooting
Introduction to certificates and PKI
Certificates used by URA
Public versus private certificates
Enterprise Certificate Authority versus Standalone Certificate Authority
Root Certificate Authorities and Subordinate Certificate Authorities
Summary
4
Installing and Configuring the Unified Remote Access Role
Installing and Configuring the Unified Remote Access Role
Adding the URA role
Configuring the basic URA scenario
Editing the configuration
Network Location Server
Configuring the Name Resolution Policy table
Enabling load balancing
Summary
5
Multisite Deployment
Multisite Deployment
What is multisite deployment and how does it help?
Multisite scenarios
Network infrastructure considerations and planning
Group Policy planning
DNS considerations
Network Location Server concerns
Deploying load balancing
Certificate authentication
IP-HTTPS and NLS certificates
Connectivity verifier considerations
Windows 7 clients and multisite
The multisite configuration wizard
Adding more entry points
Summary
6
Cross-premise Connectivity
Cross-premise Connectivity
Evolving remote access challenges
Migration to dynamic cloud
The needs of modern data centers
Dynamic cloud access with URA
Adding a cloud location using Site-to-Site
Basic setup of cross-premise connectivity
Configuration steps
Summary
7
Unified Remote Access Client Access
Unified Remote Access Client Access
Supported clients
Client configuration options
Supported client software and IPv4/IPv6 limitations
Interoperability with Windows 7 clients
Network Connectivity Assistant options
Client manageability considerations
User guidance
Summary
8
Enhanced Configurations for Infrastructure Servers
Enhanced Configurations for Infrastructure Servers
Tweaking the management servers list
URA and PowerShell
Configuring IPSec policies with advanced options
Fine-tuning SSL and PKI
Configuring forced tunneling
Advanced options with the NCA
Tweaking IPv6 for complex networks
Summary
9
Deploying NAP and OTP
Deploying NAP and OTP
NAP basic concepts
NAP and URA
Enabling NAP on URA
Introduction to OTP
How OTP works with URA
Enabling OTP
Summary
10
Monitoring and Troubleshooting Unified Remote Access
Monitoring and Troubleshooting Unified Remote Access
Monitoring the URA server (or servers)
Monitoring URA clients
Generating reports
Troubleshooting URA
Common problems, issues, and mistakes
Server troubleshooting
Connectivity problems
Client troubleshooting
Advanced diagnostics
Summary
Index
Index

IPv6 address assignment

With IPv4, one would assign addresess in one of the three following ways:

  • Via DHCP (Dynamic Host Configuration Protocol)

  • By manually assigning the addresses

  • Using APIPA (Automatic Private IP Assignment)

With IPv6, these three ways are still available, although we refer to the third as stateless address autoconfiguration or SLAAC (which also makes this one of the best acronyms in computer history alongside FAQ and SCSI). SLAAC is used when the system assigns itself the link-local address (the one starting with FE80) that we discussed earlier.

The reality is that most administrators deploying Unified Remote Access (URA) will want to know as little about IPv6 as possible, and would rather not have to even think about messing around with DHCP scopes or subnetting. As luck would have it, you don't really have to, because the fantastic ISATAP mechanism will help you work things out. ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is a protocol transition mechanism, which provides a way for computers to communicate, using IPv6 over an IPv4 network, and part of that is an automatic generation of an IPv6 address. The way this works is by Windows creating a virtual network card named isatap, and assigning itself an IPv6 address that's based on the computer's IPv4 address. This would happen on all your modern desktops and servers (Windows XP, Windows Vista, Windows 7, Windows Mobile, Windows Phone 7, Linux, and even some versions of Cisco IOS). A computer or network device on your network will be designated as an ISATAP Router (more about that later) and your hosts will learn of its existence by querying your DNS server.

As you can see in the following screenshot, this computer assigned itself the ISATAP address of 2002:2f6b:1:1:0:5efe:10.0.0.3. Did you see those dots at the end? Yes! This shows us that the address was generated from the computer's IPv4 address of 10.0.0.3. Easy as pie!

If you prefer, you can ask your ISP to assign you an IPv6 subnet, and then create a DHCP scope from it to assign real addresses, and you could even assign those addresses manually to hosts. You can also work with your ISP to devise an IPv6 address allocation plan, if your network is complex.

We'll say this again, though you don't have to do any of this for the purpose of implementing URA. The reason for this is even though URA clients do use IPv6, the URA server will actually route that traffic and encapsulate it as IPv4 to the hosts on the corporate network. We will discuss this in more detail shortly.

Previous Section
End of Section 4
Next Section