Deploy Remote Access in the Cloud
Updated: August 10, 2012
Applies To: Windows Server 2012, Windows Server 2012 R2
Scenario description
The Remote Access Hosted Cloud Scenario provides a secure way for enterprise to access resources in the private cloud over the Internet. This scenario is designed for enterprise organizations that want to take advantage of the services offered by placing some of their infrastructure in private, hosted clouds, while ensuring high availability.
Cross-premises connectivity to a hosted cloud enables enterprises to connect to private subnets in a hosted cloud network. It also enables connectivity between geographically separate enterprise locations. With cross-premises connectivity, enterprises can use their existing networking infrastructure to connect to hosting providers using the industry standard IKEv2-IPsec protocol.
In this scenario
The Hosted Cloud scenario includes several possible cross-premise configurations from which to choose.
Network and server topology—Decide which cross-premise architecture fits the needs of your organization:
Site-to-Site—With this configuration, you can provide both network and site redundancy without the use of a network load balancing device.The Remote Access server is configured with two network adapters that are connected to two separate Internet service provider sites. Each of the ISP sites have two network adapters connected to the on-site Remote Access server. Subnets are hosted outside the customer premises. By creating site-to-site tunnels with the appropriate routes and you can fully optimize all the links and sites (assuming the load across all the subnets is same).
Network Load Balancing and Failover—Using this configuration, you can provide both network and site redundancy without the use of a network load balancing device.The Remote Access server is configured with two network adapters that are connected to two separate Internet service provider sites. Each of the ISP sites has two network adapters connected to the on-site Remote Access server adapters. Multiple subnets are hosted outside the customer premises, and mirrored in the ISP’s clouds. By creating site-to-site tunnels with the appropriate routes, you can fully optimize all the links and sites (assuming the load across all the subnets is same).
The Remote Access server site-to-site gateway can be deployed using Windows Network Load Balancing (NLB), or third party load balancing devices. Network Adapter Teaming (also referred to as NIC teaming) is supported if multiple adapters are available and teaming is supported on the server.
Practical applications
The Remote Access Hosted Cloud Scenarios utilize a private cloud infrastructure using IKEv2 and IPSec to make enterprise resources exclusively available to employees or partners of your company. Authorized users are able to access the services on the internet, and if they are outside the company, via site-to-site Virtual Private Networks (VPN). When your resources are hosted by a third-party service provider (for example, hosters, outsourcers, and increasingly, telecommunications companies), the cloud is referred to as a hosted private cloud. Cloud Bursting and Data Recovery are two practical applications for site-to-site VPNs in the cloud
Cloud Bursting
Cloud bursting, is the function of using virtual private clouds from service providers to meet peak computing demand situations. When resources are stretched during peak times or seasons in the corporate data center, Cloud Bursting allows the excess data to be moved across the cloud to a provider network that can absorb the extra data capacity. The diagram below shows how sit-to-site VPNs are used to facilitate Cloud Bursting.
Disaster Recovery
Disaster Recovery uses virtual private clouds from service providers as backup infrastructure. As the Figure 1 below illustrates, a corporation can use the hoster’s infrastructure with Hyper-V Replica and VPN, to replicate a mission critical application to its hoster. In the event of failure, everything, including the IP address infrastructure fails over to the hosted cloud. In this way clients traffic can seamlessly be routed to the service that’s currently up and running (the hoster’s failover site). Cross-Premises connectivity ensures secure connectivity to resources in the cloud.
Figure 1: Disaster Recovery Topology
Roles and features included in this scenario
The following table lists the roles and features required for the scenario:
Role/feature | How it supports this scenario |
---|---|
Remote Access role |
The role is installed and uninstalled using the Server Manager console. This role encompasses both DirectAccess, which was previously a feature in Windows Server 2008 R2, and Routing and Remote Access Services which was previously a role service under the Network Policy and Access Services (NPAS) server role. The Remote Access role consists of two components:
The role depends on the following:
|
Remote Access Management Tools role |
This feature is installed as follows:
The Remote Access Management Tools feature consists of the following:
The role depends on the following:
|
Hardware requirements
The hardware requirements for this scenario will depend on which configuration you choose. Requirements will be specified in detail in the scenario planning guide.
Software requirements
The software requirements for this scenario will depend on which configuration you choose. Requirements will be specified in detail in the scenario planning guide.
See also
The following table provides links to additional information about Remote Access, including DirectAccess and VPN.
Content type | References |
---|---|
Product evaluation |
Remote Access TechCenter | Remote Access test lab guides, when published |
Planning |
Links to the other Remote Access deployment scenarios when published. |
Deployment |
Links to the Remote Access deployment scenarios when published. |
Tools and settings |
Windows PowerShell cmdlets for Remote Access, when published. |
Community resources |
|
Related technologies |
IKEv2-IPsec |