1
00:00:02,540 --> 00:00:07,240
So moving on, let's enable Windows Network Load Balancing.

2
00:00:07,240 --> 00:00:10,300
So the first thing we need to do on the first VPN server is

3
00:00:10,300 --> 00:00:13,010
install the Network Load Balancing role,

4
00:00:13,010 --> 00:00:16,740
and the way to do that is with PowerShell because it's quick and simple,

5
00:00:16,740 --> 00:00:21,330
and the command is just Install‑WindowsFeature NLB and

6
00:00:21,330 --> 00:00:35,940
‑IncludeManagementTools as well.

7
00:00:35,940 --> 00:00:39,120
Once that's done, we can move on with the configuration of NLB.

8
00:00:39,120 --> 00:00:40,560
Now in the interest of time,

9
00:00:40,560 --> 00:00:45,120
I've already installed the NLB feature on my second VPN server here.

10
00:00:45,120 --> 00:00:49,690
So I'm just going to open up the Network Load Balancing management console,

11
00:00:49,690 --> 00:00:53,640
and the configuration is actually pretty straightforward.

12
00:00:53,640 --> 00:00:56,820
So we're just going to right‑click here and choose New Cluster,

13
00:00:56,820 --> 00:01:00,500
and we'll provide the name of the first server,

14
00:01:00,500 --> 00:01:03,770
that's this individual server, and you can use its host name,

15
00:01:03,770 --> 00:01:07,530
or if you're on the server itself, you can just use localhost.

16
00:01:07,530 --> 00:01:11,390
And if you have multiple network interfaces,

17
00:01:11,390 --> 00:01:15,750
you only need to deploy NLB on the external interface.

18
00:01:15,750 --> 00:01:19,120
So if you're using a single NIC, or single network interface,

19
00:01:19,120 --> 00:01:22,100
then you can just select the only available adapter here,

20
00:01:22,100 --> 00:01:24,600
but if you're using the multi‑home model,

21
00:01:24,600 --> 00:01:28,440
simply select the external interface and then choose Next.

22
00:01:28,440 --> 00:01:29,640
No other changes here.

23
00:01:29,640 --> 00:01:34,720
This is the dedicated IP address of this server, and so we'll click Next.

24
00:01:34,720 --> 00:01:38,070
And here's where you're going to add your cluster IP address,

25
00:01:38,070 --> 00:01:41,770
and this is the virtual IP address or VIP for this cluster.

26
00:01:41,770 --> 00:01:46,640
So make sure that this is an IP address from the same subnet as the VPN server,

27
00:01:46,640 --> 00:01:48,050
and of course, obviously,

28
00:01:48,050 --> 00:01:52,640
make sure it's not in use anywhere else on your network.

29
00:01:52,640 --> 00:01:56,240
So we'll click OK, click Next.

30
00:01:56,240 --> 00:01:59,170
And this is the operating mode that I was talking about before.

31
00:01:59,170 --> 00:01:59,890
In this case,

32
00:01:59,890 --> 00:02:01,650
we're going to use Unicast because that's kind of

33
00:02:01,650 --> 00:02:03,770
the best default operating mode.

34
00:02:03,770 --> 00:02:07,310
You may have to use Multicast, depending on your hypervisor,

35
00:02:07,310 --> 00:02:10,640
but in this case, we're just going to go use Unicast and move on.

36
00:02:10,640 --> 00:02:15,350
Switch is next, and here we're just going to accept the defaults.

37
00:02:15,350 --> 00:02:18,360
We're going to go ahead and cluster this for all ports on this server.

38
00:02:18,360 --> 00:02:22,070
It's not really important that we set this up for individual ports.

39
00:02:22,070 --> 00:02:24,630
The edge firewall is going to do the screening of ports.

40
00:02:24,630 --> 00:02:27,410
So in this case, we'll go ahead and load balance all ports on

41
00:02:27,410 --> 00:02:33,000
that external interface, and then we'll click Finish, and once

42
00:02:33,000 --> 00:02:34,540
the configuration is complete,

43
00:02:34,540 --> 00:02:38,440
you'll see that the interface here turns green. At this point, we're

44
00:02:38,440 --> 00:02:42,190
ready to install our second node in the cluster, and to do that, I'm

45
00:02:42,190 --> 00:02:45,610
actually just going to right‑click on this and choose Add Host To

46
00:02:45,610 --> 00:02:48,100
Cluster, and once again, as a reminder,

47
00:02:48,100 --> 00:02:52,440
I've already installed the NLB feature or role on the second server.

48
00:02:52,440 --> 00:02:57,770
So now I'll add the host name of the second server here, and once again, I'm

49
00:02:57,770 --> 00:03:01,640
going to choose the external interface, and choose Next,

50
00:03:01,640 --> 00:03:04,540
choose Next again, and then Finish.

51
00:03:04,540 --> 00:03:06,520
So then once the cluster is complete,

52
00:03:06,520 --> 00:03:09,710
you should see two healthy VPN servers here.

53
00:03:09,710 --> 00:03:12,790
The status showing as Converged, meaning the Network Load Balancing

54
00:03:12,790 --> 00:03:17,240
configuration has been propagated to both servers. And at this point,

55
00:03:17,240 --> 00:03:22,170
you should now be able to update the NAT rule on your edge firewall and

56
00:03:22,170 --> 00:03:25,640
deliver that traffic to the virtual IP address, here in my case,

57
00:03:25,640 --> 00:03:30,630
192.168.1.235, and through the magic of Network Load Balancing,

58
00:03:30,630 --> 00:03:37,000
it will distribute the traffic to the nodes in the cluster, and load balancing will be set up.