It was in 2007 at RSA that Bill Gates first spoke about his vision to enable secure and easy anywhere access to people and organizations. I remember people asking me then if this was just another grand vision that would take a decade to see light of day. It certainly was grand and it could definitely not be done overnight, but we have taken the vision to a deployable and usable technology in Windows Server 2008 R2 and Windows 7. Say hello to “DirectAccess”!
In very simple terms, DirectAccess extends the corporate network to wherever you have Internet access. As an end-user on the DirectAccess pilot that Microsoft IT (MSIT) has initiated, this has been a great experience. Every time I’m on the road all I need is an Internet connection and I’m connected to the corporate network. I don’t have to go through the time consuming connection or quarantine process that I have with our current VPN solution. This also a great plus for the IT organization since they do not have to wait for remote users to connect via VPN to get their security updates. Every time they are connected to the Internet, their machines get the latest updates issued by the IT organization. This is not to say that all Internet traffic is routed back to the corporate network. Regular Internet traffic goes through the Internet Service Providers’ (ISP) network while only Intranet traffic is forwarded to the DirectAccess server, which is placed in the perimeter of the corporate network.
This idea of extending the edge of the corporate network beyond the current parameters has been work in progress with the Jericho Forum for the past many years. Robert Whitely from Forrester has also done extensive research on de-perimeterization and published some interesting papers. The basis for all this work is that it is possible to extend the corporate network perimeter while also ensuring secure business transactions via the Internet. This picked up steam with the increasing importance of Network Access Control (NAC) solutions.
Microsoft Network Access Protection (NAP), Microsoft’s NAC solution included with Windows Server 2008 R2 and Windows 7, Vista and XP SP3 clients, ensures the health compliance of devices accessing corporate networks using DirectAccess. In addition to NAP, DirectAccess uses various technologies including Internet Protocol Security (IPsec) and IPv6 transition technologies to provide an end-to-end secure and seamless solution for accessing corporate resources remotely. DirectAccess also works well with two-factor security mechanisms provided by Microsoft.
So what turned out to be a vision few years ago, is now a reality in Windows Server 2008 R2 and Windows 7, and as I write this blog sitting in my hotel room, while also responding to my personal emails and downloading a document from a share on corporate network, I cannot help but be impressed.