I am migrating a Server 2016 Standard with Essentials role installed to new virtualized hardware. I had planned to abandon the Microsoft remote/VPN services provided by Essentials and use a Watchguard IKEV2 hardware VPN but now the customer would prefer to keep the Microsoft remote/VPN services.
Existing servers :
Planned servers:
Could the existing Microsoft remote/VPN services provided by Essentials be migrated to a new Hyper-V Guest Server 2022 Standard? I have licensing for 4 Hyper-V instances of Server 2022 Standard and the new server hardware will easily support it if the remote/VPN services should not run on the new domain controller.
Would I need additional licensing for Microsoft remote/VPN services?
Hello Sam,
Well, yes and no. If you want to use Microsoft VPN there is no migration path from the Essentials but you can setup a new VPN server on a new server but I would not do that. I would opt for a VPN solution by the firewall device and enable multifactor on that device.
If you still want to go the Microsoft way there is no extra licensing without MFA but if you want MFA (and you should) you need Office 365 + Entra Id Plan 1 (not sure about the name of the product) or any other 3rd party provider for MFA. Without MFA is a very bad idea!
Is it possible to keep the old Essentials server for VPN access only after demoting it as a domain controller and removing the Essentials role?
Watchguard IKEV2 VPN works ok now but domain joined laptops have erratic authentication to the domain over that VPN. No problems on the Microsoft VPN
If you remove the Essentials role you also remove the ability to configure the Essentials VPN solution. I am wondering why the Watchguard has these problems. Can you check for a firmware update and/or contact their support?
Problem resloved. Client will use Logmein Pro for remote access with MFA and I will remove the Essentials VPN/RDP in the migration process to Server 2022 Standard. This is has been my standard for about 10 years and has always worked well. Thanks!