While most people look at the Windows Server 2012 Essentials offering as being “just the next version of SBS Essentials 2011”, it includes some enterprise solutions that fit well in our SMB customer space. Windows Server 2012 Essentials now includes the ability to be a DirectAccess server! In the Windows Server 2008 R2 timeframe, DirectAccess required two distinct servers and two public facing IP addresses. In Windows Server 2012, only one public IP address is required and DirectAccess can be configured for a single server scenario.
What is DirectAccess you ask?
DirectAccess is a solution that provides users with the same experience working remotely as they would have when working in the office.
With DirectAccess, remote users can access corporate file shares, Web sites, and applications without connecting to a virtual private network ( VPN). Further, DirectAccess separates intranet traffic from Internet traffic, and reduces unnecessary traffic on the corporate network.
DirectAccess overcomes the limitations of VPNs by automatically establishing a bi-directional connection from client computers to the corporate network. DirectAccess is built on a foundation of proven, standards-based technologies: Internet Protocol security (IPsec) and Internet Protocol version 6 (IPv6).
DirectAccess uses IPsec to authenticate both the computer and user, allowing IT to manage the computer before the user logs on. Optionally, you can require a smart card for user access to the intranet.
DirectAccess also leverages IPsec to provide encryption for communications across the Internet. You can use IPsec encryption methods such as Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES).
Take note that while DirectAccess uses IPv6, it works over the public IPv4 based Internet by leveraging transitional protocols that allow IPv6 traffic to be transmitted over the IPv4 based networks. This means that we can all leverage the enhanced security of IPv6 without having to wait for the entire Internet to upgrade to IPv6.
Remote Web Access and virtual private network (VPN) capabilities still exist, Windows Server 2012 Essentials adds the DirectAccess capability as well.
There is a good technet article that walks through setting up DirectAccess here, but let me tell you now; it’s not for the faint at heart since there weren’t any additional wizards (around DirectAccess) for the Essentials Server setup and management.
Configure DirectAccess in Windows Server 2012 Essentials
The article is good, it walks you through all of the technical steps both from in the GUI and via powershell. This document only discusses setting up your Windows 8 Enterprise machines as DirectAccess clients. Windows 7 Enterprise or Ultimate can also be configured to connect via DirectAccess. Also take note the client configuration for DirectAccess is configured via Group Policy. This means that your client machines need to be members of the Windows Server 2012 Essentials domain so they can receive the DirectAccess group policies.
Again, this process is not for the faint at heart, but I’m thrilled that this capability is now able to be leveraged by our Windows Server 2012 Essentials customers.
Until next time,