by October 6, 2009 0 comments

Windows 7 has come up with quite a few new enhancements for enterprise users
but most of them are dependent upon Windows Server 2008 R2 to work, except
AppLocker and BitLocker.
These two don’t need any configuration at the server end thus you can easily
deploy them. You can also refer to the hand-on stories we have done around them
in this issue. However, for both Branch Caching and DirectAccess, you need to do
most of the configuration at the server end. Here, we will discuss about the
features from a technology point of view and will cover the in-depth
implementation of Branch Caching and DirectAccess in the coming issues.

DirectAccess for roaming users
This feature is meant for corporate users who would like to access their
corporate intranet while on the move over the Internet. Well, this might sound
like yet another VPN solution, but is actually different. In DirectAccess, you
don’t need a VPN client to be configured or installed to access your corporate
network. Rather, it uses the IPv6 and its native features to tunnel and secures
data over the public network. The support for native IPv6 protocol was there in
Microsoft OSes for quite some time, but this possibly is the first application
by Microsoft which fully and natively works on IPv6 and its features.

By now you must be wondering if DirectAccess natively works on Ipv6, you will
require IPv6 aware devices at both end points -enterprise gateway level and at
the router or ISP level. No, you can even use DirectAccess over the old IPv4
aware NAT and routing devices. The only requirement is that both the corporate
network and the roaming client machine should have IPv6 support.

This wizard takes care of the DirectAccess service
installation in Windows Server 2008 R2..

The ISP link with IPv4 is managed by a native technique of IPv6 called Teredo
Tunneling, which uses a protocol called 6 to4 to tunnel IPv6 packets through
IPv4. It can grant connectivity of two endpoints using IPv6 located behind
native devices which are unaware of IPv6. This technology is developed to make
sure people can start adopting IPv6 in corporate networks and remote
connectivity without even requiring supported end point devices.

Configuring DirectAccess is not that simple. The whole deployment needs
meeting a lot of pre-requisites and some of them are unique. For example, for
deploying DirectAccess service on top of a Windows Server 2008 R2 box, you need
two consecutive public IPs. Why exactly is this kind of a resource required is
still a mystery to us. The DirectAccess setup wizard refused to proceed till the
time we actually gave them two consecutive public IPs. Plus, a lot of
configuration is required which you have to do before DirectAccess setup takes
charge and configures the whole thing. From the client end i.e, from the Windows
7 end, all you need to do is to enable the Teredo feature by running the
following command from an elevated command prompt:

C:\netsh interface teredo set state enterpriseclient

This command will create a virtual network adapter for which it will get the
IPv6 IP and will support Teredo functionality.

This is how distributed caching is different
from hosted cache. In the first case, we only have the client machines
accessing the cache from all the peers, but in the hosted caching, you can
see the data is accessed from a single source.

BranchCache for branch offices
This feature helps enterprises optimize their WAN usage. Though, it can’t be
compared to a full fledged WAN optimization solution, it does some sort of WAN
optimization. Essentially, it’s a mechanism by which one can configure a
centralized data caching server at the branch office level which connects to the
head office. This part is common and there are many solutions which can do the
same. The unique part is that, you can even have a setup without central data
caching server and can do the caching on individual machines. Also, if all the
machines are a part of the same domain, then they can share cached data with
each other.

The only disadvantage of this where you don’t have a centralized caching
solution and have laptops in place instead is that, once laptop goes out of the
network you lose the caching data sitting on that particular node. This feature
only supports HTTP and SMB protocols which is enough for connecting and
accessing file servers and online business applications.The configuration is
again very simple. Either it can be done through the Group Policy if you want to
do the setting across a large number of machines, else a simple command can
enable the Branch Caching on individual machines. The command is as follows:

C:\netsh branchcache set service distributed

Next –

BitLocker Enhancements

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.