You are previewing Windows Server 2012 Unified Remote Access Planning and Deployment.
O'Reilly logo
Windows Server 2012 Unified Remote Access Planning and Deployment

Book Description


Discover how to seamlessly plan and deploy remote access with Windows Server 2012's successor to DirectAccess

  • The essential administrator’s companion for the successor to DirectAccess

  • Get to grips with configuring, enabling and deploying Unified Remote Access

  • A quick start guide to have you up and running with Windows Server 2012 URA in no time

  • In Detail

    DirectAccess, introduced in Windows Server 2008 R2, has been a ground breaking VPN-like connectivity solution, adopted by thousands of organizations worldwide. Allowing organizations to deploy without manually configuring every client and providing always-on connectivity has made this technology world-famous. Now, with Windows Server 2012, this has been made even easier to deploy, with a new friendly user interface, easy-start wizard and built in support tools.

    With Unified Remote Access, Windows server 2012 offers a unique way to provide remote access that is seamless and easier to deploy than traditional VPN solutions.

    With URA, the successor to DirectAccess, your users can have full network connectivity that is always-on. If you have deployed Windows Server 2012 or are planning to, this book will help you implement Unified Remote Access from concept to completion in no time!

    Unified Remote Access, the successor to DirectAccess, offers a new approach to remote access, as well as several deployment scenarios to best suit your organization and needs. This book will take you through the design, planning, implementation and support for URA, from start to finish.

    "Windows Server 2012 Unified Remote Access Planning and Deployment" starts by exploring the mechanisms and infrastructure that are the backbone of URA, and then explores the various available scenarios and options. As you go through them, you will easily understand the ideal deployment for your own organization, and be ready to deploy quickly and easily. Whether you are looking into the simplest deployment, or a complex, multi-site or cloud scenario, "Windows Server 2012 Unified Remote Access Planning and Deployment" will provide all the answers and tools you will need to complete a successful deployment.


