Book Image

Windows Server 2012 Unified Remote Access Planning and Deployment

Book Image

Windows Server 2012 Unified Remote Access Planning and Deployment

Overview of this book

DirectAccess, introduced in Windows Server 2008 R2, has been a ground breaking VPN-like connectivity solution, adopted by thousands of organizations worldwide. Allowing organizations to deploy without manually configuring every client and providing always-on connectivity has made this technology world-famous. Now, with Windows Server 2012, this has been made even easier to deploy, with a new friendly user interface, easy-start wizard and built in support tools.With Unified Remote Access, Windows server 2012 offers a unique way to provide remote access that is seamless and easier to deploy than traditional VPN solutions. With URA, the successor to DirectAccess, your users can have full network connectivity that is always-on. If you have deployed Windows Server 2012 or are planning to, this book will help you implement Unified Remote Access from concept to completion in no time!Unified Remote Access, the successor to DirectAccess, offers a new approach to remote access, as well as several deployment scenarios to best suit your organization and needs. This book will take you through the design, planning, implementation and support for URA, from start to finish."Windows Server 2012 Unified Remote Access Planning and Deployment" starts by exploring the mechanisms and infrastructure that are the backbone of URA, and then explores the various available scenarios and options. As you go through them, you will easily understand the ideal deployment for your own organization, and be ready to deploy quickly and easily. Whether you are looking into the simplest deployment, or a complex, multi-site or cloud scenario, "Windows Server 2012 Unified Remote Access Planning and Deployment" will provide all the answers and tools you will need to complete a successful deployment.

Related Content you might be interested in

Current Title:

Small book image
Windows Server 2012 Unified Remote Access Planning and Deployment
Dec, 2012 | 328 pages
No titles found
Table of Contents (17 chapters)
Windows Server 2012 Unified Remote Access Planning and Deployment
Windows Server 2012 Unified Remote Access Planning and Deployment
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Understanding IPv6 and IPv4-IPv6 Interoperability
Understanding IPv6 and IPv4-IPv6 Interoperability
My network's fine, so if it ain't broken, why fix it?
The IPv6 addressing schemes
IPv6 address assignment
IPv6 and name resolution
A little more about DNS
Multiple stacks
Operating system compatibility
Protocol transition technologies
Practical considerations for IPv6 and IPv4
Unified Remote Access and Group Policy
Public Key Infrastructure (PKI)
Summary
2
Planning a Unified Remote Access Deployment
Planning a Unified Remote Access Deployment
Server requirements and placement
Basic scenarios
PKI
Group Policy
Client platforms (and unsupported clients)
Cloud scenarios
Advanced scenarios
How much can my server handle?
Summary
3
Preparing a Group Policy and Certificate Infrastructure
Preparing a Group Policy and Certificate Infrastructure
Deploying GPO in an organization
New features with Windows Server 2012 and Windows 8 Group Policy
Planning group membership for URA clients and servers
GPO management policies and authorities
Managing GPO on URA servers and clients
Basic GPO problems and troubleshooting
Introduction to certificates and PKI
Certificates used by URA
Public versus private certificates
Enterprise Certificate Authority versus Standalone Certificate Authority
Root Certificate Authorities and Subordinate Certificate Authorities
Summary
4
Installing and Configuring the Unified Remote Access Role
Installing and Configuring the Unified Remote Access Role
Adding the URA role
Configuring the basic URA scenario
Editing the configuration
Network Location Server
Configuring the Name Resolution Policy table
Enabling load balancing
Summary
5
Multisite Deployment
Multisite Deployment
What is multisite deployment and how does it help?
Multisite scenarios
Network infrastructure considerations and planning
Group Policy planning
DNS considerations
Network Location Server concerns
Deploying load balancing
Certificate authentication
IP-HTTPS and NLS certificates
Connectivity verifier considerations
Windows 7 clients and multisite
The multisite configuration wizard
Adding more entry points
Summary
6
Cross-premise Connectivity
Cross-premise Connectivity
Evolving remote access challenges
Migration to dynamic cloud
The needs of modern data centers
Dynamic cloud access with URA
Adding a cloud location using Site-to-Site
Basic setup of cross-premise connectivity
Configuration steps
Summary
7
Unified Remote Access Client Access
Unified Remote Access Client Access
Supported clients
Client configuration options
Supported client software and IPv4/IPv6 limitations
Interoperability with Windows 7 clients
Network Connectivity Assistant options
Client manageability considerations
User guidance
Summary
8
Enhanced Configurations for Infrastructure Servers
Enhanced Configurations for Infrastructure Servers
Tweaking the management servers list
URA and PowerShell
Configuring IPSec policies with advanced options
Fine-tuning SSL and PKI
Configuring forced tunneling
Advanced options with the NCA
Tweaking IPv6 for complex networks
Summary
9
Deploying NAP and OTP
Deploying NAP and OTP
NAP basic concepts
NAP and URA
Enabling NAP on URA
Introduction to OTP
How OTP works with URA
Enabling OTP
Summary
10
Monitoring and Troubleshooting Unified Remote Access
Monitoring and Troubleshooting Unified Remote Access
Monitoring the URA server (or servers)
Monitoring URA clients
Generating reports
Troubleshooting URA
Common problems, issues, and mistakes
Server troubleshooting
Connectivity problems
Client troubleshooting
Advanced diagnostics
Summary
Index
Index

IPv6 and name resolution

Just like IPv4, IPv6 networking requires name resolution, and luckily, the Windows DNS service has been IPv6 ready for many years. IPv6-ready DNS can store name records for IPv6 resources, which is referred to as AAAA records, or Quad-A records. Modern Windows computers register both their regular addresses and their IPv6 addresses in DNS automatically, and when another computer attempts to resolve it, DNS will default to resolving the IPv6 address. The following screenshot shows the Windows Server 2012 DNS Manager, with several computers registered with both IPv4 and IPv6 addresses.

Since URA clients will be using IPv6 addresses, an IPv6-capable DNS is good to have around, so that when your corporate network computers try to connect to URA clients, DNS will help to resolve the addresses properly. One situation where things are a little more challenging is when an internal server is only capable of IPv4 traffic. This would include older operating systems, such as Windows 95, and certain devices running proprietary operating system or network stacks that haven't been updated.

To address such a situation, where the URA clients need to access an IPv4-only internal resource, the URA server role includes a function referred to as DNS64 (pronounced DNS Six-to-four) as well as another function referred to as NAT64 (pronounced NAT Six-to-four). However, it's important to know that this help can go only in one direction. This means that the IPv4-only internal server won't be able to initiate a connection to the URA client unless it is upgraded to fully support IPv6. The real-world impact of this is typically remote management. If one of your goals is remote management of remote clients, you will have to make sure that you have IPv6 capable servers for this task. Shouldn't be too hard to make this happen, right?

Previous Section
End of Section 5
Next Section