• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

What about DirectAccess in the Branch Office?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What about DirectAccess in the Branch Office? Page: [1]
Login
Message << Older Topic   Newer Topic >>
What about DirectAccess in the Branch Office? - 17.May2010 8:02:43 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
That’s a good question and one I’ve been thinking about a bit lately. Since both Windows 7 Enterprise and Ultimate, as well as Windows Server 2008 R2 can be DirectAccess clients, I can imagine the following scenario:

•Windows 7 clients at the branch office
•A Windows Server 2008 R2 read-only domain controller
•A Windows Server 2008 R2 file server (using DFS)
•BranchCache enabled on the branch office network (either Hosted or Distributed Mode)
•No site to site VPN or Dedicated WAN link connecting the branch to the main office
•Branch office has a business level cable or FiOS Internet connection with 20-50Mbps down and 5Mbps up

With this scenario in place, there is no expensive dedicated WAN link, so you have money there. Also, there’s no site to site VPN link, so you don’t have to deal with the management hassle and Help Desk calls related to unable site to site VPNs. You should also be able to take advantage of BranchCache, either Hosted or Distributed Mode.

If you use Hosted Mode, you’ll need to configure Name Resolution Policy Table (NRPT) exemptions so that the BranchCache clients don’t try to connect to the BranchCache server over the DirectAccess connection. You can then configure local DNS or use local name resolution to resolve the name of the Hosted Mode BranchCache server.

If you use Distributed Mode, you don’t even need to configure NRTP exemptions, since the Distributed Mode BranchCache clients use WS-Discovery, which is a multicast based protocol to resolve the name of the local Windows 7 host with the desired content.

There you go. Significantly simplified infrastructure that gives branch office clients transparent access to corpnet resources without having to use VPN at all; no remote access client VPN connections and no site to site VPN connections.

_____________________________

Thomas W Shinder, M.D.
Post #: 1
RE: What about DirectAccess in the Branch Office? - 6.Feb.2011 9:29:12 PM   
franklesniak

 

Posts: 2
Joined: 21.Oct.2010
From: Melrose Park, IL
Status: offline
Tom,

I've been wondering about this as well, and have been thinking of setting up a proof of concept to test this idea. But before I do, have you actually set this up? If so, any experiences, gotchas, or best practices that you can share?

Thanks,
Frank

(in reply to tshinder)
Post #: 2
RE: What about DirectAccess in the Branch Office? - 9.Feb.2011 7:14:12 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Frank,

I haven't set it up yet, so I don't know what the gotcha's might be. I guess is depends on what services you maintain in the branch office. I think if you keep it simple (like files servers/web) at the branch office, things should work very nice. Or, don't even put file services at the branch office and just use branchcache.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to franklesniak)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> What about DirectAccess in the Branch Office? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts