Configure Kemp LoadMaster for DirectAccess NLS

In a previous post I outlined how to configure the F5 BIG-IP Local Traffic Manager (LTM) to serve as the Network Location Server (NLS) for a DirectAccess deployment. Many people then asked if it was possible to do the same with the Kemp Technologies LoadMaster load balancing solution. Until now, it was not. However, beginning with release 7.1-28b it is!

After upgrading your Kemp LoadMaster to version 7.1-28b, open the LoadMaster management console, expand Virtual Services, and then click Add New. Specify a Virtual Address, enter 443 for the Port, optionally provide a descriptive Service Name, select TCP for the Protocol, and then click Add this Virtual Service.

Configure Kemp LoadMaster for DirectAccess NLS

Expand SSL Properties and select Enabled for SSL Acceleration. If you have not yet installed the SSL certificate for the NLS, you will be prompted to use a temporary certificate.

Configure Kemp LoadMaster for DirectAccess NLS

Expand Advanced Properties and select 200 OK from the Error Code drop-down list. Optionally you can enter a description for the service in the Error Message box and click Set Message. This will be displayed if someone opens the NLS web site in a web browser.

Configure Kemp LoadMaster for DirectAccess NLS

At the top of the page click Back. If the SSL certificate for the NLS was not previously installed, add it now by clicking Add New.

Configure Kemp LoadMaster for DirectAccess NLS

Click Import Certificate and provide the certificate file as required. Once the certificate is installed successfully, assign the certificate to the NLS virtual service and click Save Changes.

Configure Kemp LoadMaster for DirectAccess NLS

Once complete, update the DNS record for NLS to point to the IP address assigned to the virtual service running on the LoadMaster.

For more information about the Kemp Technologies LoadMaster load balancer and to download a free fully-functional trial, click here. You can also download a completely free and fully-functional version of the Kemp LoadMaster here.

To learn more about the DirectAccess NLS, please refer to the following posts:

DirectAccess Network Location Server Guidance

DirectAccess NLS Deployment Considerations for Large Enterprises

DirectAccess Single NIC Load Balancing with Kemp LoadMaster

Kemp Technologies Load BalancersEarlier this year I authored the Windows Server 2012 R2 DirectAccess Deployment Guide for Kemp LoadMaster load balancers. The documentation described in detail how to configure the Kemp LoadMaster to provide load balancing for DirectAccess when configured with two network adapters. It also assumed that the DirectAccess server is configured to use the LoadMaster as its default gateway.

There are many scenarios in which the DirectAccess server does not use the LoadMaster as its default gateway, most commonly deployments where the DirectAccess server is configured with a single NIC. To support load balancing for DirectAccess configured with a single NIC, it will be necessary to make some changes to the LoadMaster configuration to enable load balancing support for this scenario.

To configure the Kemp LoadMaster for load balancing DirectAccess single NIC deployments, follow the guidance to create the virtual service as documented. After creating the virtual service for DirectAccess, expand Standard Options, deselect Transparency, and then select Subnet Originating Requests.

DirectAccess Single NIC Load Balancing with Kemp LoadMaster

This will configure the LoadMaster to forward traffic to the DirectAccess server using the internal IP address of the LoadMaster as the source IP address for the connection instead of the original public address of the client. This allows the DirectAccess server to return DirectAccess traffic to the LoadMaster without having to use it as its default gateway.

DirectAccess and the Free Kemp Technologies LoadMaster

Kemp Technologies Load BalancersBeginning with Windows Server 2012, DirectAccess includes native support for external load balancers. Where high availability is required (which is most deployments!) the use of an external load balancer (physical or virtual) has many advantages over Windows Network Load Balancing (NLB).

While NLB is easy to configure, it is not without serious drawbacks. NLB relies on network broadcasts, which limits its effectiveness in some environments. In addition, NLB supports only a single load distribution mode, which is round robin. NLB also lacks a convenient monitoring interface.

A dedicated load balancing solution provides more robust load balancing and better, more granular traffic control than NLB. Along with this greater control comes increased traffic visibility, with most solutions providing details and insight in to node health, status, and performance. Many solutions also offer Global Server Load Balancing (GSLB) support, which enhances geographic redundancy and offers improvements when performing automatic site selection in multisite deployments.

Often the barrier to adoption for a dedicated external load balancer is cost. Many of the leading solutions are incredibly powerful and feature-rich, but come with a substantial price tag. The Kemp Technologies LoadMaster Load Balancers solution is an excellent, cost-effective alternative and works quite well providing load balancing support for DirectAccess. And to make things even more interesting, they recently announced a completely FREE version of their commercial load balancing product.

The Free Kemp Technologies LoadMaster Load Balancer is fully functional and supported for use in production environments. It provides full layer 4-7 support and includes reverse proxy, edge security, web application firewall (WAF) functionality, and GSLB. It can be installed on most major virtualization platforms including Microsoft Hyper-V, VMware, and more. The free LoadMaster is also available in Kemp Technologies LoadMaster Load Balancer on the Microsoft Azure Public Cloud Platform, as well as the VMware and Amazon public cloud platforms.

The free LoadMaster does have some restrictions, however. For example, you cannot create high availability clusters of LoadMasters. Also, the free LoadMaster is limited in terms of network throughput (20Mbps) and SSL/TLS transaction per second (50, using 2048 bit keys). There is also a limit on the number of virtual servers you can create (1000). The free LoadMaster must also have access to the Internet as it must be able to call home to validate its license every 30 days. You can find a complete model comparison matrix between the free and commercial Kemp LoadMasters Kemp LoadMaster Comparison Chart.

As the free version of the Kemp LoadMaster does not support clustering, technically you still have a single point of failure. However, it can still deliver a net improvement in stability and uptime, as the LoadMaster is a purpose-built platform that requires much less servicing and maintenance than a typical Windows server.

DirectAccess Deployment Guide for Kemp LoadMaster Load BalancersFor detailed information about configuring the Kemp LoadMaster to provide load balancing services for DirectAccess, be sure to download the DirectAccess Deployment Guide for Kemp LoadMaster Load Balancers. And if you end up liking the free Kemp LoadMaster load balancer (and I’m confident you will!) you can always upgrade to the full commercial release at any time.

For more information about the free Kemp LoadMaster load balancer, click Free Kemp LoadMaster Load Balancer.

%d bloggers like this: