Click here and schedule to have us give you a call back.

Scorpion Software Corp

Solutions For DirectAccess

Windows Server 2008 R2 introduces an excellent remote access feature in DirectAccess, a new user experience which seamlessly connects Windows 7 based workstations to their corporate network any time they have Internet access. With DirectAccess, users are able to access corporate resources (such as e-mail servers, shared folders, or intranet Web sites) securely without connecting to a virtual private network (VPN).

With such easy access to the corporate network, strong authentication is a vital component to help definitively prove with confidence that when someone is using that workstation and gaining access to your company's resources in the office,  they are who they say they are.

Continue reading to see how AuthAnvil can help you gain the confidence you need to offer remote access with DirectAccess to increase productivity while maintaining security through identity assurance. 

 

AuthAnvil for Windows7 Logon

DirectAccess takes the concept of VPN and throws it topsy-turvy. User initiated PPTP or L2TP are great VPN solutions that we have used in Windows XP and Vista for years. But lets face it, it has its limitations. Many hotels don't allow for such VPN. When tethering with some cell providers, they won't allow it either. It makes it difficult at best to use it for that "anywhere, anytime" access remote works seek. And it is not always practical to buy into yet another appliance so we can have SSL VPN and still not get all the benefits we need for full corporate network access. 

Worse yet is that managing remote computers over VPN is a nightmare. You have to wait until a connection is established, and generally the gpupdates don't happen fast enough which means its extremely difficult to manage the machines through group policy. And we all have seen the ugliness of remote shares and connectivity when using PPTP. It works well when the tunnel is up, but hangs everything when you try to access shares when it isn't.

Enter DirectAccess. DirectAccess allows machine level connectivity by combining IPV6 with IPSec to give you a tunnelled direct connection back to the office in a secure manner. This means you can actually apply full group policy and management to these machines ANYTIME they are connected to the Internet.

That's right, in case you think you didn't read that correctly, when the PC is online, its actually connected to the corporate LAN. That means it has full access to all assets and resources, and can come into complete visibility to your management systems like System Center.

Of course, that in itself becomes a concern to some IT professionals. That means laptops in the field always have connectivity. How do we know for sure they are who they say they are? DirectAccess has built in trust through its certificate management chain. Each machine under a DirectAccess scope will have received a client certificate from the Certificate Authority attached to Active Directory. However, if you want more assurance, AuthAnvil can come into play here in a REALLY nice way, to provide identity assurance for the user accessing the system.

Because DirectAccess allows your remote Windows 7 clients to be always communicating with Active Directory, you can take advantage of Active Directory Software Distribution policies and assign a Group Policy Object (GPO) to the OU in question. In other words, if you were to create an OU called "DAClients" and apply the AuthAnvil Protection Policy, the remote Windows 7 clients would have the AuthAnvil Credential Provider distributed and installed to them the next time it reboots, giving you immediate two-factor authentication on your DirectAccess clients. And here is what it would look like when they go to log into the Windows 7 client:

Of course, since there will be times when these machines WON'T be connected to the corporate network, or more precisely won't be connected to the Internet... we recommend you configure the AuthAnvil Credential Provider to use Offline Caching Mode. This way you can continue to use AuthAnvil's two-factor authentication security even when you cannot reach the AuthAnvil Strong Authentication Server, like when you may be flying in an airplane or in the middle of nowhere with no network access to speak of.

For more information...

If you would like to learn more about AuthAnvil and how you can use it with Microsoft's DirectAccess, let's talk.