Friday, 10 August 2012

Windows Server 2012 Remote Access: The New Microsoft Edge Server

 image

Windows Server 2012 combines the DirectAccess feature and the RRAS role service into a new unified server role. This new Remote Access server role allows for centralized administration, configuration, and monitoring of both DirectAccess and VPN-based remote access services. Additionally, Windows Server 2012 DirectAccess provides multiple updates and improvements to address deployment blockers and provide simplified management. So, we can welcome a new Microsoft Edge server to the party, alongside the likes of Forefront TMG and Forefront UAG. Given the name of my blog, this continues the ‘Edge’ theme nicely!

It appears the term Unified Remote Access (URA) has also been defined to describe this new offering. Microsoft obviously appear to like three letter acronyms beginning with ‘U’ Smile 

More information on the changes can be found in the pre-release documentation available here. Given the recent announcement of the RTM status for Windows Server 2012, I would expect TechNet to be updated shortly with updated documentation to replace the pre-release version currently available. I’ve got a suspicion it will have also been written by a few friends I have made along the Forefront journey over the last few years…

With the advent of this new role, I plan to spend some time talking about the new features, changes and benefits it will bring for both DirectAccess and more traditional VPN services. Given my background with Forefront UAG DirectAccess and previous blog posts, this will be an area of particular focus. For example, I have already provided a blog post comparing the new DirectAccess feature-set to existing versions of the DirectAccess technology timeline, which can be found here.

I think Windows Server 2012 will be a great release, especially when looking for a feature-rich Remote Access solution…

Windows Server 2012 DirectAccess: Microsoft DirectAccess Comparison Table

image

With the impending release of Windows Server 2012 we will have our third iteration of the Microsoft DirectAccess solution. Life began with the DirectAccess feature coming to Windows in the first release of Windows Server 2008 R2 a few years ago now; it was then supercharged using Forefront UAG to offer a truly more achievable solution which was much easier to implement for many organisations given the improvements offered by the Forefront UAG platform. Now with the release of Windows Server 2012, we have the third generation of the solution which is fully featured and delivered as part of the native operating system. Given the impending third generation release, I thought it might be useful to prepare a DirectAccess comparison table to compare the different technology versions available, as shown below:

DA Solution

Windows Server 2008 R2 DA

Forefront UAG 2010 SP1 DA

Windows Server 2012 DA

Feature

Simplified DirectAccess management for small and medium organisations

No

No

Yes

Automated DirectAccess server configuration

No

Yes

Yes

Mandatory PKI deployment as a DirectAccess prerequisite

Yes

Yes

No1

Built-in NAT64 and DNS64 support for accessing IPv4-only resources

No

Yes

Yes

Support for a DirectAccess server with a single network card

No

No

Yes

Support for a DirectAccess server behind a NAT device

No

No

Yes

Requires at least one Windows Server 2008/R2 Domain Controller

Yes

No

No

Requires at least one Windows Server 2008/R2 DNS Server

Yes

No

No

Load balancing support

No

Yes

Yes

Server fault tolerance

Limited2

Yes

Yes

Support for multiple AD domains

No

Yes

Yes

NAP integration

Yes

Yes

Yes

Support for OTP (token based authentication)

No3

Yes

Yes

IP-HTTPS interoperability and performance improvements

No4

No4

Yes

Manage-out only support

No

Yes

Yes

Multi-site support

Limited5

Limited6

Yes7

Support for Server Core

No

No

Yes

Support for Windows 7 clients

Yes

Yes

Yes

Support for Windows 8 clients

Unknown

Limited8

Yes

Windows PowerShell support

No

Limited9

Yes

User and server health monitoring

No

Yes

Yes

Diagnostics

No

No

Yes

Accounting and reporting

No

Limited10

Yes

Notes and small print:

Items in red represent significant improvement or changes.

1PKI is still mandatory for force tunnelling, Network Access Protection (NAP) integration or two-factor authentication deployment scenarios. A PKI-based solution is therefore still required for some enterprise-class deployments, dependent on the required features. 

2Hyper-V failover cluster is required.

3Smartcard only.

4IP-HTTPS is supported, but there is a performance overhead due to combined/double SSL and IPsec encryption. IP-HTTPS in Windows Server 2012 now support null SSL encryption and additional optimisations but requires Windows 8 clients.

5Complicated setup due to IPv6 requirements.

6Global Server Load Balancer (GSLB) is required.

7Automatic DirectAccess entry-point detection or user selected entry-point requires Windows 8 clients.

8Technically works, but the supportability status is currently unknown (full support provided in UAG SP3).

9Read-only PowerShell.

10Command line via PowerShell only.

As highlighted above, Windows Server 2012 offers the most feature-rich platform when compared to previous versions and can be considered as a superset of the functionality provided by the Forefront UAG SP1 offering. Many of the enhancements included in Windows Server 2012 DirectAccess are based upon direct feedback from customers and changes to facilitate easier adoption and deployment of the technology within both smaller organisations and enterprise environments alike. I am planning on creating two upcoming blog posts which will highlight the changes and benefits in Windows Server 2012 DirectAccess from the perspective of the smaller organisation and then also for the enterprise space. Given the improvements and changes, I think DirectAccess will be even more popular than ever…what do you think?

Monday, 6 August 2012

Forefront UAG: Service Pack 2 is Released!

Just a quick note to let you know that Forefront UAG Service Pack 2 has been released and is available for download here.

More information on new features and fixes can be found in the KB article here and also on TechNet here.

Some nice new features and quite a few fixes…

The new UAG build number is: 4.0.2095.10000