Microsoft DirectAccess impresses

Available since Windows Server 2008 R2, Microsoft's DirectAccess server role became fully integrated with the OS in Windows Server 2012. DirectAccess is designed to connect a VPN-type session automatically as soon as a compatible Windows client is connected to the Internet.

Improvements to the DirectAccess feature in Windows Server 2012 include simplifying the PKI infrastructure and allowing DirectAccess and RRAS to coexist on the same server by combining them into one server role. Other features include support for load balancing, multiple domains and DirectAccess servers behind NAT devices.

To get started with DirectAccess, we installed the server role and enabled Remote Access, which is disabled by default. There are two wizards to configure the DirectAccess and VPN server. One wizard runs with the recommended settings and one allows for custom settings. The wizard can deploy DirectAccess, VPN or both. The recommendation is to deploy both, which is what we did. To set up computer accounts with DirectAccess privileges you can either manually create a set of rules or run a PowerShell script.

[ALSO: Cisco edges F5 in VPN shootout

Java security questions answered]

We quickly discovered that DirectAccess works only with certain versions of Windows, such as Windows 7 (Enterprise or Ultimate) and Windows 8 (Enterprise only). Also, any clients running on Windows 7 must use PKI, as the Kerberos option only works with Windows 8.

From a management standpoint the Remote Access Management Console in Windows Server 2012 is on par with the best of the products we tested. The Console is intuitive with easy to navigate panels and quick access to tasks from the navigation bar. Status displays can be collapsed and expanded as needed, and the checklist style display of status items with colored icons makes it easy to identify items needing attention. The reporting and logging features are also useful, but not as detailed as those found for some of the other products we tested.

We found the DirectAccess feature in Windows Server 2012 to be a significant improvement over previous versions. However, there are fairly strict limitations, especially on the client side as mentioned above. But if your environment consists mainly of Windows 8 clients needing VPN access, Windows Server 2012 DirectAccess might be the solution that you can deploy without the need for additional hardware or software.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags ShellMicrosoftsecurityendpoint securityWide Area Network

More about CiscoF5Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Susan Perschke

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place