Hi all

I'v been asked to design Direct Access 2012 r2 for win7 clients (more than 1000)

what is the best scenario for security? one nic or two nic deployment?

Inside the LAN or in the DMZ? 

I will use sll offload for the win7 client double encryption

no multisite

any other confederation for a high level brief? 

10x

• Edited by Yfhar's Tuesday, November 18, 2014 9:36 PM

You can refer below links for Design Considerations and Capacity Planning for DirectAccess

http://technet.microsoft.com/en-us/library/jj735301.aspx

http://technet.microsoft.com/en-us/library/jj735301.aspx

Hi all

I'v been asked to design Direct Access 2012 r2 for win7 clients (more than 1000)

what is the best scenario for security? one nic or two nic deployment?

Inside the LAN or in the DMZ? 

I will use sll offload for the win7 client double encryption

no multisite

any other confederation for a high level brief? 

10x

You should always locate your DirectAccess Server behind an front-end firewall, in a Perimeter Network (DMZ). For an optimal configuration you use two network interfaces; one interface connected to the Perimeter Network (DMZ) and the other interface connected to the Internal Network (LAN). Optionally, you can have a back-end firewall between the internal network interface and your internal network.

If you want to use all DirectAccess Protocol (e.g. 6to4, Teredo and IP-HTTPS) you need two external IP Addresses without NAT in between. But if you are going to use IP-HTTPS only you can apply NAT and one external IP Address will be enough.

There is many other thing to consider, but network related this is good to start with.

Hi

I may be wrong but IPSEC/SSL Offloading are network capabilities not available in virtual machines. So you will need Appliances or physical servers.