Capacity Planning for CRL Distribution Points

Applies To: Windows 7, Windows Server 2008 R2

Important

This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (https://go.microsoft.com/fwlink/?LinkId=179988).

The certificate revocation list (CRL) distribution points on the Internet for the Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS) certificate and on the intranet for the network location certificate can be located on Web or file servers. You must plan for the capacity of CRL distribution points so that your Internet and intranet-connected DirectAccess clients can perform certificate revocation checking for the IP-HTTPS connection and for network location detection.

For an Internet Information Services (IIS)-based Web server or a Windows-based file server, including the DirectAccess server, see the documentation for the Web Server (IIS) and File Services roles on Windows Server 2008 R2 or Windows Server 2008 for recommendations on scaling capacity.