Test Lab Guide: Demonstrate Forefront UAG DirectAccess 2010 RTM

Applies To: Unified Access Gateway

Forefront Unified Access Gateway (UAG) provides users with the experience of being seamlessly connected to their intranet any time they have Internet access. When DirectAccess is enabled, requests for intranet resources (such as e-mail servers, shared folders, or intranet Web sites) are securely directed to the intranet, without the need for users to connect to a VPN. DirectAccess enables increased productivity for a mobile workforce by offering the same connectivity experience both inside and outside of the office. Forefront UAG DirectAccess extends the benefits of Windows DirectAccess across your infrastructure by enhancing availability and scalability, as well as simplifying deployments and ongoing management. For more information, see Overview of Forefront UAG DirectAccess.

IT professionals can benefit from UAG DirectAccess in many ways:

  1. Improved Manageability of Remote Users. Without DirectAccess, IT professionals can only manage mobile computers when users connect to a VPN or physically enter the office. With DirectAccess, IT professionals can manage mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on. This flexibility allows IT professionals to manage remote computers on a regular basis and ensures that mobile users stay up-to-date with security and system health policies.

  2. Secure and Flexible Network Infrastructure. Taking advantage of technologies such as Internet Protocol version 6 (IPv6) and Internet Protocol security (IPsec), DirectAccess provides secure and flexible network infrastructure for enterprises. Below is a list of DirectAccess security and performance capabilities:

  3. Authentication. DirectAccess authenticates the computer, enabling the computer to connect to the intranet before the user logs on. DirectAccess can also authenticate the user and supports two-factor authentication using smart cards.

  4. Encryption. DirectAccess uses IPsec to provide encryption for communications across the Internet.

  5. Access to IPv4-only intranet resources. UAG DirectAccess extends the value of Windows DirectAccess with NAT64/DNS64, an IPv6/IPv4 protocol transition technology that enables DirectAccess client connectivity to IPv4-only resources on the intranet.

  6. High availability and array configuration. UAG DirectAccess extends the value of Windows DirectAccess by adding integrating support for Network Load Balancing and array configuration, which work together to enable a highly available DirectAccess deployment.

  7. IT Simplification and Cost Reduction. By default, DirectAccess separates intranet from Internet traffic, which reduces unnecessary traffic on the intranet by sending only traffic destined for the intranet through the DirectAccess server. Optionally, IT can configure DirectAccess clients to send all traffic through the DirectAccess server.

In this guide

This paper contains instructions for configuring and demonstrating UAG DirectAccess using five server computers and two client computers. The starting point for this paper is a Test Lab based on the “Steps for Configuring the Corpnet Subnet “ and “Steps for Configuring the Internet Subnet “ sections of the Test Lab Guide: Base Configuration. The resulting DirectAccess test lab simulates an intranet, the Internet, and a home network and demonstrates DirectAccess functionality in different Internet connection scenarios.


These instructions are designed for configuring a Test Lab using the minimum number of computers. Individual computers are needed to separate the services provided on the network, and to show clearly the required functionality. This configuration is not designed to reflect best practices, nor does it reflect a required or recommended configuration for a production network. The configuration, including IP address assignment and all other configuration parameters, is designed to work only on a separate Test Lab network. For more information on planning and deploying DirectAccess with Forefront UAG for your production network, please see the Forefront UAG DirectAccess design guide and the Forefront UAG DirectAccess deployment guide

The guide includes the following topics:


This document is available in Microsoft Word format at the Microsoft Download Center