The Star Nosed Mole Hypothesis

If you have done an "ipconfig /all" on your Windows 7 box lately you will have noticed that there are a lot more adapters avaliable then previously...they have odd names too.

 

Teredo Tunneling Pseudo-Interface, IP-HTTPS and 6to4 ISATAP ...hmmm interesting....possibly.  But in themselves they are not much more than how to get IPv6 traffic across networks using HTTP or IPv4...why would you want to do that?

 

Well IPv6 whilst quite old in technology terms hasnt been embraced as quickly or as widely as the "industry" would like.  This meant that technologies which act like glue (or transitional technologies as some like to call them) were put into Windows 7 to allow IPv6 to talk across IPv4.

Due to the requirements of Toredo and 6to4 (which need to be direct ip connections) means that these guys have a limited use, who doesn't do some sort of NAT on a router now?

However IPHTTPS is of use.  Consider that by default all IPv6 traffic is encrypted using IPSEC.  What you have now is a way of securely connecting to a network using IPSEC but without "knowledge" or a seperate client from ANYWHERE. 

Hang on isnt this just SSL VPN?  In a way yes.

But a VPN which:

• needs no user interaction or extra passwords
• is on by default - boot your machine to the network from ANYWHERE
• GPO's deployment to remote users? Done. 
• Patching Sales Force.  Done.
• No specialised hardware (a backend Windows 2008 R2 server is required to terminate the connections, clients must be Windows 7) is required.
• All you need is a certificate and a username/password on the domain and bingo. You dont even need a "corporate" PC.

Sounds like a magic bullet!

The catch?

Currently it is quite an involved process to get this working.  There are plenty of documents out on the web describing how to set this up.

Oh and the name (strangely Micrsoft have come up with something reasonable!):

DirectAccess