Migrating from Forefront UAG DirectAccess to DirectAccess running on Windows Server 2012 comes in two scenarios: a side-by-side migration and an offline migration. During the design phase of your DirectAccess deployment, you primarily need to consider which scenario is most appropriate for your organization. The side-by-side migration has the least impact on availability but requires more administrative overhead to configure and maintain both servers simultaneously, whereas the offline migration scenario is an all-or-nothing approach.
Side-by-side migration
A side-by-side migration calls for both the Forefront UAG DirectAccess server and the new Windows Server 2012 DirectAccess server to run simultaneously. When the Windows Server 2012 DirectAccess server is deployed, clients begin using that server. In this scenario, each server uses different settings such as IP addresses, host names, and the like so that clients can connect to each server running side by side.
Side-by-side migration involves four steps:
1. Export configuration settings from Forefront UAG.
2. Record all Group Policy Objects (GPOs) in use for Forefront UAG.
3. Install the Remote Access role on the Windows Server 2012 server.
4. Configure the Remote Access server, including GPOs.
Offline migration
In an offline migration scenario, the Forefront UAG server is turned off before the Windows Server 2012 DirectAccess server is deployed. In such a scenario, the existing server settings like IP address, host name, and certificates can be used on the new server. This scenario is sometimes informally called a big bang migration because all clients must be migrated at the same time.
After you take the existing server offline, you use the following overall steps to complete the offline migration:
1. Install the Remote Access role on Windows Server 2012.
2. Configure IP addresses to match the legacy Forefront UAG server.
3. Install a certificate for IP-HTTPS connections.
4. Prepare GPOs for the Remote Access server.
5. Configure DirectAccess.
