locked
ISATAP in case of Multisite deployment of Windows Server 2012 Direct Access RRS feed

  • Question

  • Hi All,

    Please let me know if we can use ISATAP in case of Multisite Direct Access windows server 2012 deployement?

    If yes, what would be the DNS entry that would be created for ISATAP?

    Thanks in advance.

    Regards

    Shubham

    Thursday, October 3, 2013 2:11 AM

All replies

  • Hi,

    Yes it's possible to have ISATAP enabled witd Multisite deployment scenarios. it's more a problem of address space rather than DNS address. You wont be able to use ISATAP DNS record because you may want to have local ISATAP router on each site. The real challenge is what address space and how to route between them

    At last what will be your usage of ISATAP?


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, October 3, 2013 7:08 AM
  • You would have to remove the ISATAP role from the DirectAccess servers themselves, and run ISATAP instead on its own routers or servers (in each datacenter). There used to be documentation from Microsoft on doing this, and then it got pulled, I think because it's no longer a supported scenario. I think it would be easier/better to use native IPv6 in your network rather than ISATAP for this situation.

    Many companies don't need ISATAP at all, so just as Benoit is saying with his question - if you don't have a real reason for needing it, don't install it at all. DirectAccess will work just fine without ISATAP.

    Thursday, October 3, 2013 2:05 PM
  • I will insist on my question.

    If it's for remote management capabilities, in many cases (SCCM case) agent initiate communication with server infrastructure. The only case you need an internal computer to communicate with a DirectAccess client located on Internet is when you want to remote control it. Even with this scenario, it's much more easier to setup a secure connection between two DirectAccess clients to perform remote management rather than configure it from an internal client to a DirectAccess client.

    Best regards.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, October 3, 2013 2:27 PM