Windows 7 DirectAccess: Seamlessly Connecting Roaming Users with the Network
I don’t know if you’ve noticed, but the network perimeter has essentially disappeared. Wireless networks, mobile devices, and unified communications have empowered companies to cut the proverbial cord. Employees can work from home, connect from the coffee shop on the corner, and access the network from a hotel room around the globe.
This wanderlust has not been without its consequences. It is a Herculean undertaking for network administrators to try to enforce policies, provide support, and keep roaming systems patched and protected. For the roaming workers, accessing network resources is often a complex routine to establish an encrypted connection via a VPN (virtual private network) of some sort. With Windows 7 and DirectAccess, these problems are resolved.
Overview of DirectAccess
DirectAccess is a new technology in Windows Server 2008 R2 and Windows 7 that replaces the VPN for remote access. It establishes bi-directional connectivity with the user’s enterprise network every time the DirectAccess-enabled portable computer is connected to the Internet, even before the user logs on.
Windows 7 includes a new feature called VPN Reconnect. Roaming users rely on VPN connections for secure access to internal network resources, but it is not uncommon for the VPN connection to get interrupted or dropped.
When that happens, the user has to re-establish the connection, which takes time and interrupts productivity. VPN Reconnect automatically reconnects broken VPN connections in the background without any user intervention to minimize the impact of dropped connections.
Of course, it would be better to not have to worry about dropped connections at all. Unlike VPN connections, DirectAccess enables the computer to be connected seamlessly to the network as long as the computer can establish an Internet connection.
The foundation of DirectAccess is IPv6. The expanded pool of IP addresses available in IPv6 enables each device to have a unique, globally routable address. Using the IPv6 address as a unique identifier, the network is able to establish a secure connection between the network and the device.
DirectAccess works both ways. Not only can the computer access the network seamlessly across any Internet connection, but the IT administrator can also connect to DirectAccess client computers—even when the user is not logged on. With DirectAccess, IT administrators can monitor, manage, and deploy updates to DirectAccess client computers as long as they are connected to the Internet.
DirectAccess uses IPsec for authentication and encryption. DirectAccess can also integrate with Network Access Protection (NAP) to require that DirectAccess clients be compliant with system health requirements before being allowed to connect to the network. IT administrators can restrict access through DirectAccess and configure the servers that users and individual applications can access.