DirectAccess is a new technology in Windows 7 that eventually may replace traditional VPN installation solutions such as Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol/Internet Protocol Security (L2TP/IPsec), and Secure Socket Tunneling Protocol (SSTP). DirectAccess is an automatic connectivity solution that allows clients running Windows 7 to connect seamlessly to the corporate intranet the moment they establish any Internet connection. The adoption of DirectAccess will not occur overnight. Organizations have to make major changes to their network infrastructure, adopt new server and client technologies, and fully change over form IPv4 to IPv6.
DirectAccess is an always connected, IPv6, IPsec VPN connection. If Configured properly a computer or laptop is able to connect to the Internet, and direct access automatically connects the machine to their corporate network. DirectAccess differs from other VPN solutions in the following ways:
- The connection process is automatic and does not require user to do anything. The DirectAccess connection process starts from the minute the computer connects to an active Internet connection. To the user it appears that they are always connected to the company's intranet, whether they are sitting in the office or they are in their hotel room on a business trip. Traditionally, users must initiate VPN connections to the corporate intranet manually.
- DirectAccess is bidirectional, with servers on the intranet being able to interact with the client running Windows 7 in the same way that they would if the client was connected to the local area network. In many traditional VPN solutions, the client can access the intranet but servers on the intranet cannot communicate with the client. DirectAccess provides administrators with a more granular way of controlling what intranet resources are available to remote users and computers. Administrators can integrate DirectAccess with NAP to ensure that remote clients remain up to date with virus definitions and software updates. Administrators can also apply network security policies to isolate servers and hosts.
As you can see DirectAccess is a very useful technology for the corporate user. Although it will require most companies to upgrade their network infrastructure, the simplification of the users involvement compared to a typical VPN installation might outweigh the work involved to implement DirectAccess.