UAG's addon to DirectAccess is basically ipv6 to ipv4 NAT. Regular DirectAccess needs ipv6 from the DirectAccess server to the target server. UAG (acting as a DirectAccess server) can talk to target server using ipv4. There are other additional features but that's the main one for me.
-Anders On Thu, May 6, 2010 at 7:51 PM, Brian Desmond <[email protected]>wrote: > Ah so this is the DirectAccess functionality that was added in the Win7 > cycle. It's all IPSEC magic secured with PKI. It's certainly secure (IMO) > and it is VERY slick. End users love it too. No more dealing with crappy VPN > clients, licenses for them, etc. You control on the backend what's available > via the tunnel. > > UAG adds a publishing layer for DirectAccess which I understand makes > deployment a bit easier but I haven't tried it yet. > > Thanks, > Brian Desmond > [email protected] > > c – 312.731.3132 > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Thursday, May 06, 2010 12:48 PM > To: NT System Admin Issues > Subject: Re: Win 2008 UAG, Win 7 Enterprise, Generic Accounts > > On Thu, May 6, 2010 at 08:17, Ben Scott <[email protected]> wrote: > > On Thu, May 6, 2010 at 10:59 AM, Kurt Buff <[email protected]> wrote: > >> And this is one of the big reasons why Windows 7 Enterprise, coupled > >> with Win2k8 UAG, is so interesting to me... > > > > Eh? I'm not familiar with that stuff, but I'm intrigued. Care to > > elaborate, or provide links, please? I tried Google but am only > > getting stuff related to ISA/Forefront. > > > > -- Ben > > It's under the forefront umbrella. From my digging, it seems that among > other things it is a way to set up an IPv6/IPSec tunnel from the > Win7 Enterprise/Ultimate mobile machine to the UAG server, which gives it a > presence on the internal network. It happens before the user logs in, so > login scripts, GPOs, drive connections and all of that happen transparently. > > If you visit > http://www.microsoft.com/forefront/unified-access-gateway/en/us/ > and get the PDF linked at "Forefront UAG and DirectAccess" you'll get more > data. > > I'm still waiting to see evidence that it's secure and all that, but the > concept is pretty stellar. It would also have to be coupled with robust disk > encryption and possibly a two factor auth solution, but it would make life > much easier for everyone. > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
