Remote-access Guide

direct and remote access

by Sim Reynolds Published 3 years ago Updated 2 years ago
image

Direct connectivity in remote access software has been around for decades and is still being used by thousands of organizations. As its name suggests, the process establishes a direct connection between a user and the devices they wish to control. There are no third-party servers involved in a direct connection.

Full Answer

How does remote management of DirectAccess work?

During the remote management of DirectAccess client computers, clients initiate communication with management servers, such as domain controllers, System Center configuration servers, and Health Registration Authority (HRA) servers for services that include Windows and antivirus updates and Network Access Protection (NAP) client compliance.

Why add DirectAccess to an existing remote access (VPN) deployment?

Add DirectAccess to an Existing Remote Access (VPN) Deployment DirectAccess allows connectivity for remote users to organization network resources without the need for traditional Virtual Private Network (VPN) connections.

What is the difference between DirectAccess and VPN?

DirectAccess and VPN are managed in the same console and with the same set of wizards. DirectAccess client computers that have access to the Internet can be remotely managed by remote access administrators by using DirectAccess, even when the client computers are not located on the internal corporate network.

What is remote direct memory access (RDMA)?

Remote Direct Memory Access (RDMA) is the access of memory of one computer by another in a network without involving either one’s operating system, processor or cache.It improves throughput and performance of systems as it frees up many resources.

image

What is a direct remote access?

DirectAccess, also known as Unified Remote Access, is a VPN-like technology that provides intranet connectivity to client computers when they are connected to the Internet.

What is DirectAccess for?

In computer storage, direct access is the process of reading and writing data on a storage device by going directly to where the data is physically located on the device rather than having to move sequentially from one physical location to the next to find the correct data.

What is DirectAccess vs VPN?

DirectAccess can be used to provide secure remote access and enhanced management for Windows laptops managed by IT, while VPN can be deployed for non-managed devices.

Is DirectAccess still supported?

DirectAccess is still supported and offers a very simple setup of server and clients via wizard and group policies. The connection via an IPv6-based IPSec tunnel and HTTPS - that is, a tunnel in tunnel - can be used not only for client access to the LAN, but also vice versa, from management servers to the clients.

How do I set up DirectAccess?

To configure DirectAccess using the Getting Started Wizard In Server Manager click Tools, and then click Remote Access Management. In the Remote Access Management console, select the role service to configure in the left navigation pane, and then click Run the Getting Started Wizard. Click Deploy DirectAccess only.

What services does DirectAccess use?

DirectAccess uses IPsec to secure the communications between the DirectAccess client and server. IPsec tunnel mode is used to establish both the infrastructure and intranet tunnels.

Is DirectAccess always on VPN?

New features introduced in the Windows 10 Anniversary Update allow IT administrators to configure automatic VPN connection profiles. This Always On VPN connection provides a DirectAccess-like experience using traditional remote access VPN protocols such as IKEv2, SSTP, and L2TP/IPsec.

What is replacing DirectAccess?

Windows 10 Always On VPN is the replacement for Microsoft's DirectAccess remote access technology. Always On VPN aims to address several shortcomings of DirectAccess, including support for Windows 10 Professional and non-domain joined devices, as well as cloud integration with Intune and Azure Active Directory.

Is DirectAccess encrypted?

DirectAccess provides a fully encrypted and authenticated mode of connection. It gives employees an authenticated IPSec encryption for integrity and confidentiality.

What are the features of DirectAccess?

The feature offers an alternative to traditional VPN access, which requires user action to connect. DirectAccess also allows administrators to manage remote machines through Group Policy settings and to distribute software updates whether or not the user is logged on to the network.

What is the most basic requirement for a DirectAccess implementation?

What is the most basic requirement for a DirectAccess implementation? The DirectAccess server must be part of an Active Directory domain.

What is replacing DirectAccess?

Windows 10 Always On VPN is the replacement for Microsoft's DirectAccess remote access technology. Always On VPN aims to address several shortcomings of DirectAccess, including support for Windows 10 Professional and non-domain joined devices, as well as cloud integration with Intune and Azure Active Directory.

Does DirectAccess support domain?

DirectAccess provides support only for domain-joined clients that include operating system support for DirectAccess.

Can you use remote access in Azure?

Using Remote Access in Microsoft Azure is not supported. You cannot use Remote Access in an Azure VM to deploy VPN, DirectAccess, or any other Remote Access feature in Windows Server 2016 or earlier versions of Windows Server. For more information, see Microsoft server software support for Microsoft Azure virtual machines.

What is the planning phase of remote access?

It includes planning for the network and server topology, certificates, Domain Name System (DNS), Active Directory and Group Policy Object (GPO) configuration, and the DirectAccess network location server.

Where is a remote access server deployed?

The Remote Access server must be a domain member. The server can be deployed at the edge of the internal network, or behind an edge firewall or other device.

