Those who follow my blog will know I have a keen interest in remote access technologies. Over the past few months I have been testing a new remote access technology from Microsoft, called DirectAccess. If you have not come across DirectAccess before I suggest you check out my previous articles, specifically my last article where I analysed some of the advantages of Microsoft DirectAccess. As with all new technology, there are always pros and cons. This article aims to outline some of the more significant disadvantages.

As stated in my previous article, integration is one of DirectAccess's main strengths. The ability for the operating system to be able to handle remote access, without the need for additional software, is a significant advantage. It provides an easy to use and transparent experience for the end user, as well as simplified support for administrators. Unfortunately it is integration that is also one of DirectAccess's biggest weaknesses. For example, to be able to use DirectAccess the end user must be running Windows 7 (Professional, Ultimate or Enterprise) and your backend infrastructure must be running Windows 2008 R2 with access to Public Key Infrastructure (PKI). These are very strict requirements that force you use proprietary Microsoft technologies (both client and server). They are also all very modern technologies that are still early in their respective product life cycles and as a result most organisations (SMB or Enterprise) have probably only just begun the long and costly process of upgrading their legacy infrastructure. The second big issue with this tight integration is the lack of flexibility for other non-Microsoft devices. For example, if you take Cisco's current remote access solution AnyConnect, it offers the flexibility for your users to connect from just about any device, including Windows, Mac OS X, Linux and even iOS devices, such as the iPhone and iPad. This flexability is incredibly important as the modern worker will probably use a combination of devices (laptop, tablet, smartphone) for different circumstances to ensure they can remain productive. DirectAccess does not currently offer this flexibility and even other popular Microsoft proprietary operating systems such as Windows XP or the yet to be released Windows Phone 7 Series are not compatible with DirectAccess.

Another issue for DirectAccess is the requirement for IPv6. This immediately sounds like a networking problem, however this is not actually the case, as it is possible to transmit IPv6 packets over an IPv4 network, using translation technologies such as 6to4 and Teredo tunnelling. The real issue is that your client applications must support IPv6 and if they don't, they won't be able to use DirectAccess. So the important question is "how many client side applications don't support IPv6?". Well unfortunately, as a general rule of thumb, any applications over five years old will probably be incompatible. For example, even Microsoft's own client side applications such as OCS 2007 R2 (part of their popular unified communications suite) do not support IPv6 and we are still waiting to hear if the currently unreleased OCS "wave 14" (due some time this year) will bring this much needed support. If you speak with Microsoft about this limitation they will state that in these scenarios you could use their Unified Access Gateway (UAG) product, which is generally deployed alongside DirectAccess to provide scalability (and in this case backwards compatibility). However, in my opinion, this is cheating, as you would no longer be using DirectAccess and therefore immediately lose many of the key advantages.

As you can see, most of DirectAccess's disadvantages come from its own strict requirements on modern technologies, such as Windows 7, Windows Server 2008 R2 and IPv6. Although these are issues today, if we fast forward a few years things will probably be very different, as I would predict that most organisations will have began upgrading their client/server infrastructure as part of their standard life cycle management and IPv6 should have finally been forced upon the world. In this scenario, the advantages of DirectAccess start to significantly outweigh the disadvantages. Unfortunately until then I still feel that DirectAccess is just a glimpse of the future and a lot could still change between now and then.