Forefront UAG DirectAccess technical overview

Updated: December 2, 2010

Applies To: Unified Access Gateway

Forefront UAG DirectAccess is a new solution that provides users with the same experience working remotely as they would have when working in the office. With DirectAccess, remote users can access corporate file shares, Web sites, and applications, without connecting to a virtual private network (VPN).

Forefront UAG DirectAccess establishes bi-directional connectivity with the user’s enterprise network every time the user’s DirectAccess-enabled portable computer is connected to the Internet, even before the user logs on. When using Forefront UAG DirectAccess, users never need to think about whether they are connected to the corporate network. Forefront UAG DirectAccess also benefits IT by allowing network administrators to manage remote computers outside of the office, even when these computers are not connected to a VPN. Forefront UAG DirectAccess enables organizations with regulatory concerns to extend regulatory compliance to roaming computer assets.

The following topics summarize the benefits of Forefront UAG DirectAccess, describe how Forefront UAG DirectAccess works, and what is required to deploy it in your organization:

• Benefits of Forefront UAG DirectAccess

• Needs and challenges

• Key Forefront UAG DirectAccess elements and requirements

• Connections and tunnels

• Connection process

• Separating Internet and intranet traffic

• Using IPsec

• Client authentication

• Extending IPsec policies to selected application servers

• Using IPv6 with Forefront UAG DirectAccess

• Using transition technologies

• Network location server

• Certificate revocation checking

• Using DNS with Forefront UAG DirectAccess

• Using integrated NAT64 and DNS64 with Forefront UAG DirectAccess

• Forefront UAG DirectAccess load balancing

• Using Network Access Protection (NAP) with ForefrontUAG DirectAccess

• Additional references