Windows 7 brings several security enhancements that don't sacrifice usability. We look at the five best features that businesses should definitely be using.
Billed by Microsoft as a 'next-generation' replacement for VPNs, DirectAccess allows Windows 7 Enterprise and Ultimate users to connect directly to Windows 2008 R2 and future servers. Whereas users generally have to initiate VPN connections, DirectAccess is completely transparent for end users: When the computer connects to the Internet, DirectAccess automatically creates a secure connection to the corporate network without any action on the user's part, and automatically routes requests to the internal network through that connection.
DirectAccess offers improvements over traditional VPNs beyond the automatic connection. First of all, it uses IPsec and IPv6 internet protocols to encrypt and route the connection from end to end. Where VPN encryption is stripped at the VPN server, DirectAccess can remain encrypted all the way to and from the application server inside the corporate network. (DirectAccess supports a number of other protocols to create tunnels for this traffic across networks that do not support IPv6 or IPsec yet.)
And because DirectAccess uses a standard internet port for traffic, it easily traverses firewalls without any additional configuration, something VPN users often have trouble with.
Another benefit: Because the connection is created and maintained automatically, administrators can continuously manage and update DirectAccess-enabled computers, even when the user is not directly using corporate resources. Remote users tend to connect through a VPN only when they need access to network resources; depending on the worker, weeks may go by between VPN connections.
This means that VPN users must be quarantined, scanned and patched before they can be allowed access to the corporate network, a process that slows down the connection and limits worker productivity, as well as providing IT administrators with only small windows of time to manage their remote computers. With DirectAccess, computers are updated at the same time as the rest of the corporate network and can be monitored regardless of whether the user needs access to the corporate network.
Note, however, that it won't be practical for most companies to move to DirectAccess right away. The system relies on an advanced network infrastructure - including Windows Server 2008 R2 and IPv6 - that many businesses have not yet rolled out or are incrementally upgrading to, so it may be several years before many companies have all the tools and technologies in place to move fully to DirectAccess. During the ramp-up phase, it can be run alongside a traditional VPN.
But it provides a glimpse into the future of networking - a secure, always-on connection to 'home base' that allows remote employees to work as if they were sitting in the central office.
For businesses, Windows 7 allows a partnership of sorts to be established between the security-savvy IT department and the end user, letting employees get to work while security policies are applied and updated from the network. What all these features share is a commitment to ease of use that does not come at the expense of real security, showing a Microsoft that seems to have finally recognised that the two are not necessarily incompatible.
See also: The 11 best Windows 7 downloads