As this is a lab environment and to simplify the installation an Enterprise Certificate Authority installed directly on a domain controller offers the greatest ease of use and deployment. In a production environment different settings may well have been selected, especially the requirement to have a separate enterprise root which may be switched off. In “Add Roles” select “Active Directory Certificate Services”Īll of the default settings are accepted. Next, we install Certificate Services using server administrator. If you have configured reverse lookups then you may create an associated PTR record. In production this service should be made highly available through Network Load Balancing in case a server fails or needs to be rebooted for any reason. This is simply a web site that, when clients can connect to it they know they are internal to the network and if they cannot connect to it they assume that they are external to the network and try to tunnel through the UAG server.
We then add a record for the host name NLS with the IP address on our file server that we will use to host the Network Location Service. We add a DNS record to this server for the host name ISATAP with the IP address if the internal interface of our UAG server (192.168.0.8). This will also install and configure a basic DNS. Then fix the IP address on the server to be the domain controller and promote the server to be the first domain controller for the domain (in my case ). The first step to building the lab is to install all of the operating systems. Instead we shall use the 192.168.0.0/24 subnet as an internal network and a 212.44.33.0/24 subnet as an external network emulating the internet. Moreover, as this is a lab it is not connected to the true internet. Instead the UAG server performs 6to4 translation to allow DirectAccess to function. Advanced operating systems have link local IPv6 addresses but, other than that, IPv6 addresses are not used. The test-pc requires only 1 but its IP address will change depending on whether or not it is internal or external to the network. Internal File Server to test DirectAccess functionalityĮxternal / Public DNS Server (setup as a domain) – public certificate CAĬlient to test transparent access when on internal network and external network using DirectAccessĪs can be seen from the above, the UAG server requires two network cards.
Domain Controller, Certificate Authority, Internal DNS
0 kommentar(er)
