Microsoft DirectAccess: The ugly truth
The seamless secure remote access built into Windows 7 and Windows Server 2008 R2 is fantastic, if you don't mind a forklift upgrade or complexity and work-arounds
From a deployment standpoint, there are a couple of problems. First, DirectAccess runs over IPv6 and only connects to Windows Server 2008 R2 or Windows Server 2008 with SP2. The Internet at large is still IPv4. In order for DirectAccess to communicate over the Internet, bridging protocols such as 6to4 or Teredo have to be used to encapsulate IPv6 packets over any IPv4 medium or network device. These technologies have been around for years, so they in themselves are not scary. But when we thought we were simplifying our remote access by eliminating VPN management, we are now adding more protocol support to the mix.
[ DirectAccess is one of several "better together" features in Microsoft's new client and server. See "Windows 7 and Windows Server 2008 R2: Joined at the hip." ]
Also, because other releases of Windows server operating systems don't support dual-layer IP, DirectAccess can't natively talk to them. If your enterprise has a bank of Windows Server 2003 or older machines that won't be upgraded anytime soon, that data is in a silo that DirectAccess can't directly access.
There are ways to provide access to these "legacy" servers using a NAT-PT (Network Address translation/Protocol Translation) appliance, such as Microsoft's Forefront Unified Access Gateway. Using a NAT-PT gateway will allow DirectAccess clients to connect to IPv4-based servers and resources -- a good thing. But now we have added another system to the network in order to make it work.
DirectAccess is one of the new "better together" features of Windows 7 and Windows Server 2008 that I was most excited about. I still believe it is the future of secure, managed remote access for Windows users, but unfortunately, I don't see many small or medium-size networks doing a forklift upgrade just to enable this new feature. It's too hard to justify the expense and the effort when VPN and other remote access options are already paid for and installed.
Read more InfoWorld Test Center reviews of Microsoft technologies:
- InfoWorld preview: Visual Studio 2010 Beta 2 impresses
- First look: Microsoft SharePoint 2010 beta spreads the wealth
- Ten things you need to know about SharePoint Server 2010
- PC vs. Mac deathmatch: Snow Leopard beats Windows 7
- Windows 7 on multicore: How much faster?
- Office suites in the cloud: Microsoft Office Web Apps versus Google Docs and Zoho
- Microsoft's Hyper-V R2 is hot on VMware's heels
- First glimpse: Microsoft Office Web Apps
- Windows 7 RTM: The revenge of Windows Vista
- Office 2010 looks solid and smooth
- Windows XP Mode: The new DOS box
- First look: Exchange 2010 beta shines