The key elements of the Forefront UAG DirectAccess solution include the following:
- DirectAccess client—A domain-joined
computer running Windows 7 Enterprise, Windows 7 Ultimate, or
Windows Server 2008 R2, that can automatically and transparently
connect to an internal network through a Forefront UAG DirectAccess
- Forefront UAG DirectAccess server—A
domain-joined Forefront UAG server that accepts connections from
DirectAccess clients and facilitates communication with internal
- Network location server—A server that
DirectAccess client uses to determine whether it is located on the
Internet or the intranet.
- Certificate revocation list (CRL)
distribution points—Servers that provide access to the CRL that
is published by the certification authority (CA) that issues
certificates for Forefront UAG DirectAccess.
In addition, a Forefront UAG DirectAccess solution requires a number of infrastructure servers, including Active Directory domain controllers, Network Access Protection (NAP) server, CAs, and DNS servers. The following figure illustrates the Forefront UAG DirectAccess infrastructure.
Forefront UAG DirectAccess deployment requirements include the following:
- A Forefront UAG DirectAccess server running
the Windows Server 2008 R2 Standard or the Windows
Server 2008 R2 Enterprise operating systems, with two
network adapters; one that is connected directly to the Internet,
and the other that is connected to the intranet.
- On the Forefront UAG DirectAccess server, at
least two consecutive, public IPv4 addresses, assigned to the
network adapter that is connected to the Internet.
- DirectAccess clients running the
Windows 7 Enterprise or the Windows 7 Ultimate operating
- At least one domain controller that is
running the Windows Server 2003 operating system.
- A Domain Name System (DNS) server. It is
recommended that you use a DNS server that is running Windows
Server 2008 or Windows Server 2008 R2.
- A public key infrastructure (PKI) to issue
computer certificates. For more information, see Public Key Infrastructure
- IPsec policies to specify protection for
traffic. For more information, see IPsec
- IPv6 transition technologies available for
use on the Forefront UAG DirectAccess server: ISATAP, Teredo, and
6to4. For more information, see IPv6 Transition Technologies