I was asked at today’s TechNet Unleashed event in Malvern, PA what the scalability and high availability options were with DirectAccess in Windows Server 2008 R2. I wasn’t certain, but thought that NLB was an option, so I said I would find out. Well here’s the results of my research. I found a detailed description on Configuring a network load balanced array for Forefront UAG DirectAccess. (Click here for more information).
Forefront Unified Access Gateway (UAG) provides remote access to applications, networks, and internal resources from diverse client endpoints through a single point of entry.
Forefront Unified Access Gateway (UAG) is a remote access solution that provides a gateway for managed and non-managed endpoints to access corporate applications and resources, as follows:
This topic provides information about how to configure a Network Load Balancing (NLB) array for Forefront UAG DirectAccess.
Forefront UAG integrates NLB functionality provided by Windows Server 2008 R2 with additional functionality that enables load balancing of Forefront UAG DirectAccess servers. Forefront UAG NLB provides load balancing for up to 8 Forefront UAG DirectAccess array members.
Forefront UAG enables load balancing of SSL based traffic in addition to Forefront UAG DirectAccess based traffic. In order to do load balancing for all Forefront UAG DirectAccess traffic, which is IPv6 based, Forefront UAG NLB must examine the IPv4 tunneling for all transition technologies. Because IP-HTTPS traffic is encrypted, examining the content of the IPv4 tunnel is not possible (for more information, see Connectivity). To enable IP-HTTPS traffic to be load balanced, you must allocate a wide enough IPv6 prefix to enable the Forefront UAG to assign a different IPv6 /64 prefix to each of the nodes. For example, 2 array members require a /63 prefix (which enables Forefront UAG to define a /64 address for each array member); 8 array members require a /61 prefix (which enables Forefront UAG to define a /64 address for each array member). This prefix must be routable to the Forefront UAG DirectAccess array, and is configured during the Forefront UAG DirectAccess Configuration. For more information, see Configuring IPv6 prefix addresses.