What about DirectAccess in the Branch Office?
That’s a good question and one I’ve been thinking about a bit lately. Since both Windows 7 Enterprise and Ultimate, as well as Windows Server 2008 R2 can be DirectAccess clients, I can imagine the following scenario:
With this scenario in place, there is no expensive dedicated WAN link, so you have money there. Also, there’s no site to site VPN link, so you don’t have to deal with the management hassle and Help Desk calls related to unable site to site VPNs. You should also be able to take advantage of BranchCache, either Hosted or Distributed Mode.
If you use Hosted Mode, you’ll need to configure Name Resolution Policy Table (NRPT) exemptions so that the BranchCache clients don’t try to connect to the BranchCache server over the DirectAccess connection. You can then configure local DNS or use local name resolution to resolve the name of the Hosted Mode BranchCache server.
If you use Distributed Mode, you don’t even need to configure NRTP exemptions, since the Distributed Mode BranchCache clients use WS-Discovery, which is a multicast based protocol to resolve the name of the local Windows 7 host with the desired content.
There you go. Significantly simplified infrastructure that gives branch office clients transparent access to corpnet resources without having to use VPN at all; no remote access client VPN connections and no site to site VPN connections.
I am intrested in understanding how to implement this as we have a similer requrement. Appriciate if you can point to any dcoumentation to achive transparent access to corpnet resources without having to use VPN at all; no remote access client VPN connections and no site to site VPN connections.
in order to have that feature Exchange comes with DirectAccess.. furthermore Windows TO Go can have such features too.. i was wondering if connection via direct access connection does it mean that remote attacker can still intercept the data ?