(0) exportieren Drucken
Alle erweitern

Deploy Remote Access in an Enterprise

Letzte Aktualisierung: September 2012

Betrifft: Windows Server 2012

Remote Access in Windows Server 2012 combines DirectAccess and Routing and Remote Access Service (RRAS) VPN into a single role. This overview provides an introduction to the main enterprise deployment scenarios for Remote Access.

Remote access includes a number of enterprise features, including deploying multiple Remote Access servers in a cluster load balanced with Windows Network Load Balancing (NLB) or an external load balancer, setting up a multisite deployment with Remote Access servers situated in dispersed geographical locations, and deploying DirectAccess with two-factor client authentication using a one-time password (OTP).

Remote access enterprise scenarios provide the following:

  • Increased availability—Deploying multiple Remote Access servers in a cluster provides scalability and increases the capacity for throughput and number of users. Load balancing the cluster provides high availability. If a server in the cluster fails, remote users can continue to access the internal corporate network via a different server in the cluster. Failover is transparent as clients connect to the cluster using a virtual IP (VIP) address.

  • Ease-of-management—A cluster or multisite deployment can be configured and managed as a single entity using the Remote Access Management console running on one of the cluster servers. In addition, a multisite deployment allows administrators to align Remote Access deployment to Active Directory sites, providing a simplified architecture. Shared settings can easily be set across cluster servers or on all multisite entry point servers. Remote Access settings can be managed from any of the servers in the cluster or deployment, or remotely using Remote Server Administration Tools (RSAT). In addition, the entire cluster or multisite deployment can be monitored from a single Remote Access Management console.

  • Cost efficiency—A Remote Access multisite deployment allows enterprises to deploy Remote Access servers in multiple sites corresponding to client locations. This provides a predictable access experience for remote clients regardless of location, and reduces costs and intranet bandwidth by routing client traffic over the Internet to the closest Remote Access server.

  • Security—Deploying strong client authentication with a one-time password (OTP) instead of standard Active Directory password increases security.

The following table lists the roles and features used in the enterprise scenario.

 

Role/feature How it supports this scenario

Remote Access server role

The role is installed and uninstalled using the Server Manager console. This role encompasses both DirectAccess, which was previously a feature in Windows Server 2008 R2, and Routing and Remote Access Services which was previously a role service under the Network Policy and Access Services (NPAS) server role. The Remote Access role consists of two components:

  1. DirectAccess and Routing and Remote Access Services (RRAS) VPN—DirectAccess and VPN are managed together in the Remote Access Management console.

  2. RRAS Routing—RRAS routing features are managed in the legacy Routing and Remote Access console.

The Remote Access Server Role is dependent on the following server features:

  • Internet Information Services (IIS) – This feature is required to configure the network location server and default web probe.

  • Group Policy Management Console feature – feature is required by DirectAccess to create and manage the Group Policy Objects (GPOs) in Active Directory and must be installed as a required feature for the server role.

Remote Access Management Tools feature

This feature is installed as follows:

  • It is installed by default on a Remote Access server when the Remote Access role is installed, and supports the Remote Management console user interface.

  • It can be optionally installed on a server not running the Remote Access server role. In this case it is used for remote management of a Remote Access computer running DirectAccess and VPN.

The Remote Access Management Tools feature consists of the following:

  1. Remote Access GUI and Command Line Tools

  2. Remote Access module for Windows PowerShell

Dependencies include:

  1. Group Policy Management Console

  2. RAS Connection Manager Administration Kit (CMAK)

  3. Windows PowerShell 3.0

  4. Graphical Management Tools and Infrastructure

Windows NLB

This feature allows the load balancing of multiple Remote Access servers.

The following table provides links to additional resources.

 

Content type References

Remote Access on TechNet

Remote Access TechCenter

Product evaluation

Demonstrate DirectAccess in a cluster with NLB

Demonstrate a DirectAccess multisite deployment

Demonstrate a DirectAccess multisite deployment

Deployment

Remote Access

Troubleshooting

Troubleshooting Remote Access documentation, when available.

Tools and settings

Remote Access PowerShell cmdlets

Community resources

RRAS Product Team blog | Remote Access TechNet Forum

DirectAccess Wiki entries

Related technologies

How IPv6 works

Fanden Sie dies hilfreich?
(1500 verbleibende Zeichen)
Vielen Dank für Ihr Feedback.

Community-Beiträge

Anzeigen:
© 2014 Microsoft