Implementing DirectAccess with Windows Server 2016

Richard Hicks (MCP, MCSE, MCTS, MCITP:EA, MCSA, MVP) is a network and information security expert specializing in Microsoft technologies. As a Microsoft Cloud and Datacenter/Enterprise Security MVP, he has traveled around the world speaking to network engineers, security administrators, and IT professionals about Microsoft networking and security. Richard has nearly 20 years of experience working in large scale corporate computing environments and has designed and deployed perimeter defense and secure remote access solutions for some of the largest companies in the world. Richard is the Founder and Principal Consultant of Richard M. Hicks Consulting, and focuses on helping organizations large and small implement DirectAccess, VPN, and cloud networking solutions on Microsoft platforms. Richard is a contributing author for TechGenix (WindowSecurity.com, WindowsNetworking.com, CloudComputingAdmin.com) and the Petri IT Knowledgebase. He has also produced video training courses for Pluralsight. Richard is an avid fan of Major League Baseball and in particular the Los Angeles Angels (of Anaheim!). He also enjoys fish tacos, craft beer, and single malt Scotch whisky. He lives and works in beautiful, sunny, Southern California. Keep up to date on all things DirectAccess by visiting his web site at directaccess.richardhicks.com.

Chapter 1 - DirectAccess Overview High level overview of DirectAccess. Describe how DirectAccess works. Outline vision and evolution of DirectAccess and explain business case and market drivers. Compare and contrast DirectAccess with traditional VPN. Describe the Windows platform technologies that make up a DirectAccess solution and explain the advantages and disadvantages of a DirectAccess solution. Chapter 2 - Planning for DirectAccess Describe the planning and design of a DirectAccess solution. Outline all prerequisites including infrastructure requirements. Explain in detail the supported networking deployment models for DirectAccess and their pros and cons. Chapter 3 - Installing DirectAccess Prepare the server for DirectAccess. Install the DirectAccess role and any features required to support DirectAccess. Chapter 4 - Configuring DirectAccess (Simplified Deployment Scenario) Install and configure DirectAccess using the Getting Started Wizard. Describe the limitations of this model and explain the Kerberos proxy. Document advantages and disadvantages of implementing DirectAccess simplified deployment. Chapter 5 - Configuring DirectAccess (Complex Deployment Scenario) Install and configure DirectAccess using the Remote Access Setup Wizard. Explain the benefits of using the complex deployment and describe the differences between edge facing and perimeter/DMZ deployments behind NAT. Chapter 6 - Configuring DirectAccess (Multisite Deployment Scenario) Enable DirectAccess multisite. Outline perquisites (NLS, certificates, public hostnames, etc.). Describe limitations for Windows 7 clients. Explain challenges converting from single site to multisite and document infrastructure requirements and Active Directory configuration required to support multisite. Chapter 7 - Configuring DirectAccess High Availability Describe high availability options for DirectAccess. Install and configure Windows Network Load Balancing (NLB) and explain drawbacks for using NLB. Demonstrate DirectAccess configuration with external hardware load balancer. Outline high availability options for multisite deployments and document the use of a Global Server Load Balancer (GSLB) solution with DirectAccess. Chapter 8 - Enabling Strong Authentication Enable strong user authentication for DirectAccess clients by implementing One-Time Passwords (OTP) and virtual smart cards. Explain common uses cases and business requirements for using strong authentication. Describe in detail the drawbacks for the user of strong authentication, how it breaks the DirectAccess usage model, and how additional controls can be implemented that negate the need for additional strong user authentication. Chapter 9 - Supporting Windows 7 Clients Describe the unique requirements for Windows 7 clients and outline the limitations. Configure and deploy the DirectAccess Connectivity Assistant (DCA) 2.0 in single site and multisite deployments. Chapter 10 - Monitoring and Reporting Enable and configure logging for the DirectAccess solution. Demonstrate the use of activity logs and historical reports. Describe logging options and limitations. Document various logging options and their effect on utilization and performance on the DirectAccess server. Explain optimizations that can be made to improve logging performance and identify important shortcomings in the native logging facility. Chapter 11 - Troubleshooting Provide detailed, step-by-step guidance for troubleshooting DirectAccess client connectivity. Describe troubleshooting methodologies for identifying common issues that affect the DirectAccess solution. Include practical, real-world scenarios for connectivity failures and provide workarounds for common configuration issues that are the source of many access challenges. Chapter 12 - Migrating to Windows Server 2016 DirectAccess This chapter will provide prescriptive guidance for migrating from previous versions of DirectAccess to Windows Server 2016, including migration for Windows Server 2008 R2, Forefront Unified Access Gateway (UAG) 2010, and Windows Server 2012/201R2. Chapter 13 - Client-Based VPN Outline the supported client-based VPN protocols in Windows Server 2016, including PPTP, L2TP/IPsec, SSTP, and IKEv2. Describe the unique features of each protocol and discuss potential drawbacks they bring. Provide implementation best practices for implementing VPN and guidance for leveraging strong authentication for remote access users. Discuss new BYOD features including automatic triggered VPN connections.