Direct Access

Windows 7 DirectAccess overview

Windows 7 clients can gain remote access to network resources using a feature called DirectAccess. Microsoft see this as a game breaking technology that will change the way we work remotely. A Windows 2008R2 server  acts as a gateway for DirectAccess clients providing access to servers on the internal LAN.

DirectAccess does away with the need for third party VPN clients or access gateways on client devices and simplifies data access from the end user.The end user experience is seamless and simple. The user simply turns on and connects to the internet, no additional user actions required. DirectAccess will automatically reconnect if the internet connection is dropped for any reason.

DirectAccess removes some of the more frustrating issues end users have when working remotely. Connections are over port 443 (a standard port) removing connection issues due to firewall rules on remote networks and routing issues due to subnet clashes. Intelligent routing means users can access internet services at the same time as company resources.

For Network Administrators the ability to manage computers outside the firewall will be a key driver for using this technology. NAP can be used to audit clients before allowing network access. Group Policy can be applied over the DirectAccess connection before the user gains full network access.

One of the biggest difference between DirectAccess and traditional VPN solutions is that the DirectAccess connection can be initiated from either end where VPN’s are initiated from the client only. The connection is established when the client device starts up and doesn’t require the end user to login and initiate a connection.

DirectAccess Requirements:

  • Windows 2008R2 Server Active Directory Domain Controller Role
  • Windows 2008R2 Server DirectAccess Role
  • 2 Network cards configured
  • 2 consecutive public static IPv4 addresses with public DNS names
  • Digital Certificates with CRL attributes
  • Windows 7 client joined to the domain

Firewall configuration details can be found on technet – DirectAccess requirements article.

DirectAccess really is in my opinion one of the best reasons to move to Windows 7 when it is released later this year. End users will love seamless access to company resources while Network Administrators will see real value in the management capabilities.

Microsoft have recently published some tools to help implement and manage Direct Access. Download the kit from here:
Direct Access Admin Kit

Advertisements