DirectAccess Capacity Planning

Introduction

I’ve been working with DirectAccess for more than 5 years now. I’ve designed and deployed secure remote access solutions using DirectAccess for some of the largest organizations in the world. From experience, I can tell you that one of the most challenging aspects for large-scale deployments is capacity planning.

Capacity Planning Challenges

For organizations planning to support a large number of DirectAccess clients, ensuring that the system has enough resources to handle all of the connections and traffic quickly and efficiently is essential. Determining just how much capacity will be required for a given number of users turns out to be quite a challenge.

Unfortunately, there is no easy and convenient table that can be referenced to define exactly how much CPU, memory, and network resources will be required for X number of users. The challenge here is that there are myriad, complex factors that affect the equation. For example, networking configuration and supported clients (both the number and type) have a major effect on the scalability and performance of the solution. In addition, DirectAccess options like authentication scheme and force tunneling can have a big impact on performance, scalability, and ultimately the end user experience.

Regardless of the level of difficulty, some form of capacity planning must take place when sizing the hardware for a DirectAccess deployment. Because of the large number of configuration options, Microsoft has published some basic guidelines to roughly estimate capacity needs. Their performance tests used simulated clients against baseline hardware configuration, and those results can be viewed here.

Celestix also provides rough estimate user-count guidelines for the E Series platform. Our guidelines are based on internal testing along with input from real world deployments of our appliance platform in a variety of configurations. You’ll notice that our workload-specific appliance platform is tuned to deliver much better performance than you’ll find using virtual machines or industry-standard servers.

Each deployment is unique, so the capacity planning exercise has to take into account all of the factors and nuances for the implementation. It’s important to remember that our guidelines are just that – guidelines. Your mileage may vary.

Conclusion

DirectAccess capacity planning is far from an exact science, and existing documentation is minimal at best. For the best possible results, rely on the Celestix E Series security appliance, with its certified configuration and predictable performance, as well as the broad experience and real-world expertise of our solution architects. Our proven combination will go a long way to making sure that your DirectAccess deployment is successful.

For more information about the E Series appliance platform and DirectAccess, visit celestix.com/edge or call us at +1 (510) 668 0700 or email us at info@celestix.com.