Direct Access is a feature introduced in Windows Server 2008 R2, and greatly improved upon in Windows Server 2012. I consider the introduction a bold one, because at the time it required a fully-envisioned IPv6 infrastructure, which is still being implemented incredibly slowly throughout the Internet. Lo-and-behold, with Windows Server 2012, Microsoft scaled-back the tenacity with which they were pressuring for IPv6 deployments and made DirectAccess available to us via simple SSL over IPv4.
What is DirectAccess?
Direct Access is a means by which your enterprise workstation is able to ‘phone home’ without any assistance, such as would be required to access a VPN configured through a firewall or a Microsoft Routing and Remote Access Server. The idea is that you are always able to route back to your Microsoft network using public IPv4 DNS records via the Secure Sockets Layer, similar to how you would sign-in to a secure web page for sensitive information, such as personal banking. This eliminates the need for integrating a service like RADIUS to provide domain-based authentication and deploying an VPN client software to all of the systems (not to mention training your staff on how to use it.)
Why use DirectAccess?
Simply put, DirectAccess eliminates one more step that is needed to remotely access a corporate environment, and reduces the surface area for end-user error. Since it uses the Secure Sockets Layer – which is shared by the aforementioned secure web browsing, variables such as remote routers and firewalls can also be eliminated as a variable since there are usually no restrictions on the SSL port, whereas a non-SSL VPN client would require that specific additional ports be opened at the connecting network, relative to the protocol being used.
A problem that used to exist in the old DirectAccess architecture of Server 2008 R2 was the reliance on IPv6, which as I mentioned can be a big project in itself to implement on a network that is not already using it. Server 2012 Direct Access is fully IPv4 compliant, and the configuration of it
What do you need to run DirectAccess (Windows 2012)?
DirectAccess requires the following components on your network:
- Client workstations running Windows enterprise software (Windows 7 Enterprise or Ultimate, Windows 8 Enterprise)
- If using Windows 7 clients, a local Certificate Authority is recommended to provide client-authentication certificates for backwards-compatibility. This is not a requirement in Windows 8.
- A Windows Server 2012 host with a network controller
- A Windows domain controller (running Windows Server 2008 SP2, or a higher edition) and DNS server
Contact Trigon today if you would like more information on Direct Access and how it can improve your small business!
Old network and servers may seem reliable, but the “they don’t make it like they used to” philosophy does not apply well to computers and technology. I will touch on a few areas of importance to consider if your small business is operating on a server that is more than three years old.
The performance of the equipment is the most notable factor. An older server is equipped with older technology. Significant gains in data access and task processing can be had by upgrading the server hardware, and efficiency gains in newer Operating System design will provide additional enhancements at the software level.
Computer warranties will generally extend for three years – there is a reason for this. Once devices reach a certain age their failure becomes more predictable. This is especially true for Hard Drives and Power Supplies, which – along with the cooling fans – are the only moving parts. Having old server hardware means there is a higher chance of failure of one of the components, and a higher risk of down-time or even a disaster-recovery scenario.
Old server hardware is lacking in a lot of technology advancements that have really opened the doors for new improvements that re-shape the way the technology is utilized, increasing the power of hardware exponentially with features like hypervisors and virtualization, which allows for the operation of several “virtual” servers that tasks can be split-out to, maximizing it’s potential and available resources. It also provides for incredibly fast maintenance, since system reboots of a virtual machine do not require re-initialization of the hardware, which slows down the loading time. An older server may not be capable of virtualization, and the reboot times for the operating system can be as much as thirty minutes or longer.
- by Jon Pentecost
How do you update your Windows Servers and workstations (you do update regularly, right)?
With all of the available options for automatically updating Windows Operating Systems, there shouldn’t be any reason you don’t have systems that are up-to-date. Just a couple of the available options are 1.) the built-in Windows Update that all recent Microsoft OSes have and 2.) installing and configuring Windows Software Update Services (WSUS) on a server in a network environment.
Windows Update is a built-in feature of all recent Microsoft OSes that can assist you with automatically updating your Windows Operating System. It has three options for updates: informing you that updates are available and letting you choose when to download and install them, downloading the updates and informing you they are ready for installation, or configuring a frequency and time to automatically download and install updates.
Windows Update can also be updated to Microsoft Update, which includes updates to other Microsoft products other than only the Operating System (such as Microsoft Office). This update is a simple process to add to your OS (depending on the Microsoft OS you have will dictate how you add this functionality to Windows Update) and will then include updates to most Microsoft products installed on your system, along with updates to the main system.
WSUS is more involved than using the built-in Windows Update, but once it is setup and configured, there is not much maintenance necessary to continue to keep your systems fully patched. WSUS is a separate download for Windows Server 2003 but is now included as an additional feature to Server 2008 that you can add, if you wish. Once WSUS is installed on a server, you can then have servers and workstations connect to the WSUS implementation a number of ways. The most popular (and in my opinion, the best way) is to setup a Group Policy Object (GPO) that connects all workstations to one or more configurations for deploying updates automatically and having servers connect to another GPO that allows you to manually initiate the updates.
One of the biggest benefits of using WSUS is that all workstations and servers connect to a single location within the network environment that already have all the necessary updates downloaded (which can be scheduled for off-hours, by the way), rather than having to individually connect to the Microsoft Update servers through the Internet and download the necessary updates on every computer. Another great benefit is that from one console, you are able to view each of the systems in the environment and know the current patches that are installed and those that are needed on any particular update or patch, rather than needing to go to each machine and run Windows/Microsoft Update manually to see if updates are needed.
A third option for keeping your systems fully patched and updated is to use Trigon Technology as your IT Support Company. With our Pinnacle Care Managed Services, we use additional software that manages the update process on each and every system in your environment that can be customized for any need on any machine. In addition to updates, we proactively monitor all systems and can send alerts if a particular computer or even a certain service on a machine becomes unavailable. So, if you would like to be sure your network environment is updated without the need for setting configurations on each computer or going through all of the setup and configuration of WSUS, contact Trigon Technology and ask about our IT Services that can keep your systems up-to-date for you and allow you to focus on what is most important to you: your business.