Windows Server 2012 Implementing DirectAccess

Introduction and Course Outline
Hello, and welcome to TrainSignal's Windows Server 2012 implementing secure remote access with DirectAccess video training course. I'm going to start this video training series off with some introductions and an overview of what you'll learn in this course and how to get the most out of it. So a little bit about me. My name is Richard Hicks, and I'm going to be your instructor for this course. I'm a Microsoft Most Valuable Professional or MVP in the forefront discipline. I have various Microsoft certifications such as Microsoft Certified Professional, Microsoft Certified Systems Engineer, Microsoft Certified Technology Specialist, and also the Microsoft Certified Information Technology Professional Enterprise Administrator. I've been in the information technology field for quite some time, almost 20 years now, and in that time I've spent a lot of time working as a systems engineer and a network engineer as well. I also spent a considerable amount of time serving as the information security engineer for a Fortune 100 financial services institution here in the United States primarily responsible for secure internet access and secure remote access for the user population for this company. I've had the opportunity to travel around the world and speak at events like the Microsoft TechEd events in North America and in Europe. I've had the opportunity to speak at the National Information Security Conference in Scotland. You can also find some of my online contributions. I write for online properties such as WindowsSecurity. com and ISAserver. org. I've implemented secure remote access solutions using Microsoft DirectAccess for some of the largest companies in the world, and throughout this course I will endeavor to share as much as that knowledge and experience with you as I can.

DirectAccess Overview
Hello, and welcome to TrainSignal's implementing Windows Server 2012 secure remote access with DirectAccess video training course. In this lesson I'll provide a high-level overview and a brief history of DirectAccess. In addition, I will talk about some of the components that make up DirectAccess solutions, and I'll also outline some of the benefits to deploying DirectAccess and also explain why DirectAccess makes such a compelling remote access solution. Finally I'll wrap up with some discussion about IPv6 transition technologies that are essential to enabling DirectAccess communication.

Planning for DirectAccess
Hello, and welcome to TrainSignal's Windows Server 2012 implementing secure remote access with DirectAccess video training course. In this lesson we're going to plan and prepare the DirectAccess implementation for Vintage Surf Novelties. We'll start by reviewing the requirements for a DirectAccess implementation including both software and hardware requirements. In addition, we'll examine the various network deployment models and decide where on the network we're actually going to install the DirectAccess server. We'll also review the infrastructure requirements for supporting DirectAccess in our organization, and we'll wrap up with a demonstration showing how we're going to prepare the server for later installation and configuration of DirectAccess.

Configuring DirectAccess (Simplified Deployment)
Hello, and welcome to TrainSignal's Windows Server 2012 implementing secure remote access with DirectAccess video training course. In this lesson we will be configuring DirectAccess for Vintage Surf Novelties on a Windows Server 2012 system that's located in the main office in Southern California. I'll start by sharing some details about the virtual environment that we're using to provide this demonstration, and then I'll outline in detail the network topology that's in place at Vintage Surf. After that I'm going to describe the steps that are required to install, configure, and test DirectAccess, and then we'll move on to actually demonstrating the process itself on a Windows Server 2012 system.

Configuring DirectAccess (Complex Deployment)
Hello, and welcome to TrainSignal's Windows Server 2012 implementing secure remote access with DirectAccess video training course. In this lesson we'll be configuring DirectAccess for Vintage Surf Novelties on a Windows Server 2012 system located in their main office in Southern California. Now unlike the previous lesson where we configured DirectAccess using the default simplified deployment model in this lesson we're going to be configuring DirectAccess using custom settings, so we're going to do this a little bit differently. Now the Vintage Surf CIO would like us to make the solution more secure than the simplified deployment scenario, so in this lesson we're going to be leveraging our existing internal Public Key Infrastructure or PKI to issue and manage the digital certificates that are used for DirectAccess authentication. In addition, PKI is going to be required to support some additional capabilities such as multi-site and Windows 7 client support that Vintage Surf network engineers are going to be implementing at a later date. We'll also be making use of a dedicated Network Location Server, NLS server, which is going to be required in the future as Vintage Surf implements network load balancing to provide high availability for their DirectAccess gateways. I'm going to start this lesson by reviewing the virtual environment that we're going to be using for this demonstration, and I'll outline the network topology that we're going to be working with here at Vintage Surf as well. After that I'm going to describe the steps required to install, configure, and test DirectAccess in this complex deployment model. And finally, I'll demonstrate the process of deploying DirectAccess on a Windows Server 2012 system using those custom settings to meet our requirements.

