DirectAccess is one of the most anticipated features of the Windows Server 2008 R2 operating system. DirectAccess allows remote users to securely access intranet shares, Web sites, and applications without connecting to a virtual private network (VPN). DirectAccess establishes bi-directional connectivity with a user’s intranet every time a user’s DirectAccess-enabled portable computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the intranet, and information technology (IT) administrators can manage remote computers outside the office, even when the computers are not connected to the VPN. DirectAccess is supported by Windows 7 Enterprise, Windows 7 Ultimate, and Windows Server 2008 R2.
The following are the key elements of a DirectAccess solution:
- DirectAccess client - A domain-joined computer running Windows 7 Enterprise, Windows 7 Ultimate, or Windows Server 2008 R2 that can automatically and transparently connect to an intranet through a DirectAccess server.
- DirectAccess server - A domain-joined computer running Windows Server 2008 R2 that accepts connections from DirectAccess clients and facilitates communication with intranet resources.
- Network location server - A server that a DirectAccess client uses to determine whether it is located on the intranet or the Internet.
- Certificate revocation list (CRL) distribution points - Servers that provide access to the CRL that is published by the certification authority (CA) issuing certificates for DirectAccess.