Date post: | 04-Mar-2018 |
Category: |
Documents |
Upload: | hoangtuyen |
View: | 219 times |
Download: | 3 times |
Microsoft® Jump Start
M6: Implementing DirectAccess
Rick Claus | Technical Evangelist | Microsoft
Ed Liberman | Technical Trainer | Train Signal
Jump Start Target Agenda | Day One
Day 1 Day 2
Module 1: Installing and Configuring
Servers Based on Windows Server
2012
Module 7: Implementing Failover
Clustering
Module 2: Monitoring and
Maintaining Windows Server 2012
Module 8: Implementing Hyper-V
Module 3: Managing Windows Server
2012 by Using PowerShell 3.0
Module 9: Implementing Failover
Clustering with Hyper-V
- MEAL BREAK - - MEAL BREAK -
Module 4: Managing Storage for
Windows Server 2012
Module 10: Implementing Dynamic
Access Control
Module 5: Implementing Network
Services
Module 11: Implementing Active
Directory Domain Services
Module 6: Implementing Direct Access Module 12: Implementing Active
Directory Federation Services
Problems with Remote Connections
What are the
challenges you face
when implementing
remote connections?
VPN connects remote users to the network
DirectAccess extends the network
to the remotely-connected
computers and users
What Is DirectAccess?
Connects automatically to the corporate network over the public network
Uses various protocols, including HTTPS, to establish IPv6 connectivity
Supports selected server access and IPSec authentication
Supports end-to-end authentication and encryption
Supports management of remote client computers
Allows remote users to connect directly to intranet servers
Features of DirectAccess
Always-on connectivity
Seamless connectivity
Bidirectional access
Manage-out Support
Improved security
Integrated solution
Benefits of DirectAccess
DirectAccess
server
What’s New in DirectAccess in Windows Server 2012
• Improved DirectAccess Management:
– Rich monitoring of client computers
– DirectAccess and RRAS coexistence
– Accounting and reporting
– Windows PowerShell and Server Core support
– Unified management wizard and tools
What’s New in DirectAccess in Windows Server 2012
• Simplified DirectAccess Management:
– Express setup for small and medium deployment
– Works with existing infrastructure
– IPv6 for internal network is not required
– Single NIC adapter
– Single IP address
What’s New in DirectAccess in Windows Server 2012
• Performance and Scalability:
– Support for high availability and external load balancers
– Improved support for Receive Site Scaling (RSS) running
in virtual machines
– IP-HTTPS interoperability and performance
improvements
– Lower bandwidth utilization
– Streamlined encryption
What’s New in DirectAccess in Windows Server 2012
•New Deployment Scenarios:
– Deploy multiple endpoints through the world
– Global unified management through single console
– Deploy a server behind a NAT
– Support for one-time password and virtual smart cards
– Off premise provisioning
DirectAccess Components
Internet websites
DirectAccess server
AD DS domain controller
DNS server
Internal network resources Network location
server
PKI deployment
IPv6/IPsec
External client computers
NRPT/ Connection security rules
Internal client computers
• Table that defines DNS servers for different
namespaces and corresponding security settings – NRPT is used before the adapter’s DNS settings
•Using NRPT – DNS servers can be defined for each DNS namespace
rather than for each interface
– DNS queries for specific namespaces can be optionally
secured by using IPSec
Name Resolution Policy Table (NRPT)
Internet websites
DirectAccess server
AD DS domain controller
DNS server
Internal client computers
Internal network resources
Internet websites
DirectAccess server
Internal client computers
AD DS domain controller
DNS server
CRL dist point
Network location server
How DirectAccess Works for Internal Client Computers
Connection security rules
NRPT
DirectAccess server
AD DS domain controller
DNS server
Connection security rules
NRPT
External client computers
DNS server
Internal network resources
How DirectAccess Works for External Client Computers
DirectAccess server
AD DS domain controller
DNS server
Connection security rules
NRPT
External client computers
DNS server
Internal network resources
Internet websites
DirectAccess server
AD DS domain controller
DNS server
Connection security rules
NRPT
External client computers
DNS server
Internal network resources
DirectAccess server
AD DS domain controller
DNS server
Connection security rules
NRPT
External client computers
DNS server
Internal network resources
Prerequisites for Implementing DirectAccess
Active Directory
Group Policy
IPv6 and transition
technologies
IPv6
ICMPv6 Echo
Request traffic
ICMPv6
IPsec policies
PKI
DirectAccess
server
DNS and domain
controller
Process of Configuring DirectAccess
To configure DirectAccess:
1. Configure the AD DS domain controller and DNS
2. Configure the PKI environment
3. Configure the DirectAccess server
4. Configure the DirectAccess clients and test
intranet and Internet access
DEMO: Configuring AD DS and Network Services for DirectAccess
• In this demonstration, you will see how to configure
AD DS, PKI, and network services for DirectAccess
DEMO: Configuring the DirectAccess Server
• In this demonstration, you will see how to configure a
DirectAccess server
Demonstration: Configuring the DirectAccess Client
• In this demonstration, you will see how to configure a
DirectAccess client
Windows 7 vs. Windows 8 Client Implementation
• Includes an in-box user
interface for
DirectAccess
troubleshooting
• Automatically choose a
site in multisite
deployment
• Can be used in
deployments that does
not require full PKI
implementations
WINDOWS 8 WINDOWS 7
• No tool from the client
site for monitoring
user interface for
DirectAccess
• Needs to be setup
manually for selected
site in multisite
deployment
• Needs certificate
Lab Review
•Why would you use a GPO to configure certificate
deployment?
•How do you install the DirectAccess feature?