I am happy to tell you that today I’ve released the Test Lab Guide: Demonstrate UAG SP1 RC DirectAccess with Secure Socket Tunneling (SSTP) Test Lab Guide. This is one that I was looking forward to doing because this is such an important deployment model.
As you might know, a single UAG server or UAG array can support all of the roles that are supported by UAG (with the exception that a UAG server or array that acts in the DirectAccess role cannot also host the Network Connector). In general, I recommend that you use different UAG servers or array based on their functional roles:
- One server or array should be dedicated to SSL VPN (portal or reverse web proxy) services
- One server or array should be dedicated to DirectAccess and SSTP (and maybe Remote Desktop Gateway)
This is not a hard and fast rule, and I certainly wouldn’t fault anyone for taking a different approach. But I’ve found that if you separate the services provided on the server or array in this manner, it’s easier to “size” your deployment, given the high processing requirements for the DirectAccess server deployment.
Having SSTP on the DirectAccess server makes it easy to have a “fall back” solution for any applications that don’t work with DirectAccess. While we haven’t seen too many of them, there are still a few and SSTP makes it easy to access the corporate network for DirectAccess client when they need to use these applications. In addition, you may have Windows 7 clients that are not domain members, and thus can’t be DirectAccess clients. Or you might even have domain member Windows 7 computers, but these aren’t configured for DirectAccess. These non-DirectAccess clients can easily connect to the corporate network using the Secure Socket Tunneling Protocol (SSTP), which is firewall and NAT friendly, so that users can connect using SSTP from almost anywhere.
In this Test Lab Guide you will build out a co-located DirectAccess and SSTP server and then test the deployment. You’ll configure the UAG server as both a DirectAccess and SSTP VPN server and then test DirectAccess and SSTP VPN connectivity, and look at several key areas to confirm connectivity and what normal connectivity looks like in these scenarios.
I hope you like the Test Lab Guide: Demonstrate UAG SP1 RC DirectAccess with Secure Socket Tunneling (SSTP) Test Lab Guide. As always, if you have any questions on this Test Lab Guide, or have suggestions for improvements or if you find errors, then please let me know! Just write to the email address in my sig line and I’ll get back to you as soon as I can.
Knowledge Engineer, Microsoft DAIP iX/Forefront iX
UAG Direct Access/Anywhere Access Group (AAG)
The “Edge Man” blog (DA all the time): http://blogs.technet.com/tomshinder/default.aspx
Follow me on Twitter: https://twitter.com/tshinder