Direct Access in Windows 7


Direct Access is a new feature in Windows 7, a new feature that allows users to securely access corporate servers from outside the network…without a VPN. This was perhaps the most eye-catching feature for me and could well change the way that people work all over the world but it is something of a big claim. Pretty much any system admin that I’ve mentioned this to has said “Oh yeah-I’d like to see that? How does it work?” with a heavy dose of cynicism but now I can tell them…well show them a white paper at least!

VPN’s or Virtual Private Networks are used by almost everyone who need to access corporate servers, info etc from outside the network so at home, on the road, from the hotel, wherever…and they’re not the easiest things in the world-for both users and admins. The backend needed to set them up and maintain them can be costly and tricky to manage and I’m sure that VPN problems must be in the Top 5 HelpDesk calls at most companies. We’re constantly visited by account managers and reps from a huge array of manufacturers and nearly every single has to call HQ to get access to emails etc via their VPN…but with the advent of Windows 7 and Windows Server 2008 R2-that could all be over. 

DirectAccess establishes bi-directional connectivity with the user’s enterprise network every time the user’s DirectAccess-enabled portable computer is connected to the Internet, even before the user logs on”

 

“Clients establish an IPsec tunnel for the IPv6 traffic to the DirectAccess server, which acts as a gateway to the intranet. Clients can connect even if they are behind a firewall.”

System Requirements:

DirectAccess requires the following:

·         One or more DirectAccess servers running Windows Server 2008 R2 with two network adapters: one that is connected directly to the Internet, and a second that is connected to the intranet.

·         On the DirectAccess server, at least two consecutive, public IPv4 addresses assigned to the network adapter that is connected to the Internet.

·         DirectAccess clients running Windows 7.

·         At least one domain controller and Domain Name System (DNS) server running Windows Server 2008 or Windows Server 2008 R2. When smart card-based authentication is required for end-to-end protection, you must use Active Directory Domain Services (AD DS) in Windows Server 2008 R2.

·         A public key infrastructure (PKI) to issue computer certificates, smart card certificates, and, for NAP, health certificates. For more information, see http://www.microsoft.com/pki.

·         IPsec policies to specify protection for traffic. For more information, see http://www.microsoft.com/ipsec.

·         IPv6 transition technologies available for use on the DirectAccess server: ISATAP, Teredo, and 6to4.

Optionally, a third-party NAT-PT device to provide access to IPv4-only resources for DirectAccess clients.

It’s proving quite difficult to truly get the message across in this post without it becoming boringly long (!) so instead go and download the Technical WhitePaper from Microsoft here.

 

 

No Office 14 until 2010


Steve Ballmer has said that the next release of the Office family “Wave 14, won’t hit us until 2010-not the late 2009 that I and many others were expecting.

Office 14 will bring the new versions of Word, Excel, Powerpoint, OneNote etc as well as Office for Sales, Sharepoint and OCS as well as other products too-so it’s a big ol’ release and one that I’m definitely looking forward to…

OCS Licensing changes coming with next version


It appears that there will be an extra CAL (Client Access Licence) for users to choose from when Microsoft OCS Server 14  is released in 2010.

On top of the current Standard and Enterprise CALs, there will also be a Voice CAL which will offer telephony & VOIP services. These features will be removed from the Enterprise CAL and thus the Enterprise CAL will drop in price by around 23%. Also, MS are allowing current OCS customers with SA (Software Assurance) to “grandfather” in the new Voice CAL-if they agree to buy it before July 2009.

Hat Tip to Mary Jo Foley