Yes. Gateway load balancing does not rely on network load balancing services (NLBS) technology. NLBS does not work properly with MDM, which uses a DNS scheme for load balancing the Gateway Servers.

Typically, you issue static IP addresses to several Gateway Servers, which are then bound to a single fully qualified domain name (FQDN). For example, gateway.contoso.com is bound to IP addresses 74.92.226.130and 74.92.226.131, which are the IP addresses of servers Gateway1 and Gateway2.

Configure each Gateway Server with a pool of virtual IP addresses, which the devices use in the Mobile VPN sessions.

The device gets the two IP addresses from DNS and connects to one at random. If the connection fails, the device tries the next IP address and gets the next server.

If the client has a previously issued IP address from the pool and contacts the Gateway Server with that IP address pool, then the client continues to use that IP address. If it connects to a different Gateway Server, then it receives a new virtual IP address.

Yes. For information on configuring MDM Servers, see the MDM Planning Guide at this Microsoft Web site: http://go.microsoft.com/fwlink/?LinkId=117776 .

MDM requires a standard load balancer, with the ability to enable affinity, also known as persistence. MDM requires no specific characteristics beyond a standard load balancer.

Yes, you may have more than one MDM Device Management Server per domain forest in a load-balanced topology. This topology supports scale-out and redundancy. However, only one instance of MDM is supported per domain forest. Administrative rights are not delegated per MDM Device Management Server, but per MDM instance, as all MDM Device Management Server computers share a single SQL Server infrastructure.

No, this configuration can affect performance, depending on the number of devices supported and how software distribution is managed.

No. While MDM does make changes in Active Directory, it does not make changes to the schema.

Yes, devices can exist in multiple groups of multiple organizational units (OUs), but you can only have one MDM instance per domain forest. When you create a custom OU, you must run the Set-EnrollmentPermissionscmdlet in MDM Shell to delegate the appropriate permissions to the Enrollment server to access the new OU. You do not need to run this cmdlet for the default OU.

When a device enrolls with MDM, it no longer has Exchange Server policies applied to it. Exchange Server 2007 Service Pack 1 includes a new cmdlet that administrators use to block or allow the ability for specific devices to be managed by MDM.

MDM uses VPN to connect devices to MDM Gateway Server. After the VPN connection is active, the device can connect to internal resources that are available from MDM Gateway Server. For example, if MDM Gateway Server is in the perimeter network, then the internal resources need publishing to this perimeter network. The port from the perimeter network to the internal network depends on the particular application.

Yes, the default communication port for SQL Server is port 1433, and MDM does not modify this port configuration.

No, you cannot change MDM database names.

No. But you should deploy SQL Server for MDM on a dedicated computer unless you have relatively few devices. You might encounter memory consumption issues if you install MDM Device Management Server and SQL Server on the same computer.