Learn how Direct Access is used on older Windows workstation clients to automatically connect to a remote access VPN. Explore some of the weaknesses of this technology.
- [Instructor] In 2009, Microsoft introduced an alternative to traditional VPNs, another system that could be used to allow outside connections into the private network. Direct Access was a service that could be configured to make your laptop connect to the private office network anytime. There were a couple of requirements, the computer had to be a member of an Active Directory domain, but more than that, the laptop or any Windows workstation had to be running the Enterprise Edition of Windows, a computer running Home or even the Professional Edition of Windows could not use Direct Access. Also, you had to use group policy to manage this service. In fact, group policy was the only way to configure your client workstations to create this kind of tunnel or remote connection. And, you usually issued certificates to the traveling workstations to identify them back to your Direct Access gateway. One of the key advantages of Direct Access is that the tunnel was created automatically by the computer. It didn't wait for a user to initiate the connection. This can be seen as a convenience, but as is often the case, conveniences also carry risk. If a computer automatically connects to your private network, then a lost or stolen laptop presents a somewhat larger threat. One of the other advantages was that Direct Access, different from traditional VPNs, was bidirectional, meaning not only can the remote station reach into the private network, but the private network can reach back, and what I mean by that is things like group policy objects, and other management functions from your on-premise servers can still reach out and manage the remote workstation when it's connecting in from outside. Traditional VPNs are all about allowing a remote computer to connect in to access private network resources, but Direct Access is about a company computer behaving like a company computer wherever it may be. With all of these advantages, Direct Access seems like a good solution, a good alternative to traditional VPNs. But in recent versions of Windows Server, an update to this product was released. Coming up, we'll take a look at what Always-On brought to Remote Access.
- NAT implementation
- Site-to-site and remote access VPNs
- VPN connections to the cloud
- Planning a site-to-site VPN
- NPS configuration
- Using RADIUS to secure remote access
- NPS templates
- Applying connection-specific policies