I've been managing our company's server-farmed webserver from my workstation via internet for long enough that it will be easy to miss out on the new capabilities offered by combining Win7 and Server08 simply because I've got a system that works.
But it's always nice to make stuff work better.
I've been reading about major advances in VPNing when a Win7 client connects to a WinServer08 box. I'm not clear if all improvements are contained within the product called 'DirectAccess' which is intra-net oriented or not. Since I'm _not dealing with an intranet i'm not sure where to look for possible enhancements I can actually take advantage of.
My host is not actively supporting 08 (tho they've let me image my server from it) so I can't count on them for helping me explore what's possible. Here's their reply to my initial question asking them to review MS's prerequisites for DirectAccess (http://technet.microsoft.com/en-us/library/dd637808%28WS.10%29.aspx).
The question boils down to which rabbit holes should I be looking to for enhanced connectivity features that avoid the complexity of conventional (MS-based) VPN configurations?
The requirements suggest the need for two physical interfaces, from what I can tell, one being publicly facing and another facing a private or intranet, which is not something your server is really associated with, so I don't see how this feature would be usable. There would be no IPv6 support on the standard internal networking feature we offer to you, and you'd need multiple systems on that internal network system to make use of it.
Additionally, all servers are assigned 1 single IP by default, and we cannot offer a consecutive IP address for the public-facing network interface, unless you use a private VLAN or if this system will properly work with the secondary IP allocation method we typically use.
We also do not offer support for Active Directory and the network configuration is not designed with operating an AD forest at this time.
Many thx
I would be tempted to set up an SSL VPN using something like OpenVPN. It "just works" and can be run as a service (both client and server ends), available (for example) before user logon.
You could terminate the VPN at your end either on a single machine, or if you like you could terminate the VPN connection on a box inside your LAN and bridge it, so that the colo box would appear as if it was on your LAN (getting a private IP from your DHCP server, Windows file and print sharing working etc)
DirectAccess requires use of IPv6, from end-to-end, so there's lot of infrastructure pre-requisites in the real world. It's not intranet -based solution but meant for VPNless direct access of resources from the protected internal network. It also requires Windows 2008 R2 version to back-end (with W7 clients).
Were you using network level authentication (read.. stronger) when RDP'ing? That's one thing that may be new for you.