A: There isn't a definite answer here, because it will depend on who uses your VPN. DirectAccess gives users access to corporate resources in a seamless way and is very much a powerful management tool for your organization's IT operations. It essentially expands a corporate network and its management processes to a DirectAccess-enabled machine whenever it's connected to the Internet via the DirectAccess Infrastructure tunnel.

DirectAccess has two tunnels, Infrastructure for management and a separate Intranet tunnel to give users access to non-management resources on the corporate network ( such as file services, applications, and anything else on the corporate network). The Infrastructure tunnel gives client machines access to services such as Active Directory, DNS, and management features. This Infrastructure tunnel is available for the corporate IT management services such as System Center Configuration Manager, Active Directory, and Group Policy to reach out to client machines and apply updates, policies and anything else like a normal corporate connected machine. Users benefit from the Intranet tunnel when they want to access corporate network resources.

This means if every machine is DirectAccess enabled, you might not need VPN anymore. However, consider the machines that can't use DirectAccess and would still require a VPN solution:

  • Machines that run anything other than Windows 7 Enterprise or Ultimate machines, such as Windows 7 Professional, Windows Vista, Windows XP, Linux, etc.
  • Machines that aren't part of the corporate domain, such as home machines or corporate machines that are part of a workgroup.

For most organizations, a VPN solution would still be required, with DirectAccess bringing advanced, always-on management capability in addition to a seamless access experience for the DirectAccess-enabled users. Think of VPNs as connecting the user to the network and DirectAccess extending the network to the computer and user.