I remember a few years ago Microsoft created linkage between product releases (to generate cumulative sales?). I believe the trio were Exchange, Vista and Office. While the cumulative features had merit I don’t think there was a strong enough business driver.
So now we have a similar linkage between Windows 2008 and Windows 7. This time I think the drivers are very compelling.
While there are many features to digest the main highlight for me is a capability called DirectAccess.
To describe this I would like to take a step back; have you ever heard the term ‘Outlook Anywhere’? It is a capability of exchange that enables the outlook client to behave (from an end user perspective) the same regardless of location and without the need for VPN. Similar capabilities are available for Office Communications Server and Sharepoint.
While to the user its compelling the IT effort to design and maintain the edge infrastructure for each application is significant.
DirectAccess achieves what I term ‘Windows Anywhere’. Once the DirectAccess infrastructure is established any application on the intranet will work when connected via the internet without dedicated application edge design and without the need for a VPN connection.
This is specifically designed for people you trust (staff) working on computers you trust (work laptops). The infrastructure builds on existing capabilities such as Active Directory and Group Policy although it does drive the need for Certificate Services. Other approaches such as Terminal Services (now rebranded Remote Desktop Services) are needed for less-trusted users and machines.
The Windows 7 laptop connects via an IPSec tunnel secured using a digital certificate (deployed automatically via Group Policy once the Certificate Service PKI is deployed), the laptop can be validated and given a health check first (patching and virus protection). As for the user the Active Directory password can be used or a smartcard.
