1
00:00:00,240 --> 00:00:01,990
So let's talk a little bit about the infrastructure

2
00:00:01,990 --> 00:00:04,610
requirements for an Always On VPN solution.

3
00:00:04,610 --> 00:00:06,870
To begin, we need a VPN server.

4
00:00:06,870 --> 00:00:11,270
Here in this course, we're going to focus on the Microsoft stack exclusively,

5
00:00:11,270 --> 00:00:14,750
so we're going to be using Windows Server and the

6
00:00:14,750 --> 00:00:17,160
Routing and Remote Access Service, or RRAS,

7
00:00:17,160 --> 00:00:17,730
role.

8
00:00:17,730 --> 00:00:22,950
However, as I had mentioned before, Always On VPN is infrastructure independent.

9
00:00:22,950 --> 00:00:26,380
It's actually implemented entirely on the client or on the endpoint.

10
00:00:26,380 --> 00:00:30,490
With that, you can use a variety of VPN servers,

11
00:00:30,490 --> 00:00:34,140
for example, Cisco, Palo Alto, Check Point,

12
00:00:34,140 --> 00:00:35,320
SonicWall, Fortinet.

13
00:00:35,320 --> 00:00:38,180
There's a variety of VPN servers that you could leverage on the

14
00:00:38,180 --> 00:00:41,190
back end to support Always On VPN connections.

15
00:00:41,190 --> 00:00:44,610
For authentication, we will need a RADIUS server,

16
00:00:44,610 --> 00:00:47,220
and again, we're going to focus on the Microsoft stack in this course,

17
00:00:47,220 --> 00:00:51,420
so we're going to be looking at Windows Server and the Network Policy Server,

18
00:00:51,420 --> 00:00:55,480
or NPS, role, but again, being infrastructure independent,

19
00:00:55,480 --> 00:00:58,220
you can use a variety of RADIUS servers,

20
00:00:58,220 --> 00:01:02,320
including Cisco ISE, Pulse Secure, Steel‑Belted Radius,

21
00:01:02,320 --> 00:01:02,670
FreeRADIUS.

22
00:01:02,670 --> 00:01:06,640
There's a variety of RADIUS solutions out there that can be leveraged to

23
00:01:06,640 --> 00:01:10,440
support authentication for an Always On VPN infrastructure.

24
00:01:10,440 --> 00:01:14,540
The client requirements to support Always On VPN are fairly straightforward.

25
00:01:14,540 --> 00:01:17,470
It works with Windows 10 or Windows 11 and both

26
00:01:17,470 --> 00:01:20,060
Professional and Enterprise edition, and yes,

27
00:01:20,060 --> 00:01:22,440
Education is also supported.

28
00:01:22,440 --> 00:01:25,010
Domain join, as I'd mentioned before, is optional,

29
00:01:25,010 --> 00:01:30,140
but you can join your endpoints to an on‑premises Active Directory if you wish.

30
00:01:30,140 --> 00:01:34,530
Always On VPN does support hybrid Azure AD join. Hybrid Azure AD

31
00:01:34,530 --> 00:01:38,530
joint is where the client is joined both to the on‑premises Active

32
00:01:38,530 --> 00:01:43,850
Directory and Azure AD. This is accomplished via synchronizing the

33
00:01:43,850 --> 00:01:48,900
computer account from the on‑premises AD to Azure AD using the Azure

34
00:01:48,900 --> 00:01:50,940
AD Connect service.

35
00:01:50,940 --> 00:01:54,940
And finally, native Azure AD join is supported as well.

36
00:01:54,940 --> 00:01:58,870
The advantage of using hybrid Azure AD or native Azure AD means

37
00:01:58,870 --> 00:02:02,470
that in terms of management, you can now support Microsoft

38
00:02:02,470 --> 00:02:09,000
Endpoint Manager or Intune for provisioning, which is going to be the preferred method of managing our clients.