Hands on with Windows Server 2008 R2: DirectAccess

Promises an unprecedented level of connectivity -- but at a very steep price

1 2 3 4 Page 2
Page 2 of 4

Additionally, if your corporate network isn't yet IPv6 ready, you will need some sort of translation device or technology. Your options are:

  • Configure your intranet routing infrastructure to support native IPv6. This is probably the least likely option.
  • Deploy ISATAP on your intranet. With ISATAP, intranet servers and applications are reachable by tunneling IPv6 traffic over your IPv4-only intranet. This option is based on configuring the operating system a certain way, as opposed to needing more hardware as with other possibilities.
  • Use a Network Address Translation-Protocol Translation (NAT-PT) device that sits in front of your server resources. This device translates traffic between your DirectAccess clients that are using IPv6 and servers and applications that can only use IPv4. This solution requires more hardware.

Once all of the appropriate transition technologies are in place, clients connect through the cloud to one interface on your publicly accessible DirectAccess server, which then performs all the necessary authentications and authorizations and creates a user-transparent link to the corporate network. During the DirectAccess setup, you can determine which DNS servers, domain controllers and other line-of-business resources should be made available to remote DirectAccess clients.

Downsides: Complexity and resources

In short, installing DirectAccess involves thinking about three different sets of code, none of which should be altered without considerable planning:

  • The interface between the wide-open Internet and your corporate network.
  • The protocols that bridge connections between or through two intranets, such as a customer site to your corporate intranet, or the DirectAccess server itself to other resources on your intranet.
  • The components that encompass the overall security of your corporate network and each DirectAccess client.

Not only is that a lot to think about, but there are downsides to DirectAccess as it currently stands and that are likely to remain upon the release of Windows Server 2008 R2. Among the problems:

  • Clients must be running Windows 7. This limits deployments severely, as you need to upgrade all potential remote DirectAccess clients to Windows 7.
  • You must have some sort of connection to potential clients to propagate DirectAccess settings back to them. There is an initial setup, which means you must bring these clients online on your corporate campus, convince the users to connect via your VPN or send them a file they must run.
  • You need Windows Server 2008 R2, at least for the DirectAccess server.
1 2 3 4 Page 2
Page 2 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon