DirectAccess in Windows Server

 

Updated: September 8, 2015

Applies To: Windows Server 2012 R2, Windows Server 2012 Essentials, Windows Server 2012, Windows Server 2012 R2 Essentials, Windows Storage Server 2012 R2 Essentials

As a role service of the Remote Access server role, DirectAccess is a feature that allows connectivity to organization network resources without the need for traditional Virtual Private Network (VPN) connections. With DirectAccess, client computers are always connected to your organization – there is no need for remote users to start and stop connections, as is required with VPN connections. In addition, your IT administrators can manage DirectAccess client computers whenever they are running and Internet connected.

DirectAccess provides support only for domain-joined clients that include operating system support for DirectAccess.

The following server operating systems support DirectAccess.

  • You can deploy all versions of Windows Server® 2012 R2 as a DirectAccess client or a DirectAccess server.

  • You can deploy all versions of Windows Server® 2012 as a DirectAccess client or a DirectAccess server.

  • You can deploy all versions of Windows Server® 2008 R2 as a DirectAccess client or a DirectAccess server.

The following client operating systems support DirectAccess.

  • Windows 10® Enterprise

  • Windows 10® Enterprise 2015 Long Term Servicing Branch (LTSB)

  • Windows® 8 Enterprise

  • Windows® 7 Ultimate

  • Windows® 7 Enterprise

DirectAccess Basic, Advanced, and Enterprise Deployment Paths

DirectAccess provides multiple simplified deployment paths in Windows Server® 2012 R2 and Windows Server® 2012, including Basic, Advanced, and Enterprise.

For an illustration of these paths and links to related documentation, see DirectAccess Deployment Paths in Windows Server.

New Features in DirectAccess

Learn about new features in DirectAccess.

For more information, see What's New in DirectAccess in Windows Server.

DirectAccess in Windows Server 2012 Essentials

DirectAccess is also available in Windows Server 2012 Essentials, and enables seamless connectivity to your organization’s network from any Internet-equipped remote location without a virtual private network (VPN) connection.

To learn more about DirectAccess in Windows Server 2012 Essentials, see Configure DirectAccess in Windows Server Essentials.

Deploying both DirectAccess and RRAS

In Windows Server® 2012 R2 and Windows Server® 2012, you can deploy both DirectAccess and Routing and Remote Access Service (RRAS) on the same server, allowing you to provide DirectAccess connectivity to supported clients as well as providing VPN access to remote clients that do not support DirectAccess.

To learn more about using more than one role service of the Remote Access server role, see Remote Access Server Role Documentation.

DirectAccess Resources

The following documentation is available for DirectAccess in Windows Server® 2012 R2 and Windows Server® 2012.

DirectAccess Prerequisites

The topic Prerequisites for Deploying DirectAccess provides the prerequisites that are necessary for using the DirectAccess configuration wizards to deploy DirectAccess.

DirectAccess Capacity Planning

The topic DirectAccess Capacity Planning is a report on Windows Server 2012 R2 and Windows Server 2012 DirectAccess server performance to provide you with the ability to design your DirectAccess deployment based on your capacity needs.

Add DirectAccess to an Existing Remote Access (VPN) Deployment

The topic Add DirectAccess to an Existing Remote Access (VPN) Deployment provides an introduction to the Enable DirectAccess Wizard, which you can use to set up a single DirectAccess server, with recommended settings, after you have already set up a virtual private network (VPN).

Deploy a Single DirectAccess Server

The topic Deploy a Single Remote Access Server using the Getting Started Wizard provides instructions for you to deploy a single computer running Windows Server 2012 R2 and Windows Server 2012 as a DirectAccess server. This scenario allows you to configure the DirectAccess server in a few easy steps.

Deploy a Single DirectAccess Server with Advanced Settings

The topic Deploy a Single Remote Access Server with Advanced Settings allows you to set up a single DirectAccess server with advanced settings.

Deploy DirectAccess in an Enterprise

The topic Deploy Remote Access in an Enterprise provides links to documentation that allows you to deploy the following Enterprise DirectAccess scenarios.

  • Deploy Remote Access in a Cluster

  • Deploy Multiple Remote Access Servers in a Multisite Deployment

  • Deploy Remote Access with OTP Authentication

  • Deploy Remote Access in a Multi-Forest Environment

DirectAccess Test Lab Guides

The topic DirectAccess Test Lab Guides provides links to test lab guides for DirectAccess.

DirectAccess Offline Domain Join

The DirectAccess Offline Domain Join guide explains the steps to perform an offline domain join with DirectAccess. During an offline domain join, a computer is configured to join a domain without a physical or VPN connection to the organization network.

DirectAccess Known Issues

The topic Remote Access (DirectAccess) Known Issues provides information about recommended hotfixes and updates for DirectAccess.

DirectAccess Unsupported Configurations

The topic DirectAccess Unsupported Configurations provides a list of unsupported DirectAccess configurations.

DirectAccess Troubleshooting

You can use Troubleshooting DirectAccess to repair problems you encounter when deploying DirectAccess.

Migrate from Forefront UAG SP1 DirectAccess to Windows Server 2012

The topic Migrate from Forefront UAG SP1 DirectAccess to Windows Server 2012 describes the migration of an existing Forefront UAG SP1 DirectAccess deployment to DirectAccess in Windows Server 2012 R2 and Windows Server 2012