Direct access vs. VPN connection

Today, I want to share some very nice feature with you 😉
The end of the area that VPN’s are the only way to connect to your corporate network!

Short Introduction:

When you are traveling a lot due to business reasons you might be one of the “lucky folks” that are blessed to have a “VPN access” to your company network,
jipeeehyeah … or more like  uuuahh….sh*t???

Well, if you are one of those relevant people that are more or less “assigned” to use a VPN connection, you may know about the annoying performance, having several things to consider on connecting like start a VPN client, usually installed by your system admin *grin*, enter some password (hopefully not forgot), having some extra stuff like a random number code or a smartcard, maybe an additional code and/or password etc. etc. and short before your connection establishes……  VPN client closes the dial-in process *pah!*

Ok, maybe your security settings are saying, you’re not on latest AV-pattern, have not installed latest applied updates and so on or you just had a low bandwidth and a timeout?

No matter and no further worry about, I can tell you a new story about a feature called “Direct Access”!!!   Wow! that’s amazing!

No connection manager software required anymore, no further dial-in software or other stuff, except at least a smartcard! 

*shame* – Ok, to be honest:   this feature is first introduced with the new operating systems Windows 7and Server 2008 R2.
What is “Direct Access” ? Just click the link and you’ll get all Info about it!

In our case, surely we’ll talk about how to access in a very neat manner the corporate SharePoint Portal in the intranet “without annoying VPN Stuff!”

It’s possible with Forefront UAG (Unified Access Gateway)

I read shortly a blog post about “SharePoint Extranet with Forefront UAG” by  Renan Gutman, Microsoft Program Manager which I may share with you here and with kindly concession of Renan 😉

<quotation>  1/29/2010

SharePoint Extranet with Forefront UAG     By Renan Gutman

SharePoint provides a host of features and functionalities for Collaboration, Portal, Search, Enterprise Content Management, Forms Driven Business Process, and Business Intelligence. Forefront Unified Access Gateway (UAG) allows your users to access all your SharePoint sites securely, from any location or device.


Forefront UAG provides the following capabilities to SharePoint extranets:

  • Health-based endpoint authorization – Using granular policies in Forefront UAG, you can decide not only who accesses the SharePoint site, but also on the required condition of the client machine. For example, if your employees are working remotely from their home PCs, you’d definitely want to be sure that they have an updated antivirus program installed on their computer before they upload a document to the SharePoint site. With Forefront UAG, you can prevent a user from uploading until they remediate their machine.

  • Information leakage prevention – When users open or edit a document from a SharePoint library via Forefront UAG, no information is left on the client computer; Forefront UAG deletes all cached files, temporary files, and cookies. Even if there’s a sudden power outage, once the computer recovers Forefront UAG will take care of all the leftover data and erase it.

  • Secure access to SharePoint sites from mobile devices – Authentication of mobile users using a dedicated interface for mobile devices.

  • Strong authentication – Forefront UAG implements many authentication schemes, ranging from simple username and password forms to smartcard-only authentication, one-time passwords, and partner integration via Active Directory Federation Services (AD FS). The user authenticates once through Forefront UAG and from then on, Forefront UAG manages the single-sign-on, allowing the user to access all published sites without re-entering their credentials.

  • Active Directory Federation Services (ADFS) support – Secure collaboration with partners and vendors.

  • Web farm load balancing – Forefront UAG uses affinity to ensure that, after a user has been routed once to a particular SharePoint server, the user continues to be routed to that server. To keep this persistency, Forefront UAG supports both session affinity and IP affinity.

In addition, Forefront UAG DirectAccess provides remote users with the experience of a seamless connection to the internal network. When Forefront UAG DirectAccess is enabled, requests for internal network resources are directed securely, without the need to connect to a VPN.

You can read more about the Forefront UAG solution for SharePoint extranet here. To read more about Forefront UAG in general click here.


with kind regards,
yours Steve Chen, SharePoint Support Engineer, GTSC Germany

Special thanks again to Renan Gutman for the permission to publish this post 😉

One thought on “Direct access vs. VPN connection

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s