Could DirectAccess be the future of Remote Access for corporate networks? DirectAccess is a new feature in Windows 7 and Windows Server 2008 R2. It gives users the experience of being seamlessly connected to their corporate network any time they have Internet access. DirectAccess basically provides the same service as a standard virtual private network (VPN). The significant difference being that the connection is established in the background without requiring any user interaction (even before the user logs into Windows ). This results in the simplification of remote access for the user by providing the same connectivity experience both in and outside of the office.
When combined with other Windows 7 features such as Federated Search, which searches intranet resources, and Folder Redirection, which synchronizes files across the network, users will be able to find and access corporate resources seamlessly, wherever they are.
Advantage of DirectAccess:
Simple, seamless connectivity: Unlike traditional VPN solutions (such as Cisco VPN), DirectAccess enables the user to connect to their corporate network automatically without any user interaction. This connection will be established as soon as the Windows 7 computer reaches the login prompt, meaning users can authenticate against their domain instantly just like they would when connected to the corporate LAN. DirectAccess will attempt to use any available network interface to connect to the internet (wired, wifi, 3G etc) and will automatically attempt to reconnect if the connection is dropped.
Remote Management: As soon as the remote computer has reached the Windows 7 login prompt IT administrators can connect to the device (even if the user is not logged in). Through DirectAccess IT administrators can monitor, manage and deploy updates as long as the computer is able to connect to the Internet. Also any Group Policy settings are delivered to the user’s computer before they login to Windows.
Advanced Security Features: DirectAccess uses IPSec for authentication and encryption and can integrate with Network Access Protection (NAP) which will ensure that any remote computer is compliant with corporate policy before it connects to the corporate network. Also IT administrators can restrict access for specific remote computers so they can only access certain applications or services.
The DirectAccess server must run on Windows Server 2008 R2 which is still currently in Beta and can be downloaded for testing from the Microsoft website.
All remote computers must run on Windows 7 which is also still in beta with the release candidate scheduled for May 2009, at this time it will be available for download from the Microsoft website.
The DirectAccess server requires two network cards; one connected to the Internet and the second to the Intranet. At least one Active Directory Domain (AD DS) must be deployed. Workgroups are not supported.
Public Key Infrastructure (PKI) to issue certificates. External certificates are not required. All SSL certificates must have a certificate revocation list (CRL) distribution point that is reachable via a publicly resolvable fully qualified domain name (FQDN) while either local or remote.
End-to-end IP version 6 (IPv6) is required. Networks that are unable to deploy IPv6 can use IPv6 transition technologies such as Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), Teredo, and 6to4 to connect across the IPv4 Internet and to access IPv4 resources on the corporate network. IPv6 or transition technologies must be available on the DirectAccess server and allowed to pass through the perimeter network firewall.
For more information about DirectAccess visit: http://www.microsoft.com/directaccess