Here is the second part of Windows Server 2012 Direct Access blog series.
In the first post we discussed what’s new and what are the design differences between new and previous version of Direct Access feature.
In this blog post, we’ll discuss about our Lab configuration that will lead us for the next parts and help us to design and test Direct Access feature within virtual environment.
To build a reliable Direct Access Lab, Microsoft provides Base and Test Lab guide documentations.
Regarding base lab guide, you can build a base lab that includes Infrastructure servers (DNS, Active Directory), Application Server (Intranet IIS Site), Simulated Internet (DNS Server) and single Direct Access Server.
After you build base virtual machines, then you should follow Test Lab guide and configure&test Direct Access feature.
Let’s look at the lab details and introduce virtual machines & roles.
– First of all you must build a Domain Controller as an intranet domain controller, DNS Server and DHCP server. This server will be responsible for authentication purposes and will act as main identity store for the Lab environment. Also a DNS server is a must to built a healthy Active Directory environment. DHCP is another role that you have to install. It will be used to configure Client1’s ip address automatically. Since you will change Client1 subnet frequently during test processes, providing ip addresses automatically will help us.
– One intranet member server running Windows Server 2012 named APP1. It will be configured as a general application and web server. When a client resides on internet network and successfully connects intranet network through IPSEC tunnel (Direct Access Server), to test Direct Access client side functionalities, being able to access real intranet resources will be more helpful test. On application server, a file share and an intranet IIS web site will be created.
– One member client computer running Windows 8 Consumer Preview named Clinet1. You will use that client machine for testing purposes. I recommend that put three network interface to try for internet, intranet and behind NAT communications.
– One intranet member server running Windows Server 2012 named EDGE1. That will be our Direct Access Server. Most important point is that it should have two different network cards to access both intranet and internet networks. This server also will act as a DNS64. That means it will get DNS ipv6 requests from Windows 8 clients that resided in Internet and make ipv4 DNS requests to the intranet DNS server on behalf of DA clients.
– And the last required server for base lab is INET1. It’s required to simulate internet network. You will have to create DNS zones to answer DNS queries from internet clients.
I’m sure if you want to build that lab, you will download base and test lab and follow the steps. So I will only highlight for the important steps that is also covered basically within documents.
– Since this is a limited Lab environment, you can minimize hardware requirements. 1024Gb ram will be enough for each VM.
– Unlike previous Windows 7 Direct Access Test lab guide, this guide includes PowerShell script for each step. You do not have to follow 15-20 steps one by one. Just copy PowerShell script provided and run within elevated PowerShell console.
After you complete Base Lab Guide and before to start Test Lab Guide, if you want to test Direct Access functionality behind a NAT device, you also have to build following HomeNet Lab.
It’s an optional step and will help you to fire up one another Windows 8 virtual machine that will act as a NAT device.
Before you start to install Direct Access Feature and test connectivity, you must have following environment:
I know it seems a little bit crowded, but once you build that kind of virtual lab, you can also use it to test other new Windows Server 8 features.
Next part we will assume that you have a working Lab environment and will start to install and configure Direct Access feature.