A. Yes and no. DirectAccess gives access from Windows 7 machines to a corporate intranet without the need for manual VPN connections or any action by the end user. It's one of the key new features of Windows 7. DirectAccess is built primarily on IPv6 and IPSEC, which means your Windows 7 client must be IPv6-enabled and the target server you want to connect with also has to be IPv6 enabled.

Many of you will be thinking, "but I connect over the Internet, which is IPv4, so does that mean DirectAccess doesn't work over the Internet?" While DirectAccess is built on IPv6, it uses 6to4 tunneling encapsulation if the user has a public IPv4 address or Teredo if the user has a private IPv4 address located behind a Network Address Translation device. If, for some reason, even 6to4 or Teredo won't work, it will use IP-HTTPS, which encapsulates the IPv6 in HTTPS packets, allowing communication even if the user is behind a restrictive firewall. This means DirectAccess works fine over IPv4 networks.

So you do need IPv6 support on either end of the communication, but the network in the middle can be IPv4.

If you have a number of IPv4-only servers in your corporate environment you need to communicate with, you can do one of the following:

  • Enable the host for IPv6.
  • Use an alternate technology to connect to the corporate network, such as traditional VPN.
  • Use an IPv6/IPv4 translator, a NAT-PT/NAT64 device. The Microsoft solution is Forefront Unified Access Gateway, which allows DirectAccess based communication with IPv4-only servers on the intranet.