Migrating DirectAccess from NLB to KEMP LoadMaster Load Balancers
Enabling load balancing for the DirectAccess workload is crucial to eliminating single points of failure. This ensures the highest level of availability, and most importantly productivity, for remote workers. Previously I’ve written about how the KEMP LoadMaster load balancer offers important advantages over the native, integrated Windows Network Load Balancing (NLB). But what if you’ve already deployed DirectAccess using NLB and now want to switch to the KEMP solution? In this article I’ll show you how.
Migrating from NLB to the KEMP LoadMaster involves deploying the LoadMaster in parallel with NLB, then removing NLB once traffic is flowing through the LoadMaster. Begin by preparing the LoadMaster using the guidance found in the Windows Server 2012 R2 DirectAccess Deployment Guide. Be sure to use a unique IPv4 address for the VIP, not the current NLB VIP as it is still in use on the DirectAccess servers. Configure the real servers on the KEMP using the dedicated IPv4 addresses of the DirectAccess servers.
Firewalls and DNS
If the LoadMaster is edge-facing and has the public IPv4 address assigned as the VIP, update the public DNS record for the DirectAccess public hostname (e.g. directaccess.example.com). If the LoadMaster is deployed behind and edge firewall preforming NAT, be sure to update the NAT rule to direct traffic from the public IPv4 address to the VIP running on the KEMP.
DirectAccess connections are being routed from the Internet through the LoadMaster and NLB can safely be removed. Open the Remote Access Management console and click Configure Load Balancing Settings under Load Balanced Cluster in the Tasks pane.
Select the option to Use an external load balancer and click Next and then Commit.
Alternatively, open an elevated PowerShell command window and enter the following command.
Set-RemoteAccessLoadBalancer -ThirdPartyLoadBalancer Enabled
Finally, remove the NLB feature from each DirectAccess server by opening an elevated PowerShell command window and entering the following command.
Note: If the DirectAccess web probe host URL or the NLS are hosted on the DirectAccess servers (not recommended), ensure the entries in internal DNS are updated accordingly.
The KEMP LoadMaster load balancer provides significant and important advantages over native Windows NLB. If you’ve already deployed DirectAccess using NLB and wish to improve the reliability and performance of your remote access solution, migrating from NLB to the LoadMaster is not difficult at all. Make the move today…you’ll be glad you did!