The Windows® 7 and Windows Server® 2008 R2 operating systems introduce DirectAccess, a new solution that provides users with the same experience working remotely as they would have when working in the office. With DirectAccess, remote users can access corporate file shares, Web sites, and applications without connecting to a virtual private network (VPN). Further DirectAccess separates intranet traffic from Internet traffic as shown on the right and reduces unnecessary traffic on the corporate network.

DirectAccess requirements include:

• DirectAccess Server: This is a Windows Server 2008 R2 server with the server feature, DirectAccess Management Console, added. A DirectAccess server must be joined to an Active Directory® domain and cannot be behind a Network Address Translation, or NAT, device. In addition, a DirectAccess server must have two network adapters: one connected to the Intranet, and the other to the internet with at least two consecutive public IPv4 addresses.
• DirectAccess Client: Windows 7 is the supported client OS.
• At least one domain controller and Domain Name System (DNS) server running Windows Server 2008 SP2 or Windows Server 2008 R2
• A Public Key Infrastructure (PKI) for issuing computer certificates, smart card certificates, and, for Network Access Protection (NAP), health certificates
• IPsec policies to specify protection for traffic
• IPv6 transition technologies, i.e. ISATAP (RFC 4214), Teredo (RFC 4380), and 6to4 (RFC 3056), for DirectAccess server
• Optionally, a non-Microsoft NAT-PT (RFC 2766) device to provide access to IPv4-only resources for DirectAccess clients

Here’s how DirectAccess works:

1. A DirectAccess client computer boots and detects a network connection.
2. The DirectAccess client computer attempts to connect to an intranet-only web site specified in DirectAccess configuration. If the web site is available, the DirectAccess client determines that it is connected to the intranet, and the DirectAccess connection process stops. And the effective DNS Name Resolution Policy revealed by the command, netsh name show effectivepolicy, should indicate DirectAccess is turned off if the client is in the intranet. On the other hand, if the Web site is not available, the DirectAccess client determines that it is connected to the Internet and the DirectAccess connection process continues. The DirectAccess client computer connects to the DirectAccess server using IPv6 and IPsec. If a native IPv6 network isn’t available, the client establishes an IPv6-over-IPv4 tunnel using 6to4 or Teredo. If a firewall or proxy server prevents the client computer using 6to4 or Teredo from connecting to the DirectAccess server, the client automatically attempts to connect using the IP-HTTPS protocol, which uses a Secure Sockets Layer (SSL) connection to ensure connectivity as shown below.

   

3. As part of establishing the IPsec session, the DirectAccess client and server authenticate each other using computer certificates for authentication. Two types of IPsec protection: end-to-end and end-to-edge are available for a DirectAccess client to connect to intranet resources.
4. By validating Active Directory® group memberships, the DirectAccess server verifies that the computer is authorized to connect with DirectAccess. To mitigate the risk of denial of service (DoS) attacks, IPsec on the DirectAccess server de-prioritizes key negotiation traffic using Differentiated Services Code Points (DSCPs).
5. If Network Access Protection (NAP) is enabled and configured for health validation, the DirectAccess client obtains a health certificate from a Health Registration Authority (HRA) located on the Internet prior to connecting to the DirectAccess server. The HRA forwards the DirectAccess client’s health status information to a NAP health policy server. The NAP health policy server processes the policies defined within the Network Policy Server (NPS) and determines whether the client is compliant with system health requirements. If so, the HRA obtains a health certificate for the DirectAccess client. When the DirectAccess client connects to the DirectAccess server, it submits its health certificate for authentication.
6. The DirectAccess server begins forwarding traffic from the DirectAccess client to the intranet resources to which the user has been granted access.

Notice the DirectAccess connection process happens automatically once a DirectAccess client boots up without requiring a user to log on.

	This is a nice compilation of pertinent information of deploying Windows 7. For those who are focusing on Windows 7 deployment in an enterprise environment, the following are in my view essential readings as well. Windows 7 Upgrade Advisor Building a Standard Image of Windows 7 Step-by-Step Guide Automated Installation of Windows 7 Overview Automated Installation to Upgrade Windows 7 Step-by-Step Guide
	Learn about the new features of Windows Server 2008 R2 in the areas of virtualization, management, the Web application platform, scalability and reliability, and interoperability with Windows 7. Download Introducing Windows Server 2008 R2, written by industry experts Charlie Russel and Craig Zacker along with the Windows Server team at Microsoft. XPS file, 28 MB PDF file, 11 MB
	I have introduced this e-book a while ago. A great resource to get some technical depth on Microsoft virtualization solutions this is. Also included here are some of my blog posts which you may find worth reviewing. Registration is required to download this book. Concept of Desktop Virtualization 20-Part Webcast Series on Microsoft Virtualization Solutions Realizing the ROI of Microsoft Virtualization Solutions and How to Start

For those who would like to try and get familiar with Windows 7 and Windows Server 2008 R2, follow the following links to download, install, and test it out. Here also include is the download information of Forefront and System Center which are essential for securing and managing enterprise infrastructure.

• ForeFront Downloads
• Windows 7 Downloads
• Windows Server 2008 R2 Downloads
• SQL Server R2 Downloads
• SharePoint Downloads
• Office Downloads
• System Center Downloads
• Business Productivity Online Suite Trials

Windows Virtual PC is the latest Microsoft virtualization technology designed for Windows 7. It is the runtime engine for Windows XP Mode to provide a virtual Windows environment for Windows 7. Windows XP Mode, a new benefit of Windows 7 Professional and Windows 7 Ultimate, provides a virtual Windows XP SP3 runtime environment within Windows 7, and allows one to install and run Windows XP specific application directly from your Windows 7-based PC. Notice Windows XP Mode is 32-bit only while Windows 7 has both 32-bit and 64-bit versions. Windows XP Mode is a full virtual version of Windows XP SP3 and follows the same support lifecycle as Windows XP whose support phase ends in 2014.

On the other hand, if running Windows Vista or Windows XP on a physical machine, one can use Microsoft Virtual PC 2007 to run multiple operating systems at the same time on the same physical computer. There are noticeable differences between Windows Virtual PC and Microsoft Virtual PC. For instance the former requires hardware assisted-virtualization, supports USB, and is integrated with Windows XP Mode, while the latter does not. Here is the information to Compare some of the many features of Virtual PC 2007 to Windows Virtual PC.

Its EASY!

• When you register for our TechNet Virtualization Tour, simply type your friend’s name in the Referral Code field.
• When you check in at the event, both you and your friend must be present and you will both receive a copy of the book.

Official Rules:

• Government employees are not eligible for promotion.
• Both parties must be present to win.
• If onsite supply runs out book will be mailed to individuals.

See you all at the events.

8:00 AM – 12:00 PM, Friday December 11, 2009

North Charleston Convention Center

AITP Charleston Chapter in association with Discovery Training Center, Dimension Data, and Integral Solutions, present an opportunity to learn about the latest Microsoft desktop, server, and collaboration tools.

Sponsored by Microsoft

• Windows 7
• Windows Server 2008 R2
• Exchange 2010

AITP is proud to support the US Marine’s Toys for Tots program.  Please bring a new unwrapped toy with you for donation and make a needy child happy this holiday season!

Fun stuff Door Prizes including

Continental Breakfast will be served

Please RSVP rsvp@aitp-charleston.org