Table of Contents
technology [edit ]
DirectAccess establishes IPsec tunnels from the node to the DirectAccess server, and uses IPv6 to reach intranet resources or other DirectAccess clients. This engineering encapsulates the IPv6 traffic over IPv4 to be able to reach the intranet over the Internet, which still ( by and large ) relies on IPv4 traffic. All dealings to the intranet is encrypted using IPsec and encapsulated in IPv4 packets ( if a native IPv6 connection can not be established ), which means that in most cases, no shape of firewalls or proxies should be required. [ 3 ] A DirectAccess customer can use one of several tunneling technologies, depending on the shape of the network the customer is connected to. The client can use 6to4, Teredo burrow, or IP-HTTPS, provided the waiter is configured correctly to be able to use them. For example, a node that is connected to the Internet directly will use 6to4, but if it is inside a NATed net, it will use Teredo rather. In addition, Windows Server 2012 provides two backward compatibility services DNS64 and NAT64, which allows DirectAccess clients to communicate with servers inside the corporate network even if those servers are alone adequate to of IPv4 network. Due to the globally routable nature of IPv6, computers on the corporate net can besides initiate a connection to DirectAccess clients, which allows them to remotely manage ( Manage Out ) these clients at any time. [ 4 ]
Benefits [edit ]
DirectAccess can be deployed for multiple sites. It allows for a secure encrypted VPN. This is controlled through Group Policies which allows the administrator to maintain a batten network .
Requirements [edit ]
DirectAccess With Windows Server 2008 R2 or UAG requires :
Reading: DirectAccess – Wikipedia
- One or more DirectAccess servers running Windows Server 2008 R2 with two network adapters: one that is connected directly to the Internet, and a second that is connected to the intranet.
- On the DirectAccess server, at least two consecutive, public IPv4 addresses assigned to the network adapter that is connected to the Internet.
- DirectAccess clients running Windows 7 “Ultimate” or “Enterprise” editions or Windows 8 “Enterprise” edition clients
- At least one domain controller and Domain Name System (DNS) server running Windows Server 2008 SP2 or Windows Server 2008 R2.
- Public key infrastructure (PKI) to issue computer certificates.
DirectAccess With Windows Server 2012 requires :
- One or more DirectAccess servers running Windows Server 2012 with one or more network adapters.
- At least one domain controller and Domain Name System (DNS) server running Windows Server 2008 SP2 or Windows Server 2008 R2.
- DirectAccess clients running Windows 7 “Ultimate” or “Enterprise” editions or Windows 8 “Enterprise” edition clients
- A Public Key Infrastructure is not required for Windows 8 Clients.[5]
Smart card certificates, and health certificates for Network Access Protection may be used along with PKI .
