Export (0) Print
Expand All

Checklist: Preparing Your DirectAccess Server

Published: October 7, 2009

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

ImportantImportant
This topic describes deployment of DirectAccess in Windows Server 2008 R2. For deployment of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Deployment Guide (http://go.microsoft.com/fwlink/?LinkId=179989).

This checklist includes cross-reference links to important concepts about preparing the computer that will be the DirectAccess server prior to installing the DirectAccess feature and running the DirectAccess Setup Wizard. It also contains links to procedures that will help you complete the tasks that are required to implement this design.

noteNote
Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic, a procedure, or to another checklist, return to this topic so that you can proceed with the remaining tasks in this checklist.

Checklist Checklist: Preparing Your DirectAccess Server

 

  Task Reference
Checkbox

Install two network adapters (interfaces) on your DirectAccess server. Connect the internal network interface to your internal network.

See your hardware documentation.

Checkbox

From the Network Connections folder, configure your network connections (interfaces) with meaningful names indicating the network to which they are attached, such as “Internet” and “Internal network.”

 
Checkbox

Configure your internal network interface with a static Internet Protocol version 4 (IPv4) address configuration.

Conceptual topic Design Addressing and Routing for the DirectAccess Server

Checklist topic IPv4 General tab (http://go.microsoft.com/fwlink/?LinkId=145843)

Checkbox

Join the DirectAccess server computer to the appropriate Active Directory Domain Services (AD DS) domain.

Checklist topic Active Directory Domain Services Home page on Microsoft Technet (http://go.microsoft.com/fwlink/?Linkid=127814)

Checkbox

Connect the Internet interface to the Internet.

 
Checkbox

On the Internet interface, configure at least two consecutive, static, public IPv4 addresses that are resolvable and reachable on the Internet. Addresses within the address ranges 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 are not public IPv4 addresses.

Conceptual topic Design Addressing and Routing for the DirectAccess Server

Checklist topic IPv4 General tab (http://go.microsoft.com/fwlink/?LinkId=145843)

Checkbox

Configure your Internet and intranet interfaces with different connection-specific Domain Name System (DNS) suffixes. Configure your intranet interface with the DNS suffix for your organization.

Conceptual topic Design Addressing and Routing for the DirectAccess Server

Checklist topic IPv4 and IPv6 Advanced DNS tab (http://go.microsoft.com/fwlink/?LinkId=145844)

Checkbox

Configure static routes for your intranet on the DirectAccess server.

Conceptual topic Design Addressing and Routing for the DirectAccess Server

Checkbox

If a domain controller is reachable from the Internet interface, configure packet filters to prevent access.

Checklist topic Configure Packet Filters to Block Access to Domain Controllers

Checkbox

Verify that the DirectAccess server has a computer certificate installed with the computer authentication Enhanced Key Usage (EKU).

Checklist topic View Certificates (http://go.microsoft.com/fwlink/?LinkId=145845)

Checkbox

Install a Secure Sockets Layer (SSL) certificate for Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS) authentication.

Checklist topic Install an IP-HTTPS Certificate

Checkbox

If the DirectAccess server is acting as the network location server, install the IIS (Web server) role.

Checklist topic Configure the DirectAccess Server as the Network Location Server

Checkbox

If the DirectAccess server is acting as the network location server, install an additional SSL certificate.

Checklist topic Install a Network Location Server Certificate on the DirectAccess Server

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft