
close
close
In the this mini-series, I am going to diverge from my usual System Center-only focus to take a fresh look at deploying a Microsoft Remote Network Access solution. First, we’ll get you online and working using SSTP, and then extend this base implementation with Network Access protection before finally coming back a little later and elevating these SSTP servers to Direct Access.
advertisment
Don’t miss the other two parts of this series!
Part two: Remote Network Access: Deploying an SSTP Server
Part three: Remote Network Access: Configuring an SSTP Client
So why I am doing this? As we build out solutions for System Center, we need a foundation from which to work, and within the latest versions of Configuration Manager we have the ability to integrate with the Windows Network Access Protection and manage our off-site computers with a dial out approach over Direct Access. Also, in the new R2 releases we can integrate both our Certificate Servers (Certificate Authority – CAs) and we finally have the ability to distribute VPN Profiles to our end users. Therefore, I am considering this miniseries as a foundation for illustrating these features and abilities in later posts.
advertisment
I am building this solution out using the recently published RTM builds of Windows Server 2012 R2, but almost everything I will cover in this series will work from 2008 R2, with some minor adjustments and wizard changes.
The environment which we will use for the scenarios is illustrated in the graphic below, showing our client establishing a connection with the RRAS server over TCP443 or what you might better recognize as the HTTPS port. SSTP utilizes this same supporting environment, including the SSL certificates used to protect the tunnel.
I have tagged a number of the components with a to indicate the initial systems which are engaged in the basic SSTP implementation, including the Network Policy Server (otherwise known as RADIUS), which is used to check the client’s authorization to proceed with establishing the requested tunnel.
advertisment
The remaining servers are added to the scenario as we enable the NAP services, including the Certification Authority, and as an example, a simple Windows Update Server to offer simple remediation to non-compliant clients.
Each of the servers are responsible for different roles in the overall solution. To get a brief understanding of what these are, let’s take a quick look at their primary functions.
We now have the background and an idea of how the different servers will be used. Our next objective will be to implement this solution. Now would be a great time to get your environment ready and spin up some servers for the jobs we are about to face.
More from Damian Flynn
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Networking
How to Access and Triage Network Connectivity in the Microsoft 365 Admin Center
May 19, 2021 | Michael Reinders
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group