Load Balancing Windows Server 2012 R2 DirectAccess

Introduction

DirectAccess is a compelling remote access technology included as part of the Unified Remote Access role in Windows Server 2012 R2. Built using Windows platform technologies like Active Directory, Certificate Services, IPsec, and IPv6, DirectAccess provides seamless and transparent connectivity to corporate networks without requiring the user to proactively establish a connection. Any time a DirectAccess client is outside of the corporate network and has access to the public Internet, it automatically establishes a connection to the DirectAccess server. This allows the user to access on premises data and applications securely.

DirectAccess simplifies the integration of remote and mobile users with the corporate network by removing the need for VPN configuration on client devices.

Load Balancing for DirectAccess Servers

Reliable remote access is essential for organizations of all sizes to ensure the highest levels of productivity for remote users. Eliminating single points of failure is key to meeting this requirement. DirectAccess servers can be made highly available with the use of the Kemp LoadMaster load balancer. The LoadMaster can be configured to intelligently distribute traffic to members of a DirectAccess server array to evenly distribute the load. Granular traffic management can be implemented using the LoadMaster’s advanced features such as weighted round robin, least connections (fixed or weighted), server response time, and more. A DirectAccess service that is load balanced with KEMPLoadMaster offers resilience without the complexity of implementing complex routing using protocols such as BGP.

Load Balancing for DirectAccess Infrastructure Services

The Kemp LoadMaster can also be deployed to provide high availability for DirectAccess supporting infrastructure services such as the Network Location Server (NLS). The NLS is used by DirectAccess clients to determine if they are inside or outside of the corporate network. If the NLS is offline for any reason, DirectAccess clients inside the corporate network will assume they are outside and attempt to establish a DirectAccess connection. If they are unsuccessful, access to internal corporate resources will not be possible until the NLS is back online. A LoadMaster can be configured to act as an NLS server (define a virtual service to provide a 200 OK error handling response) or to load balance other resources configured as NLS servers.

Geographic Load Balancing

DirectAccess includes support for multisite deployments to provide geographic redundancy for organizations with multiple physical locations. Windows 8.x DirectAccess clients can select the closest entry point when they are roaming, and fail over transparently to another site if their current site becomes unavailable. The native site selection method is rudimentary, and using the Kemp LoadMaster GEO functionality can greatly improve the roaming experience for remote Windows 8 clients.