(Discuss UAG DirectAccess issues on the TechNet Forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag)
I had a question from small business specialist Amy Babinchak (http://securesmb.harborcomputerservices.net/) recently regarding DirectAccess and the small and midsized business. I think this is an important issue to address, because often the small and midsized business is the one that’s willing to take a bit of a risk to get a jump on the competition, and if that advantage can be realized by taking advantage of relatively new technologies, they’re willing to go for it.
There’s no doubt that a small or midsized business would benefit from DirectAccess. The ability to transparently access content on the business network without ever needing to think about where the user is and any point in time can be a powerful advantage for or small or midsized business. It’s clear that they would benefit from DA.
What are the limitations? For most small and midsized businesses, UAG might be priced out of those markets. I’m not saying that this is a hard and fast rule, and although these firms are more likely to take a technology risk to get a competitive advantage, they are also very cost sensitive and not as able to absorb the financial risk.
This does not lock the small and midsized business out of the DA market. In fact, you can craft a DA solution using Windows Server 2008 Standard Edition, which is well within the price range of any small or midsized business. However, if you use the Windows DA solution without UAG, you need to be aware of the following:
- The Windows DA solution does include a wizard that will configure and deploy the Group Policy objects for you. UAG DA has a similar wizard, so the configuration experience is not that different
- The Windows DA solution doesn’t feature an integrated high availability solution. You can’t create arrays of DA servers or use NLB with Windows DA servers. There is a method you can use to provide level of DR for DA with the Windows DA, but that involves using Hyper-V and Windows failover clustering, something that might be outside of the technical chops available to the small or midsized business consultant or admin. For more information on the Windows DA approach to HA, check out http://technet.microsoft.com/en-us/library/dd637836(WS.10).aspx
- The Windows DA solution doesn’t include a IPv6/IPv4 protocol translator (UAG includes NAT64/DNS64 which is an IPv6/IPv4 protocol translation solution). The important implication of this is that all the resources on the back end must be IPv6 aware. That isn’t to say that you need a native IPv6 infrastructure (such as IPv6 aware routers, NIDS, etc), but your servers and server applications need to be IPv6 aware (which essentially means that they need to support native IPv6 address or ISATAP), and you will need DNS servers that support IPv6, since the entire communication process between DA client and servers will be IPv6
If a small or midsized business can deal with these limitations, then there’s no reason why they can’t benefit from a DirectAccess deployment. I see the major hurdle being the requirement that all the back end servers being IPv6 aware, which means in a Windows environment that they’ll need to be Windows Server 2008 or above. If that requirement is met, then I say to the small and midsized business integrator or admin, rock on!
Here’s a excellent clearinghouse of DirectAccess information that includes content for both the Windows and UAG DA admin and implementer:
I recommend that if you want to deploy the Windows DirectAccess solution, that you work this way:
- Start with the Windows DirectAccess Step by Step Guide
- Then read the DirectAccess Design Guide
- Then read the DirectAccess Deployment Guide
- Repeat the Windows DirectAccess Step by Step Guide and integrate what you learned in the Design and Deployment Guides into your lab experience. You’ll be pleasantly surprised on how the concepts you read about in the Design and Deployment guides “light up” the second time you do the step by step lab.
As always, let me know if you have any questions!
MS ISD iX
UAG Direct Access/Anywhere Access Team
The “Edge Man” blog (DA all the time): http://blogs.technet.com/tomshinder/default.aspx
Follow me on Twitter: https://twitter.com/tshinder