    Table of Contents

    1. Windows Server 2012 Unified Remote Access Planning and Deployment
      1. Table of Contents
      2. Windows Server 2012 Unified Remote Access Planning and Deployment
      3. Credits
      4. About the Authors
      5. About the Reviewers
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
          3. Instant Updates on New Packt Books
      7. Preface
        1. Hello Unified Remote Access!
        2. A child could do it! (well...almost)
        3. Take charge, anywhere
        4. Faster is better
        5. How does it work?
        6. Still apprehensive about IPv6?
        7. Love UAG?
        8. Access to everyone
        9. What this book covers
        10. What you need for this book
        11. Who this book is for
        12. Conventions
        13. Reader feedback
        14. Customer support
        15. Downloading the example code
          1. Errata
          2. Piracy
          3. Questions
      8. 1. Understanding IPv6 and IPv4-IPv6 Interoperability
        1. My network's fine, so if it ain't broken, why fix it?
        2. The IPv6 addressing schemes
        3. IPv6 address assignment
        4. IPv6 and name resolution
        5. A little more about DNS
        6. Multiple stacks
        7. Operating system compatibility
        8. Protocol transition technologies
          1. ISATAP
          2. DNS64 and NAT64
          3. 6to4
          4. Teredo
          5. IP-HTTPS
        9. Practical considerations for IPv6 and IPv4
        10. Unified Remote Access and Group Policy
        11. Public Key Infrastructure (PKI)
        12. Summary
      9. 2. Planning a Unified Remote Access Deployment
        1. Server requirements and placement
          1. Capacity planning for URA
            1. Low-end server
            2. High-end server
          2. Server requirements – considerations
        2. Basic scenarios
          1. Network Location Server
          2. URA certificates
          3. Basic scenario considerations
        3. PKI
          1. PKI considerations
        4. Group Policy
        5. Client platforms (and unsupported clients)
          1. Additional client considerations
        6. Cloud scenarios
        7. Advanced scenarios
          1. NAP
          2. OTP
          3. Arrays
            1. How arrays work with load balancing
            2. Array challenges
          4. Multi-geographic distribution
          5. Forced tunneling
        8. How much can my server handle?
        9. Summary
      10. 3. Preparing a Group Policy and Certificate Infrastructure
        1. Deploying GPO in an organization
          1. Group Policy Management
          2. Group Policy and the registry
          3. Linking, scoping, and filtering policies
          4. Policy replication
          5. Manual updates
        2. New features with Windows Server 2012 and Windows 8 Group Policy
        3. Planning group membership for URA clients and servers
        4. GPO management policies and authorities
        5. Managing GPO on URA servers and clients
          1. Protect your stuff
        6. Basic GPO problems and troubleshooting
          1. Some more insight into GPOs
          2. Diagnosing and fixing Group Policy problems
          3. Client-specific Group Policy issues
        7. Introduction to certificates and PKI
          1. Asymmetric encryption
          2. Digital certificates
          3. Authorities, roots, and the trust chain
          4. Certificate revocation and expiration
          5. Certificate intended purpose
          6. Certificate validation
        8. Certificates used by URA
        9. Public versus private certificates
        10. Enterprise Certificate Authority versus Standalone Certificate Authority
        11. Root Certificate Authorities and Subordinate Certificate Authorities
        12. Summary
      11. 4. Installing and Configuring the Unified Remote Access Role
        1. Adding the URA role
        2. Configuring the basic URA scenario
          1. Connecting and testing with a client
        3. Editing the configuration
          1. Remote client options
            1. Full DirectAccess or just remote management
            2. Enable force tunneling
            3. Helpdesk e-mail address
          2. Remote Access Server options
            1. Topology
            2. Public URL or IP that clients use to connect to the server
            3. Certificate selection for the IP-HTTPS interface
            4. Enable and configure use of computer certificate
            5. Enable Network Access Protection (NAP)
          3. Infrastructure Servers options
            1. Selection of a local NLS on the URA server, or point to a separate server
            2. Certificate selection for a local NLS
            3. Configuration of the Name Resolution Policy Table (NRPT)
            4. List of additional domain suffixes for the NRPT
            5. List of management servers that are included in the first IPsec tunnel
          4. Application Servers options
          5. Unified Remote Access tasks on the task pane
            1. Remove configuration settings
            2. Add an application server
            3. Refresh management servers
            4. Reload configuration
            5. Enable site-to-site VPN
            6. Enable multisite
            7. Enable load balancing
        4. Network Location Server
          1. Your own NLS?
        5. Configuring the Name Resolution Policy table
          1. Exceptional exceptions
        6. Enabling load balancing
          1. Considerations for load balancing with Windows NLB
          2. Load balancing with external load balancers
          3. Installing the NLB feature
          4. Managing the NLB cluster
        7. Summary
      12. 5. Multisite Deployment
        1. What is multisite deployment and how does it help?
        2. Multisite scenarios
        3. Network infrastructure considerations and planning
          1. Default gateways and routes
        4. Group Policy planning
        5. DNS considerations
        6. Network Location Server concerns
        7. Deploying load balancing
        8. Certificate authentication
        9. IP-HTTPS and NLS certificates
        10. Connectivity verifier considerations
        11. Windows 7 clients and multisite
        12. The multisite configuration wizard
        13. Adding more entry points
          1. Using PowerShell in complex environments
        14. Summary
      13. 6. Cross-premise Connectivity
        1. Evolving remote access challenges
        2. Migration to dynamic cloud
        3. The needs of modern data centers
        4. Dynamic cloud access with URA
        5. Adding a cloud location using Site-to-Site
        6. Basic setup of cross-premise connectivity
          1. DirectAccess entry point in the cloud
          2. Authentication
        7. Configuration steps
          1. Enabling the Routing and Remote Access Server service
          2. Configuring the demand-dial interface
          3. Editing the connection
          4. Configuring S2S with PowerShell
            1. Adding the feature
            2. Adding the S2S interface
        8. Summary
      14. 7. Unified Remote Access Client Access
        1. Supported clients
        2. Client configuration options
        3. Supported client software and IPv4/IPv6 limitations
        4. Interoperability with Windows 7 clients
        5. Network Connectivity Assistant options
        6. Client manageability considerations
        7. User guidance
        8. Summary
      15. 8. Enhanced Configurations for Infrastructure Servers
        1. Tweaking the management servers list
        2. URA and PowerShell
          1. Using PowerShell
          2. Writing PowerShell scripts
          3. URA PowerShell cmdlets
        3. Configuring IPSec policies with advanced options
        4. Fine-tuning SSL and PKI
        5. Configuring forced tunneling
        6. Advanced options with the NCA
        7. Tweaking IPv6 for complex networks
          1. ISATAP and you
          2. Moving ISATAP
        8. Summary
      16. 9. Deploying NAP and OTP
        1. NAP basic concepts
          1. How does NAP work (generally)?
        2. NAP and URA
        3. Enabling NAP on URA
        4. Introduction to OTP
        5. How OTP works with URA
        6. Enabling OTP
          1. OTP and Windows 7 clients
          2. Creating the OTP certificate template
          3. Creating the OTP request signing template
          4. Adding the template to the CA
          5. Configuring the URA server as an authentication agent
          6. Enabling OTP on URA
          7. Troubleshooting tips
        7. Summary
      17. 10. Monitoring and Troubleshooting Unified Remote Access
        1. Monitoring the URA server (or servers)
        2. Monitoring URA clients
        3. Generating reports
        4. Troubleshooting URA
        5. Common problems, issues, and mistakes
          1. ISATAP
          2. Group Policy
          3. DNS resolution
          4. ISP problems
          5. Certificate problems
          6. NLS
        6. Server troubleshooting
        7. Connectivity problems
          1. Client logs
          2. Manually cleaning up clients
        8. Client troubleshooting
        9. Advanced diagnostics
          1. Windows Firewall tracing
          2. IP Helper Service tracing
          3. Final thoughts on troubleshooting
        10. Summary
      18. Index