Windows Server 2008 R2 : Work with Remote Clients (part 2) - Install and Configure DirectAccess

7/23/2012 5:46:42 PM

2. Install and Configure DirectAccess

One of the new features in Windows Server 2008 R2 is DirectAccess. In addition to requiring a Windows Server 2008 R2 server, this feature is available only to Windows 7 clients. This new capability allows you as the IT administrator a great amount of control over your remote clients. DirectAccess will enable your Windows 7 clients the ability to always be connected to your corporate network regardless of how they are connected to the Internet. DirectAccess is a connection solution for Windows Server 2008 R2 servers and Windows 7 clients, surpassing existing VPN solutions. Having your clients always connect provides a consistent management model for you. This provides you with a consistent way to manage, patch, and secure remote workstations that in the past may not have always been connected on a frequent basis. For your users, DirectAccess provides an "always-on" secure connection to corporate networks and resources.

The installation for this tool set can be lengthy and complex, although in the end this work could be worth your time and effort if you have or are planning to have Windows 7 clients in your environment. In this section, you will see an overview of the steps required to configure DirectAccess on your Windows Server 2008 R2 server. There are also numerous prerequisites needed to be configured. Among many other things, DirectAccess requires an understanding of IPv6 (with IPv4 translation), Public Key Infrastructure (PKI), and the use of certificates, as well as a firm understanding of DNS to make this solution work. Microsoft created a nice step-by-step guide located here, which will also include all the necessary prerequisites and client-side configuration:

Although the installation can be complex, the tool set on the Windows Server 2008 R2 server, which you will see in this section, is designed to help you through the process. The built-in tools in Windows Server 2008 R2 will make sure you have dotted your i's and crossed your t's for the installation and configuration of DirectAccess.

2.1. Install the DirectAccess Management Console

When you need to configure DirectAccess, you will need to install the DirectAccess management console. The management console is a Windows Server 2008 R2 feature and can be installed by adding the feature. The DirectAccess console is a tool designed to step you through the process of properly configuring your server.

  1. Open Server Manager by selecting Start => Administrative Tools => Server Manager.

  2. Click Features on the tree menu on the left.

  3. Click Add Features in the details pane on the right.

  4. Select DirectAccess Management Console, and click Next.

  5. Review the confirmation screen, and click Install.

  6. Review the summary screen, and click Close.

After you have installed the console, you can find the tool in the Administrative Tools group, and when you open the tool, you can begin the process of setting up DirectAccess. When you first open the console, you will see a link to help titled Checklist: Before You Configure DirectAccess. This link will take you through all the necessary prerequisite steps.

  1. Open the DirectAccess management console by selecting Start => Administrative Tools => DirectAccess Management Console.

  2. On the tree on the left of the console, click Setup; you may see a screen with some errors like Figure 4. If you have errors, take corrective action, and click Retry.

  3. After you have fixed any error messages, you will see a screen similar to Figure 5.

Figure 4. DirectAccess error

Figure 5. DirectAccess setup

As you can see, the DirectAccess tool provides you a visual step-by-step guidance in properly configuring this powerful connection component. Each configuration step for DirectAccess can be modified after you have done your initial configuration. You also have to complete the steps in order to get a properly configured DirectAccess server:

  1. Remote clients: In this step, you will configure which clients will be able to use DirectAccess. You will add the appropriate computer groups in your AD infrastructure that contain your preprovisioned DirectAccess systems. Remember, only Windows 7 clients can participate in DirectAccess.

  2. DirectAccess server setup: In this step, you will configure the connection aspects of your network adapters. You will need to specify which network adapters are used for the Internet and your internal network. You will also have the ability to configure your DirectAccess server to accept logins via smart cards. You will also need to configure your certificate authorities (CAs) for the DirectAccess server used to provide secure communications.

  3. Infrastructure servers: In this step, you will configure how your clients will access your core infrastructure services such as the AD domain controllers and DNS servers your users will need to access to work with your network infrastructure. You can also configure in this step an internal web server with the ability to provide location services for infrastructure components to your DirectAccess clients.

