Hello Everyone,
I would like to implement Direct Access in my company's environment but through researching Direct Access/Remote Access I've found contradicting statements/articles.
The optimum deployment would be to follow the company's architecture guidelines, and place the Direct Access Server behind our Firewall with a NAT in the DMZ *not* joined to the domain with one NIC/Network Adapter facing the DMZ. I found a couple articles claiming that you can place the DA/RA server in the DMZ not joined to the Domain. Although when running the Remote Access configuration it requires you to add the server to a Domain or work group. When selecting a workgroup it of course requires a reboot. After rebooting I've confirmed the machine is work group although going through the configuration wizard I'm still prompted with adding the server to a domain or workgroup.
Is there a work around for this pre-req? I.e. Add the machine to the domain, configure the DA server and then remove it from the domain? Or is there no way to have a DA server that isn't a domain member?
Is a DMZ DA proxy a possibility? I.e. having a DA server in our internal network with traffic routed through the proxy server in the DMZ. So External client on the internet => Firewall => DMZ Proxy => DA Server (internal)?
- Moved by TP []MVP Friday, May 22, 2015 12:48 PM Security question