Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
Windows Server

Windows Server 2012 : Enabling Users to Work Anywhere (part 1) - Windows Server 2012 DirectAccess

7/26/2014 9:22:25 PM

Windows Server 2012 DirectAccess

One of the significant remote-access enhancements in Windows Server 2008 R2 was the DirectAccess technology, which has been further enhanced in Windows Server 2012. DirectAccess enables remote users to access network resources such as file shares, SharePoint shares, and the like without having to launch a virtual private network (VPN) to gain access into the network.

DirectAccess is an amazing technology that combines sophisticated security technology and policy-based access technology to provide remote access to a network. However, organizations do find it challenging to get up to speed with all the technology components necessary to make DirectAccess work. So, although many organizations will seek to achieve DirectAccess capabilities, it might be months or a couple of years before all the technologies are in place for the organization to easily enable DirectAccess in their enterprise environment.

Technologies required to make DirectAccess work include the following:

PKI certificates / Kerberos—DirectAccess supports both PKI certificates as well as Kerberos for identification of the remote device and the basis for encrypted communications from the remote device and the network. The simpler model is to use Kerberos because no additional certificate model has to be implemented to support DirectAccess. However, to be able to use Kerberos, the endpoint needs to be a Windows 8 client system or tablet. For backward compatibility to Windows 7 endpoints, PKI certificates are still supported.

Windows 7 and Windows 8 clients—DirectAccess only works with clients that are running Windows 7 or Windows 8. The client component for encryption, encapsulation, and policy control depends on Windows 7 or Windows 8 to make all the components work together. The improvements in DirectAccess in Windows Server 2012 that include site-level redundancy as well as the simplification where Kerberos is used instead of PKI certificates comes only when Windows 8 clients are used. If the organization has Windows 7 clients as well, then DirectAccess can be configured to support DirectAccess for Windows 7 support, and DirectAccess for a simpler Windows 8 support.

IPsec—The policy control used in DirectAccess leverages IPsec to identify the destination resources that a remote user should have access to. IPsec can be endpoint to endpoint (that is, from the client system all the way to the application server) or IPsec can be simplified from the client system to a DirectAccess proxy server where the actual endpoint application servers do not need to be IPsec enabled. In any case, IPsec is a part of the security and policy structure that ensures the remote client system is only accessing server resources that by policy the remote client should have access to as part of the DirectAccess session connection.

IPv6—Lastly, DirectAccess uses IPv6 as the IP session identifier. Although most organizations have not yet implemented IPv6 and most on-ramps to the Internet are still IPv4, tunneling of IPv6 is fully supported in Windows 7 and Windows Server 2012 and can be used in the interim until IPv6 is fully adopted. For now, IPv6 is a requirement of DirectAccess and is used as part of the remote-access solution.

Windows Server 2012 has greatly enhanced the technology offerings that provide better redundancy and site-to-site mobility, effectively providing more than one DirectAccess gateway server without the need to purchase Unified Access Gateway (UAG), which was almost a requirement for high availability and redundancy of DirectAccess in Windows 2008 R2.

If a remote or branch office has limited IT support or at least the site needs to have the same functionality and reliability as the main corporate or business office, DirectAccess provides seamless access from end clients without the need to purchase expensive hardware and software; you don’t have to purchase costly redundant hardware add-ins, either. With the Windows Server 2012 branch office resources, a remote location can have high security, high performance, access to data without significant latency, and operational capabilities, even if the remote site is dropped off the network because of a WAN or Internet connection problem. 

RODCs for the Branch Office

The RODC provides a copy of the Active Directory global catalog for logon authentication of select users and communications with the Active Directory tree without having the security exposure of a full global catalog server in the remote location. Many organizations concerned with distributed global catalog servers chose to not place a server in a remote location, but rather kept their global catalog and domain controllers centralized. What this meant for remote and branch offices was that all logon authentication had to go across the WAN or Internet connection, which could be very slow. And in the event of a WAN or Internet connection failure, the remote or branch office would be offline because users could not authenticate to the network and access network resources until the WAN or Internet connection was restored.

RODCs provide a way for organizations to distribute authentication and Active Directory access without increasing their security risk caused by the distribution of directory services.

BranchCache File Access

New to Windows Server 2008 R2 and further expanded in Windows Server 2012 is a role called BranchCache. BranchCache is a technology that provides users with better access to files across a WAN. Normally, if one user accesses a file, the file is transferred across the WAN for the user, and then when another user accesses the same file, the same file is again transferred across the WAN for the other user. BranchCache acknowledges that a file has been transferred across the WAN by a previous user, and instead of retrieving the file across the WAN, the file is accessed locally by the subsequent user.

