Windows 7 Security Enhancements - DirectAccess
(Page 3 of 4 )
Many in the IT world are required to travel a lot, which means they need a lot of access to their corporate Intranet. Under these circumstances, SharePoint is used quite often, and a large number of Line of Business applications are all Web-enabled. The result: many users have to use their corporate VPN a lot. Unfortunately, it’s usually frustrating and annoying to users to have to stop what they’re doing and fire up their VPN connection.
Windows 7 works in conjunction with Windows Server 2008 R2 to make working outside of the office simpler and less frustrating with DirectAccess. DirectAccess works by automatically establishing a bi-directional connection from client computers to the corporate network. As a result, remote users have seamless, secure access to the corporate network any time they connect to the Internet, without having to manually initiate a traditional VPN connection. This, obviously, allows more productivity and allows users to focus on their work and not the remote access technology.
Now whenever users travel, not only can they access their corporate email, but they can also open Intranet sites, shared drives, use line-of-business applications, and have full access to all of the corporate resources they need to do their job, without having to manually create their VPN tunnel.
From a security perspective, DirectAccess is built on a foundation of proven, standards-based technologies like IPv6 and IPSec. IPSec is utilized to authenticate both the computer and user. This gives IT the capability to manage the computer even before users log on. IT can also choose to require users to authenticate with a smart card. IPSec is also utilized to provide encryption for communications across the Internet, with encryption algorithms such as AES.
DirectAccess also has a cool benefit for IT pros: it provides an always on, secure mechanism to remotely manage and update the PCs of their mobile workforce. Whenever a user's laptop has Internet connectivity, it is directly connected to the Microsoft corporate network. This gives IT more opportunities to distribute software updates and policies to users and other mobile workers, while also helping to keep all machines free of malware and other unwanted software.
Cooke also discusses BranchCache in his blog, which is a feature that will speed up network access for the employee working out of the branch office, performing as if they're working straight off the in-office corporate LAN. Let’s find out more about this specific feature.
Next: BranchCache >>
More Windows Security Articles
More By Joe Eitel
