If you don’t know, Direct Access is a ‘clientless’ permanent VPN between a computer and the corporate network.It allows for the computer, not just the user, to have full access to internal resources, from any internet connection that supports HTTPS.So, for example if i have an internal server named Server01, i can sit in Starbucks, open up Windows Explorer and go to \Server01 and i can access the resources.
I am by no means an expert, in Direct Access or anything else, so my understanding of, or explanation of DA may be slightly off in places, but here are some useful resources where you can study DA in more detail. With that in mind, here are the official instructions on how to enable DA on your Essentials Server.
For this setup i have not done anything special, i have completed the installation of Essentals and run the Setup Anywhere Access wizard, i have enabled my server to be connected to using either VPN or the RWA.
I have also installed a publically trusted SSL Certificate installed, and I have a single Windows 8 Enterprise client connected to the server. Open an Elevated Power Shell window and type in: After a few seconds the required tools are installed.
This post is now quite out of date and the instructions within are no longer reliable.
Please refer to Microsoft’s own document online for the relevant steps.
of the coolest improvements in Server 2012, is the simplification of Direct Access.
Not just the steps to enable it, but the requirements for your infrastructure to support it.
In the past it was beyond most SMBs due to the need to have 2 consecutive public IPs a dedicated DA server, IP 6to4 translation capable equipment, and not to mention Windows 7 Enterprise, which few SMBs deploy.
Moving into the 2012 line of products DA has become much more available to SMBs with the reduction in infrastructure requirements.
Taking Essentials as an example, we can now run DA using just a standard Internet connected router, and with just our Essentials box as the DA endpoint. If you consider perhaps using Essentials in conjunction with maybe some like Windows Intune, then perhaps it can start to make sense for an SMB sized budget or as part of an MSP style offering.
Personally i think it is very exciting to even have the possibility of using it available, it allows for the creation of some interesting scenarios for deployment such as Essentials boxes, without the need for dedicated VPN tunnels to the data centre.