Wednesday, May 20, 2009

New Microsoft DirectAccess content

Joe Davies has a new Cable Guy article up about DirectAccess that folks should read. In addition, there is a new Step by Step Guide for a DirectAccess lab (which looks a lot like Joe wrote it - but I haven't confirmed that yet)
I've been slow getting my DirectAccess deployment going at work, seems other items keep getting in the way but I hope to get more done this week and have something to share with everyone.
- Ed

Friday, May 15, 2009

Microsoft DirectAccess - some brief thoughts

I think out of anything coming out of the Microsoft Server 2008 R2 and Windows 7 releases the feature I am most excited about is DirectAccess (anyone remember DirectConnect?) Microsoft has some excellent content starting to build up at http://www.microsoft.com/directaccess which gives an overview of how DirectAccess works and how it can be utilized so I won't repeat that here.
I have had the chance due to both my Microsoft MVP status and Springboard STEP status to have access to some deployment guides that are not generally available. After reviewing these and after playing with gear I have some opinions on what Microsoft should be recommending to IT Pros to do as initial trials of DirectAccess.
In a nutshell, I believe that people should set up an initial native IPv6 deployment with a tunnel broker (use Hurricane Electric) and get native IPv6 addresses working in their environment. In addition, I would minimize the deployment model to utilize proxy services or a NAT-PT device for resources on the network that are available via DA. This model comes pretty close to many VPN deployments today but does not have the pain involved with doing a functional overlay technology like ISATAP.
So, what do I mean by proxy services in this case? Well, for those deploying DA, I would set up a new Server 2008 R2 machine to front end file servers that are still running Server 2003 or older by utilizing SharePoint, that same server or an additional one could potentially do Exchange OWA or front end services depending on what Exchange environment you are on. I would utilizes a NAT-PT for specific line of business applications but I would narrow the selected application list initially to reduce troubleshooting on the NAT-PT device. There are options for NAT-PT devices, Cisco can do it in software on their routers and there is the Forefront UAG from Microsoft.
Most importantly, I would set expectations that there are a lot of moving parts with DirectAccess to get a deployment done correctly. You need to have PKI with a public CRL, IPv6, Windows Server 2008 R2 and Windows 7 just as minimum requirements, that doesn't say anything about the networking technologies you have to learn.
DirectAccess has the potential to bring about some of the most exciting changes in how people will work in the future on Windows but it will take a lot of planning and testing to get it all right.
I'll post more thought shortly.
- Ed

Microsoft TechEd 2009 - Los Angeles

This was my first time attending TechEd and I had a wonderful time catching up with Stephen Rose, Joe Davies, Emily Freet, Jake Gray, Devrim Iyigun and lots of others with Microsoft. It was also nice seeing Betsy Weber with TechSmith, she is always entertaining. Got introduced to and a chance to chat with Rhonda Layfield (thanks Stephen!) regarding IPv6.
I also meet several other Microsoft MVP's at the event working the Springboard booth who are also STEP members. It was nice hearing about all the different things folks are working on.
I have to say I was surprised about how much interest Microsoft is getting in DirectAccess. I have some opinions on deployment guidance I would give to folks looking to implement DA and I shared those with the DA folks at TechEd. Let's just say I am not a fan of ISATAP and I am pushing for small Native IPv6 deployments with NAT-PT devices as the way to start. Guess I will find out shortly if my ideas are sticking at all!
- Ed

Monday, May 04, 2009

PacITPros - Microsoft Server Feedback event tomorrow evening

Tomorrow evening PacITPros will be hosting their regular monthly meeting however this one is very special.

Quick quote from the announcement:
"The Windows Server product and planning groups are joining us on May 5th to meet face-to-face with PacITPros members and capture valuable feedback related to your future IT business priorities. Your input will help establish the foundational feedback that will drive planning activities for Windows Server going forward."

The best part is all you have to do is RSVP on http://www.pacitpros.org and you can participate. So if you are in the San Francisco Bay Area you really should sign up to attend, this is a very rare and unique opportunity. We've even had internal Microsoft employees sign up to be able to give their feedback to this group.
- Ed