After identifying and evaluating your Forefront Unified Access Gateway (UAG) DirectAccess deployment goals, you can map these goals to a Forefront UAG DirectAccess design that meets your deployment objectives. This topic describes how you can map one goal or a combination of any of the predefined Forefront UAG DirectAccess deployment goals to a Forefront UAG DirectAccess design. For information about identifying your deployment goals, see Identifying your Forefront UAG DirectAccess deployment goals.

After mapping your deployment goals to a Forefront UAG DirectAccess design, you can begin documenting your design. For information, see Documenting your Forefront UAG DirectAccess design.

The following table shows how the Forefront UAG DirectAccess designs meet the deployment goals.

Deployment goal DirectAccess design requirements

Transparent and automatic remote access for DirectAccess clients

Functionality in the Forefront UAG DirectAccess server and clients. For information, see Connection process.

Ongoing management of remote DirectAccess clients

Bidirectional connections whenever the computer is connected to the Internet. For information, see Designing Forefront UAG DirectAccess for remote management.

Efficient routing of intranet and Internet traffic

Use of the NRPT and IPsec to separate Internet and intranet traffic. For information, see NRPT rules.

Reduction of remote access-based servers in your edge network

Access to intranet resources through the Forefront UAG DirectAccess server. For information, see Resources available to Forefront UAG DirectAccess clients.

End-to-end traffic protection

The end-to-end access model. For information, see Choosing an access model.

An integrated DNS64 and NAT64 solution

Integrated NAT64 and DNS64 on the Forefront UAG DirectAccess server. For information, see Choosing a solution for IPv4-only intranet resources.

A scalable Forefront UAG DirectAccess solution

Forefront UAG array management and load balancing. For information, see Capacity planning for Forefront UAG DirectAccess servers.

Multi-factor credentials for intranet access

Smart card authorization on the intranet tunnel. For information, see Smart cards for additional authorization.