DirectAccess is a remote access technology included with the Unified Remote Access role in Windows Server 2012 R2. DirectAccess is a unique solution designed to provide secure, seamless, transparent and always-on remote corporate network access for Windows 7 Enterprise/Ultimate or Windows 8.x Enterprise and later domain-joined clients. DirectAccess is based on common Windows platform technologies such as Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), IPsec, and IPv6. IPv6 transition and translation protocols ensure interoperability with networks and services that are IPv4 only.

Document Purpose

This document provides guidance for configuring LoadMaster products and DirectAccess to eliminate single points of failure and to provide fault tolerance and high availability for a Windows Server 2012 R2 DirectAccess deployment. This document refers to a representative DirectAccess deployment which is described in detail later. This document does not address all possible deployment scenarios for a DirectAccess solution. For questions regarding unique configurations, contact the Progress Kemp Support team: http://kemptechnologies.com/load-balancing-support/Kemp-support/.

Intended Audience

This document is designed for the Windows network engineer tasked with eliminating single points of failure and providing fault tolerance and high availability for an existing DirectAccess deployment. The engineer should have a strong understanding of Windows infrastructure (AD architecture and administration, DNS, and Public Key Infrastructure (PKI)) and should already be familiar with the basics of DirectAccess. They should have a detailed working knowledge of IPv4 networking. Knowledge and experience with IPv6 networking is not required, but strongly recommended.

Assumptions

This document assumes that DirectAccess has been configured and deployed in a single server, single site configuration and is currently in working order. It also assumes that the DirectAccess servers will have two network adapters, with the internal network interface on the LAN and the external network interface in a perimeter (DMZ) network with the LoadMaster connected directly to the public Internet. In addition, the features and configuration in this document require the use of PKI for the issuance and management of digital certificates required for DirectAccess functionality.