InfoWorld - DirectAccess, Microsoft's pairing of Windows 7 and Windows Server 2008 R2 for connect-anywhere access, is possibly the best thing Redmond has produced in a long time. Unfortunately for many, it just may be about five years too early.
For those just getting up to speed on some of Windows 7's new features, DirectAccess is a way for Windows 7 clients to securely connect to the corporate network from any location without any type of traditional VPN. It provides an encrypted bidirectional connection between the enterprise domain and the client device prior to the user logging on to the system, allowing admins to manage the remote machine via Group Policy and the like, just as if it were physically connected to the network. The connection is always on, so users don't have to remember to manually launch a VPN client, and their applications, such as Microsoft Outlook and instant messaging, are always in communication with the corporate network.
[ Windows 7 is an InfoWorld 2010 Technology of the Year Award winner. Take a quick tour of all 21 winners | Don't miss InfoWorld's top 10 Windows tools for IT pros and the best free open source software for Windows. ]
From this standpoint, DirectAccess is fantastic. As the network admin, I love that I always have access to the remote device to make sure virus definitions and Windows updates are in place, and that my managed systems are always governed by my domain Group Policy. I also love that I don't have to maintain a bunch of VPN policies, and yet my users can still access e-mail and intranet sites without additional applications. Always on equals no user intervention.
Greater functionality means greater hardware and software requirements. The following list of DirectAccess requirements comes directly from Microsoft TechNet:
- One or more DirectAccess servers running Windows Server 2008 R2 with two network adapters: one connected directly to the Internet, and a second connected to the intranet.
- On the DirectAccess server, at least two consecutive, public IPv4 addresses assigned to the network adapter that's connected to the Internet.
- DirectAccess clients running Windows 7.
- At least one domain controller and DNS server running Windows Server 2008 SP2 or Windows Server 2008 R2.
- A public key infrastructure (PKI) to issue computer certificates, smart card certificates, and for NAP, health certificates.
- IPsec policies to specify protection for traffic.
- IPv6 transition technologies available for use on the DirectAccess server: ISATAP, Teredo, and 6to4.
- Optionally, a third-party NAT-PT device to provide access to IPv4-only resources for DirectAccess clients.
That is no small list of requirements. What it means is that to implement DirectAccess, I have to change, replace, or upgrade just about everything at my network edge. In addition to maintaining a public-facing firewall for Internet access, I have to add another direct-to-Internet server to act as the DirectAccess termination point. As servers are replaced and updated, I can see the enterprise eventually getting to the point where all of these things are already in place. But for most of us, this set of conditions can be a showstopper.
- Tablet, Laptop, or Desktop - Form (Factor) Follows Function Desktops, laptops, Ultrabooks, tablets, convertibles, and all-in-ones; suddenly hardware decisions seem a lot more complicated. To take advantage of these benefits, the savviest...
- The IT handbook for Windows 7 and Windows 8 migrations A comprehensive guide for IT departments making the switch from legacy versions of Microsoft Windows to Windows 7 and Windows 8. To date,...
- 7 Reasons Why Windows 8 is the Future Touch, cloud, BYOD and IT consumerization dominate the mindshare of IT managers. Windows 8 enters the scene with a host of features that...
- How to Modernize Your IT Infrastructure & Streamline Operations Increasing line of business demands? Shrinking IT budget? See how Red Hat can help you meet growing.
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Operating Systems White Papers | Webcasts