Microsoft Windows Server 2012 is the latest version of the Windows Server operating system. It introduces new features like Direct Access that allows transparent network access for users connecting from any Internet connection. The seminar discusses how Direct Access works and the benefits it provides in allowing users to access files and resources as if they were on the internal network even when connecting remotely. It also notes Direct Access is suitable for organizations of all sizes.

1. Microsoft Windows Server 2012
Seminar: Transparant werken met Direct Access.
Het nieuwe werken. Thuis, onderweg, bij een klant of op de zaak. Overal
waar u bent wilt u dezelfde gebruikerservaring hebben. Met Direct Access
is uw laptop met internetvoorziening altijd onderdeel van uw
bedrijfsnetwerk. Zo kunt u altijd bij uw bestanden en behoort de
complexiteit van VPN connecties tot het grijze verleden! Deze oplossing is
perfect voor iedere bedrijfsgrootte, van klein-MKB tot grote enterprise
ondernemingen.

3.  Windows Server 2012
 Trends and Challenges
 Direct Access
 Get Started: Advies en Doen!

5. The Cloud OS





7. New Device
apps proliferation Data explosion Cloud computing

9. Support for
Windows
Easy-deployment PowerShell for
wizard client and server
Transparent network access
to the end user from any
Internet connection
Support for Site-to-site
multiple sites tunneling
Simple to deploy Flexible Unified Built-in support for
and manage deployment management IPv6 translation
centrally scenarios experience technology
9

15. is

16. Client authentication requests are sent to a KDC Proxy Server service running on the DirectAccess
server
Kerberos proxy sends Kerberos requests to DCs on behalf of the client

17.  TCP port 443 NATted or allowed to DA Edge (on firewall)
 DirectAccess server must have a server authentication certificate for TLS
 Will be trusted by clients (forcibly through Group Policy if necessary)
 Self-signed cert used automatically for IPHTTPS/KDC Proxy

18. with single network interface or multiple interfaces
If so, only IP-HTTPS will be deployed

19. Data is encrypted by IPSec as well as by SSL, so the data is encrypted
twice
Can configure IP-HTTPS to work when behind authenticating proxy
IP-HTTPS is now preferred transport

20.  DNS Query for DirectAccess-NLS.corp.domain.com
 IPv4 (A) DNS Query for da.domain.com

21. NAT64/DNS64 is the reason DA works on IPv4 Networks
172.16.0.20
Native IPv4 traffic IPv4-only Server
Native IPv6 traffic
fd00:fefe:2::172.16.0.20
IPv6 Prefix - fd00:fefe:2::/96
SERVER IN AAAA IN A80
SERVER FD00:FEFE:2::172.16.0.20
TCP port 172.16.0.20s
IPv4 Internal Address – 172.16.0.100
172.16.0.101 172.16.0.20
TCP port TCP port 80
1060
IPv6 Network IPv4 Network
NAT64/DNS64
gateway (DA)
fd00:fefe:1::bef1:2002, TCP port 1025
IPv6 Client DNS Server
fd00:fefe:1::bef1:2002 172.16.0.2
8. NAT64 gateway translates theAAAAIPv6
1. NAT64 gatewaysendsthat DNSresponse to
6. DNS64 convertstranslatesto /96 IPv6query
4. NAT64 device forwardsIPv4 query record
2. IPv4-only informs
NAT64 device replies no queryfor
3. DNS Server configuredAAAAAAAA packet
9.9.IPv6 Client Server DNSA with the dynamic
NAT64 devicesendsDNS DNSassociating to
the IPv4 for
A packet the
5. DNS AAAA one, connection
7. IPv6 Client sends
packet to IPv4, dynamically
IPv4-only IPv4 replies withNAT64 gateway
an IPv6using associated toIPv6 IPv4IPv4
existsaddress used adding Server’s
Server
to IPv6andServer DNS Server IPv4 address
to authoritative by the
IPv4 for
prefix addressthe information in /96 prefix
Server IPv6 address with anthe the
IPv6
source address pool
address
translation table
receiver
from the pool

25. Offline Provisioning of Direct Access Clients

26. Djoin /provision /machine CLIENT1 /domain corp
/policynames "DirectAccess Client Settings"
/rootcacerts /savefile c:filesprovision.txt
/reuse

28. Download Windows Server
2012
Learn
Act

29. MCSA: Windows Server 2012
+ + =
Installing and Configuring Advanced
Configuring Windows Administering Windows Windows Server 2012 MCSA: Windows Server
Server 2012 Server 2012 Services 2012
Installing and Configuring Advanced
Configuring Windows Administering Windows Windows Server 2012
Server 2012 Server 2012 Services Find a Learning Partner

30. MCSE: Server Infrastructure
* Requires
recertification
+ + =
Designing and Implementing an
Implementing a Server Advanced Server MCSE: Server
Windows Server 2012 Infrastructure Infrastructure Infrastructure
Designing and Implementing an
Implementing a Server Advanced Server
Infrastructure Infrastructure Find a Learning Partner

31. MCSE: Desktop Infrastructure
* Requires
recertification
+ + =
Implementing Desktop
Implementing a Desktop Application MCSE: Desktop
Windows Server 2012 Infrastructure Environments Infrastructure
Implementing Desktop
Implementing a Desktop Application
Infrastructure Environments Find a Learning Partner

32. Upgrade paths
Windows Server 2012
Designing and
Implementing a Server Implementing an Advanced
Server Infrastructure
Infrastructure Server Infrastructure
Any of the following certifications qualify:
• MCSA: Windows Server 2008*
•
•
•
MCITP: Virtualization Administrator
MCITP: Enterprise Messaging Administrator
MCITP: Lync Server Administrator
Either or
• MCITP: SharePoint Administrator Upgrading Your Skills to
• MCITP: Enterprise Desktop Administrator
MCSA Windows Server
2012 Both
Implementing a Desktop Implementing Desktop
Desktop Infrastructure
Infrastructure Application Environments