Presentation is loading. Please wait.

Presentation is loading. Please wait.

Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333.

Similar presentations


Presentation on theme: "Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333."— Presentation transcript:

1 Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333

2

3 DirectAccess in Action

4

5

6 Version 1: Windows Server 2008 R2 Version 1.5: Windows Server 2008 R2 + UAG Version 2: Windows Server 2012

7

8 InternetCorporate Public IPv4 AddressingPrivate IPv4 Addressing DA Wizard Creates Group Policies DA Policy is applied to client Try to contact Internal Server (NLS) IPv4 Query for External DA Server IP Establish Direct Access Tunnel

9 Demonstration Simplified Direct Access Configuration & Improved Client Experience

10

11

12

13

14

15

16

17

18 Offline Provisioning of Direct Access Client

19 Djoin /provision /machine CLIENT1 /domain corp /policynames "DirectAccess Client Settings" /rootcacerts /savefile c:\files\provision.txt /reuse

20

21 DNS Query for DirectAccess-NLS.corp.domain.com HTTP Probe to check for availability IPv4 (A) DNS Query for da.domain.com Connect to external IP Address of the Direct Access Server, validate certificates Either using Kerberos or Certificate based Authentication

22 NAT64/DNS64 is the reason DA works on IPv4 Networks IPv6 Network IPv4 Network IPv6 Client fd00:fefe:1::bef1:2002 NAT64/DNS64 gateway (DA) IPv4-only Server Native IPv4 traffic Native IPv6 traffic DNS Server IPv6 Prefix - fd00:fefe:2::/96 IPv4 Internal Address – NAT64 device configured with /96 IPv6 prefix and IPv4 address pool 1. IPv6 Client sends DNS AAAA query for IPv4-only Server 2. NAT64 device forwards DNS AAAA query to authoritative DNS Server 3. DNS Server informs that no AAAA record exists for Server 4. NAT64 device sends DNS A query for Server 5. DNS Server replies with Server’s IPv4 address SERVER IN A s 6. DNS64 converts DNS A IPv4 response to an IPv6 AAAA one, adding IPv6 /96 prefix SERVER IN AAAA FD00:FEFE:2:: IPv6 Client sends connection packet to IPv6 address associated to the IPv4 receiver 8. NAT64 gateway translates the IPv6 packet to IPv4, dynamically associating the source IPv6 address with an IPv4 address from the pool 9. IPv4-only Server replies to the dynamic IPv4 address used by the NAT64 gateway 9. NAT64 gateway translates the IPv4 packet to IPv6 using the information in the translation table fd00:fefe:2:: TCP port 80 fd00:fefe:1::bef1:2002, TCP port TCP port TCP port 80

23

24

25 Extending Direct Access for Windows 7

26

27

28

29 InternetPerimeterCorporate Network External IPv4 DNS Record: Type: A Da.contoso.com Source Port 443 Destination: da.contoso.com -> Forward or -> NAT To Internal Firewall Source Port 443 Destination: da.contoso.com “Non Web HTTPS rule” to internal IP of Direct Access Server

30

31 You probably don't want to accept this default option

32 Both of these caused failed deployment until corrected

33

34


Download ppt "Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333."

Similar presentations


Ads by Google