Key Forefront UAG DirectAccess elements and requirements

  • Article

The key elements of the Forefront UAG DirectAccess solution include the following:

  • DirectAccess client—A domain-joined computer running Windows 7 Enterprise, Windows 7 Ultimate, or Windows Server 2008 R2, that can automatically and transparently connect to an internal network through a Forefront UAG DirectAccess server.

  • Forefront UAG DirectAccess server—A domain-joined Forefront UAG server that accepts connections from DirectAccess clients and facilitates communication with internal network resources.

  • Network location server—A server that DirectAccess client uses to determine whether it is located on the Internet or the intranet.

  • Certificate revocation list (CRL) distribution points—Servers that provide access to the CRL that is published by the certification authority (CA) that issues certificates for Forefront UAG DirectAccess.

In addition, a Forefront UAG DirectAccess solution requires a number of infrastructure servers, including Active Directory domain controllers, Network Access Protection (NAP) server, CAs, and DNS servers. The following figure illustrates the Forefront UAG DirectAccess infrastructure.

Forefront UAG DirectAccess deployment requirements include the following:

  • A Forefront UAG DirectAccess server running the Windows Server 2008 R2 Standard or the Windows Server 2008 R2 Enterprise operating systems, with two network adapters; one that is connected directly to the Internet, and the other that is connected to the intranet.

  • On the Forefront UAG DirectAccess server, at least two consecutive, public IPv4 addresses, assigned to the network adapter that is connected to the Internet.

  • DirectAccess clients running the Windows 7 Enterprise or the Windows 7 Ultimate operating systems.

  • At least one domain controller that is running the Windows Server 2003 operating system.

  • A Domain Name System (DNS) server. It is recommended that you use a DNS server that is running Windows Server 2008 or Windows Server 2008 R2.

  • A public key infrastructure (PKI) to issue computer certificates. For more information, see Public Key Infrastructure (https://go.microsoft.com/fwlink/?LinkId=177571).

  • IPsec policies to specify protection for traffic. For more information, see IPsec (https://go.microsoft.com/fwlink/?LinkId=154708).

  • IPv6 transition technologies available for use on the Forefront UAG DirectAccess server: ISATAP, Teredo, and 6to4. For more information, see IPv6 Transition Technologies (https://go.microsoft.com/fwlink/?LinkId=154382).

Components of a Forefront UAG DirectAccess Infra.