A few months ago I had the opportunity to work with the folks at KEMP Technologies to document the use of their LoadMaster load balancers for Windows Server 2012 R2 DirectAccess deployments. DirectAccess has several critical single points of failure which can benefit from the use of a load balancer. Typically Windows Network Load Balancing (NLB) is used in these scenarios, but NLB suffers from some serious limitations and lacks essential capabilities required to fully address these requirements. The use of an external third-party load balancer can provide better load distribution and more granular traffic control, while at the same time improving availability with intelligent service health checks.
Working with the LoadMaster was a great experience. Installation was quick and simple, and their web-based management console is intuitive and easy to use. The LoadMaster includes essential features that are required for load balancing DirectAccess servers, and advanced capabilities that can be leveraged to enhance geographic redundancy for multisite deployments.
KEMP offers the widest platform coverage with their solutions, including dedicated hardware appliances, virtual appliances for multiple hypervisors including Hyper-V, cloud-based including Microsoft Azure, as well as bare metal support for installation on your own hardware. You can download a fully functional free trial here.
You can view and download the Windows Server 2012 R2 DirectAccess Deployment Guide for the KEMP LoadMaster load balancing solution here.
Additional Resources
Video: Enable Load Balancing for DirectAccess
Configure KEMP LoadMaster Load Balancer for DirectAccess Network Location Server (NLS)
DirectAccess Single NIC Load Balancing with KEMP LoadMaster Load Balancers
DirectAccess and the Free KEMP LoadMaster Load Balancer
Webinar Recording: DirectAccess Load Balancing Tips and Tricks
Webinar Recording: DirectAccess Multisite with Windows 10 and KEMP LoadMaster GEO
Implementing DirectAccess with Windows Server 2016 book
Tom
/ February 10, 2015Hi,
thanks for the guides.
One important topic is not part of the guide: Teredo.
Do you have more information on this topic?
Richard Hicks
/ February 10, 2015Hi Tom,
This guide focuses exclusively on the deployment of DirectAccess in a perimeter/DMZ configuration behind the edge-facing Kemp LoadMaster load balancers. It is possible that in the future that Teredo will be covered, but it will be a separate implementation guide.
A
/ January 5, 2016What would this load balancing look like for Teredo? i.e would I map the 1st VIP to the 1st Public IP of the 2 DA Servers? And 2nd VIP (consecutive IP) to the 2nd Public IP of the 2 DA Servers?
And on the DA Servers, in a network trace, would I see client teredo traffic source IP as the VIP or the clients NAT’d public IP?
Richard M. Hicks
/ January 5, 2016It’s not pretty. 😉 Configuring an external load balancer for Teredo presents some unique challenges and isn’t generally recommended. DirectAccess servers must be configured with two consecutive public IP addresses each to support Teredo, and the external load balancer would require the same. That’s a lot of public IP addresses that will be consumed. You might be able to use “fake” public IPs internally though. In theory, yes, you’d have two VIPs on the ELB, the first VIP mapping to the primary IP on each DirectAccess server, and the second VIP on the ELB mapping to the secondary IP addresses. This is not something I’ve tested though, so I can’t say for certain if it actually works. If you try it, let me know. 🙂
Regarding the source IP as seen on the DirectAccess server, that would depend entirely on how your load balancer is configured.
Good luck!