Subscribe via e-mail: 
Windows 7 DirectAccess – Experiences
By Michael Pietroforte | 14 Comments | Permalink | Trackback | Previous | NextCheck out all reviews and tips about Windows 7 on 4sysops.
- Review: Windows 7 AppLocker – Part 1: Overview
- Review: Windows 7 AppLocker – Part 2: Tips
- Review: Windows 7 Action Center and the Control Panel
- Review: Windows 7 BitLocker
- Review: Windows 7 BitLocker to Go – Part 1: Usability
- Review: Windows 7 BitLocker to Go – Part 2: Manageability
- Windows 7 DirectAccess – Features
- Windows 7 DirectAccess – Experiences
In my last article I listed all important features of DirectAccess. Today I will share some experiences I made when I placed a little with it.
DirectAccess has to be installed as a feature on Windows Server 2008 R2. I wonder why it is a feature and not a role, considering that it is recommended to use DirectAcess on a server that has no other function. I must admit, I still don’t understand the difference between server roles and features.
It is interesting to note that two network interfaces are required, which indicates that DirectAccess has firewall functionality. One network card is usually enough for VPN. DirectAccess also complained that I have no Public Key Infrastructure. After I installed the Certificate Server role on the same machine, the DirectAccess setup was satisfied. The setup wizard then let me configure the user groups that are allowed to use DirectAccess.
Next, I had to configure the external and the internal network interface. The external interface needs a public IP address. The setup program was smart enough to recognize that I was using a private IP. It surprised me a little that DirectAccess bothered about the IPv4 settings, anyway. DirectAccess requires IPv6, which probably is the main reason why it will take a while until corporations embrace this new feature. In the last two steps, one has to identify the infrastructure servers (DNS, domain controller) and the applications servers.
I then tried to figure out what has to be configured on the client side. I am not sure if the Windows 7 Beta1 already supports DirectAccess, because I didn’t find a corresponding feature or service. I also skimmed over the Group Policy settings but I didn’t find any hints there. Unfortunately, the links to the help files on my Windows Server 2008 R2 didn’t work and I also wasn’t able to find any technical manual about it on the web. Please let me know if you were able to get further with your testing of DirectAccess. I will probably try it again as soon as Windows 7 RC is out.
All in all, I think DirectAccess is a very interesting new feature. It might even replace VPN in the long run. I believe such technologies are directly aimed at Google Apps & Co. The biggest advantage of cloud apps is that they are location-independent. Considering that network bandwidth for mobile users is rapidly improving these days, it won’t take long until it doesn’t make a difference anymore if users work in the corporate intranet or in a home office. Admins can manage remote machines as if they were in the office next door or on a virtual desktop in the datacenter. A desktop will be just a desktop no matter where it is located, whether it is virtualized or not. With private cloud technologies and features such as DirectAcces, we can enjoy the advantages of scalability, fat clients, and mobility.
Hi Michael
Did you try to use Windows 2008 R2 as a DirectAccess client.
Hopefully I will get some time in the near furture to test it like you.
My plan is to make a test-setup with a real Public IP, where the IPv6 tunnel provider could be SixXS.
http://www.sixxs.net/home/
If I get any positive results, I will let you know.
Thanks for a great IT blog.
/Jesper
Jesper, thanks! I also didn’t find a DirectAccess client on R2. Perhaps I have been searching at the wrong places. It would be great, if you share your experiences with DirectAccess as soon as you have tested it.
I am also trying to get DirectAccess to work. I have everything set up, but I keep getting an ID certificate error. I have not moved passed the prerequisites yet.
Oh well. I will keep trying.
Did you install the Certificate Server role?
Michael, I did install AD CS and there are no errors. I installed it as a standalone, subordinate, CA.
Were you able to access the documentation? The links in the DirectAccess snap-in didn’t work on my test installation. I somehow think it is better to wait for the RC.
No, the documentation does not exist. I find it funny MS wants people to try these features in the Beta, but can’t even have them enabled. I guess that is why it’s a Beta.
They just should put out something on their site that states DirectAccess does not currently work.
I agree. I started testing Windows 7 because Ballmer said that is now feature-complete. It seems to me that this applies only to the gimmicks.
From what I read (see below, and yes this may not be true) DirectAccess will only be available to Ultimate and Enterprise i.e. Software Assurance) versions of Windows so this feature would be of limited interest. Not very smart Microsoft
http://www.crn.com.au/Tools/Print.aspx?CIID=136446
Hugh, thanks a lot for the interesting information. I googled the topic. There are quite a few important features that Windows 7 Professional lacks.
Just to let everyone know, there is now a guide for DirectAccess. Looks like my problem may lie in no server 2008 Domain Controller. Oh well. Looks like I will be setting up a whole new test environment!!
http://www.microsoft.com/downloads/details.aspx?FamilyID=2fdc531d-9138-454f-a820-78211755b52a&displaylang=en.
For business customers, Windows 7 Beta 1 now supports Direct Access, which enables mobile workers to securely connect to the corporate network without the need for a virtual private network, and BranchCache, which locally caches content from remote file or web servers.
http://www.techcentral.ie/article.aspx?id=12959
but i can’t find the DirectAccess client too.
Sneak, I am sure the author of this article didn’t verify what the Microsoft spokesman told him.
Adoption will be slow since it requires Server 2008 R2 as well.