BranchCache requires Windows 7 or Windows 8 on the client side and can be set up so that the file is effectively retrieved in a peer-to-peer manner from another Windows 7 or Windows 8 client that had previously accessed a file. Or, a Windows Server 2012 server with the BranchCache server role can be set up in the remote location where remotely accessed files are temporarily cached for other Windows 7 and Windows 8 client users to seamlessly access the files locally instead of being downloaded across the WAN.

BranchCache does not require the user to do anything differently. Users simply accesses files as they normally do (either off a Windows file system or from a SharePoint document library), and the combination of Windows 7 or Windows 8 client, and Windows Server 2012 does all the caching automatically. BranchCache has proven to improve access time on average 30% to 45% for remote users, thus increasing user experience and potentially user productivity by having faster access to information in remote locations.

Improvements for Thin-Client Remote Desktop Services

Windows Server 2012 has seen significant improvements in the Terminal Services (now called Remote Desktop Services [RDS]) capabilities for thin-client access for remote users and managed users in the enterprise. Third-party add-ons used to be required to make the basic Windows 2000 or 2003 Terminal Services functional, but Microsoft included those technologies in Windows Server 2008 and further enhanced them in Windows Server 2012. You can now access RDS using a standard port 443 Secure Sockets Layer (SSL) connection rather than the proprietary port 3389, and can publish just specific programs rather than the entire desktop. In addition, improvements now allow a client to have a larger remote-access screen, multiple screens, and to more easily print to remote print devices.

In addition, with a technology called RemoteFX that leverages the processing capability of a GPU-assisted video adapter in a RDS server, full-motion video and graphics can now be accelerated and support in Virtual Desktop Infrastructure (VDI) guest sessions and in RDS thin-client RDS guest sessions. RemoteFX makes rich desktop experiences that incorporate graphics and video fully realizable in shared-system environments. This is a significant improvement in supporting business needs in a shared environment, without compromising performance and capabilities.

These improvements in Windows Server 2012 RDS have made RDS one of the easiest components to add to an existing Active Directory 2003 or Active Directory 2008 environment to test out the new Windows Server 2012 capabilities. After all, the installation of a Windows Server 2012 RDS system is just the addition of a member server to the domain and can easily be removed at any time.

Other -----------------
- Windows Server 2012 : Enhancements for Flexible Identity and Security (part 2) - Active Directory Unification for Various Directory Services
- Windows Server 2012 : Enhancements for Flexible Identity and Security (part 1) - Dynamic Access Control
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 3) - Creating IPv4 DHCP Scopes
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 2) - Installing DHCP Server and Server Tools
- Windows Server 2012 : DHCP,IPv6 and IPAM - Exploring DHCP (part 1)
- Windows Server 2012 : DHCP,IPv6 and IPAM - Understanding the Components of an Enterprise Network
- Windows Server 2012 : Configuring IPv6/IPv4 interoperability (part 7) - ISATAP
- Windows Server 2012 : Configuring IPv6/IPv4 interoperability (part 6) - Configuring a DHCPv6 server, IPv6 transition technologies
- Windows Server 2012 : Configuring IPv6/IPv4 interoperability (part 5) - Stateless address autoconfiguration,Stateful address autoconfiguration
- Windows Server 2012 : Configuring IPv6/IPv4 interoperability (part 4) - IPv6 address assignment - Manual address assignment
- First look: Apple Watch

- 10 Amazing Tools You Should Be Using with Dropbox
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
Top 10
- Microsoft Excel : How to Use the VLookUp Function
- Fix and Tweak Graphics and Video (part 3) : How to Fix : My Screen Is Sluggish - Adjust Hardware Acceleration
- Fix and Tweak Graphics and Video (part 2) : How to Fix : Text on My Screen Is Too Small
- Fix and Tweak Graphics and Video (part 1) : How to Fix : Adjust the Resolution
- Windows Phone 8 Apps : Camera (part 4) - Adjusting Video Settings, Using the Video Light
- Windows Phone 8 Apps : Camera (part 3) - Using the Front Camera, Activating Video Mode
- Windows Phone 8 Apps : Camera (part 2) - Controlling the Camera’s Flash, Changing the Camera’s Behavior with Lenses
- Windows Phone 8 Apps : Camera (part 1) - Adjusting Photo Settings
- MDT's Client Wizard : Package Properties
- MDT's Client Wizard : Driver Properties
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro