default-focus-right

Load Balancing Windows 10 Always On VPN

Free Trial Always On VPN Case Study

Introduction

Windows 10 Always On VPN is the replacement for Microsoft’s DirectAccess remote access solution. Always On VPN works in much the same way as DirectAccess, providing seamless, transparent, and always-on remote access. Under the covers it uses traditional client-based VPN protocols like the Internet Key Exchange version 2 (IKEv2) and Secure Sockets Tunneling Protocol (SSTP).

Always On VPN Deployment Guide

Load Balancing for VPN Servers

Eliminating single points of failure in the Always On VPN architecture is crucial to ensuring the highest level of availability for the remote access solution thus the need for a load balancer. VPN servers can be made highly availably using the Kemp LoadMaster load balancer. The LoadMaster can be configured to accept inbound VPN connections and intelligently distribute them to all configured real servers. Traffic can be distributed in round-robin, or optionally based on the number of connections or by a percentage as defined by the administrator.

Load Balancing for RADIUS Servers

Always On VPN makes use of user certificates for authentication. The authentication protocol of choice is the Protected Extensible Authentication Protocol (Protected EAP, or PEAP), sometimes referred to as EAP-TLS. To leverage EAP, client connection requests are authenticated using a RADIUS server, commonly the Windows Server Network Policy Server (NPS). To provide redundancy for the authentication infrastructure, multiple RADIUS/NPS servers can be deployed and load-balanced by the Kemp LoadMaster to ensure high availability and to enable flexible scalability.

Redundancy and Failover

Unlike DirectAccess, Always On VPN does not natively include support for redundancy or failover. To address this shortcoming, the Kemp LoadMaster GEO can be configured to improve availability for VPN servers located in different datacenters. The administrator can configure GEO to route all VPN connection requests to the primary datacenter and send requests to the secondary datacenter in the event the primary site is unavailable.

Geographic Load Balancing

The Kemp LoadMaster GEO can also be used to provide geographic load balancing for Always On VPN. GEO can be configured to use proximity and location-based scheduling to intelligently route VPN connection requests to the nearest VPN server based on the client’s current location. This ensures that clients will connect to the most optimal VPN server available.

Commencez dès aujourd’hui à booster votre expérience continue des applications

Essai gratuit de 30 jours Contacter le service des ventes