One of the really mind blowing new features of Windows 7 and Server 2008 R2 is something called DirectAccess. What is DirectAccess? Think of it as a background VPN to your corporate intranet, but with none of the end-user hassles of a traditional VPN. Work anywhere in the world as if you were sitting in your office.
Think of this scenario:
You are flying on a WiFi equipped airplane and power on your Windows 7 laptop. It boots up and before you even logon your laptop establishes a machine certificate authenticated IPsec tunnel to your company. Group policies are pulled down to your computer, and your anti-virus software gets an update. You logon, and you are authenticated to a domain controller and pull down new user group policies.
You then access a file share using a short name, such as \server50common and open a Word document. You realize your password is about to expire, so you change your domain password. You also surf over to your favorite internal HR portal and input your time card data and blog about this new remote access your IT gurus setup for you.
Being the CEO of your company, you aren’t the most technical user around and experience a problem with your OCS communicator client. So you e-mail your help desk and they open a remote assistance session with your laptop. They walk you through the solution, and you can now IM. They also notice your print spooler service crashed and needs to be restarted, so they issue a remote PowerShell v2 command to start your print spooler service.
Next, your company wants to push a software patch via SCCM to close a major security vulnerability in Acrobat Reader. So they assign the patch package to your computer. Your computer receives the advertisement and installs the update.
For the next two hours you want surf public Internet sites, but don’t want your IE traffic routed through your corporation because the content is of a personal nature.
Finally, you need to RDP into a server and install a patch so you launch the RDP client and install the patch on the server. Your flight is now about to land, so you shut down your computer.
This scenario would have been impossible until the release of RC1 of Windows 7 and Server 2008 R2. But the entire scenario I described above will be possible and completely transparent to the end user. Good bye traditional VPNs and hello DirectAccess!
For more technical details, see this link.