Planning a DirectAccess Deployment Strategy
Applies To: Windows 7, Windows Server 2008 R2
Important
This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (https://go.microsoft.com/fwlink/?LinkId=179988).
The following are some critical questions to consider as you develop a deployment strategy for DirectAccess, with links to corresponding topics in this Design Guide. Answering these questions will help you create a strategy that is cost-effective and resource-efficient.
Which intranet resources will be available to DirectAccess clients? For more information, see Resources Available to DirectAccess Clients.
How do I either enable Internet Protocol version 6 (IPv6) on my intranet or have DirectAccess use my existing IPv6 infrastructure? For more information, see Choose an Intranet IPv6 Connectivity Design.
What options do I have to make Internet Protocol version 4 (IPv4)-only resources available for DirectAccess clients? For more information, see Choose Solutions for IPv4-only Intranet Resources.
Which access models are there to choose from? For more information, see Choose an Access Model.
What options do I have to configure DirectAccess? For more information, see Choose a Configuration Method.
Which computers do I need to designate as management servers that will initiate connections to DirectAccess clients? For more information, see Design for Remote Management.
What packet filters do I need to add to my firewalls and computers in my organization? For more information, see Design Packet Filtering for DirectAccess.
What support is needed from third-party host firewalls? For more information, see DirectAccess and Third-party Host Firewalls.
What authentication and authorization options do I have? For more information, see Choose an Authentication and Authorization Scheme.
What addressing and routing do I need to configure on my DirectAccess server? For more information, see Design Addressing and Routing for the DirectAccess Server.
How does DirectAccess leverage or utilize Active Directory Domain Services (AD DS)? For more information, see Choose an Authentication and Authorization Scheme.
How do I design my Domain Name System (DNS) infrastructure for DirectAccess? For more information, see Design Your DNS Infrastructure for DirectAccess.
How do I design my public key infrastructure (PKI) for DirectAccess? For more information, see Design Your PKI for DirectAccess.
How do I design my internal and external Web infrastructure for DirectAccess? For more information, see Design Your Web Servers for DirectAccess.
What options are there for separating or combining intranet and Internet traffic for DirectAccess clients? For more information, see Choose an Internet Traffic Separation Design.
How do I ensure that traffic between DirectAccess clients on the Internet is protected? For more information, see Design Protection for Traffic between DirectAccess Clients.
How do I ensure that DirectAccess clients can detect connectivity to the intranet? For more information, see Design Your Intranet for Corporate Connectivity Detection.
How does DirectAccess co-exist with my current remote access virtual private network (VPN) solution? For more information, see Choose a DirectAccess and VPN Coexistence Design.
Should I use the DirectAccess Connectivity Assistant (DCA)? For more information, see Use the DirectAccess Connectivity Assistant (DCA).