One of the new features of Windows 7 / Windows 2008 R2 is DirectAccess. The promise of DirectAccess is the ability for corporate laptops and machines to connect to the corporate LAN seamlessly without the need for a VPN. (Or rather, DirectAccess will be your VPN). The machine will be connected whenever it is connected to internet access. All of your internal resources will be available to the client machine whenever it has internet access. Marcos Velez summarized some of the requirements and challenges clients may face when looking to implement the new Windows DirectAccess feature.
… as with everything that is too good to be true, the requirements [for DirectAccess] are enormous. I will try to summarize some of those right now:
- DirectAccess requires Windows 2008 R2
- DirectAccess requires IPv6
- DirectAccess clients need a client certificate in order to be able to connect to the network
- DirectAccess requires deploying a DirectAccess server
- DirectAccess STILL requires users to log in, but
- DirectAccess client laptops (or computers) are ALWAYS connected to the corporate network (even before the user has logged on)
By the way, DirectAccess is a very cool idea, and it really is worth considering, but the list of pre-requisites is long. Daunting, even. DirectAccess requires a large investment (of time and money) by clients into technologies that they might not be able (or willing) to undertake at this time. That is a discussion that needs to be taken up with the client, of course.