Type your search and hit enter
Microsoft DirectAccess impresses

Microsoft DirectAccess impresses

Available since Windows Server 2008 R2, Microsoft's DirectAccess server role became fully integrated with the OS in Windows Server 2012. DirectAccess is designed to connect a VPN-type session automatically as soon as a compatible Windows client is connected to the Internet.

Improvements to the DirectAccess feature in Windows Server 2012 include simplifying the PKI infrastructure and allowing DirectAccess and RRAS to coexist on the same server by combining them into one server role. Other features include support for load balancing, multiple domains and DirectAccess servers behind NAT devices.

To get started with DirectAccess, we installed the server role and enabled Remote Access, which is disabled by default. There are two wizards to configure the DirectAccess and VPN server. One wizard runs with the recommended settings and one allows for custom settings. The wizard can deploy DirectAccess, VPN or both. The recommendation is to deploy both, which is what we did. To set up computer accounts with DirectAccess privileges you can either manually create a set of rules or run a PowerShell script.

[ALSO: Cisco edges F5 in VPN shootout

Java security questions answered]

We quickly discovered that DirectAccess works only with certain versions of Windows, such as Windows 7 (Enterprise or Ultimate) and Windows 8 (Enterprise only). Also, any clients running on Windows 7 must use PKI, as the Kerberos option only works with Windows 8.

From a management standpoint the Remote Access Management Console in Windows Server 2012 is on par with the best of the products we tested. The Console is intuitive with easy to navigate panels and quick access to tasks from the navigation bar. Status displays can be collapsed and expanded as needed, and the checklist style display of status items with colored icons makes it easy to identify items needing attention. The reporting and logging features are also useful, but not as detailed as those found for some of the other products we tested.

We found the DirectAccess feature in Windows Server 2012 to be a significant improvement over previous versions. However, there are fairly strict limitations, especially on the client side as mentioned above. But if your environment consists mainly of Windows 8 clients needing VPN access, Windows Server 2012 DirectAccess might be the solution that you can deploy without the need for additional hardware or software.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftendpoint securityShellWide Area Network

More about CiscoF5Microsoft

Show Comments