Configuring DirectAccess (Multi-Site Deployment)
Hello, and welcome to TrainSignal's Windows Server 2012 Implementing Secure Remote Access with DirectAccess Video Training Course. In this lesson we're going to be configuring DirectAccess for Vintage Surf Novelties to support a multisite deployment model. The initial DirectAccess deployment has been a big success at Vintage Surf. As our remote sales team now relies heavily on this connectivity, the CIO would like us to add some redundancy to the solution to reduce the potential for down time. In this scenario we're going to be building on the DirectAccess configuration we completed in the preceding lesson by configuring an additional DirectAccess entry point at the Vintage Surf branch office location in Florida for our DirectAccess clients to connect to. This is basically going to provide some load balancing and fault tolerance for our DirectAccess clients and eliminate a critical single point of failure in the remote access solution.

Enabling Support for Windows 7 DirectAccess Clients
Hello, and welcome to TrainSignal's Windows Server 2012 Implementing Secure Remote Access with DirectAccess Video Training Course. In this lesson we're going to talk about providing support for Windows 7 DirectAccess clients connecting to our Windows Server 2012 DirectAccess server. It's important to understand that although Windows 7 is supported as a DirectAccess client on Windows Server 2012 DirectAccess server, the support for Windows 7 in this scenario is somewhat limited. For the best experience and to take advantage of all of the features and capabilities of Server 2012 DirectAccess we recommend obviously that you deploy Windows 8 clients in those scenarios. Now for Vintage Surf of course the original implementation plan called for supporting only Windows 8 clients; however, the Vintage Surf CIO is extremely pleased with the DirectAccess role out for Windows 8 and would now like to extend the solution to his existing legacy Windows 7 clients. So in this lesson we're going to show you how to enable support for Windows 7 DirectAccess clients connecting to a server 2012 DirectAccess server. I'm going to outline some of the client and infrastructure requirements and also demonstrate how to configure and enable support for Windows 7 DirectAccess clients.

Enabling High Availability with Network Load Balancing
Hello, and welcome to TrainSignal's Windows Server 2012 Implementing Secure Remote Access with DirectAccess Video Training Course. As DirectAccess is being deployed to more and more Vintage Surf field sales associates, the CIO is looking to ensure the highest availability for the overall remote access solution, so to address any single points of failure at each DirectAccess entry point what we're going to do is enable Network Load Balancing or NLB and create a clustered pair of DirectAccess servers to address this concern. So we'll start this lesson with a brief overview of Network Load Balancing, and then I'll describe at a high level how NLB works. Then we'll move onto a demonstration of how to enable and configure Network Load Balancing with DirectAccess.

DirectAccess Monitoring and Reporting
Hello, and welcome to TrainSignal's Windows Server 2012 Implementing Secure Remote Access with DirectAccess Video Training Course. In this lesson we're going to review the monitoring and reporting facilities that are included with the Windows Server 2012 DirectAccess solution. Monitoring the health of the DirectAccess server is vital to ensuring the availability and proper operation of the remote access solution. In addition, monitoring the status of remote clients is going to be helpful, especially in troubleshooting scenarios. Also, the reporting tools are extremely valuable and can provide security administrators with access to historical data, which can be used for analysis and trending in support of capacity planning efforts, and they can also provide valuable forensic evidence in the event of a security incident.

DirectAccess Troubleshooting
Hello, and welcome to TrainSignal's Windows Server 2012 Implementing Secure Remote Access with DirectAccess Video Training Course. As you've seen so far in this course DirectAccess is an amazing remote access solution. It's not trivial to install and configure though, especially when we're using complex deployment models that require PKI or remote network location servers, perhaps multi-site configuration, and certainly enabling support for Windows 7 clients makes things even more complex. There's a lot of moving parts, and there may be some times when DirectAccess isn't working correctly or certainly as expected, so in this lesson we're going to cover some of the basic troubleshooting techniques we use to determine why perhaps a DirectAccess client is unable to establish remote network connectivity.

Enabling Legacy Remote Access VPN
Hello, and welcome to TrainSignal's Windows Server 2012 Implementing Secure Remote Access with DirectAccess Video Training Course. Today Vintage Surf uses a VPN device from another vendor to provide remote access VPN for their mobile workforce. Vintage Surf's CIO would like to consolidate the remote access technologies into a single solution in order to reduce cost and ease the administrative burden caused by having to manage multiple different systems. The CIO is also looking for a solution to remotely provision and deploy new Windows 8 systems without first having to configure those systems back at the main office. So to support these initiatives in this lesson we're going to enable and configure legacy remote access VPN on the DirectAccess server. In addition, we'll use a feature of Windows Server 2012 called offline domain join to provision a new Windows 8 client remotely.