Remote Access Monitoring and Accounting
Published: August 10, 2012
Updated: August 10, 2012
Applies To: Windows Server 2012
Remote Access monitoring reports remote user activity and status for DirectAccess and VPN connections. It tracks the number and duration of client connections, among other statistics, as well as monitors the operations status of the server. An easy-to-use monitoring console provides a view of your entire Remote Access infrastructure to ensure total control.
This document contains instructions for leveraging the monitoring capabilities of Remote Access using both DirectAccess management console (UI) and the corresponding PowerShell implementation provided as part of the new Remote Access server role.Monitoring views are available for Single Server, Cluster and Multisite configurations.
The following monitoring and accounting scenarios are explained:
Monitor the existing load on the Remote Access server
Monitor the configuration distribution status of the Remote Access server
Monitor the operations status of the Remote Access server and its components
Identify and resolve Remote Access server operations problems
Monitor connected remote clients for activity and status
Generate a usage report for remote clients using historical data
Understanding Monitoring vs. Accounting
Before you begin monitoring and accounting, you need to understand the difference between the two. Remote client monitoring shows actively connected users at a given point in time, whereas accounting keeps history of users connected to the corporate network, along with their usage details (for compliance and auditing purposes).
Remote client monitoring is based on connections. There are two types of tunnel connections established by DirectAccess clients:
Machine tunnel traffic connections - This tunnel is established by the computer, in system context, to access servers that are required for name resolution, authentication, remediation updating, and so on.
User tunnel traffic connections – This tunnel is established by the user account on the computer, in a user context, when the user tries to access a resource on the corporate network. Depending on the deployment requirements, a user might have to provide strong credentials (smart card/OTP) to access corporate network resources.
For DirectAccess, a connection is uniquely identified by the IP address of the remote client. For example, if there is a machine tunnel for a client, and a user is connected from that machine, these would be the same connection. There might be a case where the user disconnects while the machine tunnel is still active. If the user connects again while the machine tunnel is still active, it is still a single connection.