Windows Server 2012 Unified Remote Access电子书

Windows Server 2012 Unified Remote Access Planning and Deployment

Table of Contents

Windows Server 2012 Unified Remote Access Planning and Deployment

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Instant Updates on New Packt Books

Preface

Hello Unified Remote Access!

A child could do it! (well...almost)

Take charge, anywhere

Faster is better

How does it work?

Still apprehensive about IPv6?

Love UAG?

Access to everyone

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Understanding IPv6 and IPv4-IPv6 Interoperability

My network's fine, so if it ain't broken, why fix it?

The IPv6 addressing schemes

IPv6 address assignment

IPv6 and name resolution

A little more about DNS

Multiple stacks

Operating system compatibility

Protocol transition technologies

ISATAP

DNS64 and NAT64

6to4

Teredo

IP-HTTPS

Practical considerations for IPv6 and IPv4

Unified Remote Access and Group Policy

Public Key Infrastructure (PKI)

Summary

2. Planning a Unified Remote Access Deployment

Server requirements and placement

Capacity planning for URA

Low-end server

High-end server

Server requirements – considerations

Basic scenarios

Network Location Server

URA certificates

Basic scenario considerations

PKI

PKI considerations

Group Policy

Client platforms (and unsupported clients)

Additional client considerations

Cloud scenarios

Advanced scenarios

NAP

OTP

Arrays

How arrays work with load balancing

Array challenges

Multi-geographic distribution

Forced tunneling

How much can my server handle?

Summary

3. Preparing a Group Policy and Certificate Infrastructure

Deploying GPO in an organization

Group Policy Management

Group Policy and the registry

Linking, scoping, and filtering policies

Policy replication

Manual updates

New features with Windows Server 2012 and Windows 8 Group Policy

Planning group membership for URA clients and servers

GPO management policies and authorities

Managing GPO on URA servers and clients

Protect your stuff

Basic GPO problems and troubleshooting

Some more insight into GPOs

Diagnosing and fixing Group Policy problems

Client-specific Group Policy issues

Introduction to certificates and PKI

Asymmetric encryption

Digital certificates

Authorities, roots, and the trust chain

Certificate revocation and expiration

Certificate intended purpose

Certificate validation

Certificates used by URA

Public versus private certificates

Enterprise Certificate Authority versus Standalone Certificate Authority

Root Certificate Authorities and Subordinate Certificate Authorities

Summary

4. Installing and Configuring the Unified Remote Access Role

Adding the URA role

Configuring the basic URA scenario

Connecting and testing with a client

Editing the configuration

Remote client options

Full DirectAccess or just remote management

Enable force tunneling

Helpdesk e-mail address

Remote Access Server options

Topology

Public URL or IP that clients use to connect to the server

Certificate selection for the IP-HTTPS interface

Enable and configure use of computer certificate

Enable Network Access Protection (NAP)

Infrastructure Servers options

Selection of a local NLS on the URA server, or point to a separate server

Certificate selection for a local NLS

Configuration of the Name Resolution Policy Table (NRPT)

List of additional domain suffixes for the NRPT

List of management servers that are included in the first IPsec tunnel

Application Servers options

Unified Remote Access tasks on the task pane

Remove configuration settings

Add an application server

Refresh management servers

Reload configuration

Enable site-to-site VPN

Enable multisite

Enable load balancing

Network Location Server

Your own NLS?

Configuring the Name Resolution Policy table

Exceptional exceptions

Enabling load balancing

Considerations for load balancing with Windows NLB

Load balancing with external load balancers

Installing the NLB feature

Managing the NLB cluster

Summary

5. Multisite Deployment

What is multisite deployment and how does it help?

Multisite scenarios

Network infrastructure considerations and planning

Default gateways and routes

Group Policy planning

DNS considerations

Network Location Server concerns

Deploying load balancing

Certificate authentication

IP-HTTPS and NLS certificates

Connectivity verifier considerations

Windows 7 clients and multisite

The multisite configuration wizard

Adding more entry points

Using PowerShell in complex environments

Summary

6. Cross-premise Connectivity

Evolving remote access challenges

Migration to dynamic cloud

The needs of modern data centers

Dynamic cloud access with URA

Adding a cloud location using Site-to-Site

Basic setup of cross-premise connectivity

DirectAccess entry point in the cloud

Authentication

Configuration steps

Enabling the Routing and Remote Access Server service

Configuring the demand-dial interface

Editing the connection

Configuring S2S with PowerShell

Adding the feature

Adding the S2S interface

Summary

7. Unified Remote Access Client Access

Supported clients

Client configuration options

Supported client software and IPv4/IPv6 limitations

Interoperability with Windows 7 clients

Network Connectivity Assistant options

Client manageability considerations

User guidance

Summary

8. Enhanced Configurations for Infrastructure Servers

Tweaking the management servers list

URA and PowerShell

Using PowerShell

Writing PowerShell scripts

URA PowerShell cmdlets

Configuring IPSec policies with advanced options

Fine-tuning SSL and PKI

Configuring forced tunneling

Advanced options with the NCA

Tweaking IPv6 for complex networks

ISATAP and you

Moving ISATAP

Summary

9. Deploying NAP and OTP

NAP basic concepts

How does NAP work (generally)?

NAP and URA

Enabling NAP on URA

Introduction to OTP

How OTP works with URA

Enabling OTP

OTP and Windows 7 clients

Creating the OTP certificate template

Creating the OTP request signing template

Adding the template to the CA

Configuring the URA server as an authentication agent

Enabling OTP on URA

Troubleshooting tips

Summary

10. Monitoring and Troubleshooting Unified Remote Access

Monitoring the URA server (or servers)

Monitoring URA clients

Generating reports

Troubleshooting URA

Common problems, issues, and mistakes

ISATAP

Group Policy

DNS resolution

ISP problems

Certificate problems

NLS

Server troubleshooting

Connectivity problems

Client logs

Manually cleaning up clients

Client troubleshooting

Advanced diagnostics

Windows Firewall tracing

IP Helper Service tracing

Final thoughts on troubleshooting

Summary

Index