Are there any special considerations?
The DirectAccess server must be running Windows Server 2008 R2, must be a domain member, and must have two physical network adapters installed. Dedicate the DirectAccess server only to DirectAccess and do not have it host any other primary functions. DirectAccess clients must be domain members running Windows 7. Use the Add Features Wizard in Server Manager to install the DirectAccess Management console, which enables you to set up the DirectAccess server and monitor DirectAccess operations after setup.
Infrastructure considerations include the following:
Active Directory Domain Services (AD DS). At least one Active Directory® domain must be deployed. Workgroups are not supported.
Group Policy. Group Policy is recommended for deployment of client settings.
Domain controller. At least one domain controller in the domain containing user accounts must be running Windows Server 2008 or later.
Public key infrastructure (PKI). A PKI is required to issue certificates. External certificates are not required. All SSL certificates must have a certificate revocation list (CRL) distribution point that is reachable via a publicly resolvable fully qualified domain name (FQDN) while either local or remote.
IPsec policies. DirectAccess uses IPsec to provide authentication and encryption for communications across the Internet. It is recommended that administrators be familiar with IPsec.
IPv6. IPv6 provides the end-to-end addressing necessary for clients to maintain constant connectivity to the enterprise network. Organizations that are not yet ready to fully deploy IPv6 can use IPv6 transition technologies such as Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), Teredo, and 6to4 to connect across the IPv4 Internet and to access IPv4 resources on the enterprise network. IPv6 or transition technologies must be available on the DirectAccess server and allowed to pass through the perimeter network firewall.
| 