Always On VPN

What is Always On VPN?

Always On VPN is Microsoft’s replacement for DirectAccess. This New remote Access technology was introduced in Windows Server 2016 and Windows 10 client. It aims to address several shortcomings of DirectAccess such as support for non-Domain devices for example.


Direct Access Server

Load balancing Always On VPN

Remote access is vital to organisations of any size and any level of downtime is not acceptable.

jetNEXUS offers 3 key advantages for load balancing a Microsoft Always on VPN environment.

  • Data center resiliency and Geolocation load balancing
  • Load balancing VPN servers
  • RADIUS server resiliency

Data center resiliency

The jetNEXUS GSLB Global Server load Balancer can load balance client connections to the data center using multiple methods such as:

  • Geolocation – load balance to the closest Data center. This can also be used for custom defined networks and locations
  • Active-Active/ Active- Passive – Spread the load across the data centers based on number of connections or some other health check. Alternatively send all clients to one Data center unless its down (or not meeting health check requirements) in which case sent it to the other data center.

Load Balance Always on VPN server connections

Once the connection has arrived at the specific data center the load balancer can then choose what VPN server to send the request to based on a choice of load balancing methods

  • Round robin
  • Weighted
  • Least connections

RADIUS server resiliency

Always On VPN uses certificates for Authentication. The Authentication Protocol favored is the EAP (Extensible Authentication Protocol).

Client requests are authenticated using a RADIUS server and these can be load balanced using the jetNEXUS load balancer. Typically the NPS (Network Policy Servers) server can be load balanced to provide resilience and scalability.