Direct Access vs. VPN

Favad Qaisar 2 March 2012 0

Direct Access is a new feature in Windows 7 and Windows Server 2008 R2 that provides seamless intranet connectivity to Direct Access client computers when they are connected to the Internet. Unlike most traditional VPN connections, which must be initiated and terminated by explicit user action, Direct Access connections is designed to connect automatically as soon as the computer connects to the internet. On the other hand VPN which stands for Virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users an access to a central organizational network. VPNs typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.
Direct Access establishes IP Sec tunnels from the client to the Direct Access Server, and uses IPv6 to reach intranet resources or other Direct Access clients. This technology encapsulates the IPv6 traffic over IPv4 to be able to reach the intranet over the Internet, which still relies on IPv4 traffic.
Direct Access client, Like the VPN client, this computer can move from the corpnet, to a hotel room, to a conference center, to an airport, and to anywhere else that a roaming remote access VPN client might be located. The Direct Access client, in its lifetime, will be connected to both trusted and untrusted networks, just like the roaming remote access VPN client so both are equally exposed to threats. However, there are some significant differences between the roaming remote access VPN client and the Direct Access client:
• The Direct Access client is always managed. As long as the Direct Access client computer is turned on and connected to the Internet, the Direct Access client will have connectivity with management servers that keep the Direct Access client within security configuration compliance.
• The Direct Access client is always serviceable. If IT needs to connect to the Direct Access client to perform custom software configuration or troubleshoot an issue on the Direct Access client, there is no problem getting access because the connection between the Direct Access client and IT management stations is bidirectional.
• The Direct Access client uses two separate tunnels to connect. The Direct Access client has access only to the management and configuration infrastructure through the first tunnel. General network access isn’t available until the user logs on and creates the infrastructure tunnel.
When you compare the Direct Access client to the remote access VPN client, the Direct Access client can present a much lower threat profile than the VPN client, because the Direct Access client is always within the command and control of corporate IT. This is in stark contrast to the roaming remote access VPN clients that may or may not connect to the corporate network for long periods of time, which leads to configuration entropy that can significantly increase the risk of system compromise. So Direct Access is the ultimate solution to the short comings that were present in the VPN client systems.
IT training courses

Favad Qaisar (51 Posts)

I am a Unified Communications Engineer. Over the last 3 years, I have been working dedicatedly on OCS/LYNC and Exchange 2007/2010. I was responsible for getting my Company Microsoft’s Unified Communication Voice Certified Partner status. Occasionally, I like to share my experiences on the latest developments in the Unified Communications industry.

Leave A Response »