Introduction
DirectAccess is a new feature in the Windows 7 and Windows Server 2008 R2 that gives users the experience of being seamlessly connected to their corporate network any time they have Internet access. With DirectAccess, users are able to access corporate resources (such as e-mail, shared folders, or intranet Web sites) securely without connecting to a virtual private network (VPN).

On the next lines i want to share my first experience and the steps on howto setup both services on the same server.

Deploying Forefront TMG on a DirectAccess Server
DirectAccess traffic is IPv6-based; since by default Forefront TMG does not accept any IPv6 traffic or allows it to pass through it, the following traffic will be allowed in order to support DirectAccess traffic:

• Inbound authenticated IPv6 traffic (using IPSec). This also includes the IPSec initiation traffic.
• Inbound and outbound IPv6 transition technologies (6to4, Teredo, IP-HTTPS and ISATAP).
• Native IPv6 from the Forefront TMG machine.

In addition, Forefront TMG integrates with the IPSec Denial of Service Protection (DoSP) component of Windows DirectAccess to ensure that only IPSec traffic is allowed through it. For this reason, it is important to configure DirectAccess before installing Forefront TMG.

Configure and verify Windows DirectAccess
Install Windows Server 2008 R2 on a server and configure DirectAccess as described in the DirectAccess Early Adopter’s guide.

Since DirectAccess configuration involves multiple technologies and servers, it is highly recommended to verify that DirectAccess has been configured and is working properly before continuing to install Forefront TMG.

Install Forefront TMG
After you have successfully installed the Forefront TMG Server you have to configure the “Act as Direct Access Server Option” in the “Configure IP Preferences” section. This can be found in the navigation tree section “Intrusion Prevention System”.

After activating the checkbox the following system policies will be enabled/allowed.

Now you have to create an Access Rule to allow “IPv6 Over IPv4 Tunnel” Protocol to travel from the TMG-Server/DirectAccess Server to your internal network.

That’s it. Now you can use both services combined together on one box.

Since half an hour the download is available on Technet.

I’ve already started the download and should be ready to have a first look on the RTM version in round about 1 hour.

When will Windows Server 2008 R2 be available on Technet or MSDN?

On 14. of August the ISO-Files will be released on the Technet and MSDN Donwload-Sites. The server download will not only be in english like it was for Windows 7. On the publish date the Windows Server 2008 R2 Images will also be available in german.

This week the wating is over. On 6th of August Microsoft will release the final Bits via Technet and i’m glad to hold a valid Technet Subscription.

I can’t wait to see both operating system working together and providing such nice features like Direct Access or Branch Cache.