Microsoft DirectAccess Overview

Home is where the heart is. And in this interconnected world, that’s also where many of your workers are. But with more and more people connecting to an office network from home, how can you keep them productive without exposing yourself and others on your network to potential risks?

Being securely connected with an organization remotely is yet another hurdle IT pros must face. Thankfully, there are ways we can overcome potential security risks while supplying robust remote access. Virtual private networking (VPN) is a traditional solution many have used successfully. But it might be hard to find a better and more convenient way to provide a secure remote connection than using Microsoft DirectAccess.

Many people, including some IT professionals, believe that DirectAccess is just another advanced VPN solution. Although there are a few similarities between VPN and DirectAccess, they are completely different in terms of their underlying technology and functionality.

What is DirectAccess?

DirectAccess1DirectAccess, also known as Unified Remote Access, is a product of Microsoft, designed exclusively for Windows. It was initially introduced in Windows Server 2008 and Windows 7 Enterprise edition to allow users to access private network resources remotely using the Internet. DirectAccess is a more secure, convenient, and advanced alternative than the traditional VPN.

DirectAccess primarily aims at providing a seamless intranet connectivity to its users. It offers a transparent always-on connection established by a machine and not by the user. Therefore, DirectAccess starts securing the network channel as soon as a client gets on an active Internet connection. DirectAccess also provides an authenticated, secure, and bidirectional connection in providing remote access to its users.

What makes DirectAccess better than VPN?

  • DirectAccess overcomes some of the serious drawbacks in the implementation of VPN. As mentioned earlier, VPN connections are user-initiated, whereas in the case of DirectAccess, the connection is machine-initiated. Additionally, all the clients are directly connected with management servers, ensuring security configuration compliance.
  • DirectAccess connections are considerably more secure than those offered by VPN because it is mandatory for all DirectAccess clients to have a certificate issued by the organization itself.
  • DirectAccess is a firewall-friendly feature and is not restricted to any geographical area. It works anywhere, provided the user is connected to the Internet. Conversely, VPN networks face hurdles trying to handle some firewalls and they might sometimes fail to provide secure remote access to all the locations.
  • In DirectAccess, all clients are constantly monitored and managed by the host or management server, which minimizes the threat of intruders in a network. In the case of a VPN, a client can enter a network without the knowledge of centralized server, which could lead to a security problem with significant risks.
  • DirectAccess is a bidirectional connection. Therefore, all the client systems in a DirectAccess network are always serviceable by the management server. A server in a DirectAccess network can easily troubleshoot an issue on a client system, which is not always possible in VPN.
  • VPN involves a complex process of establishing a connection to the network, which reduces workers’ productivity and efficiency. DirectAccess, on the other hand, is comparatively easy and hassle-free to set up, connect, and use.

DirectAccess2

Requirements

  • One domain controller running Windows Server 2003 or above
  • An Internal PKI (Public Key Infrastructure) designed by the organization to assign machine certificates to the clients and servers.
  • DirectAccess server must be running on Windows server 2008 R2 and both clients and server must run on Windows 7 Enterprise/Ultimate editions or higher.
  • All the DirectAccess clients must be a member of active directory domain.
  • DirectAccess server must have two network interface adaptors to support its bidirectional communication.

Advantages of DirectAccess

Increased security

DirectAccess3DirectAccess provides a fully encrypted and authenticated mode of connection. It gives employees an authenticated IPSec encryption for integrity and confidentiality.

DirectAccess is secured in several stages in the entire remote connectivity process. It utilizes various digital certificates, Kerberos standards, and NTLM to maintain a reliable, secure, and an authenticated connection. Apart from all the aforementioned inbuilt security mechanisms of DirectAccess, organizations can also integrate smart cards and dynamic one-time passwords for additional security and assurance that only authorized users can connect with the organization.

User experience

Since DirectAccess ships with an always-on connection by default, it doesn’t require any specific action or setup from the user to establish a remote connection. DirectAccess provides a seamless user experience and allows a user to access the organizational resources remotely in the same way they do from the office.

Lower Support costs and ease of use

DirectAccess unarguably provides a better user experience to its users over a VPN or any other solution for remote connectivity. In DirectAccess, and entire remote access connection is established at the machine level, relieving the end users from a lengthy process of establishing a remote connection. Since most of the connection process is managed at the machine level, productivity of users increase. And perhaps even better, the work of the IT support staff is decreased.

Support for load balancing

DirectAccess comes integrated with load balancing solutions to provide higher scalability and availability. It uses either Windows network load balancing techniques or employees hardware load balancer, allowing a user to configure multiple DirectAccess servers in an organization so that the load is uniformly balanced across these multiple servers.

DirectAccess proves that mobility is no longer an unsurmountable challenge to the IT field, which is why it is the choice for many individuals and organizations.

Ready to set up DirectAccess? Then check out this step-by-setp Microsoft tutorial.

About The Author

4 thoughts on “Microsoft DirectAccess Overview”

    1. Hi Gene,

      DirectAccess is an IPV6 only solution from a client’s perspective and is therefore a requirement. However, the transition technologies are used to bridge the differences as IPV6 is still not widely deployed and used.

      However, we have taken down the statement from the story as it could lead to confusion as you pointed out.

      Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top