Ever since Windows 7 was launched, I’ve had a steady stream of people asking me if I know of educational establishments who have implemented DirectAccess.
DirectAccess allows you to setup your staff laptops so that they can always have secure access to your university network wherever they are, but without forcing them to use a VPN connection. There are a number of benefits for universities and staff: Unlike a VPN connection, it only reroutes some network access through your network connection, not all Internet access. Which means it doesn’t slow down or filter normal Internet access at home from the laptop. It is transparent to the user – so they just access a network share or VLE folder as they normally would, just as if they are on campus. It can be used with two-factor security (eg a smartcard) so that it meets Cabinet Office guidance on information security on remote access to sensitive student data It minimises the amount of sensitive data that your staff put on their laptop. This could save you getting into hot water with the Information Commissioner’s Office if a laptop goes missing. You can manage your laptops through policies, even if they are rarely connected to your campus network
DirectAccess allows you to setup your staff laptops so that they can always have secure access to your university network wherever they are, but without forcing them to use a VPN connection. There are a number of benefits for universities and staff:
Although I use it myself (and as a user, I’m a big fan of it, because VPN access used to be slow, and I’d avoid VPN’ing as much as possible) I don’t know of any universities that have implemented it fully.
So I thought that perhaps I should share some resources to help people who are experimenting.
There’s a 2 minute video demonstration of it which you can download, which shows how very simple it is for the user.
View the TechNet DirectAccess webcast home page
In this webcast, John Baker from the TechNet team focuses on the DirectAccess feature in the Windows 7 operating system, which provides secure anywhere access on the network. We explore how DirectAccess makes it easier for IT professionals to manage the network infrastructure and how it helps reduces IT costs. We also discuss how DirectAccess works and how to set up and configure DirectAccess in the network infrastructure. The session includes demonstrations on how to setup and configure DirectAccess on Windows 7-based clients and the Windows Server 2008 R2 operating system.
There’s a whitepaper, called (takes deep breath) “Windows 7 and Windows Server 2008 R2 Networking Enhancements for Enterprises” which takes a detailed look at new networking technologies in Windows 7 and Windows Server 2008 R2, with particular emphasis on enhancements to improve connectivity for a mobile workforce. New features and enhancments including DirectAccess, BranchCache, VPN Reconnect, mobile broadband device support, URL-based QoS, DNSSEC, and support for green computing.
There’s a lot of technical details on DirectAccess (and a lot of acronyms like IPv6, IPsec and 56-bit key encryption) on page 5-6 of this whitepaper
The TechNet site has a growing series of Infrastructure Planning and Design Guides for all kinds of areas – virtualisation, Windows Server 2008, SQL Server, Online Services and the Optimised Desktop. The one that’s relevant is the IPD Guide for DirectAccess in Windows 7.
Head to the TechNet DirectAccess page, for a big bundle of further documents and information that will help.
And if you’ve implemented it in your university, then drop me a line or add a comment, to share your story.