Windows 7 / Networking

Benefits of DirectAccess

DirectAccess provides users with transparent access to internal network resources whenever they are connected to the Internet. Traditionally, remote users connect to internal network resources using a VPN. This can often be cumbersome, however, because:

  • Connecting to a VPN typically takes several steps, and the user needs to wait for authentication before he can access the internal network. And for organizations that perform a health check of a VPN client before allowing the connection, establishing a VPN can often take several minutes.
  • Any time users lose their Internet connection, they must reestablish their VPN connection, which can create additional delays.
  • Internet access, such as browsing Web pages, is slowed when all network traffic is routed through the VPN.

Because of these issues, many remote users avoid connecting to a VPN. Instead, they use technologies such as Microsoft Office Outlook Web Access (OWA) to connect to internal resources, for example to retrieve internal e-mail without establishing a VPN connection. However, if a user tries to open a document linked to an e-mail message and that document resides on the internal network, the user is denied access, because internal resources are not accessible from the Internet.

When users avoid using VPNs like this, it also causes issues for network administrators because they can only manage mobile computers when they connect to the internal network. So when users avoid establishing an internal connection, mobile computers can miss critical updates and updated Group Policy settings.

DirectAccess solves these problems by enabling users to have the same experience working at home or at a wireless hotspot as they would in the office. Using DirectAccess, authorized users on Windows 7 computers can access corporate shares, view intranet Web sites, and work with intranet applications without going through a VPN. DirectAccess therefore provides the following benefits to enterprises and their users:

  • Seamless connectivity DirectAccess is operative whenever the user has an Internet connection, giving users access to intranet resources whether they are traveling, at the local coffee shop, or at home.
  • Remote management IT administrators can connect directly to DirectAccess client computers to monitor them, manage them, and deploy updates, even when the user is not logged on. This can reduce the cost of managing remote computers by keeping them up to date with critical updates and configuration changes.
  • Improved security DirectAccess uses IPsec for authentication and encryption. Optionally, you can require smart cards for user authentication. DirectAccess integrates with Network Access Protection (NAP) to require that DirectAccess clients must be compliant with system health requirements before allowing a connection to the DirectAccess server. IT administrators can configure the DirectAccess server to restrict the servers that users and individual applications can access.

In a typical DirectAccess scenario, a user with a laptop computer in her office starts with a wired connection to the corporate LAN. The user can run both local and network applications, access documents stored in file and Web servers, and otherwise perform her daily work. She then shuts down and undocks her laptop to go on the road to a remote location, which could be a customer site or a coffee shop-it doesn't matter as long as Internet access is available there. Once she reaches the remote site, she boots up her laptop and accesses the Internet using a wireless connection to an access point at the site. Without having to initiate a VPN connection or perform any action whatsoever, her laptop is automatically connected to the corporate network after Internet connectivity is established. While at the remote site, she can run many of the same network applications and access the same documents as if she were still in her office at work (resource availability is subject to IPv6 reachability, as described later in this section). In addition, her laptop, though physically disconnected from the corporate network, remains in a managed state. This means that Group Policy is still being applied to her laptop, patches can still be applied when they become available, support personnel can use Remote Assistance to connect to her computer when help is needed, and so on. Also, when she needs to download something from the Internet, she can do so (depending on how DirectAccess is configured) using her local Internet access at the remote site instead of having to access the Internet through her connection to the corporate network.

[Previous] [Contents] [Next]

In this tutorial:

  1. Connecting Remote Users and Networks
  2. Enhancements for Connecting Remote Users and Networks in Windows 7
  3. Understanding IKEv2
  4. Understanding MOBIKE
  5. Understanding VPN Reconnect
  6. Protocols and Features of VPN Reconnect
  7. How VPN Reconnect Works
  8. Understanding DirectAccess
  9. Benefits of DirectAccess
  10. How DirectAccess Works
  11. Windows 7 and Windows Server 2008 R2
  12. Ipv6
  13. IPsec
  14. Perimeter Firewall Exceptions
  15. Implementing DirectAccess
  16. Understanding BranchCache
  17. Benefits of BranchCache
  18. How BranchCache Works
  19. Protocols Supported by BranchCache
  20. Implementing BranchCache
  21. Supported Connection Types
  22. Outgoing Connection Types
  23. Incoming Connection Types
  24. Deprecated Connection Types
  25. Supported Tunneling Protocols
  26. Comparing the Different Tunneling Protocols
  27. Understanding Cryptographic Enhancements
  28. Support for AES
  29. Weak Cryptography Removal from PP TP/L2TP
  30. Supported Authentication Protocols
  31. Understanding the VPN Connection Negotiation Process
  32. Creating and Configuring VPN Connection
  33. Creating a VPN Connection
  34. Initiating a Connection
  35. Terminating a Connection
  36. Viewing Connection Details
  37. Configuring a VPN Connection
  38. Configuring Security Settings for a VPN Connection
  39. Configuring the Tunneling Protocol (s) Used
  40. Configuring Advanced Connection Settings
  41. Configuring the Data Encryption Level
  42. Configuring the Authentication Method Used
  43. Configuring Authentication for IKEv2 connections
  44. Configuring Mobility for IKEv2 Connections
  45. Configuring Dial-Up Connections
  46. Creating a Dial-Up Connection
  47. Advanced Connection Settings
  48. Configuring Incoming Connections
  49. Managing Connections Using Group Policy
  50. Using Remote Desktop
  51. Understanding Remote Desktop
  52. Versions of RDP
  53. RDP 6.1 Features and Enhancements
  54. RDP 7.0 new features and enhancements
  55. RemoteApp and Desktop Connection
  56. Understanding RDC
  57. Understanding Remote Desktop Services Terminology
  58. Configuring and Using Remote Desktop
  59. Enabling Remote Desktop and Authorizing Users on a Single Computer
  60. Enabling Remote Desktop Using Group Policy
  61. Configuring and Deploying Remote Desktop Connection
  62. Configuring Remote Desktop Connection from the Command Line
  63. Configuring Remote Desktop Connection Using Notepad
  64. Configuring Remote Desktop Using Group Policy
  65. Establishing a Remote Desktop Session
  66. Improving Remote Desktop Performance
  67. Troubleshooting Remote Desktop Sessions
  68. Configuring and Using RemoteApp and Desktop Connection