It looks like the general availability goal for Windows 7 is right on target for an Oct. 22, 2009, release, and the Windows Server team is hoping to debut Server 2008 R2 at the same time. The timing isn't accidental: These two products are meant to work together in an enterprise environment. And IT needs to pay attention to them as a set, as we haven't seen this tandem co-development between Microsoft's server and client products since Windows 2000.
Here's a tour of where the two technologies come together and what IT needs to know about the crossover.
With Windows 7 and Windows Server 2008 R2, mobile users will be able to access the corporate network from any Internet connection (drumroll, please) without a VPN. If you're accustomed to using Outlook Anywhere to connect to your Exchange environment without going through a VPN, it is a similar concept. DirectAccess will use the Secure Socket Tunneling Protocol (SSTP) over SSL port 443 -- similar to going through HTTPS to access secure sites. In addition, Direct Access can use IPv6 over IPSec for encrypted communications through the Internet.
Note: To eliminate the fear factor here, keep in mind that users will still be required to authenticate. A stolen laptop won't mean automatic DirectAccess to your company network. Along those lines, you may also want to think about using Windows' BitLocker disk encryption for that laptop. In addition, two-factor authentication can be implemented (such as through smart cards or biometrics) so that you can take advantage of Windows 7's biometric enhancements as well.
There are some clear benefits to the DirectAccess approach. Rather than dealing with an unwieldy VPN connection, users will have a very simple access method to their network from wherever they are (as long as they have Internet connectivity, of course). Typically, within a business network, users with mobile systems can receive updates and policy changes only when they connect to the network. With DirectAccess, users will not even need to log in, as long as they have Internet access. And IT can apply changes on the client devices at any time the devices are connected, providing a much easier method of patch and anti-virus definition management.