Andrew Garcia over at eWeek has written an excellent article describing his experience testing Microsoft Forefront UAG 2010's capabilities for assisting deployment of Microsoft Windows' DirectAccess. I thought I'd add a little color commentary to the deployment topic..
A little over a year before the release of Windows 7 and Windows Server 2008 R2 the UAG team looked at what it could do to incorporate DirectAccess as a technology in its overall "access" mission. Later, a Microsoft-wide virtual team looked into what we could do to accelerate DirectAccess deployment. These two activities have already born fruit, both in new features in UAG 2010 and the new DirectAccess Connectivity Assistant.
As an example, one of the key features UAG brings to the DirectAccess deployment story is support for the DNS64 and NAT64 IPv6 transition technologies. The "64" refers to "6-to-4", as in IPv6 to IPv4 (as oppsed to the common usage implying something to do with 64-bits). DNS64 and NAT64 are the latest technologies for allowing IPv6 clients to communicate with IPv4 servers. They are in the process of replacing the earlier DNS-ALG and NAT-PT technologies that were found to be flawed and moved to historical status by the Internet Engineering Task Force (IETF). As a result of DNS-ALG/NAT-PT's status customers may not be willing to deploy them and vendors (some of whom already support these technologies in shipping products) may not want to advocate their use. That left a big gap for customers considering deployment of DirectAccess, how to enable communications with servers that only support IPv4? UAG 2010 stepped in to help and is the first product to bring the newer DNS64 and NAT64 to market. Others will certainly follow as the need to enable transition to IPv6 becomes more urgent.
Although not part of UAG, the Microsoft DirectAccess Connectivity Assistant (DCA) is another important part of our efforts to accelerate DirectAccess deployment. One piece of feedback we received from early adopters of DirectAccess was that their end-users loved DirectAccess so much that when it didn't work they were quite vocal about their frustration. Perhaps it worked just fine from their home or hotel, but not when they were in their favorite coffee shop. The lack of an indicator that DirectAccess was "on" and working properly added to end-user frustration. The lack of an easy way to gather and deliver diagnostic information to IT, so they could help solve the problem, raised support costs. DCA displays the status of DirectAccess connections in the Windows 7 notification area, gives the end-user assistance in solving connectivity problems, and provides diagnostic information should IT need to get involved in resolving connectivity problems. DCA is now available for download on TechNet.
Making products easily deployable is a major focus for the Identity and Security Division and customers should start to see the result as we roll out new products. For DirectAccess we continue to drive a Microsoft-wide effort to accelerate deployment. In the short run you'll notice an increasing amount of deployment guidance becoming available. I urge you to keep an eye on the Forefront UAG Product Team Blog for announcements as well as for hints and deep dives to help with your UAG deployments (DirectAccess and otherwise).