Information Technology Reference
In-Depth Information
This objective covers how to:
■
Implement client configuration
■
Implement server requirements
■
Configure DNS for DirectAccess
■
Configure certificates for DirectAccess
There are two different scenarios for DirectAccess: remote management only or remote
management plus remote access. In either scenario, the DirectAccess server can be directly
connected to the Internet as the edge device or connected behind an edge device. When
connected directly to the Internet, the DirectAccess server needs at least two network
adapters. When connected behind an edge device, the DirectAccess server can have a single
network adapter if the edge device is doing NAT.
Follow the steps in the section titled “Installing the Remote Access role” in Objective 3.3
to install the Remote Access role on the DirectAccess server. The Getting Started Wizard or
the Remote Access Setup Wizard from the Remote Access Management console can be used
to initially configure the Remote Access role (refer to Figure 3-31). Each enables you to install
both DirectAccess and VPN on the same server. The Getting Started Wizard is a very useful
tool for configuring DirectAccess with only a very few mouse clicks, but that process is not
terribly interesting from an exam viewpoint. It also hides a lot of the decisions by making de-
fault choices. For this objective, focus on using the Remote Access Setup Wizard and installing
the DirectAccess role only.
When you install DirectAccess, there are four stages of the installation:
■
Configure DirectAccess Client
DirectAccess clients can be configured for both re-
mote access and remote management, or remote management only. You also need to
configure which security groups to enable for DirectAccess. Only client computers that
are explicitly allowed can connect via DirectAccess. You can also enable DirectAccess
for mobile computers only. This is the default for the Getting Started Wizard.
■
Configure DirectAccess Server
The DirectAccess server configuration varies,
depending on the physical topology of the network. You configure where the server is
located on your network and what network configuration to use.
■
Configure Infrastructure Servers
The DirectAccess Infrastructure Server Setup
Wizard is used to configure settings for the network location server, the DNS server,
and management servers used by DirectAccess clients.
■
Configure Internal Application Servers
The DirectAccess Application Server Setup
page enables you to configure IPsec authentication for end-to-end authentication and
encryption to specified servers, if desired. Traffic between the DirectAccess client and
the DirectAccess server is always authenticated and encrypted with IPsec.
