What is Direct Access (DA)?
Everyone has experienced a situation where they needed to access a file or resource on their corporate network, but were at home, in a hotel, or somewhere else away from the office. Your solution was probably using a VPN connection which needed to be dialed, authorized and connected. That takes time, is cumbersome, and at times, difficult to operate. That’s where Direct Access comes in. It provides a seamless VPN connection to your corporate network without the need for any extended validation. Basically, it provides access to corporate resources without any intervention from the user, other than the usual work he does.
Is it secure?
Authentication is based on certificates, your computer account, and your credentials — there’s almost no difference between logging into your computer from home, to logging in from your office. Once connected, most of the communication goes to the internet via your home Internet Service Provider, and any access to company resources (printers, files, company servers, etc.), are automatically routed through the DA to your corporate network. This connection is encrypted, so it is very secure. Also, the encrypted tunnel is dialed as soon as your laptop connects to the internet, and that allows your credentials (name and password) to pass to our IAM system via a safe channel.
How does it work?
The encrypted connection via IPv4 is established to a publicly available DA server. This server is configured to translate all internal domain DNS records to the IPv6 addresses of those servers, and route the traffic forward using IPv4. This represents the standard IP version used for most of the communication within the network, so there’s no need to adjust firewall rules or security due to DA. And this is the advantage behind it.
So to sum it up, your computer communicates with a DA server using a tunnel based on IPv4; your requests are sent using IPv6; the DA server communicates within the corporate network once again using IPv4, and all this magically gives you access to the resources you need immediately, anytime, anywhere.
Why are you telling me about this?
Even though it’s not new, and is something that’s been in the IT world for a longer time, no one has mentioned it. Why? The reason is that it is rare, and it is not so easy to configure. It takes quite a lot of infrastructure behind it, to get something like this working. We at Rare Crew have been successful, and have been able to get a cutting-edge technology running. This has an approximate 0.7% market share based on idatalabs.com research. Or in other words, approximately 37 companies in California (the Silicon Valley region) which are using Direct Access — based on hgdata.com.