Microsoft Direct Access Technology Features and Requirements

One of the exciting new technologies contained in Windows Server 2008 R2 is the new Direct Access technology.  Microsoft has went out of its way to basically say that the Direct Access Technology is not a VPN technology. The great advantage to the new DirectAccess technology is that it is simply built into their products already giving them a strong competitive advantage in the new technology of a more direct solution to access private resources in the enterprise environment.  The technet article to the new DirectX technology:

Features of DirectAccess:

  • It Connects automatically to the corporate network over the public network
  • Uses protocols including HTTPS to establish IPv6 connectivity
  • Supports selected server access and IPSec authentication
  • Supports end-to-end authentication and encryption
  • Supports management of remote client computers
  • Allows remote users to connect directly to intranet servers

How it works:

  • The DirectAccess client running Windows 7 detects whether it is conneted to a network
  • The client attempts to conenct to an intranet Web site that is speicifed during the DirectAccess configturation
  • The client connects to the DirectAccess server using IPv6 and IPSec
  • The DirectAccess client and server authenitcate each other by using computer certificates to establish the IPSec session
  • The DirectAccess server verifies that the computer and user are authorized to connect by using DirectAccess
  • The client obtains a health certificate from a Health REgistration Authority HRA located on the Internet prior to connecting to the DirectAccess server
  • The DirectAccess server begins forwarding traffic from the DirectAccess client to the intranet resources to which the user has been granted access

In configuring the client side, you must configure the Name Resolution Policy Table.  This determines which resources are internal or external.  It defines DNS servers for different namespaces and corresponding security settings.  It is used before the adapter’s DNS settings.

Using Name Resolution Policy Table (NRPT):

  • DNS servers can be defined for each DNS namespace rather than for each interface
  • DNS queries for specific namespaces can be optionally secured by using IPSec

The clients have to be able to detect whether or not the it must build the DirectAccess connection.  Network Location Awareness.  IPv6 is a crucial technology in making DirectAccess works.  The advantages of IPv6:

  • IPSec is included
  • It contains a large address space
  • Prioritized delivery and extensibility

Server Side Requirements:

  • The server must be joined to an Active Directory domain
  • Running Windows Server 2008 R2
  • Have two physical network adapters installed
  • Two static public IPv4 addresses

Client Side Requirements:

  • It must be joined to an Active Directory domain
  • Running Windows 7 Ultimate, Enterprise, or Windows Server 2008 R2




Back to top button