IPv6 Direct Access
There are a few points to note about this web application.
First, DirectAccess is for business users. Compared with the VPN implemented by the combination of IPv6 and I
PS
ec of Win server 2008 R2, the built-in VPN of DirectAccess in Win7 Enterprise and Ultimate can better prevent hackers from stealing network data through firesheep.
Second, DirectAccess can be combined with Network Access Protection (NAP). The NAP system automatically checks whether the software installed on the remote access terminal is the latest version and whether a matching security policy is applied. When necessary, the system administrator can set up NAP to automatically update the software version of the remote terminal and apply a new security policy. In other words, when DirectAccess and NAP are applied at the same time, you can not only prevent remote terminals that do not have security compatibility from accessing the local network, but also automatically patch them and install anti-virus software client programs approved by the local enterprise network. Modify the security policy settings before allowing the terminal to access the local system.
The combination of the two can be said to be the great love of system administrators. It allows administrators to easily manage remote access terminals and maintain their system security by simply setting them up on the local system.
With DirectAccess, administrators can improve network performance in both client and data centers.
This function is achieved by separating the intranet data and extranet data of the enterprise. In the DirectAccess environment, only enterprise network data is transmitted in the enterprise server, and employees access the Internet to watch non-business activities such as video, and the data flow is still taking the enterprise gateway.
The resulting change is a significant increase in data flow between the Win7 client and the enterprise data center. Remote Win7 users will no longer wait for a while before they can see the results returned by the data center. Data center switches will no longer waste bandwidth processing other data. In the traditional VPN mode, all data flows through the enterprise gateway.
IPv6 with DirectAccess When using DirectAccess, you don't have to think about whether IPv6 is already running. Because both Win7 and Server 2008 R2 support IP-HTTPS. This is a tunneling protocol that hides IPv6 packets in IPv4-based HTTPS threads. If you know that your network environment is IPv4, such as in a public network environment in a hotel, coffee shop, or conference center, you can log in to the system as an administrator. Follow these steps to ensure that all remote Win7 users are using IP-HTTPS. The Force Tunneling option is selected by default. First log in as an administrator and follow these steps:
Step 1. Open the Group Policy Management console, click Start on the Domain Controller, click Control Panel, click Administrative Tools, and then click Group Policy Management. Create a Group Policy Object (GPO) for the DirectAccess client computer here. Step 2. In the newly created DirectAccess client GPO, find Computer ConfigurationPoliciesAdministrative TemplatesNetworkNetwork ConnectionsRoute all traffic through the internal network. Then click Edit policy setting. Click Enabled, then click OK.