Forum Discussion

Technomyke_1198's avatar
Technomyke_1198
Icon for Nimbostratus rankNimbostratus
Jun 12, 2013

Direct Access 2012 and f5

We are testing Direct Access 2012 and are planning to use the f5 to handle load balancing between two DA servers.

 

I haven't found much info specific to using f5, mainly this:http://www.f5.com/pdf/white-papers/...ess-tb.pdf

 

 

The only real technical documentation is the old Forefront UAG back in 2009:

 

https://devcentral.f5.com/tech-tips...bjKNinnbaM

 

http://www.f5.com/pdf/deployment-guides/f5-uag-dg.pdf

 

I would like verifaction that the this older documention is still relevant with DA 2012.

 

Thanks

 

Mykel

 

  • DirectAccess 2012, a feature in Windows Server 2012, provides seamless remote access by allowing clients to connect to an internal network without needing a traditional VPN. It is often used to enhance security and connectivity for organizations that manage remote employees. Integrating DirectAccess with F5, a leading application delivery and security solution, can provide load balancing and high availability to ensure smooth, uninterrupted access for users.

    When configured with F5's BIG-IP appliances, DirectAccess clients gain enhanced stability and redundancy. F5 BIG-IP can be set up to distribute DirectAccess requests across multiple DirectAccess servers, optimizing load and ensuring connectivity even if one server fails. This approach provides a reliable experience, especially for organizations with high demand for remote connections.

    Additionally, F5’s SSL offloading capability reduces the encryption load on DirectAccess servers, freeing up resources and improving performance. F5 can also implement enhanced security features, such as client authentication and traffic monitoring, adding an extra layer of protection.

    While configuring F5 with DirectAccess 2012 requires technical setup, the benefits include increased performance, reliability, and scalability for remote access solutions, making it an ideal choice for businesses seeking to support a mobile or remote workforce effectively.

  • I'm looking for a document on how to use F5 with two DA servers. F5 will provide the load balancing and the two DA servers (cluster) will be the fault tolerant. In the DA wizard for the DIP (dedicated IP address) do we use the VIP? Any article on this? Thanks.

     

  • Impressive work Ryan. Shame about Teredo since Microsoft say it's faster than IPHTTPS. Still, when combined with GTM, this is the only documented solution to allow Manage Out in a Multisite deployment of DirectAccess. I think you've accidentally duplicated the lower screenshots though.

     

  • Ryan_Korock_46's avatar
    Ryan_Korock_46
    Historic F5 Account

    Just posted the guidance here It should eventually make it into a deployment guide, but until then, that blog post should have the information you need. Sorry for the wait, and let me know if anything in there needs clarification!

     

  • Hi Ryan, Not seen any of the promised Manage Out guidance, neither IPHTTPS nor Teredo. Did you succeed in getting MO working at all? Many thanks.

     

  • Hi,

     

    do you have any document to implementing Direct access 2012 with F5 load balancing. the document i have found is for UAG only but we are implementing direct access 2012 with external load balancer(F5).

     

  • Ryan_Korock_46's avatar
    Ryan_Korock_46
    Historic F5 Account
    Mykel,

     

    The inbound Direct Access load balancing configuration (Teredo, IP-HTTPS) is consistent between UAG and the versions of DA.

     

     

    I am reworking our guidance around the "Manage-Out" scenario. I've got guidance ready for IP-HTTPS based Manage Out connections, and the guidance for Teredo based Manage Out is still being developed. Please feel free to reach out to me (r.korock@f5.com) if you need more details.
    • Afroz_Ahmad_114's avatar
      Afroz_Ahmad_114
      Icon for Nimbostratus rankNimbostratus
      Hi Ryan, I also need Teredo based Manage out solution document , as i am about to implement this in our environment.