Posted by: Bcournoyer
Security, Windows Server 2008 R2
We’re continuing to drill into the big new Windows Server 2008 R2 features on the site, the latest of which is Microsoft’s new DirectAccess technology. For those who don’t know, the feature is new to R2 and Windows 7, and is designed (as Microsoft puts it) to give “users the experience of being seamlessly connected to their corporate network any time they have Internet access.”
It works, too (by all accounts).
Now from a user standpoint, this is beyond fantastic. From an IT professional’s perspective though, it’s bound to immediately trigger questions about security.
Greg Shields recently wrote an extremely in-depth article covering exactly what DirectAccess has to offer, describing it as the answer to the following question: “What if I want to access my company applications on my laptop in the airport, but in the exact same way I would if I were sitting at my desk?”
This effectively puts an end to the usual steps involved for remote users to access their company’s internal network (which often times can cause other applications to slow down or fail).
Naturally, there are a host of security steps to take before implementing DirectAccess in your environment (which Microsoft is well aware of), and Greg outlines most of these requirements. The question is, will these potential security risks scare people off?
According to one consultant I spoke with, probably not. “The technology at this point is really irrelevant [from a security perspective],” he said. “It’s really all a matter of policy. The technology itself doesn’t present a problem aside from users turning it on, sending in help desk requests, and so on. Over all though, you still just have to look at what your policies are and try to accomplish them.”
In other words, security implications are always going to be there regardless of what you’re running, so implementing DirectAccess shouldn’t involve anything too out of the ordinary. As Greg wrote in his piece, however, most organizations will likely want to outsource the setup to make sure everything is done right from the start.
If this sounds like something you want to take advantage of, just remember that DirectAccess requires Windows 2008 R2 and Windows 7 Professional (or Ultimate edition, surprisingly) to function.