After identifying and evaluating your Forefront Unified Access Gateway (UAG) DirectAccess deployment goals, you can map these goals to a Forefront UAG DirectAccess design that meets your deployment objectives. This topic describes how you can map one goal or a combination of any of the predefined Forefront UAG DirectAccess deployment goals to a Forefront UAG DirectAccess design. For information about identifying your deployment goals, see Identifying your Forefront UAG DirectAccess deployment goals.
 Note: |
|---|
| After mapping your deployment goals to a Forefront UAG DirectAccess design, you can begin documenting your design. For information, see Documenting your Forefront UAG DirectAccess design. |
The following table shows how the Forefront UAG DirectAccess designs meet the deployment goals.
| Deployment goal | DirectAccess design requirements |
|---|---|
|
Transparent and automatic remote access for DirectAccess clients |
Functionality in the Forefront UAG DirectAccess server and clients. For information, see Connection process. |
|
Ongoing management of remote DirectAccess clients |
Bidirectional connections whenever the computer is connected to the Internet. For information, see Designing Forefront UAG DirectAccess for remote management. |
|
Efficient routing of intranet and Internet traffic |
Use of the NRPT and IPsec to separate Internet and intranet traffic. For information, see NRPT rules. |
|
Reduction of remote access-based servers in your edge network |
Access to intranet resources through the Forefront UAG DirectAccess server. For information, see Resources available to Forefront UAG DirectAccess clients. |
|
End-to-end traffic protection |
The end-to-end access model. For information, see Choosing an access model. |
|
An integrated DNS64 and NAT64 solution |
Integrated NAT64 and DNS64 on the Forefront UAG DirectAccess server. For information, see Choosing a solution for IPv4-only intranet resources. |
|
A scalable Forefront UAG DirectAccess solution |
Forefront UAG array management and load balancing. For information, see Capacity planning for Forefront UAG DirectAccess servers. |
|
Multi-factor credentials for intranet access |
Smart card authorization on the intranet tunnel. For information, see Smart cards for additional authorization. |