Windows Server 2012 R2 RRAS Multitenant Gateway Deployment Guide
Updated: April 2, 2014
This guide is also available for download in Microsoft Word format from the TechNet Gallery, at http://gallery.technet.microsoft.com/Windows-Server-2012-R2-37eb8e17.
This guide contains the following sections.
In Windows Server® 2012 R2, the Remote Access server role includes the Routing and Remote Access Service (RRAS) role service.
This guide demonstrates how to use Windows PowerShell to deploy RRAS as a virtual machine (VM)-based software gateway and router that allows Cloud Service Providers (CSPs) and Enterprises to enable datacenter and cloud network traffic routing between virtual and physical networks, including the Internet. You can deploy VM networks by using either Hyper-V Network Virtualization or Virtual Local Area Networks (VLANs).
RRAS is integrated with Hyper-V Network Virtualization, and is able to route network traffic effectively in circumstances where there are many different customers – or tenants – who have isolated virtual networks in the same datacenter.
Multi-tenancy is the ability of a cloud infrastructure to support the virtual machine workloads of multiple tenants, but isolate them from each other, while all of the workloads run on the same infrastructure. The multiple workloads of an individual tenant can interconnect and be managed remotely, but these systems do not interconnect with the workloads of other tenants, nor can other tenants remotely manage them.
If you are using System Center 2012 R2 and Virtual Machine Manager, you can deploy Hyper-V Network Virtualization with Windows Server Gateway rather than deploying RRAS as a Multitenant Gateway using Windows PowerShell. If you are not using System Center, this guide provides instructions on how to deploy an RRAS Multitenant Gateway using only Windows PowerShell. For more information, see Windows Server Gateway.
Information Technology professionals that might be interested in this guide:
Network administrators and architects who work for Cloud Service Providers
Network administrators and architects who work for large organizations with Enterprise networks
Other network and systems administrators who want to learn how to deploy virtual networking technologies by using Windows PowerShell
This deployment guide allows you to deploy the RRAS Multitenant Gateway (MTGW) by using Windows PowerShell. Using the RRAS MTGW, you can:
Provide your tenants with dial-in VPN access to their resources in your datacenter
Use the RRAS Multitenant Gateway as an endpoint for multiple tenant site-to-site VPN connections to their remote sites
Route traffic between Network Virtualization-based VM Networks and the Internet
Route traffic between VLAN-based VM Networks and the Internet
In addition, you can configure the gateway with Network Address Translation (NAT) services so that your tenant VMs can access Internet resources.
Following are the requirements for deploying the RRAS MTGW by using this guide.
You must have a minimum of two computers that are running Windows Server 2012 R2, one to use as the Hyper-V Network Virtualization host, and one to use as the Hyper-V host that runs the RRAS Multitenant Gateway VM.
The Hyper-V host used for Network Virtualization or VM VLAN deployment must be running Windows Server 2012 R2 with a minimum of 16 GB RAM and at least one network adapter.
The Hyper-V host used for the RRAS Multitenant Gateway must be running Windows Server 2012 R2 with a minimum of 8 GB RAM and at least two network adapters.
For production environment deployments, requirements for the computer running Hyper-V with one or more VMs configured as a RRAS MTGW are the same as for Windows Server Gateway. For more information, see Windows Server Gateway Hardware and Configuration Requirements.
The following illustration depicts the RRAS Multitenant Gateway and a Hyper-V Network Virtualization server and VMs that you can deploy by using this guide.
For more information see either of the following sections:
Site-to-site VPN connections
You can configure the RRAS Multitenant Gateway with site-to-site VPN connections to your tenants’ Enterprise network sites:
For more information, see Configure the RRAS Multitenant Gateway for Site-to-Site VPN Connections.
Point-to-site VPN access
You can provide your tenants’ Administrators with point-to-site VPN access from anywhere on any device:
Network Address Translation (NAT) for VM Internet access
You can configure Network Address Translation (NAT) to allow Internet access to tenant VMs for commerce-based and other applications running on the VMs:
For more information, see Configure the RRAS Multitenant Gateway to Perform Network Address Translation for Tenant Computers.
Border Gateway Protocol (BGP) Routing
You can configure the RRAS Multitenant Gateway as a BGP router.
For more information, see Configure the RRAS Multitenant Gateway for Dynamic Routing with BGP.