Today, I’m just going to be brief for a change, and discuss what we refer to as “Managed Out” scenarios.
I want to thank Pat Telford a consultant in Microsoft, specializing in DirectAccess deployments among other things, for helping with this subject.
Like I mentioned in one of my first posts, one of the big advantages of the DirectAccess technology over traditional VPN service is that DirectAccess clients can be managed anytime they are connected to the Internet. We like to refer to that scenario as “manage out.” This means that the client’s computer is “always managed” – there is an IPsec channel that enables the infrastructure and management servers to have access to the client’s computer, even when a user is not logged on.
There are two ways manage out can be accomplished:
That’s all for today, just remember, if you have protocols that initiate connections to DirectAccess clients, you’ll need the DNS infrastructure to be set correctly for it to work with UAG DirectAccess. In addition, don’t forget to specify relevant management servers in the Management Servers and DCs page in the Forefront UAG DirectAccess Configuration Wizard, if you want managed out communications between the client and the management servers, even when the no one is logged on to the client computer.
Hi, i'd like to know from the "team" whether the UAG version of DirectAccess is required for management/GPO updates of desktops/laptops.
The last question regards whether our organization needs UAG DirectAccess, or the "normal" DirectAccess for enterprise desktop/laptop management.
This is excellent.!