Windows 7 Features - Direct Access (Series 1)

What is DirectAccess?
DirectAccess allows remote users to securely access intranet shares, Web sites, and applications without connecting to a virtual private network (VPN). DirectAccess establishes bi-directional connectivity with a user’s intranet every time a user’s DirectAccess-enabled portable computer connects to the Internet, even before the user logs on. Users do not have to take any action to be connected to the intranet, and information technology (IT) administrators can manage remote computers outside the office, even when the computers are not connected to the VPN, anytime the computer has internet access

How is DirectAccess different from current VPN solutions?
Virtual private networks (VPNs) securely connect remote users to their network. While DirectAccess can also do that, it is only one of the many things that DirectAccess can perform well. Additionally, DirectAccess can ensure that users are connecting to the exact server to which they think they are connecting (end-to-end authentication) and provide data encryption all the way to the server (end-to-end encryption). DirectAccess also allows IT professionals to service remote computers whenever the DirectAccess client has Internet connectivity. Additionally, working together with Network Access Protection (NAP), DirectAccess can ensure that the clients are always compliant with system health requirements to ensure a secure and healthy IT environment

What are minimum operating system requirements for DirectAccess?
DirectAccess clients must run Windows 7 Enterprise Edition, Windows 7 Ultimate Edition, or Windows Server 2008 R2 and be joined to an Active Directory Domain Services (AD DS) domain. DirectAccess servers must run Windows Server 2008 R2 and be joined to an AD DS domain.

Are there built-in limitations on the number of simultaneous DirectAccess connections that a DirectAccess server supports?
No. Unlike built-in connection limits for the Routing and Remote Access service, DirectAccess has no built-in connection limitations.

What gets installed on the client to enable DirectAccess?
DirectAccess does not require any client-side installation. DirectAccess clients use Active Directory domain membership and Group Policy settings for their configuration. Once the Group Policy settings are applied while connected to the local area network (LAN) or through a VPN connection, there is no user interface on the DirectAccess client. When DirectAccess is operating effectively, it is transparent to the end user

How much does it cost to buy DirectAccess?
DirectAccess requires two components: DirectAccess clients and a DirectAccess server. DirectAccess clients need to run Windows 7 Enterprise, Windows 7 Ultimate, or Windows Server 2008 R2. DirectAccess server functionality is included with Windows Server 2008 R2. There are no additional products or licenses that are required.
Forefront Unified Access Gateway (UAG) extends the benefits of DirectAccess in the platform across the infrastructure by enhancing scalability and simplifying deployments and ongoing management.

How does DirectAccess work?
DirectAccess uses a combination of Internet Protocol version 6 (IPv6) end-to-end connectivity, Internet Protocol security (IPsec) protection of intranet traffic, separation of Domain Name System (DNS) traffic with the Name Resolution Policy Table (NRPT), and a network location server that DirectAccess clients use to detect when they are on the intranet