Editor’s be aware: In response to the coronavirus disaster gripping the world, TechGenix is republishing a choice of latest articles, tutorials, and product critiques that include related info for IT execs as their jobs change dramatically. On this article, initially revealed Nov. 11, 2016, we present you methods to use DHCP companies in Home windows Server 2016 to facilitate your VPN.
When you use DHCP companies — and let’s face it, who doesn’t nowadays — you could be operating DHCP on Home windows Server. When you use VPN, you most likely wished to arrange DHCP relay, however perhaps discovered your community safety posture in the best way of this, both as a result of the VPN server’s inside interface was on the improper subnet for what you wished purchasers to do, or since you needed to assist a number of shopper subnets for various safety ranges. That’s a typical downside that normally results in configuring static swimming pools on the VPN concentrator for purchasers, which implies extra work and no centralized DHCP companies. If this has been an issue in your setting, you must check out Home windows Server 2016, as a result of the improved DHCP companies in Server 2016 tackle precisely these points!
You’ve gotten a DHCP server on the interior community, and a Home windows RRAS or different VPN concentrator in a screened subnet that should provision purchasers on a number of subnets. The DHCP relay agent alone can not resolve the second state of affairs, as it should get hold of ip.addrs from DHCP based mostly on the agent’s supply ip.addr as outlined in RFC 2131, which isn’t going to be on the identical subnet as most or the entire VPN purchasers. To handle this, many admins don’t have any selection however to configure a number of VPN servers or preallocate ranges of ip.addrs to every shopper subnet. Neither state of affairs is right.
There are two RFCs that suggest enhancements to DHCP companies on networks. In each instances, the necessity to provision purchasers features a separation between the purchasers and the server that easy DHCP relay alone doesn’t deal with. This might embrace a number of VPN subnets on the identical concentrator appearing because the DHCP relay agent or different advanced community preparations between the DHCP server and purchasers. The Home windows Server 2016 DHCP service consists of assist for each RFC 3011 and 3527. RFC 3011 — the IPv4 Subnet Choice Choice for DHCP — gives an answer for choosing a subnet for a DHCP task when the conventional strategies, both the subnet of the relay agent or the subnet of the interface on which the request was acquired, usually are not appropriate. The second, RFC 3527 —Link Choice sub-option for the Relay Agent Data Choice for DHCPv4 — allows a DHCP proxy to specify the subnet from which an tackle is assigned.
Whereas each of those situations are maybe fringe, they’re frequent sufficient that RFCs had been written to deal with these, and Home windows Server 2016 now helps them, so they’re possible going to be excellent news for a few of you.
However now the draw back. Fully unrelated to the brand new supported capabilities talked about above, but additionally vital in case you are contemplating Home windows Server 2016 for DHCP, be aware that the power to assist Community Entry Safety (NAP) is now gone. This was deprecated in Home windows Server 2012 R2 however nonetheless existed. In Server 2016, it’s gone. When you’ve been utilizing NAP to guard entry to subnets, you’re going to want to do one thing else, like EMS or Intune.
The DHCP service in Server 2016 works very very similar to it does in 2012 R2 and 2008 R2, with a well-recognized appear and feel to the MSC and really recognizable steps to arrange choices and scopes. In case you are seeking to begin upgrading your servers and wish to begin along with your DHCP companies, try to be good to go so long as you don’t want NAP.
Extra Distant Work articles