Available since Windows Server 2008 R2, Microsofts DirectAccess server role became fully integrated with the OS in Windows Server 2012. DirectAccess is designed to connect a VPN-type session automatically as soon as a compatible Windows client is connected to the Internet.
Available since Windows Server 2008 R2, Microsoft's DirectAccess server role became fully integrated with the OS in Windows Server 2012. DirectAccess is designed to connect a VPN-type session automatically as soon as a compatible Windows client is connected to the Internet.
Improvements to the DirectAccess feature in Windows Server 2012 include simplifying the PKI infrastructure and allowing DirectAccess and RRAS to coexist on the same server by combining them into one server role. Other features include support for load balancing, multiple domains and DirectAccess servers behind NAT devices.
To get started with DirectAccess, we installed the server role and enabled Remote Access, which is disabled by default. There are two wizards to configure the DirectAccess and VPN server. One wizard runs with the recommended settings and one allows for custom settings. The wizard can deploy DirectAccess, VPN or both. The recommendation is to deploy both, which is what we did. To set up computer accounts with DirectAccess privileges you can either manually create a set of rules or run a PowerShell script.
We quickly discovered that DirectAccess works only with certain versions of Windows, such as Windows 7 (Enterprise or Ultimate) and Windows 8 (Enterprise only). Also, any clients running on Windows 7 must use PKI, as the Kerberos option only works with Windows 8.
From a management standpoint the Remote Access Management Console in Windows Server 2012 is on par with the best of the products we tested. The Console is intuitive with easy to navigate panels and quick access to tasks from the navigation bar. Status displays can be collapsed and expanded as needed, and the checklist style display of status items with colored icons makes it easy to identify items needing attention. The reporting and logging features are also useful, but not as detailed as those found for some of the other products we tested.
We found the DirectAccess feature in Windows Server 2012 to be a significant improvement over previous versions. However, there are fairly strict limitations, especially on the client side as mentioned above. But if your environment consists mainly of Windows 8 clients needing VPN access, Windows Server 2012 DirectAccess might be the solution that you can deploy without the need for additional hardware or software.