First, IPV6 direct access
For this network application, there are several points to be explained.
1th, the DirectAccess is for enterprise users. The DirectAccess-built VPN in WIN7 Enterprise and flagship versions can better prevent hackers from stealing network data through firesheep than the IPv6 of the win Server 2008 R2, which is implemented with the IPSec combination.
2nd, DirectAccess can be combined with network Access Protection (NAP). The NAP system automatically checks to see if the software installed on the remote access terminal is the latest version and whether a consistent security policy is applied. If necessary, the system administrator can set up nap to automatically update the software version of the remote terminal and apply the new security policy. That is, when DirectAccess and NAP are applied simultaneously, you can not only prevent remote terminals that do not have security compatibility from accessing the local network, but can also automatically patch them up, install anti-virus software client programs that are recognized by the local enterprise network, and modify security policy settings. The terminal is then allowed to access the local system.
The combination of the two can be said to be the great love of the system administrator. It makes it easy for administrators to manage remote access terminals and maintain their system security only if they are set up on the local system.
Second, through the DirectAccess, the administrator can improve the client and data center network performance
This function is realized by separating the intranet data and the extranet data of the enterprise. In the DirectAccess environment, only the enterprise network data is passed on the enterprise server, while the employees surf the Internet to see the non business activities such as video, their data flow or Enterprise gateway.
The obvious change is the significant increase in the flow of data between the WIN7 client and the Enterprise data Center. Remote Win7 users will not wait as long as before to see the results returned by the data center. The data center switches are no longer wasting bandwidth processing other data. In the traditional VPN mode, all data streams have to go through the Enterprise gateway.
Third, the use of DirectAccess IPv6
When using DirectAccess, you do not have to consider whether the IPV6 is already running. Because Ip-https is supported by both Win7 and Server 2008 R2. This is a tunneling protocol that can hide IPV6 packets in an IPv4 HTTPS thread. If you know your network environment is IPV4, such as in a hotel, café, or conference center of the Public network environment, you can log in as an administrator to the system, follow these steps to ensure that all remote Win7 users in the use of Ip-https are selected by default force Tunneling option. First log in as an administrator, and then follow these steps:
Step 1. Open the Group Policy Management console, click Start on domain controller, click Control Panel, click Administrative Tools, and then click Group Policy Management. Set up a Group Policy object (GPO) for the DirectAccess client computer here
Step 2. In the new DirectAccess client GPO, find computer configurationpoliciesadministrative templatesnetworknetwork Connectionsroute All Traffic through the internal network. Then click Edit Policy Setting, click Enabled, and then click OK.