Microsoft DirectAccess is a new cool feature available in Windows 7 in partner with Windows 2008 R2 Server (aKa Windows 7 Server). If your organization has number of mobile users working from home or anywhere outside the office, normally they need to dial some kind of VPN connection to connect with corporate network and then can utilize the intranet resources. This kind of VPN connections some time restricted in cafe or coffee shop firewalls and also the user has to be educated that how to connect. But now with introduction of DirectAccess everything is completely transparent to user. He just will power on his portable machine and if configured then Windows 7 Enterprise will automatically connect to the corporate office even before the user logon screen. Here how it works:
DirectAccess clients use the following process to connect to intranet resources:
1. The DirectAccess client computer running Windows 7 detects that it is connected to a network.
2. The DirectAccess client computer attempts to connect to an intranet Web site that an administrator specified during DirectAccess configuration. If the Web site is available, the DirectAccess client determines that it is already connected to the intranet, and the DirectAccess connection process stops. If the Web site is not available, the DirectAccess client determines that it is connected to the Internet and the DirectAccess connection process continues.
3. The DirectAccess client computer connects to the DirectAccess server using IPv6 and IPsec. If a native IPv6 network isn’t available (and it probably won’t be when the user is connected to the Internet), the client establishes an IPv6-over-IPv4 tunnel using 6to4 or Teredo. The user does not have to be logged in for this step to complete.
4. If a firewall or proxy server prevents the client computer using 6to4 or Teredo from connecting to the DirectAccess server, the client automatically attempts to connect using the IP-HTTPS protocol, which uses a Secure Sockets Layer (SSL) connection to ensure connectivity.
5. As part of establishing the IPsec session, the DirectAccess client and server authenticate each other using computer certificates for authentication.
6. By validating Active Directory® group memberships, the DirectAccess server verifies that the computer and user are authorized to connect using DirectAccess.
For more info visit : http://www.microsoft.com/servers/directaccess.mspx
0 comments:
Post a Comment