Direct Access (DA) is a game-changing technology for remote access in your company; removing the need for a VPN all together. Within Microsoft, we've seen great productivity benefits to end users. We surveyed users from our DA pilot and over 87% saw instant productivity gains, overall resulting in net benefit of ~1 hour each day for users. Furthermore, Microsoft operations is saving costs by things such as not having to convert internet connected sites to dedicated lines. For more information on the business value of DA and Microsoft's implementation, watch the Direct Access MSIT video.
Ok, you know you want to implement the DA functionality which comes with Windows Server 2008 R2 and Windows 7 - but now why would you want to have Unified Access Gateway (UAG) along with it?
As discussed in the video below, here are some of the key reasons you would want to run UAG with DA:
To hear more about the business value for UAG with DA and to learn the technical information behind how DA and UAG work, watch this video:
You can also see the breakdown of what is played when by going to the original post on TechNet Edge.
This is great but what about DA and ISA Server/Forefront TMG? What are the implications? Do we still need to have an ISA is place if we have Win 2k8 R2 DCs and Win 7 clients? Right now, I'm publishing OWA, OA, MOSS 2007, OCS 2007 to my remote users via ISA. What would happen if I upgrade my DCs to Win 2k8 R2 and deploy Win 7 to my end users?
If everyone in your entire corporation is using direct access and you don't want to enable connectivity when those people are not using their DA-enabled machines, then you could eliminate the need to publish specific services via ISA/TMG since they have access through DA/UAG. Another explanation of the relationship between TMG and UAG can be found in this interview, which should help: http://edge.technet.com/Media/Forefront-TMG-RTM-Overview-Interview/
Currently reading http://blogs.technet.com/forefrontexperts/archive/2009/10/01/direct-access-and-uag-better-together.aspx?ID=1
Good video. And it is also good to see products such as Centrify's DirectSecure product out there that can extend DirectAccess to securely communicate with UNIX and Linux systems via end-to-end (versus just end-to-edge) IPsec authentication and encryption of network traffic. So a nice ecosystem is evolving for DirectAccess.
I just saw that Portcullis announced the release of their appliance based UAG. www.portcullissystems.com