DirectAccess was first introduced as a feature within Windows Server 2008 R2 and Windows 7 Client.  DirectAccess overcomes the limitations of traditional VPN connectivity by automatically establishing a bi-directional connection from client computers to the corporate network wherein users never have to manually establish a connection to the enterprise network.  The biggest advantage of DirectAccess is that IT administrators can manage remote computers outside the office just as they would manage machines connected inside the corporate network.  For more information, please visit: http://www.nappliance.com/blog/why-uag-directaccess-better-traditional-vpn.

Since the release of DirectAccess in Server 2008 R2, many customers and vendors have requested the addition of various features.  Many of these requested features have now been introduced or enhanced in Windows Server 2012:

  • Multi-site deployment:
    A long-awaited feature, multi-site deployment has been added to DirectAccess in Server 2012.  This feature enables a single installation to provide the given service to multiple sites.  Companies with geographically dispersed locations have been attempting different scenarios to achieve a redundant DirectAccess solution.  With Server 2012, this becomes much easier to deploy and very straight forward.  Multi-site deployment is now available as an inbuilt feature.  Multiple entry points can be defined in a single installation and client machines can connect to the entry point within closest proximity.  Traffic across a multi-site deployment can be distributed and balanced with an external global load balancer.  For more information, please visit: http://technet.microsoft.com/en-us/library/hh831664.aspx 
  • Single NIC scenario:
    Earlier versions of Windows Server have required the assignment of two consecutive public IP addresses to configure DirectAccess.  With Windows Server 2012, DirectAccess can now be configured behind a NAT device in a single NIC scenario.  This will benefit organizations that are reluctant to put a Windows machine on the edge because of security concerns.  It will also help small organizations quickly configure DirectAccess without spending extra time and money on consecutive IP Addresses. 
  • Simplified deployment:
    Windows 2012 DirectAccess can be configured with just three clicks.  Small organizations without any complex architecture can deploy DirectAccess easily and without any expert knowledge using the pre-configured settings.  This comes in very handy when needing to quickly set up DirectAccess in a lab environment. 
  • Simplified PKI requirement & self-signing certificate:
    Windows 2012 overcomes the PKI requirement using Kerberos Proxy.  Client authentication requests are sent to a KDC Proxy Server service running on the DirectAccess server.  Kerberos proxy sends Kerberos requests to DCs on behalf of the client.  The self-signing certificate feature eliminates the need for specific certificates.

Cheers