Direct Access Vs. VPNs 💻
There is no fundamental difference between VPNs and Direct Access , but Direct Access is generally considered the better option for its seamless and secure remote access experience. 🔒
However, Direct Access does require a more complex setup and ongoing maintenance compared to VPNs.🛠️
Using VPNs to connect to office network also has its drawbacks: 😕
Direct Access does not face these limitations but it has own limitations, However It allows a properly configured laptop to connect automatically using a bidirectional connection between the client and server. ↔️
To establish this connection, Direct Access uses Internet Protocol Security (IPsec) and IPv6 . IPsec provides a high level of security, and IPv6 is the protocol that the machine uses.
How Direct Access works?
Step 1: Client Detection 🕵️♀️
The Windows 10 or 11 Direct Access client determines whether the machine is connected to the corporate network or the internet. 🏢
Step 2: WebServer Connection 📡
The Windows 10 or 11 DirectAccess computer attempts to connect to the WebServer (NLS) Network Location Servers specified during the Direct Access setup configuration. 🌐
Step 3: Direct Access Server Connection 🛡️
The Windows 10 or 11 DirectAccess client computer establishes a secure connection to the Windows Server 2016, 2019, or 2022 Direct Access server using IPv6 and IPsec. 🔐
Step 4: IPV4 to IPV6 Tunneling 🔃
Since most users connect to the internet using IPv4, the client establishes an IPv6-over-IPv4 tunnel using 6to4 or Teredo. ↔️
Step 5: Firewall Bypass 🧱
Recommended by LinkedIn
If an organization has a firewall that prevents the Direct Access client computer using 6to4 or Teredo from connecting to the Direct Access server, Windows clients automatically attempt to connect using the IP-HTTPS protocol. 🌐
Step 6: Mutual Authentication 🔒
As part of establishing the IPsec session, the Windows client and server authenticate each other using computer certificates. 🔑
Step 7: Authorization Verification ✅
The Direct Access server leverages Active Directory membership to verify that the computer and user are authorized to connect using DirectAccess. 🏢
Step 8: Traffic Forwarding 🚚
The DirectAccess server seamlessly forwards traffic from the DirectAccess clients to intranet resources to which the user has been granted access. 🔑
Direct Access Components
Direct Access Tunneling Options
Direct Access relies on IPV6 and IPsec for secure communication, but not all organizations have implemented IPV6. To address this, Direct Access employs IPV6 transition tunneling options to ensure connectivity for clients:
Additional Considerations
The one downside to Direct Access is that is required a great deal of time, resources and Knowledge to set it up properly.