Windows 7 DirectAccess

Windows 7 DirectAccess is a new technology that replaces the traditional VPN solutions. DirectAccess allows a Windows 7 computer to automatically connect to a corporate network over the Internet. It is an always-on connectivity solution based on IPv6 and IPsec. Microsoft’s Forefront Unified Access Gateway (UAG) extends the benefits of DirectAccess by enhancing scalability and simplifying deployments and management. DirectAccess differs from a VPN solution in the following ways:

  • The connection process is automatic and does not require user intervention or logon. The connection process starts from the moment the computer connects to the Internet as opposed to traditional VPN connections where users must initiate the connection manually.
  • DirectAccess is bidirectional, that is, computers on the intranet can interact with the Windows 7 client as if it was connected to the local area network (LAN). In many traditional VPN solutions hosts on the intranet cannot initiate communications with the client.
  • DirectAccess provides administrators with greater flexibility in which intranet resources are available to remote users and computers. It can be integrated to Network Access Protection (NAP) to enforce system health requirements before allowing DirectAccess clients access to the intranet, and apply security policies to isolate servers and hosts.

DirectAccess provides a secure connection based on computer authentication, enabling the computer to connect to the intranet before the user logs on. DirectAccess can also authenticate the user and supports two-factor authentication using smart cards. DirectAccess uses IPsec to provide encryption for communications across the Internet and allowing for a granular access control to intranet resources.