Adding short-term Direct Access capacity (corona virus planning) RRS feed

  • Question

  • Just wondering what others might be doing to add extra remote access capacity.  I'm doing a bit of pre-planning to provide extra remote access for staff, in the event that this corona virus thing escalates and we send staff away to "work from home".

    I don't want the long-term scenario to include a cluster and I also don't need any geographical considerations (single site).

    So I am considering building a few extra stand-alone Direct Access servers and manually balancing load in a crude fashion by putting computer accounts across the various security groups (one group per server).

    I'm mindful of the bandwidth limitations of Direct Access due to that horrible bug limiting file download performance (from server to client).  So having multiple hosts gets me around that.  Considering a recommendation to temporarily double our Internet link bandwidth.

    Is anyone else making plans?  Just me?

    Monday, March 2, 2020 3:04 AM

All replies

  • ... oh, am also considering rolling out an Always On VPN server to sit alongside Direct Access ... might be a good time to evaluate this, as it shouldn't have the performance limitations DA has.
    Monday, March 2, 2020 3:05 AM
  • Hi,

    we´re already in homeoffice and solved the loadbalancing with a ha-Proxy clister (https://www.haproxy.org/) in front of the DA Servers. This setup is working nicely (we got a Problem with the nameresolution on one of the two DA Servers, but that doesn´t seem to have the reason of loadbalancing since it only is an error with one NRPT entry)

    This would save you from balancing manually and is also a nice Setup in case on of the DA-Servers Fails, because haproxy does a Failover then. For a user on the failing Server the connection is back in under 60 secs.



    Tuesday, March 17, 2020 8:30 AM
  • Hi,

    depends on the numbers of users you have and what you expect of traffic.

    Do you have a split tunnel scenario? That will help to reduce the load on your servers.

    In my experience, DA scales better out than up, so you might want to consider virtual servers on your physical hosts. Since direct access traffic is CPU bound, make sure not to over-commit the physical hardware.


    Wednesday, April 29, 2020 11:11 AM
  • I believe you should stick with DA.

    That would cause less problems in the long run.

    Up would not fare good if this lock down continues for long periods of time.
    • Edited by AbigailFord Wednesday, April 29, 2020 11:43 AM
    Wednesday, April 29, 2020 11:42 AM