What is DirectAccess and how do we use it

Microsoft DirectAccess

“DirectAccess provides users transparent access to internal network resources whenever they are connected to the Internet.”

DirectAccess does not require any user intervention or any credentials to be supplied in order to connect. It can be thought of as if the machine makes the connection to internal resources. The machine does so by using a certificate that was given to it by the Active Directory. Simplistically speaking, the machine tries to access a “beacon” inside the intranet; this would be a service that is only available “inside” the University network. If it gets a response, it assumes that the machine is connected to the University network (LAN / eduroam / VPN) and it takes no further action. If, however, it gets no response from the beacon service, it will assume that the machine is connected to the internet but not to the University network and establish a “tunnel” connection to the “intranet”. This is similar to the traditional VPN in that the user (and the machine) will then be able to access internal resources. The machine should use the DirectAccess in a “smart” way in that it should only route the traffic to *ed.ac.uk through this connection. All other traffic should go “natively” through the internet connection (things like Google, YouTube, etc.)

How to tell if the DirectAccess is connected / working

When the device is connected to a remote network the Windows “networks” ribbon will show UoE_DirectAccess connected like this:

Image
Winodws 8 Direct Access

 

 

 

 

When the device is connected to the Local network, the ribbon will show that the DirectAccess is disconnected.

Image
Winodws 8 Direct Access

 

 

 

That would be a simplistic description of the service. More information can be found on Microsoft Site [https://technet.microsoft.com/en-us/library/dd637821(v=ws.10).aspx]