Windows Server 2019 – Remote Access Management Console

How to install Ubuntu Server 19.10

You are well on your way to giving users remote access capabilities on this new server. As with many networking devices, once you have established all of your configurations on a Remote Access Server, it is pretty common for admins to walk away and let it run. There is no need for a lot of ongoing maintenance or changes to that configuration once you have it running well. However, Remote Access Management Console in Windows Server 2019 is useful not only for the configuration of remote access parts and pieces, but for monitoring and reporting as well. When working with DirectAccess, this is your home for pretty much everything: configuration, management, and monitoring. On the VPN/AOVPN side of the remote access toolset, you will be making many of the VPN configuration decisions inside RRAS, but RAMC is the place to go when checking over server-side monitoring, client-connection monitoring, and reporting statistics. Whether you use DA, VPN, or a combination of the two, RAMC is a tool you need to be comfortable with.

Let’s take a look inside this console so that you are familiar with the different screens you will be interacting with:

Configuration

The configuration screen is pretty self-explanatory; this is where you create your initial remote access configuration, and where you update any settings in the future. As you can see in the screenshot, you are able to configure DirectAccess and  VPN, and even the Web Application Proxy, right from this Remote Access Management Console.

Do not follow my lead with this screenshot. I have installed the DA/VPN portion of the Remote Access role alongside the Web Application Proxy portion of the same role, but it is not recommended to run both DA/VPN and WAP together on the same server. I did it simply for the purpose of creating screenshots in my test lab.

There is not a lot to configure as far as the VPN goes; you really only have one screen of options where you define what kinds of IP address are handed down to the VPN clients connecting in, and how to handle VPN authentication. It is not immediately obvious where this screen is, so I wanted to point it out. Inside the DirectAccess and VPN configuration section, if you click on Edit… under step 2, this will launch the step 2 mini-wizard. The last screen in this mini-wizard is called VPN Configuration. This is the screen where you can configure these IP address and authentication settings for your VPN connections. The remainder of your VPN configuration duties will fall within the traditional VPN configuration console, called RRAS. However, everything about DirectAccess connections is configured right from inside the Remote Access Management Console and those four mini-wizards:

Dashboard

The Remote Access Dashboard gives you a 30,000-foot view of the Remote Access Server status. You are able to view a quick status of the components running on the server, whether or not the latest configuration changes have been rolled out, and some summary numbers near the bottom about how many DirectAccess and VPN connections are ongoing:

Operations Status

If you want to drill down further into what is happening on the server side of the connections, that is what the Operations Status page is all about. Here, you can see more detail on each of the components that are running under the hood to make your DA and VPN connections happen. If any of them have an issue, you can click on the specific component to get a little more information. For example, as a test, I have turned off the NLS web server in my lab network, and I can now see in the Operations Status page that NLS is flagged with an error:

Remote Client Status

Next up is the Remote Client Status screen. As indicated, this is the screen where we can monitor client computers that are connected. It will show us both DirectAccess and VPN connections here. We will be able to see computer names, usernames, and even the resources that they are utilizing during their connections. The information on this screen can be filtered by simply putting any criteria into the Search bar at the top of the window.

It is important to note that the Remote Client Status screen only shows live, active connections. There is no historical information stored here.

Reporting

You guessed it: this is the window you need to visit if you want to see historical remote access information. This screen is almost exactly the same as the Remote Client Status screen, except that you have the ability to generate reports for historical data pulled from date ranges of your choosing. Once the data is displayed, you have the same search and filtering capabilities that you had on the Remote Client Status screen.

Reporting is disabled by default, but you simply need to navigate to the Reporting page and click on Configure Accounting. Once that is enabled, you will be presented with options about storing the historical information. You can choose to store the data in the local WID, or on a remote RADIUS server.

You also have options here for how long to store logging data, and a mechanism that can be used to clear out old data:

Tasks

The last window pane in the  Remote Access Management Console that I want to point out is the Tasks bar on the right-hand side of your screen. The actions and options that are displayed in this taskbar change depending on what part of the console you are navigating through. Make sure you keep an eye on this side of your screen to set up some more advanced functions. Some examples of available tasks are creating usage reports, refreshing the screen, enabling or disabling VPNs, and configuring network load balancing or multisite configurations if you are running multiple Remote Access Server.

Comments are closed.