1
00:00:02,540 --> 00:00:05,160
Hello, and welcome once again to Implementing Always On VPN.

2
00:00:05,160 --> 00:00:09,940
In this module, we're going to configure the VPN infrastructure.

3
00:00:09,940 --> 00:00:13,260
Configuring the VPN infrastructure involves several different steps.

4
00:00:13,260 --> 00:00:16,940
To begin, we'll deploy and configure our NPS server,

5
00:00:16,940 --> 00:00:19,270
which will be used to provide authentication for our

6
00:00:19,270 --> 00:00:22,430
user‑based Always On VPN connections.

7
00:00:22,430 --> 00:00:23,350
Once that's done,

8
00:00:23,350 --> 00:00:26,750
we'll move on to configuring the VPN server itself to support both

9
00:00:26,750 --> 00:00:32,840
user and device‑based Always On VPN connections.

10
00:00:32,840 --> 00:00:34,600
So the first server that we're going to focus on in

11
00:00:34,600 --> 00:00:37,310
this module is the NPS server, and, of course,

12
00:00:37,310 --> 00:00:40,100
NPS stands for Network Policy Server.

13
00:00:40,100 --> 00:00:44,380
NPS is Microsoft's implementation of RADIUS, an open standard protocol.

14
00:00:44,380 --> 00:00:46,170
We discussed all of that in module three.

15
00:00:46,170 --> 00:00:48,270
And the NPS, as a reminder,

16
00:00:48,270 --> 00:00:51,480
is used for authentication specifically to authenticate

17
00:00:51,480 --> 00:00:54,580
users who are establishing a user‑based VPN,

18
00:00:54,580 --> 00:00:57,940
or Always On VPN, connection.

19
00:00:57,940 --> 00:01:00,920
Configuring the NPS server requires a number of different steps.

20
00:01:00,920 --> 00:01:04,480
To begin, we'll provision the virtual machine and join it to the domain.

21
00:01:04,480 --> 00:01:06,190
I'm going to assume that's already done.

22
00:01:06,190 --> 00:01:10,390
I don't want to rehash those very simple and basic administrative tasks.

23
00:01:10,390 --> 00:01:13,580
So in my lab and in my demonstration here,

24
00:01:13,580 --> 00:01:16,440
those machines are already built and joined to the domain.

25
00:01:16,440 --> 00:01:18,610
We're going to validate our certificate enrollment.

26
00:01:18,610 --> 00:01:20,450
That's critical before we start moving on.

27
00:01:20,450 --> 00:01:22,660
We want to make sure that our certificates are enrolled

28
00:01:22,660 --> 00:01:25,340
for and installed in the correct stores.

29
00:01:25,340 --> 00:01:29,600
We will then install the Network Policy Server, or NPS, role.

30
00:01:29,600 --> 00:01:32,390
And technically speaking, that is NPAS.

31
00:01:32,390 --> 00:01:36,240
The role is called NPAS, Network Policy and Access Service

32
00:01:36,240 --> 00:01:38,690
role, but we we call it NPS for short.

33
00:01:38,690 --> 00:01:39,550
And then finally,

34
00:01:39,550 --> 00:01:48,000
we're going to configure our NPS policy to support user‑based Always On VPN connections.