DirectAccess Deployment

  • Article

The Windows 7 and Windows Server 2008 R2 operating systems introduce DirectAccess, a new solution that provides users with the same experience working remotely as they would have when working in the office.  Here is a brief 5-minute video that explains the solution from a user perspective. With DirectAccess, remote users can access corporate file shares, Web sites, and applications without connecting to a Virtual Private Network (VPN).

DirectAccess Design and Deployment Guides provide information about advantages, disadvantages, requirements, recommendations, and design considerations for deploying DirectAccess and instructions to configure DirectAccess servers and other infrastructure servers.

WS08-DA_h_rgb
Windows Sever 2008 R2

The Windows Server 2008 R2 DirectAccess server can be configured as a Teredo server and a ISATAP router, IPv6 transition technologies.  To get there, the DirectAccess Setup wizard uses these Group Policy settings to configure DirectAccess clients. For a discussion of this technology check out “IPv6 Transition Technologies” whitepaper from Microsoft.  The Cable Guy’s Joseph Davies, also wrote a great overview article titled “Support for IPv6 in Windows Server 2008 R2 and Windows 7”.

Forefront-UAG10_h_rgb

Forefront Unified Access Gateway

Probably the more elegant DirectAccess solution is the enhanced version of DirectAccess also included with Microsoft Forefront Unified Access Gateway (UAG).  Forefront UAG DirectAccess has integrated Network Address Translation64 (NAT64) and Domain Name System64 (DNS64) functionality, so that DirectAccess client computers can access resources on your intranet that do not yet support IPv6. For more information check out the UAG and DirectAccess web site.

Also, for a list of the new resources to monitor this solution with System Center Operations Manager check out this recent blog posting by Microsoft’s IPV6 Team.

Forefront-TMG10_h_rgb

Forefront Threat Management Gateway

Microsoft Forefront Threat Management Gateway (TMG) can also be installed on a DirectAccess server to provide an additional layer of protection and for additional Forefront TMG features, such as a full Internet Protocol version 4 (IPV4) firewall and secure Web publishing for computers that are not DirectAccess clients.

Forefront TMG integrates with the Internet Protocol security (IPsec) Denial of Service Protection (DoSP) component of DirectAccess to ensure that only IPsec-protected traffic is allowed to pass through. For a more detailed discussion visit the September 2009 blog posting by Ori Yosefi,Senior Program Manager, Forefront Threat Management Gateway titled “Forefront TMG and Windows® 7 DirectAccess”.