locked
Direct Access 2012 Multisite Deployment RRS feed

  • Question

  • we are planning for Multisite Deployment , we already have DA 2012 working in U.S region , want to deploy new DA server 2012 in Europe region , few things like to understand is how many server GPO and client GPO do we need to create.

    Our Client PC consist of Mix of  windows 8 and Windows 7 PC.

    Thanks For your help

    Wednesday, June 26, 2013 6:13 AM

All replies

  • Hi

    First you will generate a new DirectAccess configuration with Multisite activation. This will impact your users as they wont be able to connect until they refresh their Group policies (SSTP VPN on URA box can be usefull for that). Second point. mixing Windows 7 and Windows 8 in a single DirectAccess group is not possible (Windows 7 does not understand the multisite concept). For this reason, you must have a dedicated group for Windows 8 clients and at least one dedicated group for legacy client per entry point. With this configuration Windows 8 clients will be able to use multi site feature and Windows 7 clients will be linked to ân entry point. From a GPO point of view, there is no change on URA server side. You still have a single GPO for Windows 8 clients and a dedicated GPO per entry point.

    Most important thing : never place a Windows 7 client as a member of a Windows 8 dedicated group and never have a DirectAccess clients member of multiple dedicated groups.

    Cheers


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Wednesday, June 26, 2013 7:57 PM
  • Thanks Benoit for your help.

    I have my doubts in bold letters please help with that.

    First Point :- First you will generate a new DirectAccess configuration with Multisite activation. This will impact your users as they wont be able to connect until they refresh their Group policies (SSTP VPN on URA box can be usefull for that) - I got it what you are saying , just wish to understand how using SSTP VPN on URA server can we refresh Polices for client any document or link describing steps would be help full.

    Seconf Point - econd point. mixing Windows 7 and Windows 8 in a single DirectAccess group is not possible (Windows 7 does not understand the multisite concept). For this reason, you must have a dedicated group for Windows 8 clients and at least one dedicated group for legacy client per entry point. With this configuration Windows 8 clients will be able to use multi site feature and Windows 7 clients will be linked to ân entry point. From a GPO point of view, there is no change on URA server side. You still have a single GPO for Windows 8 clients and a dedicated GPO per entry point -  Just wish to understand one thing  when we will create two separate GPO one for Windows-8 and one for Windows -7 do i need to add both GPO's under allow windows 7 to access this entry point. ?

    Thursday, June 27, 2013 4:45 AM
  • Hi

    If DirectAccess clients cannot retreive new DirectAccess configuration you can offer a SSTP connection to your corporate network. With a GPUPDATE /FORCE command, your DirectAccess client will retreive new GPO.

    There is no change on server-side configuration. Each Client-side GPO is dedicated to a targeted operating system. That'swhy you can't mix Windows 7 and Windows 8 clients in a single group.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, June 27, 2013 7:08 AM