Spotlight on DirectAccess in Windows 7 and Windows Server 2008 R2

Have you heard about DirectAccess? It is a super-cool feature of Windows 7 and Windows Server 2008 R2 (both now in beta testing) that allows roaming, managed computers that are connected to the Internet to access your intranet file shares, Web sites, and applications over an encrypted connection to a DirectAccess server, without connecting to a virtual private network (VPN). DirectAccess establishes bi-directional connectivity with your intranet every time your DirectAccess-enabled computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the intranet and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.

DirectAccess uses a combination of Internet Protocol version 6 (IPv6), for end-to-end addressing and communication between the DirectAccess client and the intranet resource, and Internet Protocol security (IPsec), for end-to-edge encryption of traffic between the DirectAccess client and server. IPsec can also be used for end-to-end authentication and protection of traffic between the DirectAccess client and the intranet resource.

You say you don’t have a connection to the IPv6 Internet or have IPv6 deployed on your intranet? No problem:

· Across the IPv4-based Internet, a DirectAccess client can use the 6to4 or Teredo transition technologies or IP-HTTPS, a new protocol for Windows 7 and Windows Server 2008 R2 that allows hosts behind a Web proxy server or firewall to establish connectivity by tunneling IPv6 packets inside an IPv4-based HTTPS session.

· Across your intranet, DirectAccess deploys the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) transition technology. For IPv4-only servers and applications, you can deploy Network Address Translation-Protocol Translation (NAT-PT) devices to preform IPv6-IPv4 traffic translation. However, both of these technologies should be used as a temporary solution while you update your intranet infrastructure, servers, and applications to support native IPv6 connectivity.

DirectAccess is a great example of how the restoration of global addressing and end-to-end communication with IPv6 enables scenarios that would be extremely difficult, if not impossible, to accomplish with IPv4.

For a lot more information about DirectAccess, including white papers and videos, see the DirectAccess Web page at https://www.microsoft.com/directaccess.

Joe Davies
Principal Technical Writer
The Windows Networking Documentation Team

P.S. – Ramping up on IPv6? Check out my Microsoft Press book Understanding IPv6, Second Edition and the resources at the Microsoft IPv6 Web page.

Understanding IPv6, Second Edition