One very promising feature of Windows 7 when paired with Windows Server 2008 R2 servers is DirectAccess. DirectAccess uses IPsec and IPv6 to allow remote computers to securely, and without using a VPN, to access corporate resources. It also allows you to deploy and maintain group policies, and remotely manage PCs. Yes, now you can deploy GPOs to remote employees even if they never launch a VPN session!
I haven’t found many technical details on it, but below are a couple of very high-level descriptions of it. Combining this technology with Outlook Anywhere and the need for users to launch VPNs is drastically reduced if not totally eliminated. It also supports two-factor authentication such as smart-cards, and performs machine-level authentication probably using certificates.
Direct Access Summary
Microsoft DirectAccess overview
