I won't say DirectAccess is just another VPN, because it isn't, but it is a VPN technology with pretty robust security. It isn't an easy setup, as it requires working with IPv6 and certificates, however, once it is running, it is really slick in operation. Just connecting your laptop to the Internet and being instantly able to map corporate file shares and open intranet web apps or RDP sessions is great. Downsides to it are that not everything works with it, as not everything plays nice with IPv6, and the hardware requirements are more significant than for a traditional IPsec VPN. It also only works with Windows 7 clients.
Microsoft has enhanced security on their DirectAccess implementation by requiring their people to use smart cards for DirectAccess authentication. We may do that as well. I can say that everyone using my DirectAccess POC setup is liking it so far. Because of its "always on" nature, I think it will be a great boon to our management of remote computers (they always be connected for patching, AV updates, inventory, etc.). -Malcolm From: Brumbaugh, Luke [mailto:luke.brumba...@butlerschein.com] Sent: Friday, July 23, 2010 14:51 To: NT System Admin Issues Subject: Anyone using Forefront UAG and Direct Access Thoughts? Is it a big security hole? Luke L. Brumbaugh Network Engineer Butler Animal Health Supply Ph:(614) 659-1736 ********************************************************************** CONFIDENTIALITY NOTICE - The information transmitted in this message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy all copies of this document. Thank you. Butler Schein Animal Health ********************************************************************** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~