.png)
Deploy Remote Access in an Enterprise
Updated: September 13, 2012
Applies To: Windows Server 2012
Remote Access in Windows Server 2012 combines DirectAccess and Routing and Remote Access Service (RRAS) VPN into a single role. This overview provides an introduction to the main enterprise deployment scenarios for Remote Access.
Remote access includes a number of enterprise features, including deploying multiple Remote Access servers in a cluster load balanced with Windows Network Load Balancing (NLB) or an external load balancer, setting up a multisite deployment with Remote Access servers situated in dispersed geographical locations, and deploying DirectAccess with two-factor client authentication using a one-time password (OTP).
Each enterprise scenario is described in a document that includes planning and deployment instructions. For more information, see:
Remote access enterprise scenarios provide the following:
-
Increased availability—Deploying multiple Remote Access servers in a cluster provides scalability and increases the capacity for throughput and number of users. Load balancing the cluster provides high availability. If a server in the cluster fails, remote users can continue to access the internal corporate network via a different server in the cluster. Failover is transparent as clients connect to the cluster using a virtual IP (VIP) address.
-
Ease-of-management—A cluster or multisite deployment can be configured and managed as a single entity using the Remote Access Management console running on one of the cluster servers. In addition, a multisite deployment allows administrators to align Remote Access deployment to Active Directory sites, providing a simplified architecture. Shared settings can easily be set across cluster servers or on all multisite entry point servers. Remote Access settings can be managed from any of the servers in the cluster or deployment, or remotely using Remote Server Administration Tools (RSAT). In addition, the entire cluster or multisite deployment can be monitored from a single Remote Access Management console.
-
Cost efficiency—A Remote Access multisite deployment allows enterprises to deploy Remote Access servers in multiple sites corresponding to client locations. This provides a predictable access experience for remote clients regardless of location, and reduces costs and intranet bandwidth by routing client traffic over the Internet to the closest Remote Access server.
-
Security—Deploying strong client authentication with a one-time password (OTP) instead of standard Active Directory password increases security.
The following table lists the roles and features used in the enterprise scenario.
| Role/feature | How it supports this scenario |
|---|---|
|
Remote Access server role |
The role is installed and uninstalled using the Server Manager console. This role encompasses both DirectAccess, which was previously a feature in Windows Server 2008 R2, and Routing and Remote Access Services which was previously a role service under the Network Policy and Access Services (NPAS) server role. The Remote Access role consists of two components:
The Remote Access Server Role is dependent on the following server features:
|
|
Remote Access Management Tools feature |
This feature is installed as follows:
The Remote Access Management Tools feature consists of the following:
Dependencies include:
|
|
Windows NLB |
This feature allows the load balancing of multiple Remote Access servers. |
The following table provides links to additional resources.
| Content type | References |
|---|---|
|
Remote Access on TechNet |
|
|
Product evaluation |
Demonstrate DirectAccess in a cluster with NLB |
|
Deployment |
|
|
Tools and settings |
|
|
Community resources |
|
|
Related technologies |
