Microsoft

Windows Server 2008 R2 and Windows 7 provide DirectAccess to resources

Derek Schauland describes how Microsoft's DirectAccess feature allows an employee to access Windows Server 2008 R2 resources from anywhere.

Microsoft has introduced the concept of DirectAccess in Windows Server 2008 R2 and Windows 7 (both operating systems are required to use the feature). DirectAccess allows an employee to access Windows Server 2008 R2 resources from anywhere as if she was sitting in an office within the corporate environment.

Removing VPN from the equation does several things, but the main thing is it eases the connection. For instance, remote users don't need anything additional loaded on their computers (or plunked down in their offices) to access the expense spreadsheet just changed by Accounting.

How the technology works

DirectAccess uses IPSec encryption to secure data, which is the same way it is done in a VPN; however, Windows Server 2008 R2 handles the negotiation and tunnel creation automatically. This removes the need to first ensure that the correct VPN dialer has been started or a connection to a VPN has been made, because a VPN connection of any kind is unnecessary.

The technology uses IPv6, but it does not require IPv6 on the internal network or an IPv6 connection to the Internet because the technology tunnels across existing IPv4 networks and makes use of existing architecture.

DirectAccess can make use of the current IPv4 Internet by using a router capable of converting IPv6 to IPv4 or by using a gateway server to handle the conversion, ensuring that the data will go out over the existing Internet network. (TechNet has more information on using IPv4 and IPv6 together.)

There are requirements on both ends — Windows Server 2008 R2 on the server end and Windows 7 on the client end — but the capabilities and apparent ease of management should help reduce organizations' costs to support remote workers.

What you get with the technology

Deploying Windows Server 2008 R2 and Windows 7 to use DirectAccess would make the content on the corporate network available to users regardless of where they were connecting.

For instance, suppose I am checking email while on vacation (not recommended, but it happens) and need a file back at the office to ensure my numbers are right before hitting Send. With DirectAccess and a connection to the resort's wireless network, my corporate resources appear, just like I was in the office. I will need to authenticate to verify my identity and my rights to the files, but logging in is much more seamless to the user than connecting to a VPN.

As the current release candidates for Windows 7 and Server 2008 R2 get closer to release, and I have a chance to configure DirectAccess, I will delve into the technology further. Hopefully, I can get Windows Server 2008 R2 running on something resembling a server very soon.

Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!

About

Derek Schauland has been tinkering with Windows systems since 1997. He has supported Windows NT 4, worked phone support for an ISP, and is currently the IT Manager for a manufacturing company in Wisconsin.

Editor's Picks