The hardware requirements for servers running Forefront UAG DirectAccess vary, and are dependent on the number of concurrent users and the Forefront UAG DirectAccess configuration.

Table 1 lists the hardware that was used to test the performance capabilities of Forefront UAG DirectAccess. The performance was tested using simulated DirectAccess clients, as follows:

• The DirectAccess clients simulated connections from outside of the corporation to a server within the corporation.
  
  
• The DirectAccess clients simulated a data transfer rate with an upload-download ratio of approximately 1:9. The total client transfer rates (upload and download) used during testing are listed in Table 1.
  
  
• Each DirectAccess client transferred data for a set duration and then disconnected from the internal server and the Forefront UAG DirectAccess server.
  
  
• The DirectAccess clients were configured to connect to the internal server at a client connection rate of one client every 2 seconds. A client connection rate higher than this value might decrease the number of concurrent users that can connect to Forefront UAG DirectAccess.
  
  

Table 1: Forefront UAG DirectAccess server performance and hardware requirements for common deployment scenarios

Note:

1 The number of users is the maximum number of concurrent users serviced by a single Forefront UAG DirectAccess server.2 During testing, all users connected to the internal network through the Forefront UAG DirectAccess server using NAT64. You can increase performance if you reduce the percentage of users connecting to resources using NAT64 and increase the percentage connecting to resources using ISATAP. For example, 50 percent of users connect to resources using NAT64 and 50 percent connect to resources using ISATAP.3 The Intel Xeon L5520, 2.26 GHz with Intel Hyper-Threading Technology is a minimum requirement to service the number of users in this table.4 A network adapter that uses Receive Side Scaling Queues can improve performance by more than 25 percent compared with the same adapter when not using Receive Side Scaling Queues.5 The Forefront UAG DirectAccess - Management Only option uses Forefront UAG DirectAccess only for the management of client machines. This typically has a lower bandwidth requirement for each client.

Table 2 lists the number of users supported by Forefront UAG DirectAccess for large deployments using network load balancing (NLB) when using separate physical servers. Each of the servers contains the hardware described in Table 1.

Table 2: Forefront UAG DirectAccess server performance with NLB

Table 3 lists the number of users supported by Forefront UAG DirectAccess for large deployments using NLB when using an array of virtual machines hosted on a single physical server. The server contains the hardware described in Table 1.

Table 3: Forefront UAG DirectAccess server performance with NLB on a virtual array

Design your server hardware according to current and future requirements to prepare for growth. You might want to consider adding processors, or adding memory with a capacity of at least two or three times your estimated requirements. Note that due to the rapid evolvement of hardware technology, within a relatively short period of time, upgrade options might not be available for your server platform. This could pose a serious problem if future demands require you to increase system performance; for example, in the event that you need additional processors.

Be sure to select a supported processor, and to consider the processor performance recommendations, as follows:

1. Forefront UAG DirectAccess is only supported in production environments when it is installed on a computer with x64-compatible processors that is running the Windows Server 2008 R2 operating system. Note the following:
   
   
   1. You can select processors from Intel that support Intel Hyper-Threading Technology, or others that meet similar performance levels.
      
      
   2. Regardless of which processor you select, it is recommended that you use a server product listed in the Windows Server Catalog (http://go.microsoft.com/fwlink/?LinkId=64547).
      
      
2. Forefront UAG DirectAccess benefits significantly when running on multi-core and multithreaded processors. The performance benefit for Forefront UAG DirectAccess from multi-core technology depends upon the specific processor that is used. Multi-core processors are an attractive option for Forefront UAG DirectAccess servers based on price and performance.
   
   The processor usage on a server should maintain a load of no more than 70 percent during peak working hours. This percentage level allows for periods of extreme load. If the processor usage is consistently greater than 75 percent, processor performance is considered a bottleneck. The following factors directly affect the performance of the CPU in a server:
   
   
   1. The processor clock speed.
      
      
   2. The number of processors.
      
      
   3. The number of cores per processor (quad core processors provide a better price/performance ratio than dual core processors).
      
      
   4. Hyper-Threading—When Hyper-Threading is enabled on a processor, the number of supported users can increase by up to 20 percent.
      
      

For performance, selecting the fastest processor available within your budget yields the best results. Forefront UAG DirectAccess can fully use multiple processors, and using servers with more processors improves performance.

Use network adaptors with Receive Side Scaling Queue capability, a technology that enables packet receive-processing to scale with the number of available computer processors. This allows the Windows Networking subsystem to take advantage of multi-core and many core processor architectures.

You can enable Receive Side Scaling (RSS) on the Advanced tab of the adapter property sheet. If your adapter does not support RSS, the RSS setting is not displayed.

The Receive Side Scaling Queues setting allocates queue space to buffer transactions between the network adapter and CPU(s).

The following table shows the number of users that are supported on the hardware described in Table 1, when RSSQ is used and when RSSQ is not used.

It is recommended that you deploy an array of Forefront UAG computers for redundancy. After determining the number of computers your deployment requires, add at least one more computer for redundancy. This will allow your deployment to continue working at optimal performance levels during a computer failure or other required maintenance. Deploying a Forefront UAG array requires a load balancing mechanism: Network Load Balancing (NLB), or a hardware load balancer. For more information, see Introduction to array design.