A Blog by Ben Lavender.

After deploying DirectAccess a corporate network this week, I thought doing a blog would be a good way to close the project.

Windows Server 2008 R2 first introduced DirectAccess in 2009 as a “seamless” and “always-on” remote access feature for domain-joined Windows clients. It has grown significantly bigger and more advanced with the latest release of Windows Server 2012 and 2012 R2.

DirectAccess allows users to connect to the corporate network from the public network without having to initiate a VPN connection, also know that DA is not a form of a VPN connection.

A user running a supported client simply logs on using their domain account as they normally would inside the corporate network as the client will automatically connect once it knows it has an internet connection.

DirectAccess diagram

The above diagram shows a common DA topology where the DA server is behind a NAT device.

So in a nutshell, a user would just need an internet connection to the WAN to connect to the corporate network using DirectAccess. As with a VPN connection, the user would have to login locally, connect to a network device then manually establish a VPN connection using a VPN client, thus providing the ISP didn’t block VPN protocols such as L2TP and PTPTP for example. DA doesn’t require VPN protocols since it’s not a VPN system! Just the basic everyday internet connection to the network using destination port 443 (IP-HTTPS).

This allows for straight forward administrator manageability since no user needs to be logged into the client to create a connection, and it’s as stable as the line it’s connected to, including the corporate infrastructure but you know your equipment is solid.

DA supports clients running Windows 7 Ultimate and Enterprise, and Windows 8/8.1 Enterprise.

Can I use this at my company?

You’re probably wondering what you need to implement this on our network right? Well it’s not a difficult task, its simple with Windows Server 2012 and even simpler if you’re using Windows 8 clients with a Windows Server 2012 as your DA server!

Ask yourself; “Am I running the above and would I like users to be connected right away without having to initiate any VPN connection?” Know that if a remote user logs off and another remote user logs on the connection remains which saves time.

Leave a Reply

Your email address will not be published. Required fields are marked *