远程管理 DirectAccess 客户端Manage DirectAccess Clients Remotely

适用于:Windows Server(半年频道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

远程访问监视报告远程用户活动以及 DirectAccess 和 VPN 连接的状态。Remote Access monitoring reports remote user activity and status for DirectAccess and VPN connections. 它跟踪客户端连接的数量和持续时间(以及其他的统计信息),并监视服务器的操作状态。It tracks the number and duration of client connections (among other statistics), and monitors the operations status of the server. 易于使用的监视控制台允许你查看整个远程访问基础设施。An easy-to-use monitoring console provides a view of your entire Remote Access infrastructure. 监视视图可用于单台服务器、群集和多站点配置。Monitoring views are available for single server, cluster, and multisite configurations.

注意: Windows Server 2016 将 DirectAccess 和远程访问服务 (RAS) 组合到一个远程访问角色中。Note: Windows Server 2016 combines DirectAccess and Remote Access Service (RAS) into a single Remote Access role.

本指南包含的内容In this guide

本文档说明如何使用 DirectAccess 管理控制台和相应 Windows PowerShell cmdlet(作为远程访问服务器角色的一部分提供)来利用远程访问的监视功能。This document contains instructions for leveraging the monitoring capabilities of Remote Access by using the DirectAccess management console and the corresponding Windows PowerShell cmdlets, which are provided as part of the Remote Access server role.

将对下面的监视和记帐方案进行说明:The following monitoring and accounting scenarios are explained:

  1. 监视远程访问服务器上的现有负载Monitor the existing load on the Remote Access server

  2. 监视远程访问服务器的配置分发状态Monitor the configuration distribution status of the Remote Access server

  3. 监视远程访问服务器及其组件的操作状态Monitor the operations status of the Remote Access server and its components

  4. 识别并解决远程访问服务器操作问题Identify and resolve Remote Access server operations issues

  5. 监视器连接远程客户端以监视活动和状态Monitor connected remote clients for activity and status

  6. 使用历史记录数据生成远程客户端的使用情况报告Generate a usage report for remote clients by using historical data

了解监视和记帐Understand monitoring and accounting

为远程客户端开始监视和记帐任务之前,你需要了解二者的区别。Before you begin monitoring and accounting tasks for remote clients, you need to understand the difference between the two.

  • 监视显示在给定时间点有效连接的用户。Monitoring shows actively connected users at a given point in time.

  • 记帐保留已连接到企业网络的用户历史记录及其使用情况详细信息(用于合规性和审核)。Accounting keeps a history of users who have connected to the corporate network, and their usage details (for compliance and auditing purposes).

远程客户端监视基于连接。Remote client monitoring is based on connections. 存在两种类型的由 DirectAccess 客户端建立的隧道连接:There are two types of tunnel connections that are established by DirectAccess clients:

  • 计算机隧道流量连接:在系统上下文中,该隧道将由计算机建立以访问名称解析、身份验证、修正更新等所需的服务器。Machine tunnel traffic connections: This tunnel is established by the computer, in system context, to access servers that are required for name resolution, authentication, remediation updating, and so on.

  • 用户隧道流量连接:在用户上下文中,当用户尝试访问企业网络上的资源时,该隧道将由计算机上的用户帐户建立。User tunnel traffic connections: This tunnel is established by the user account on the computer, in a user context, when the user tries to access a resource on the corporate network. 根据部署要求,用户可能需要提供强凭据(例如,通过使用智能卡或提供一次性密码)来访问企业网络资源。Depending on the deployment requirements, a user might have to provide strong credentials (for example, by using a smart card or providing a one-time password) to access the corporate network resources.

对于 DirectAccess,连接由远程客户端的 IP 地址进行唯一标识。For DirectAccess, a connection is uniquely identified by the IP address of the remote client. 例如,如果为客户端计算机打开计算机隧道,并且某位用户从该计算机连接,这将会使用相同的连接。For example, if a machine tunnel is open for a client computer, and a user is connected from that computer, these would be using the same connection. 如果在机器隧道仍处于活动状态的同时,用户断开连接并再次连接,这是一个单一连接。In a situation where the user disconnects and connects again while the machine tunnel is still active, it is a single connection.