Always On VPN for BYOD and capacity planning

Question

Hi,

We are planning to implement Always On VPN for Windows 10 clients for corporate and users personal Windows 10 devices. Would request your support in below points.

1. Since personal Windows10 devices/Laptop are not domain joined and not managed by corporate. What should be the VPN authentication method and how to ensure BYOD is meeting compliance? Can we use IKEv2 with user certificate for BYOD if device certificate is not feasible?
2. How to plan for Sizing the VPN and NPS Servers ? Could not find any matrix to calculate CPU, memory, Load Balancing capacity to calculate the server sizing with respect to number of clients. How can we plan for scalability ?
3. How can we integrate Always on VPN clients with Azure AD conditional access for device compliance check?

Appreciate your support in these since there is very limited info and resource we can find today.

Regards
Mahesh

Answer 1

QnA currently supports the products listed here (more to be added) Better to reach out to subject matter experts in dedicated forums over here.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverNAP

https://social.technet.microsoft.com/Forums/en-US/home?forum=win10itprogeneral

--please don't forget to Accept as answer if the reply is helpful--

--------------------------

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

Answer 2

Hi @Mahesh Aralelemath ,

The Cloud is your ideal choice to make your migration and transition with an ease.
Depending on the size of your corporate and their needs, many solution is available to scale up and down the plan, without too much restriction and automated application to ensure the functionality of the proposal. Note that your IoT Devices / Portable, Laptop computer will have the accessibility to fit into the package proposed, we can offer customized plan for every Partner, Associate or new comers and accommodate them on a one on one inclusive strategy with our diversified ressource in the Microsoft Ecosystem.

• You can also use IKEv2 with BYOD as you want following guidelines here ; VPN Client Root Certificate
  Classe
• You will want to fully understand and ensure what is does mean. Validating your own root certificate,
  instating a network protocol with cross validation Tunneling Protocol or whatever fit better for you
  depending on your precise needs.
• Sizing, Quantitative calculation or computational mechanics as well as Load Balancing and Scalability, should
  not be considered if you plan on using a simple wrapped solution.
• In addition to these service that Microsoft and the Partner Network can provide, there is specialised formula
  available that we can add in the package. To mention a few that might be interesting for you and your
  corporate, Amazon S3 Bucket and multiple Instance to critically react and scale up your workflow. It can take
  in consideration domains and subdomain, basically, it's fully manageable.

If you want to know more about a clear prospectus and what the Structure looks like, i would highly recommend you to get in touch with a Azure Cloud Specialist and from there expand your exacts need to dress up a precise blueprint.

I hope this will help you, if you need further help, feel free to get in touch.
Regards, Armand B.

---

If the answer did helped you, Please Upvote it, It will help other user to access informations vilely.

#Azure #Bucket #Cluster #AWS