DirectAccess has been around for many years. It was first introduced in Windows Server 2008 R2, but was never widely deployed because it required organizations to deploy IPv6 internally. An IPv6 deployment is not trivial, and this technical hurdle prevented the wide adoption of this new remote access technology.
Eventually Microsoft released Forefront Unified Access Gateway (UAG) 2010, which included support for the DirectAccess role along with some advanced capabilities designed to lower the barrier to entry for this technology. UAG included new IPv6 translation features that eliminated the requirement to deploy IPv6, and many organizations began to deploy it.
As the adoption of Forefront UAG DirectAccess grew, Microsoft continued to work to simplify the DirectAccess experience and further extend and enhance this growing new remote access solution. In Windows Server 2012 and R2, Microsoft included the IPv6 translation technologies in the core operating system, eliminating the need to deploy Forefront UAG to gain this functionality. This reduced both the cost and complexity of deploying DirectAccess, while at the same time introduced new enterprise features aimed at improving performance and scalability, high availability, and geographic redundancy.
Organizations who have deployed Forefront UAG DirectAccess should consider a migration to the Celestix E Series running Windows Server 2012 R2 for these compelling reasons:
- No need for Forefront UAG 2010 – With DirectAccess in Windows Server 2012/R2, there is no longer a need to deploy UAG to gain essential DirectAccess functionality. By eliminating UAG, organizations save licensing costs and reduce administrative overhead, while at the same time improving the overall security and performance of the solution.
- Simplified Deployment – Deploying DirectAccess using Windows Server 2012/R2 is much simpler than previous versions. In addition, the Celestix E Series includes features and functionality not included with native Windows deployments, making deployment and ongoing management even easier.
- Flexible Network Placement – DirectAccess now supports perimeter/DMZ network configuration. No longer does the DirectAccess server have to be placed directly on the public Internet. The requirement for two consecutive IP addresses has also been removed. The DirectAccess server can now be safely located in a perimeter or DMZ network and protected with an existing edge security solution.
- Geographic Redundancy – DirectAccess now provides native support for multisite configuration. For organizations with multiple physical locations, a DirectAccess server (or array) can be located in disperse geographic locations for redundancy. Windows 8 clients include intelligent site selection capabilities, allowing them to automatically select the DirectAccess entry point nearest them. If the entry point they are connected to becomes unavailable for any reason, they will automatically select another entry point.
- Performance and Scalability Improvements – Windows Server 2012/R2 DirectAccess includes enhancements to improve scalability and performance for Windows 8 DirectAccess clients. Using null encryption for IPHTTPS connections, Windows 8 clients using this IPv6 transition protocol perform on par with other transition protocols.
With the recent announcement from Microsoft that Forefront UAG 2010 has been discontinued, mainstream support for UAG will end in April of next year. For those early adopters that deployed DirectAccess using UAG, now is the time to consider a migration to the Celestix E Series running Windows Server 2012 R2. Our dedicated, purpose-built hardware appliance platform is the ideal way to deploy DirectAccess. Its certified configuration and predictable performance will ensure the best chance of success for your migration. In addition, the E Series includes valuable reporting features and other enhancements that are not available with standard DirectAccess deployments. Furthermore, deploying DirectAccess on the Celestix platform also provides access to a wealth of deployment experience and the deep technical experience of our dedicated support team.