告别VPN:Windows 7/2008 R2的Direct Access功能概述
????VPN????!
Direct Access?Windos 7?Windows Server 2008 R2??????????????,?????????????VPN??????,???????Internet??????????????!
?????????,????????????????,???VPN?,???Token?,???SmartCard?,??????VPN?????!????????????????!Bill Gates?????,information at your finger tip?
??????????????,??????????????????????????Direct Access??????,???????,??Direct Access???????,??????????????????
??Direct Access??
Direct Access?????VPN??????,??????????????????????????????Direct Access????IP v6?????????????????Direct Access??IPsec??????????,?????IT??????????????????
Direct Access???,?????????DirectAccess Server?IP v6???????IP v6?????,??????IP v4?????,??????DirectAccess Server????????,??????????
??????,DirectAcces???????????IPSec????:
- IPsec Encapsulating Security Payload (ESP) tunnel with IP-TLS (Transport Layer Security),???????????????????DNS????????,????????????????????????
- IPsec ESP tunnel with IP-TLS,?????????????????????????????????????????
??????????????
?????????,DirectAccess???????????????????????:
Selected Server Access
Selected server access, ????,??????????????????????????????DirectAccess????????????????,????????????????????Windows Server 2008?2008 R2,?????????????IPv6?IPsec???
Full enterprise network access
Full enterprise network access,?????,DirectAccess?????????????IPSec????????????????????????????,???????????????????????????Exchange?RPC over Http???
DirectAccess???????
1. ??Windows 7???????????????????;
2. DirectAccess???????????????????,??????,?DirectAccess???????????????,?????DirectAccess???????????;??????,DirectAccess??????;
3. ???????????IPv6?IPsec???????DirectAccess??????????????IPv6??,???????IPv6-over-IPv4???(??6to4??Intra-Site Automatic Tunnel Addressing Protocol ,ISATAP)?????Windows 7??????,???????????;
4. ??????????IPv6 6to4??,?????HTTPS???DirectAccess?????(??????);
5. Windows 7????DirectAccess????????????(?????????);
6. DirectAccess?????????AD???????????,????????????????DDOS??,???????DSCPs??(Differentiated Services Code Points);
7. ????????NAP??,DirectAcces?????NAP?????????????????????????????????????????;
8. ??????,DirectAccess??????????????????
?????????????,?????????
Direct Access????????
?????????DirectAccess?????????Windows 7?DirectAccess????????????DirectAccess???,?????internet??????????internet???????????,??????????????????
DirectAccess?????
- ???????Windows Server 2008 R2?DirectAccess???,???????????,??????????
- ?????????DNS??????Windows Server 2008?Windows Server 2008 R2????????????(two-factor authentication)??R2?AD DS???
- A Public Key Infrastructure (PKI)??????
- IPsec?
- DirectAccess?????:ISATAP, Teredo, and 6to4?
???????DirectAccess?????????????,????????????,????????DirectAccess??????????????????:
- Windows 7 and Windows Server 2008 R2 DirectAccess Executive Overview (????????)
- https://www.microsoft.com/downloads/details.aspx?familyid=d8eb248b-8bf7-4798-a1d1-04d37f2e013c&displaylang=en&tm
- Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2 (????????????)
- https://www.microsoft.com/downloads/details.aspx?familyid=64966e88-1377-4d1a-be86-ab77014495f4&displaylang=en&tm
Comments
Anonymous
January 01, 2003
多年以后再回过头来看Direct Access,发现真的是个好主意,现在win 8也支持了。。微软好样的。Anonymous
January 01, 2003
PingBack from http://www.perday.tv/news/?p=15980Anonymous
January 01, 2003
Combine/Compress/Minify JS and CSS files in ASP.NET MVC How to Export Data to Excel from an ASP.NET ApplicationAnonymous
January 01, 2003
Combine/Compress/MinifyJSandCSSfilesinASP.NETMVCHowtoExportDatatoExcelfromanASP.NET...Anonymous
February 04, 2009
The comment has been removedAnonymous
February 04, 2009
如果兼容硬件VPN,就可以不用某某公司卖1000多元人民币一个客户端许可的IPSec 客户端软件了,当然,前提是你要买WIN7,还要买2008作为网关操作系统。。。。Anonymous
February 04, 2009
目前的vpn客户端软件价格确实太高,不过可以选择pptp连接啊。那样可以用windows自带的客户端了。Anonymous
February 04, 2009
若使用这种方法,是否只有microsoft自己的win7 或者2008 r2才能使用driect access,能否与其他设备或者软件兼容?是否公开了详细的技术内容?不会跟microsoft windows一样吧。 是否是凭借这个功能,又增强microsoft软件的垄断性。Anonymous
February 04, 2009
VPN软件可以使用Cisco System VPN client或者Fortinet的 Forticlient,如果只有升级到Windows7或者2008才能使用direct access,那不如购买付费的VPN软件呢。Anonymous
February 04, 2009
最乖的还是openvpn, 穷人的劳斯莱斯啊 更乖的是softether, 防火墙都能蹿出去 最最乖的是利用IM, 建立连接,两个防火墙后面都能蹿来窜去Anonymous
February 23, 2009
有谁知道windows7中的DirectAccess Client在哪里?如何配置?Anonymous
March 27, 2009
windows7加人域后。可以正常上网。内外都可以访问。但自定义ip后就仅限访问域内了。解析外网也没问题。但就是上不了外网。打不开网页。这是为什么啊?谢谢老师解答一下。Anonymous
June 18, 2009
好把我承认 你向我展示了一项非常高端的功能。 但是我的vpn是用来访问类似youtube的公网资源 会有供应商提供类似服务么?Anonymous
December 30, 2009
The comment has been removedAnonymous
April 28, 2013
你的域内有DHCP吧,这个时候你手动指定IP了,能够解析外网域名,那DNS没有问题,上不了网那就是网关问题了。是否也手动指定网关了呢?