What permissions do I need to deploy DirectAccess?

The person who deploys remote access on the server requires local administrator permissions on the server, and domain user permissions. In addition, the administrator requires permissions for the GPOs that are used in DirectAccess deployment. To take advantage of the features that restrict a DirectAccess deployment to mobile computers only, permissions to create a WMI filter on the domain controller are required.

What is Active Directory Security Group?

An Active Directory security group is required to contain the computers that will be configured as DirectAccess clients.

What is the DirectAccess phase?

In this phase, you configure the network and routing, firewall settings (if required), certificates, DNS servers, Active Directory and GPO settings, and the DirectAccess network location server.

How many domain controllers are required for remote access?

At least one domain controller. The Remote Access server and DirectAccess clients must be domain members.

When should NPS and HRA be deployed?

If remote access requires client NAP compliance, the Network Policy Server (NPS) and the HRA should be deployed before you begin the Remote Access deployment.

What is DirectAccess?

DirectAccess is an impractical solution for environments with unreliable connections.

Why is DirectAccess paired with Active Directory?

DirectAccess is often paired with Active Directory servers to function at its full capacity, which can mean troubleshooting and configuration required tinkering between services to fix one simple problem . As more complicated issues arise, cases are often bounced around between Microsoft’s network support team, to then the active Directory Team, and then back to PKI team due to the lack of continuity in their support model.

Does DirectAccess work?

Of course, DirectAccess will keep remote workers secure in perfect network connections without too much performance sacrifice. The sudden requirement for mass remote working means that scaling on the foundations of unreliable home networks presents a real challenge. Expect decreases in performance as latency increases and packet loss is encountered, which is common in networks outside of those which are corporate-managed.

Is DirectAccess the wisest choice?

If instead you rely on a wider range of Windows operating systems – or especially if your fleet includes Android, iOS or MacOS devices – then DirectAccess is unlikely to be the wisest choice. When to choose DirectAccess.

Is DirectAccess a good remote access solution?

But sometimes ‘low-cost’ doesn’t make it the best choice. It’s important to ask if it fits the needs of your organization’s remote working environment. The new reality.

Is Netmotion a VPN?

NetMotion has become the premier choice in the VPN market, with hundreds of its customers making the switch from other solutions as remote and mobile working become increasingly important. It today supports over 3000 organizations and one million workers that cannot afford to compromise when it comes to user experience, including 7 of the top 10 largest airlines and powers three quarters of first responders in North America. Organizations wishing to test the products in a head-to-head capacity can do so for free by getting in touch with one of our experts.

Does DirectAccess have a centralized tool?

DirectAccess lacks a centralized tool for in house diagnostics and troubleshooting. Organizations should never settle for sub-par client support and expect responsive customer service when problems arise. Innovative solutions should be backed by 24/7 x 365 customer support.

What is RDMA over Ethernet?

RDMA Over Converged Ethernet (RoCE) –. A network protocol which allows performing RDMA over Ethernet network. This allows using RDMA over standard Ethernet infrastructure ...

How does RDMA work?

RDMA uses zero copy networking by enabling network adapters for transferring data direct into the buffers of systems.

What is RDMA in computer?

Remote Direct Memory Access (RDMA) is the access of memory of one computer by another in a network without involving either one’s operating system, processor or cache.It improves throughput and performance of systems as it frees up many resources.

Can you use Manage Out on Direct Access?

This means that you can use your Direct Access server as a jump of point and RDP to a client from that server as long as they are connected.

Does RDP work on network?

If I understand the question you are referring to Manage-Out capabilities with Direct access and that inbound RDP from a client to a service in your network works fine.

Can you use a direct access server as a jump point?

This means that you can use your Direct Access server as a jump of point and RDP to a client from that server as long as they are connected.". If the internal clients never go outside the network there is no point in having the DA policy applied to them. Also if they are not Win Ent there is no point.

image

Scenario Description

Practical Applications

  • Deploying a single Remote Access server provides the following: 1. Ease of accessManaged client computers running Windows 8 and Windows 7 can be configured as DirectAccess client computers. These clients can access internal network resources through DirectAccess any time they are located on the Internet, without the need to sign in to a VPN connect...
See more on docs.microsoft.com

Hardware Requirements

  • Hardware requirements for this scenario include the following: Server requirements 1. A computer that meets the hardware requirements for Windows Server 2012 . 2. The server must have at least one network adapter installed, enabled, and joined to the internal network. When two adapters are used, there should be one adapter connected to the internal corporate network, and one connect…
See more on docs.microsoft.com

Software Requirements

  • Software requirements for this scenario include the following: Server requirements 1. The Remote Access server must be a domain member. The server can be deployed at the edge of the internal network, or behind an edge firewall or other device. 2. If the Remote Access server is located behind an edge firewall or network address translation (NAT) device, the device must be configu…
See more on docs.microsoft.com

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9