  4. Application servers: In this step, you will configure your end-to-end authentication and security for the DirectAccess components. DirectAccess allows you to secure the communication channel from the beginning to the end to keep a safe and secure channel. You also have to ability to control which servers your DirectAccess clients can connect to; you have the ability to restrict communications to certain servers in your network.

As you have seen, this was a brief overview of the configuration for DirectAccess. This is a new solution and provides a secure and fast connection method for your remote clients to connect to your environment in addition to any VPNs you may currently have.

  •  Windows Server 2008 R2 : Manage Remote Desktop Services (part 4) - Working with Virtual Desktop Infrastructure
  •  Windows Server 2008 R2 : Manage Remote Desktop Services (part 3) - Configure Remote Desktop Web Access
  •  Windows Server 2008 R2 : Manage Remote Desktop Services (part 2) - Configure Remote Desktop Gateway, Configure Remote Desktop Connection Broker
  •  Windows Server 2008 R2 : Manage Remote Desktop Services (part 1) - Administer Remote Desktop Session Host
  •  WD My Book Thunderbolt Duo 4TB
  •  Thunderbolt Storage (Part 3)
  •  Thunderbolt Storage (Part 2)
  •  Thunderbolt Storage (Part 1)
  •  Microsoft Surface
  •  LaCie Little Big Thunderbolt Series SSD 240GB
  •  Lacie 2big Thunderbolt Series 4TB
  •  Custom Kits – July 2012
  •  Aquacomputer Aquagratix For HD 7970
  •  Aquacomputer Airplex XT 240
  •  Alphacool NexXxos XT60 Full Copper 240mm
  •  Toshiba Portege Z830 - Flexi Thin
  •  INTEL ATOM N2600 - Still Mighty Atom
  •  Intel Ivy Bridge : Core i5-3570k and Core i7-3770K (part 2)
  •  Intel Serves The Cloud : Intel Xeon Processor E5-260
  •  HP Unveils Glass Design HP ENVY Spectre
    Top 10
    Windows Server 2003 : Domain Name System - Command-Line Utilities
    Microsoft .NET : Design Principles and Patterns - From Principles to Patterns (part 2)
    Microsoft .NET : Design Principles and Patterns - From Principles to Patterns (part 1)
    Brother MFC-J4510DW - An Innovative All-In-One A3 Printer
    Computer Planet I7 Extreme Gaming PC
    All We Need To Know About Green Computing (Part 4)
    All We Need To Know About Green Computing (Part 3)
    All We Need To Know About Green Computing (Part 2)
    All We Need To Know About Green Computing (Part 1)
    Master Black-White Copying
    Most View
    Ultrasone HFI-580 Headphone Review
    iPhone 3D Programming : Textures and Image Capture - Texture Compression with PVRTC
    Ditch Your Laptop For Your Phone (Part 5)
    Epic Gear Meduza - Super Competitive Mid-Range Mouse
    NAS Devices: The Storage Centers (Part 2) - Iomega StorCenter ix2 Network Storage Cloud Edition, Western Digital My Book Live Duo 4TB
    Dragon NaturallySpeaking 12.0 Premium
    Illumination Through Micro­perforation
    Advice Centre by Photography Experts (Part 3) - Canon EOS 5D Mk II & Canon EOS 550D
    Delete & Recover Data (Part 4) - Securely Deleting Data Using Eraser 6.0
    Hasselblad H5D - The Leader In Digital Medium Format Photography (Part 1)
    Beginer's Guide To Sports Photography (Part 1)
    Windows Server 2008 and Windows Vista : Administering GPOs (part 2) - Starter GPOs
    Apps Of The Month – November 2012 : Google Play Movies & TV, NavFree for iOS
    Asus Taichi 21 - Feels Like A Bold
    Motorola RAZR - Incredibly Slim Waistline
    Damson Twist – Wireless Portable Bluetooth Speaker With Serious Bass
    Algorithms for Compiler Design: PROPERTIES OF REGULAR SETS
    Manipulate File Paths
    Exchange Server 2007: Create Mail-Enabled Contacts and Mail-Enabled Users
    Get To Know Your Camera (Part 2) - Focusing