Chapter 1. DirectAccess Server Best Practices
In this chapter we are going to take a step-by-step approach in the preparation of your Windows Server 2012 Remote Access servers for use with DirectAccess. By walking through the process of preparing your servers, we will have ample opportunity to discuss what the changes and options that you are choosing actually mean, and give a little insight as to whether or not you really want to choose them. There are numerous ways in which DirectAccess in Server 2012 can be implemented, and not all the options are created equally. We'll discuss which options are the best in terms of security, and I'll describe the steps to take to make sure your environment is running as efficiently and securely as possible. The topics covered in this chapter are relevant to the actual server itself, and not necessarily DirectAccess environmental practices, as we will discuss those topics in Chapter 2, DirectAccess Environmental Best Practices.
Here's the layout of what we are going to look at:
- Preparing your Remote Access servers for DirectAccess
- NIC configuration
- NIC binding
- MAC address spoofing for virtual machines
- Adding static routes
- Hostname and domain membership
- Time for certificates
- Adding the roles
- Don't use the Getting Started Wizard!
- Security hardening the server