For those of you who aren’t aware of DirectAccess, it’s a pretty darn cool technology in my opinion.  What better way to explain it, than to show you how it makes my working life that little bit easier.

I’m currently writing this post from home, on my home network, with no VPN connected:

Network Status

As you can see, I have the option of using our ‘IT Connection Manager’ should I need to establish VPN, however, depending on my location, I may not always be able to get out with VPN, so what options do I have then?  Well, this is where DirectAccess can help.  Let’s try, still on my home network, to access an internal SharePoint site, which in this case, is my MySite.

No Web Connection

As you can see, no luck I’m afraid – without establishing VPN, I’m not getting into my MySite, or am I?  When I connect to my home network and unlock my machine with my domain credentials, I get a prompt that pops up, when I (or an application, like Outlook) tries to access an internal resource like a SharePoint site for example.  In our rollout, we’re using Smart Cards as the mechanism to control access.  If I was using my VPN IT Connection Manager, this too requires Smart Card, so this isn’t something we’ve had to roll out for DA specifically.  If you don’t have Smart Cards in use in your organisation, there are other ways to control access, don’t worry.  So…

Smart Card Prompt

Up pops the prompt, and if I don’t actually need internal access right now, I can safely ignore it, but as soon as I do require access, I can click on the little keys icon, put my Smart Card in, enter my Smart Card pin, and ‘jobs a gooden’.  In terms of user interaction, that’s it.  However, now that I’ve done that, is there anything different about my current network connection status?

Network Status

No is the answer!  I’m not VPN’d in, I’m still on my same home network, however the power of DA means that…


I’m in!  No VPN!  Easy!

If that sounds of interest to you, or your customers, the IPD Guide for DirectAccess could prove very useful to you indeed.  Firstly though, what is an IPD Guide?

“The Infrastructure Planning and Design (IPD) guides are the next version of Windows Server System Reference Architecture. The guides in this series help clarify and streamline design processes for Microsoft infrastructure technologies, with each guide addressing a unique infrastructure technology or scenario”

Basically, they are there to provide background information, design ideas, key decision areas etc, that are important prior to rolling out the technologies.

“Each guide leads the reader through critical infrastructure design decisions, in the appropriate order, evaluating the available options for each decision against its impact on critical characteristics of the infrastructure. The IPD Series highlights when service and infrastructure goals should be validated with the organization and provides additional questions that should be asked of service stakeholders and decision makers”

This IDP guide specifically addresses the following:

This IPD guide provides actionable guidance for designing a DirectAccess infrastructure. The guide’s easy-to-follow, four-step process gives a straightforward explanation of the infrastructure required for clients to be connected from the Internet to resources on the corporate network, whether or not the organization has begun deploying IPv6.  The guide covers four key steps in the design process for DirectAccess:

  • Aligning the project scope with the business requirements.
  • Determining whether IPv6, Teredo, 6to4, and IP-HTTPS connectivity will be supported for Internet-based clients.
  • Assessing the need for IPv6 transition technologies including NAT-PT and ISATAP for internal communication.
  • Determining the number and placement of servers, the certificate services requirements, and location of CRL distribution points.

Interested?  Grab the IPD guide (still in beta!) from here.