Packt has recently published a new book "Microsoft DirectAccess Best Practices and Troubleshooting". (http://aka.ms/PacktPub_DA_Troubleshooting)
A few weeks ago I was asked to review the book.
Written by Jordan Krause a Microsoft MVP in Enterprise Security, and specializes in DirectAccess.
Packt Publishes advertises this book is an ideal guide for any existing or future DirectAccess administrator and system administrators who are working on Windows Server 2012.
This book will also be beneficial for someone with a basic knowledge of networking and deployment of Microsoft operating systems and software who wants to learn the intricacies of DirectAccess and its interfaces.
It’s a pretty condensed book of 116 pages in total, of which 98 technical content.
Structured in 5 chapters:
Chapter 1: DirectAccess Server Best Practices
Chapter 2: DirectAccess Environmental Best Practices
Chapter 3: Configuring Manage Out to DirectAccess Clients
Chapter 4: General DirectAccess Troubleshooting
Chapter 5: Unique DirectAccess Troubleshooting Scenarios
From a technical standpoint of view, it’s an interesting read, with lot of interesting advice.
It is quite confusing that the author discusses topics which are explained in a later chapter.
ISATAP for example. Chapter 2 discusses IPv6 vs ISATAP, while chapter 3 explains the ISATAP definition ( Intra-Site Automatic Tunnel Addressing Protocol).
To build the story in the book, it would make more sense to explain the basics first as it’s key information to the topics discussed and explained. It’s a good practice to set a common ground and vocabulary first, to start off on the right foot.
But when I say condensed, it really is condensed and not only on content level. Regarding readability, some of the pages are large blocks of heavy text, long sentences, barely using white space or paragraphs. Sentences reaching 4 lines require you to read the sentence again.
Shorter sentences and using more paragraphs is a simple fix.
Although the book is packed with valuable information, I’m a bit disappointed in the fact that the book does not get it’s full potential.
It would greatly improve by putting all hints & tips in a quick list (eg in an additional chapter or quick reference card), and/or gathering the do’s and don’ts in an action list like:
- There are 3 platforms providing Direct Access: Windows 2008 R2, UAG and Windows 2012. Majority of DA deployments are covered by UAG and Windows 2012 as Windows 2008 R2 is quite difficult to handle.
- Clients must be Windows 7 Enterprise, Windows 7 ultimate or Windows 8 Enterprise
- Windows 7 pro and Windows 8 Pro do not support Direct Access (See: http://support.microsoft.com/kb/2756536)
Practical Hints & tips
- The default gateway setting must only be defined on the external NIC
- Name your NICs intuitively (chapter 1)
- Set NIC binding correctly (chapter 1)
- disable NICs not in use (ch.1)
- Check Receive Side Scaling (RSS) (ch.1)
- Enable spoofing of MAC addresses on VMs (ch.1)
- Add static routes
- Choose proper hostname
- Join domain
- Prestage the computer account
- DA must be a remote access platform and nothing else
- Don’t use the Getting started wizard … + reasons (see chapter 1 of book)
- Run the full Remote Access Setup Wizard
- Create your own GPOs (ch.2)
- Do not host the NLS website on the DA server
- Set Teredo to Enterprise client
- Use DNS Round Rbin for DA CLuster (ch.3)
- Set client side firewall rules for each protocol needed (ch.3)
- … (and so on)…
Furthermore, in the technical section in the book you won’t find any links to useful references, although there are plenty of opportunities to put in added value, again.
PacktPub has extremely good books that support this book:
- Windows Server 2012 Unified Remote Access Planning and Deployment
- Microsoft Forefront UAG 2010 Administrator’s Handbook
- Mastering Microsoft Forefront UAG 2010 Customization
Sorry, correction, the commercial part at the end refers to one of them.
But that’s not the author’s credit.
- There is a massive amount of additional reading and in depth material out-there, which the author could refer to. I’ll come to that in a second (cfr NRPT)
- I would love to get some insight in the list of hyperlinks the author frequently uses regarding this topic. Show me your favorites, man!
- The author explicitly targets existing DA administrators and “anyone interested in learning more about the technology before diving in for themselves”.
But the index at the end of the book is missing essential acronym definitions.
It would be nice to give the explanation with the acronym, like
DIP, see Dedicated IP, 62,85
UAG, see Unified Access Gateway, 36
NRPT,see Name Resolution Policy Table, 50
NAT, see Network Address Translation, 35-37
GSW, see Getting Started Wizard
One stunning example is NRPT, which is frequently touched in the book, but never explained.
Even in the simplest case a reference to some useful resources would have helped, like:
- Introduction to the NRPT (http://technet.microsoft.com/nl-nl/library/ee649207(v=ws.10).aspx)
- Appendix B: The Name Resolution Policy Table (NRPT) (http://technet.microsoft.com/nl-nl/library/ee649241(v=ws.10).aspx)
- So, I’m hoping that Packt Pub will fix the gap.
Despite, I still consider the Microsoft DirectAccess Best Practices and Troubleshooting book as a quick reference and a companion guide for Direct Access Administrators.
An additional (online) reference list will make this book on DirectAccess rock, like Jordan kicks off with on page 1.
And why not building that online reference on Technet Wiki?
Note to the layout team: a small detail to make it complete: when you use justified layout (left and right aligned), that would make the book more polished.