by Patrick Nelson
Windows 7 DirectAccess gives mobile users seamless access to corporate networks without the need to use a Virtual Private Network (VPN.)
It is available in the Windows 7 Enterprise operating system and is not available in Windows 7 Professional. Enabling DirectAccess allows the entire network’s file shares, intranet websites and other applications to be available wherever there’s Internet.
DirectAccess also allows administrators to update Group Policy settings on remote computers.
Administrators can also distribute software updates whenever the computer is switched on, and has Internet access, even if the user isn’t logged in.
Windows 7 DirectAccess incorporates Internet Protocol Version 6 over Internet Protocol security (IPv6-over-IPsec) for encryption.
Traffic uses either a DirectAccess server which utilizes Windows Server 2008 R2, or all the traffic can just go through the corporate network.
Internet and Intranet traffic is separated by DirectAccess.
Both users and computers can be authenticated and Windows 7 DirectAccess supports multifactor authentication like smart cards.
Specific resources on the Intranet can be switched off for certain users or machines. Administrators can allow only specific servers or subnets. Other IT advantages include simplification and cost reduction.
Windows 7′s DirectAccess bi-directional connectivity provides a simplified user experience over VPN.
The user doesn’t have to think in terms of networks and the experience connecting to network resources appears seamless.
Productivity is enhanced because mobile users can keep connected to corporate networks all the time. The product ties in nicely with Folder Redirection, which synchronizes files across the network.
Key elements of DirectAccess are that the client runs Windows 7 Enterprise, Windows 7 Ultimate, or Windows Server 2008 R2.
A domain-joined computer running Windows Server 2008 R2 can act as the DirectAccess server. A solution needs a network location server, to let the client know if it’s on the intranet or Internet, and also Certificate revocation list (CRL) distribution points essentially issuing certificates.
Microsoft suggest that enterprises will use DirectAccess and VPNs side-by-side for now because VPNs are compatible with Vista and earlier versions of Windows; VPNs are compatible with non-Microsoft operating systems; VPNs can work through non-domain joined computers and that VPNs don’t require Windows Server 2008 R2.
Deploying Microsoft DirectAccess can be with full intranet access, selected server access and end-to-end access.
Configurations can include DirectAccess with Network Access Protection (NAP); Using Hyper-V for redundancy issues and adding capacity by using IPSec on another server.
Microsoft has a DirectAccess design guide for system architects on the TechNet website which can help you design a DirectAccess solution. You can access it here.
Tip: Click here to run a free scan for Windows related errors
Subscribe
to our Windows Newsletter. You'll receive the most comprehensive news
and updates about Microsoft's Windows 8 sent to your email inbox. In addition, I'll
send you my eBook "The Case for Windows 8 - Volume 1".
Sign up here
