Deploy Remote Access in an Enterprise
Updated: January 8, 2014
Applies To: Windows Server 2012 R2, Windows Server 2012
This topic provides an introduction to the DirectAccess scenario for the Enterprise.
For information about alternate deployment paths, see DirectAccess Deployment Paths in Windows Server.
To deploy DirectAccess using this guide, you must use a DirectAccess server that is running Windows Server® 2012 R2 or Windows Server® 2012.
Remote access includes a number of enterprise features, including deploying multiple Remote Access servers in a cluster load balanced with Windows Network Load Balancing (NLB) or an external load balancer, setting up a multisite deployment with Remote Access servers situated in dispersed geographical locations, and deploying DirectAccess with two-factor client authentication using a one-time password (OTP).
Each enterprise scenario is described in a document that includes planning and deployment instructions. For more information, see:
Remote access enterprise scenarios provide the following:
Increased availability—Deploying multiple Remote Access servers in a cluster provides scalability and increases the capacity for throughput and number of users. Load balancing the cluster provides high availability. If a server in the cluster fails, remote users can continue to access the internal corporate network via a different server in the cluster. Failover is transparent as clients connect to the cluster using a virtual IP (VIP) address.
Ease-of-management—A cluster or multisite deployment can be configured and managed as a single entity using the Remote Access Management console running on one of the cluster servers. In addition, a multisite deployment allows administrators to align Remote Access deployment to Active Directory sites, providing a simplified architecture. Shared settings can easily be set across cluster servers or on all multisite entry point servers. Remote Access settings can be managed from any of the servers in the cluster or deployment, or remotely using Remote Server Administration Tools (RSAT). In addition, the entire cluster or multisite deployment can be monitored from a single Remote Access Management console.
Cost efficiency—A Remote Access multisite deployment allows enterprises to deploy Remote Access servers in multiple sites corresponding to client locations. This provides a predictable access experience for remote clients regardless of location, and reduces costs and intranet bandwidth by routing client traffic over the Internet to the closest Remote Access server.
Security—Deploying strong client authentication with a one-time password (OTP) instead of standard Active Directory password increases security.
The following table lists the roles and features used in the enterprise scenario.
How it supports this scenario
Remote Access server role
The role is installed and uninstalled using the Server Manager console. This role encompasses both DirectAccess, which was previously a feature in Windows Server 2008 R2, and Routing and Remote Access Services which was previously a role service under the Network Policy and Access Services (NPAS) server role. The Remote Access role consists of two components:
The Remote Access Server Role is dependent on the following server features:
Remote Access Management Tools feature
This feature is installed as follows:
The Remote Access Management Tools feature consists of the following:
This feature allows the load balancing of multiple Remote Access servers.
The following table provides links to additional resources.
Remote Access on TechNet
Tools and settings