Something that I don’t I’ve made very clear on these blog posts about UAG and DirectAccess (DA) is that UAG isn’t the only way that you can deploy DA. In fact, the original way available for enabling DA was by using Windows Server 2008 R2 and Windows 7 only – there was no UAG DA solution at that time. However, since the release of UAG 2010, the UAG DA solution is considered the best way and really the only way that enterprises should deploy DA.
What’s the difference between the Windows DA and the UAG DA? Some of the differences include:
- You need to have a native IPv6 network or use ISATAP on all hosts on the intranet with the Windows DA. You don’t need that with the UAG DA since UAG DA has NAT64/DNS64
- You need to use Hyper-V and Windows Failover Clustering for cold standby if you want to get a measure of high availability for the Windows DA. You don’t need to use Hyper-V or failover clustering with the UAG DA because you can use arrays and NLB with UAG DA
- You need to configure each DA server separately when you configure multiple Windows only DA server. When you use UAG DA, you can create arrays of up to 8 DA servers where you make the configuration settings on the Array Manager and those settings are automatically deployed to all other servers in the array
- You need to perform some manual configuration settings for the Windows Firewall with Advanced Security and Connection Security Rules for full NAP support at the gateway. In contrast, these Connection Security Rules are created and deployed for you automatically when you use the UAG DA solution.
If you want to know more about what UAG DA has to offer, check out my article on TechRepublic over at:
http://blogs.techrepublic.com.com/10things/?p=1463
HTH,
Deb
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
[email protected]