DirectAccess

Updated: December 1, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

DirectAccess is a new technology introduced in Windows 7 and Windows Server 2008 R2 that provides mobile computer users working remotely with the same experience as they would have when working in the office. With DirectAccess, remote users can access corporate resources such as file shares, mail servers, intranet websites, or internal applications without first having to go through the steps of connecting to a virtual private network (VPN). DirectAccess automatically, and without any user intervention, establishes a bi-directional connection from client computers to the corporate network, authenticating the computer. Even before the user logs on, the computer is fully accessible to IT, allowing security and configuration management as if the computer was connected directly to the corporate network. You can further improve connection security by requiring user authentication with smart cards.

DirectAccess achieves this by establishing authenticated and encrypted IPsec tunnels for traffic sent to a DirectAccess server. The DirectAccess server acts as a gateway to the corporate network. DirectAccess is IPv6 based. If the network to which the client is connected uses IPv4, or any of the resources being accessed are IPv4-based, then IPv6-transition technologies such as 6to4, Teredo, or IP-HTTPS are used to encapsulate the IPv6 network traffic in IPv4 packets to reach the DirectAccess server.

DirectAccess seamlessly integrates with Server and Domain Isolation and Network Access Protection deployments, providing a comprehensive security, access, and health requirement solution.

For more information, see DirectAccess (https://go.microsoft.com/fwlink/?linkid=142598) in the Technical Library, or DirectAccess (https://go.microsoft.com/fwlink/?linkid=147551) on TechNet.