Hi All,

Today’s employees are more mobile than ever and they expect to have access to intranet resources wherever they travel. Providing this level of connectivity in a secure, manageable, and seamless way has been difficult until now. The Windows Server 2008 R2 and Windows 7 operating systems support a new feature called DirectAccess that enables seamless remote access to intranet resources. Unlike traditional virtual private networks (VPNs), which require user intervention to initiate a connection to an intranet, DirectAccess allows any application on the client computer to have complete access to intranet resources while allowing the IT administrator to specify which resources or even client-side applications that are restricted for remote access.

Users will enjoy seamless connections to intranet resources without being bothered by long waits while VPNs try to connect or reconnect. Your organization will benefit because remote computers can be managed as if they were local–using the same management and update servers–to ensure they are always up-to-date and in compliance with security and system health policies. Security administrators can define more detailed access control policies for remote access than are possible with current VPN solutions and rest easier knowing that those same policies can provide continuous protection to the remote computer from threats on the potentially hostile network known as the Internet.

DirectAccess allows remote users to connect directly to intranet servers, which means organizations can reduce costs and simplify their network edge by reducing the number of application-specific front-end servers that are currently deployed.

DirectAccess marks the beginning of the shift to thin-edge networking and a continuation of policy-based security. By implementing DirectAccess, your organization is deploying the foundation for connectivity and security that will carry it into the future.

This document introduces DirectAccess concepts, defines new terms, explains requirements for installation, discusses how to design a DirectAccess deployment architecture, and then steps you through installation for Windows Server® 2008 R2 Release Candidate (RC). The main body of the document is divided into the following sections, which should provide a foundational understanding of DirectAccess:

· Introduction to DirectAccess

· Connectivity

· IPsec

· Determination of On-Intranet or Off-Intranet

· Requirements and Prerequisites

· Additional Deployment Options and Considerations

· Designing a DirectAccess Solution

· DirectAccess Monitoring

· Integrating DirectAccess with Server and Domain Isolation

· References

· Troubleshooting

The appendices contain the information that you need to install and deploy DirectAccess. The appendices include the following:

· Appendix A – Installation Overview

· Appendix B – DirectAccess Setup Wizard Instructions

· Appendix C – Scripted DirectAccess Single Server Installation Instructions

· Appendix D – Scripted and Group Policy DirectAccess Client Installation Instructions

· Appendix E – Tips for Scripting

· Appendix F – DirectAccessConfig.xsd

Additional Resources

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2- http://www.microsoft.com/downloads/details.aspx?FamilyID=64966E88-1377-4D1A-BE86-AB77014495F4&displaylang=en

Windows 7 Enterprise & Direct Access - http://www.microsoft.com/windows/enterprise/products/windows-7/features.aspx#directaccess

Direct Access Demo - http://www.microsoft.com/windows/enterprise/videos/windows-7/default.aspx#Introduction