Mapping Your Deployment Goals to a DirectAccess Design

Applies To: Windows 7, Windows Server 2008 R2


This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (

After you have reviewed the DirectAccess deployment goals and determined which are appropriate for your organization, you can map those goals to a specific design.

The following table shows how well the DirectAccess designs meet the deployment goals discussed in Identifying Your DirectAccess Deployment Goals.

DirectAccess deployment goal DirectAccess elements or features

Transparent and automatic remote access for DirectAccess clients

Functionality in the DirectAccess server and clients

Ongoing management of remote DirectAccess clients

Bidirectional connections whenever the computer is connected to the Internet

Efficient routing of intranet and Internet traffic

Use of the Name Resolution Policy Table (NRPT) and Internet Protocol version 6 (IPv6) to separate Internet and intranet traffic

Reduction of remote access-based servers in your edge network

Access to intranet resources through the DirectAccess server

End-to-end traffic protection

The selected server and end-to-end access models

Multi-factor credentials for intranet access

Smart card authorization on the intranet tunnel