Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DirectAccess Load Balancing Tips and Tricks

3,326 views

Published on

DirectAccess servers can be configured in load-balanced clusters for redundancy and scalability. Single points of failure can be eliminated and additional capacity can be added to accommodate more DirectAccess clients

Published in: Internet
  • Be the first to comment

  • Be the first to like this

DirectAccess Load Balancing Tips and Tricks

  1. 1. DirectAccess Load Balancing Tips, Tricks, and Best Practices FOR THE KEMP LOADMASTER LOAD BALANCER
  2. 2. RICHARD HICKS Richard M. Hicks Consulting MICROSOFT MVP - Cloud and Datacenter - Enterprise Security 20 YEAR INDUSTRY VETERAN EDGE SECURITY AND REMOTE ACCESS
  3. 3. directaccessbook.com
  4. 4. directaccess.richardhicks.com
  5. 5. AGENDA
  6. 6. Use Cases Requirements Enable Load Balancing Create DirectAccess Cluster Configure KEMP LoadMaster ONE TWO THREE FOUR FIVE
  7. 7. WHY DO
 LOAD BALANCING?
  8. 8. Why Load Balancing for DirectAccess? Eliminate Single Points of Failure Increase Capacity Improve Performance
  9. 9. Network Load Balancing (NLB) Broadcast Based
 | Layer 2 heartbeats
 | All nodes generate/receive
 | Every second! Limited Scalability
 | Support for 8 nodes maximum
 | Effective upper limit is 4 nodes Lack of Control
 | Round-robin distribution only Issues in Virtual Environments
  10. 10. KEMP LoadMaster POSITIVE SCALABILITY Support for up to 32 node clusters NETWORK LAYER- BASED Layer 3-7 GRANULAR CONTROL Least connection Weighted distribution
  11. 11. REQUIREMENTS
  12. 12. Computer Certificate Authentication ONE Dedicated Network Location Server (NLS) TWO Remove Client-Based VPN THREE REQUIREMENTS
  13. 13. NETWORK CONFIGURATION
  14. 14. 172.16.1.241 192.168.1.241 172.16.1.242 192.168.1.242 EDGE1 EDGE2 192.168.1.240 203.0.113.240 ACL: Inbound TCP 443 DNAT: 192.168.1.240 Public IP VIP Internet DMZ LAN 192.168.1.254 Gateway DirectAccess Client 198.51.100.22 NETWORK CONFIGURATION
  15. 15. ENABLE LOAD BALANCING
  16. 16. BEFORE ELB CONFIGURATION 172.16.1.240 172.16.1.242 192.168.1.240 192.168.1.242 EDGE1 EDGE2
  17. 17. AFTER ELB CONFIGURATION 172.16.1.241 172.16.1.242 192.168.1.241 192.168.1.242 EDGE1 EDGE2 192.168.1.240 NEW DIP 172.16.1.240 VIP NEW DIP VIP
  18. 18. LOAD BALANCING
 AND MANAGING OUT
  19. 19. ISATAP
 Intrasite Automatic Tunnel Addressing Protocol ENABLES “MANAGE OUT” NOT SUPPORTED | LOAD BALANCING | MULTISITE REQUIRES NATIVE IPV6* * CAN BE USED WITH IPV4 IF EXTERNAL ISATAP ROUTING INFRASTRUCTURE IS DEPLOYED.
  20. 20. Adding Servers 1. OS Installed 2. Domain Joined 3. Networking Configured 4. Certificates Installed 5. DirectAccess- VPN Role Installed …but not installed
  21. 21. LOADMASTER CONFIGURATION
  22. 22. IP-HTTPS
 PERFORMANCE
  23. 23. IP-HTTPS Performance WINDOWS 8.X/10 Supports null encryption Performance equal to other IPv6 transition technologies WINDOWS 7 Encrypted ciphers only Small performance hit on client May require additional DirectAccess
 servers to meet capacity requirements
  24. 24. ABOUT
 KEMP TECHNOLOGIES
  25. 25. HOW KEMP FITS AS PART
 OF MICROSOFT PLATFORM GEO Enabled LoadMaster Remote Desktop Services SharePoint Servers Exchange Servers SharePoint ADFS Proxy ADFS Farm RDS IIS ADFS Servers Dynamics Servers DatamigrationtoOffice365 Skype for Business DirectAccess
  26. 26. ADDITIONAL RESOURCES KEMP Resource Library http://kemptechnologies.com/resource- library/ DirectAccess Deployment Guide https://support.kemptechnologies.com/ hc/en-us/articles/203343999 
 ADFS Deployment Guide https://support.kemptechnologies.com/ hc/en-us/articles/204250925-AD-FS-v3 Remote Desktop Deployment Guide https://support.kemptechnologies.com/ hc/en-us/articles/203858115-Remote- Desktop-Services Free KEMP LoadMaster http://freeloadbalancer.com/
  27. 27. KEMPTECHNOLOGIES.COM DIRECTACCESS.RICHARDHICKS.COM THANK YOU

×