DirectAccess with Unified Access Gateway (UAG)
description
Transcript of DirectAccess with Unified Access Gateway (UAG)
![Page 1: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/1.jpg)
![Page 3: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/3.jpg)
Introductions• Presenter – Ronald Beekelaar– MVP Security– MVP Virtual Machine Technology– E-mail: Beekelaar Consultancy BV
• Work– Security consultancy– Virtualization consultancy– Create many VM-based labs and demos– Software to optimize, manage and run VM
![Page 4: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/4.jpg)
Session Objectives• Main goals:
– Make it easier for you to talk to customers about using the remote access and management solution of DirectAccess in combination with Unified Access Gateway
– Or: implement DirectAccess in combination with Unified Access Gateway in your own organization
– How to do that?• Help understand the function of DirectAccess (DA)• Understand relationship between UAG and DA• Know that UAG DirectAccess + IPv6 + IPsec is "easy"
– Sub goal:• Use the lab environment for demos
![Page 5: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/5.jpg)
Demo and Lab Environment
• For study, testing, demo, POC, etc– Download from:
• http://go.microsoft.com/fwlink/?LinkId=190269
– Contains all Forefront products• Including FIM and AD FS
![Page 6: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/6.jpg)
What is DirectAccess• Connect with roaming client "directly" to
the company network• No VPN needed• No extra IP address needed• No terminal server "trick"• Use same "internal" server names: \\hrserver1,
http://portal• Requires IPv6 addresses• Also: connect from company network to
roaming client computer – even before user logs on
![Page 7: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/7.jpg)
IPv6 ?
• Successor to IPv4, but not well-understood• Multiple transition techniques to have IPv4
plus IPv6Internet
Companynetwork
IPv6 in IPv4 ? ? ?IPv4IPv6 IPv4
IPv6IPv4
IPv6 ??
![Page 8: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/8.jpg)
Technologies used
• Internal network– Isatap: automatically map ipv4 to ipv6
• External network (Internet)– 6to4 tunneling
or– Teredo
or– IP-HTTPs
![Page 9: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/9.jpg)
UAG DirectAccess
• Provides DirectAccess 'access' to IPv4 servers on the company network
• Is IPv6 "isatap" router on company network
• Implements DNS64 and NAT64
![Page 10: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/10.jpg)
DNS64 and NAT64 - say"6-to-4"
From: http://blogs.technet.com/edgeaccessblog/archive/2009/09/08/deep-dive-into-directaccess-nat64-and-dns64-in-action.aspx
![Page 11: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/11.jpg)
Terminology "Cheat sheet"
• IPv6 addresses– fe80: - link-local (no routing) ~~ 169.254.x.x– 2002: - 6to4 (with routing)– 2001: - Teredo addresses
• Transition– Isatap - generates link-local IPv6 based on IPv4– 6to4 - tunneling on Internet– Teredo - (if NAT) uses UDP 3544– IP-HTTPs - when no Teredo possible
![Page 12: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/12.jpg)
Networking in lab environment
InternetCompanynetwork
![Page 13: DirectAccess with Unified Access Gateway (UAG)](https://reader033.fdocuments.us/reader033/viewer/2022051219/56816592550346895dd85de2/html5/thumbnails/13.jpg)