microsoft direct access
TRANSCRIPT
Microsoft Direct AccessMicrosoft Server 2012 R2
HAIRER Martin
WHAT IS DIRECT ACCESS?
THE CONCEPT
COMPONENTS
DEPLOYMENT
MS Direct Access
Direct Access is the ultimate VPN solution that is one of the enablers for the New Way of Work
Direct Access is always ON
source: microsoft.com
MS Direct Access
Seamless and Transparent Corporate Network connectivity for Managed Clients
Remote Access
source: microsoft.com
differences to VPN
The DirectAccess client is always
managed.
The DirectAccess client is always
serviceable.
The DirectAccess client uses two
separate tunnels to connect.
WHAT IS DIRECT ACCESS?
THE CONCEPT
COMPONENTS
DEPLOYMENT
DA Overview
Windows Clients
Corporate Network
Direct Access
VPN
Public Network
osX - Linux Clients
iOS - Android
Bi-Directional
Windows 7+
Corporate NetworkPublic Network
Management
Data/Application
CONCEPT
DirectAccess extends the network to the remote computer and user
based on End to End IPv6
source: microsoft.com
WHAT IS DIRECT ACCESS?
THE CONCEPT
COMPONENTS
DEPLOYMENT
COMPONENTS
Windows Server 2012 R2
Windows 7/8/10 (domain joined)
IPv6 and IPsec
Active Directory and
Group Policy
DA COMPONENTS
Certificates (PKI)
Network Location Server
DNS64/NAT64
Name Resolution Policy Table
Windows FirewallAdvanced Security
WHAT IS DIRECT ACCESS?
THE CONCEPT
COMPONENTS
DEPLOYMENT
DEPLOYMENT
Public Network Corporate Network
IPv4 Network
DNS64
NAT64
6to4 tunnel
Teredo tunnel
IPHTTTPS tunnelIPv4
ISATAP
Native IPv6
DEPLOYMENT
Enable IPv6
internally
Network Location Server
Client Groups
Firewall Settings
on Clients
Certificate Auto
Enrollment
Direct Access Server
DEMO
source: https://directaccessguide.files.wordpress.com/2014/03/setupwizard.jpg
source: https://robertpearman.files.wordpress.com/2012/10/da21_thumb.png?w=644&h=464
source: http://tr1.cbsistatic.com/hub/i/2015/05/07/afbeaa30-f4aa-11e4-940f-14feb5cc3d2a/fig-e-ram-console.jpg
source: https://techontip.files.wordpress.com/2013/03/031013_1145_windows20123.png
source: https://msdirectaccess.files.wordpress.com/2015/01/directaccess_ad_sites_subnet_031.png
THX