Windows 7 and Windows Server 2008

R2 DirectAccess Executive Overview

Microsoft Windows Family of Operating Systems

Published: January 2009

This document supports a preliminary release of a software product that may be changed substantially prior to final commercial
release. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in
this document. Information in this document, including URL and other Internet Web site references, is subject to change without
notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the
companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples
herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person,
place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user.
Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval
system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any
purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject
matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this
document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2009 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Windows, Windows Media, Windows Server, and Windows Vista are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries.
All other trademarks are property of their respective owners.
DirectAccess is a new feature in the Windows® 7 and Windows Server® 2008 R2 operating systems
that gives users the experience of being seamlessly connected to their corporate network any time
they have Internet access. With DirectAccess enabled, requests for corporate resources (such as e-
mail servers, shared folders, or intranet Web sites) are securely directed to the corporate network,
without requiring users to connect to a virtual private network (VPN). DirectAccess provides increased
productivity for a mobile workforce by offering the same connectivity experience both in and outside
of the office.

IT professionals also benefit from DirectAccess in many ways:

• Improved Manageability of Remote Users. Without DirectAccess, IT professionals can only

manage mobile computers when users connect to a VPN or physically enter the office. With
DirectAccess, IT professionals can manage mobile computers by updating Group Policy
settings and distributing software updates any time the mobile computer has Internet
connectivity, even if the user is not logged on. This flexibility allows IT professionals to
manage remote computers on a regular basis and ensures that mobile users stay up-to-date
with security and system health policies.

• Secure and Flexible Network Infrastructure. Taking advantage of technologies such as

Internet Protocol version 6 (IPv6) and Internet Protocol security (IPsec), DirectAccess
provides secure and flexible network infrastructure for enterprises. Below is a list of
DirectAccess security and performance capabilities:

o Authentication. DirectAccess authenticates the computer, enabling the computer to

connect to the intranet before the user logs on. DirectAccess can also authenticate
the user and supports two-factor authentication using smart cards.

o Encryption. DirectAccess uses IPsec to provide encryption for communications

across the Internet.

o Access Control. IT professionals can configure which intranet resources different

users can access using DirectAccess, granting DirectAccess users unlimited access
to the intranet or only allowing them to use specific applications and access specific
servers or subnets.

• IT Simplification and Cost Reduction. DirectAccess separates intranet from Internet traffic,
which reduces unnecessary traffic on the corporate network by sending only traffic destined
for the corporate network through the DirectAccess server. Optionally, IT can configure
DirectAccess clients to send all traffic through the DirectAccess server.
The following diagram shows how these features work together:

DirectAccess improves the productivity of mobile users by keeping them connected to corporate
resources. Combined with other Windows 7 improvements, such as Federated Search, which
searches intranet resources, and Folder Redirection, which synchronizes files across the network,
users will be able to find and access corporate resources seamlessly, wherever they are.

For more information about DirectAccess, see http://www.microsoft.com/directaccess.

Extend, scale and simplify DirectAccess deployments with Forefront Unified

Access Gateway
Forefront Unified Access Gateway (UAG) extends the benefits of DirectAccess in the
platform across the infrastructure by enhancing scalability and simplifying deployments
and ongoing management.

Anywhere Access

• Extend Windows DirectAccess to legacy applications and resources running on

existing infrastructure.

• Support down-level and non-Windows clients through integrated SSL VPN

capabilities and other connectivity options.

Integrated Security

• Protect the DirectAccess gateway with a hardened edge solution.

• Limit exposure associated with connecting unmanaged, down-level and non-

Windows clients through granular application access controls and policies.

Simplified Management

• Minimize configuration errors and simplify deployment using built-in wizards and
tools.

• Enhance scale and ongoing administration through built-in array management

and integrated load balancing

• Consolidate access gateways for centralized control and auditing.