With
Windows 7 and Windows Server 2008 R2, Microsoft is introducing a new feature designed to make remote computing nothing short of ubiquitous. DirectAccess is essentially set up to bridge remote machines running Windows 7 clients with Windows Server 2008 R2 to the point where Virtual Private Network connections become a thing of the past. Scenarios involving telecommuting, remote access, and virtual meetings will no longer require management of VPN clients, rooters and concentrators. Instead, the solution is provided by the combination of Windows Server 2008 R2 and Windows 7 working in tandem.
“DirectAccess does exactly what its name implies: it's always on and directly accesses the user's corpnet resources no matter [where the user is] connecting from,” revealed
Oliver Rist, Technical Product Manager Windows Server. “And I know what you're thinking... how can this be secure if it's automatic? For one, it still uses IPsec tunneling for encryption-it just does it automatically using configuration tools based on SSTP and IPv6. For another, you can configure every DA session to hit any router that can manage 6to4 translation OR you can have it hit a DirectAccess Gateway that takes charge of not just 6to4, but also additional security features like NAP. You can even add a Forefront Intelligent Access Gateway (IAG) as these are now DA-aware, too.”
|
As Rist explained, DA (DirectAccess) is designed only to give the impression of a user-invisible always-on remote access solution. In fact, Microsoft claims that the connection between the Windows 7 client and server operating systems is as secure as possible. DirectAccess can be configured to require authentication, and even comes with support for multifactor authentication. At the same time, communications are done over IPsec and are encrypted. Access on the company's intranet can be restricted in order to protect areas storing sensitive information. In addition, Microsoft informed that the Network Access Protection (NAP) and Network Policy Server (NPS) would ensure that remote Windows 7 clients are updated and secure.
“The idea isn't to do away with the concept of a secure remote connection as established by VPNs-it's just to do away with the management headaches. The connection is secure and managed. But now instead of dropping, starting and occasionally getting lost, it's always-on. Ubiquitous. In large deployments, users won't need to distinguish between remote and local computing. I've seen it in action and it was the slickest demo I've seen in a long while. Keep an eye out for this one during the beta timeframe, ‘cause if you're saddled with a boatload of VPNs today it's going to rock your world,” Rist added.
