Optimizing Your Remote Access Server Design

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In addition to increasing performance by upgrading server hardware, consider increasing availability, security, and performance by incorporating the following elements in your remote access design:

  • Redundant servers for increased availability

  • Network Load Balancing for increased availability and performance

Increasing Availability by Using Redundant Servers

Remote access solutions with redundant servers can provide higher availability for remote access clients. If degradation of service is not a critical issue, you can use your primary remote access servers as backups for each other. If service degradation is not acceptable, provide redundancy by enlisting an extra server to provide failure protection.

If one or more user groups require high-priority access, consider using separate remote access servers for these user groups.

Increasing Performance by Using Network Load Balancing

By using Network Load Balancing, which is available in Windows Server 2003, you can increase VPN server performance and availability. Network Load Balancing distributes traffic from remote access VPN clients among multiple VPN servers.

Network Load Balancing also provides immediate failover if a VPN server fails. If a VPN server fails, client sessions handled by that server also fail. Clients are prompted to log on again, and their new session is handled by one of the remaining hosts.

To provide load balancing for VPN clients, use the default port rule in configuring all hosts, as follows:

  • Set the port range to 0–65535 (the default). The default range covers all of the ports, so the port rule remains valid even if there is a change in the port numbers that you want to cover.

  • Accept the default filtering mode, load weight/equal load distribution, and affinity settings.

For more information about using Network Load Balancing in a VPN scenario, see "Deploying Network Load Balancing" in Planning Server Deployments of this kit.