Microsoft DirectAcess has made great strides in Windows Server 2012.
- First available with Windows Server 2008 R2.
- Built-in client support for Windows 7 and newer.
- Provides always-connected connection to corporate network (connects before the user logs on).
- Leverages IPV6 and 6to4 tunneling (additional configuration required when using Windows Server 2008 R2 as the DirectAccess server).
- Windows Server 2012 simplifies the deployment process.
- Client authentication can leverage Kerberos or certificates. PKI is not required when the DirectAccess server is running Windows Server 2012.
- DirectAccess clients can be managed regardless of where they are as long as they have network connectivity (outside of the corporate network, internet connectivity is required).
- DirectAccess connections are IPSec encrypted.
- The DirectAccess server and clients must be domain-joined.
- The Windows Firewall needs to be enabled on the server and clients.
- DirectAccess is not VPN.
- “When you use Windows 7 clients with DirectAccess in Server 2012 or Server 2008 R2, you need to install a separate DirectAccess Connectivity Assistant (DCA), which gives a system tray icon that shows the DirectAccess connection state.”
Great article describing DirectAccess as well as 2008R2 and 2012 differences and improvements: