In my last article I listed all important features of DirectAccess. Today I will share some experiences I made when I placed a little with it.
Latest posts by Michael Pietroforte (see all)
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
- PowerShell remoting with SSH public key authentication - Thu, May 3 2018
DirectAccess has to be installed as a feature on Windows Server 2008 R2. I wonder why it is a feature and not a role, considering that it is recommended to use DirectAcess on a server that has no other function. I must admit, I still don't understand the difference between server roles and features.
It is interesting to note that two network interfaces are required, which indicates that DirectAccess has firewall functionality. One network card is usually enough for VPN. DirectAccess also complained that I have no Public Key Infrastructure. After I installed the Certificate Server role on the same machine, the DirectAccess setup was satisfied. The setup wizard then let me configure the user groups that are allowed to use DirectAccess.
Next, I had to configure the external and the internal network interface. The external interface needs a public IP address. The setup program was smart enough to recognize that I was using a private IP. It surprised me a little that DirectAccess bothered about the IPv4 settings, anyway. DirectAccess requires IPv6, which probably is the main reason why it will take a while until corporations embrace this new feature. In the last two steps, one has to identify the infrastructure servers (DNS, domain controller) and the applications servers.
I then tried to figure out what has to be configured on the client side. I am not sure if the Windows 7 Beta1 already supports DirectAccess, because I didn't find a corresponding feature or service. I also skimmed over the Group Policy settings but I didn't find any hints there. Unfortunately, the links to the help files on my Windows Server 2008 R2 didn't work and I also wasn't able to find any technical manual about it on the web. Please let me know if you were able to get further with your testing of DirectAccess. I will probably try it again as soon as Windows 7 RC is out.
All in all, I think DirectAccess is a very interesting new feature. It might even replace VPN in the long run. I believe such technologies are directly aimed at Google Apps & Co. The biggest advantage of cloud apps is that they are location-independent. Considering that network bandwidth for mobile users is rapidly improving these days, it won't take long until it doesn't make a difference anymore if users work in the corporate intranet or in a home office. Admins can manage remote machines as if they were in the office next door or on a virtual desktop in the datacenter. A desktop will be just a desktop no matter where it is located, whether it is virtualized or not. With private cloud technologies and features such as DirectAcces, we can enjoy the advantages of scalability, fat clients, and mobility.