Streamlining Direct Access for Minimal Infrastructure Setup (Accessing intranet solely for File Sharing) RRS feed

  • Question

  • Very New Here.

    Hope I'm in the right place.

    I am looking at setting up Direct Access for a very small client, 10 employees.

    The only reason they currently have an intranet (other than for internet connectivity) is for printing and file sharing / backups to fault tolerant storage on a central server running MS Server 2012 standard (the physical server is well provisioned as we anticipate setting up many other features).

    I have read through the Base Lab Configuration as well as the Direct Access Lab configuration documents from MS.

    One thing I could not really put together based on what was given and by searching a myriad of other sites is this:

    What is my minimum infrastructure footprint to enable Direct Access for this intranet?

    To Clarify, how few servers (or virtual servers) can I set up to carry out direct access to this file-sharing server? 

    From what I gather, it doesn't seem possible to do it with one server instance, ie have all the server roles necessary to run Direct Access (IIS, DC, DNS, DA) running on the physical server, while at the same time functioning as a normal file share... (One other consideration is that I am running Win 7 Ultimate on all client computers so PKI might need to be running somewhere too - from what I have read?)

    I am willing to be proven wrong (In fact, I would love it!), but I'm thinking that this is not only impossible but probably not the best idea for reasons that I have some basic grasp of but am certainly not an expert on.

    Can someone enlighten me with a topology that would minimize the server instances as much as possible by appropriately condensing server roles down to the minimum number of machines that could make this work? 

    For Example: If Direct Access and Domain Control cannot be run on the same server (I don't know if this is true, this is just to set up the example) then we have at minimum to run at least two server instances. If those two were run separately and it was possible to run IIS, DNS, and PKI each concurrently with Direct Access or Domain Control, then we would be able to keep only 2 distinct instances of MS Server running:


    Server1 -> DA + IIS + File Sharing

    Server2 -> DC + DNS + PKI

    Or some other version of that (which would be great because that's the maximum possible of instances with a standard MS Server 2012 license)

    All this being said, I'm not exactly sure that this is even a complete list of the separate server roles that are necessary to run Direct Access, which is another reason I'm posting. It would be awesome to have this list of necessary server roles and then another physical machine breakdown stating which roles can be run concurrently on which instances.

    I would like to know this because if I can, I would like to avoid buying another license but I would also just like to keep unnecessary Virtual Servers from running because it's very likely that I will need to build in additional virtual servers for applications in the near future; although, as I stated earlier my physical machine is no tin can.

    Thanks in advance for any direction.

    Monday, September 28, 2015 11:02 PM

All replies

  • Hi,

    For a minimum lab.

    Server 1 : DC + DNS + PKI + IIS + File Share +NLS (possible if you ceate a separate DNS record)

    Server 2 : Dedicated to DA

    After, with virtualization solution such as Hyper-V, you can hosr Server 1 and Server 2 as virtual machines. To at last you can host everything on a single Hyper-V server.

    IMO : Would be great to separe DC from PKI, so an additional virtual machine.

    BenoitS - Simple by Design

    • Proposed as answer by BenoitSMVP Wednesday, September 30, 2015 11:04 AM
    Wednesday, September 30, 2015 11:04 AM