Migrating DirectAccess from NLB to KEMP LoadMaster Load Balancers

Direct-AccessEnabling load balancing for the DirectAccess workload is crucial to eliminating single points of failure. This ensures the highest level of availability, and most importantly productivity, for remote workers. Previously I’ve written about how the KEMP LoadMaster load balancer offers important advantages over the native, integrated Windows Network Load Balancing (NLB). But what if you’ve already deployed DirectAccess using NLB and now want to switch to the KEMP solution? In this article I’ll show you how.

LoadMaster Configuration

Migrating from NLB to the KEMP LoadMaster involves deploying the LoadMaster in parallel with NLB, then removing NLB once traffic is flowing through the LoadMaster. Begin by preparing the LoadMaster using the guidance found in the Windows Server 2012 R2 DirectAccess Deployment Guide. Be sure to use a unique IPv4 address for the VIP, not the current NLB VIP as it is still in use on the DirectAccess servers. Configure the real servers on the KEMP using the dedicated IPv4 addresses of the DirectAccess servers.

Firewalls and DNS

If the LoadMaster is edge-facing and has the public IPv4 address assigned as the VIP, update the public DNS record for the DirectAccess public hostname (e.g. directaccess.example.com). If the LoadMaster is deployed behind and edge firewall preforming NAT, be sure to update the NAT rule to direct traffic from the public IPv4 address to the VIP running on the KEMP.

DirectAccess Configuration

DirectAccess connections are being routed from the Internet through the LoadMaster and NLB can safely be removed. Open the Remote Access Management console and click Configure Load Balancing Settings under Load Balanced Cluster in the Tasks pane.

Direct Access from NLB to KEMP LoadMaster 1

Select the option to Use an external load balancer and click Next and then Commit.

Direct Access from NLB to KEMP LoadMaster 1

 

Alternatively, open an elevated PowerShell command window and enter the following command.

Set-RemoteAccessLoadBalancer -ThirdPartyLoadBalancer Enabled

Finally, remove the NLB feature from each DirectAccess server by opening an elevated PowerShell command window and entering the following command.

Uninstall-WindowsFeature NLB

Note: If the DirectAccess web probe host URL or the NLS are hosted on the DirectAccess servers (not recommended), ensure the entries in internal DNS are updated accordingly.

Summary

The KEMP LoadMaster load balancer provides significant and important advantages over native Windows NLB. If you’ve already deployed DirectAccess using NLB and wish to improve the reliability and performance of your remote access solution, migrating from NLB to the LoadMaster is not difficult at all. Make the move today…you’ll be glad you did!

Richard Hicks

Richard Hicks

Richard Hicks is a network and information security expert specializing in Microsoft technologies. He is a Microsoft Enterprise Security MVP and the founder and principal consultant for Richard M. Hicks Consulting. Richard has deployed secure remote access solutions for some of the largest organizations in the world. Learn more about DirectAccess by visiting http://directaccess.richardhicks.com.

More Posts

Follow Me:
TwitterFacebookLinkedInGoogle Plus