No VPN Needed: DirectAccess Gives Windows 7 Users 24x7 Remote Connectivity

During a recent discussion of infrared radiation, Hawken School science teacher Bob Kachurek told his sixth-graders that they'd probably heard of at least one of the technology's applications: the night-vision goggles worn by troops in Iraq. One student asked what the goggles look like, and as Kachurek began describing them, ­another student found a photo online. Kachurek, who can access students' screens from his computer, projected the image so the entire class could see it.

"Talk about just-in-time learning," Kachurek says of the moment. "It's like we're writing our own textbook as the year goes on." Unfortunately, that collaborative process ends when the final bell rings each day.

For years, only select IT staff and administrators have had remote access to the network at the northeast Ohio independent school, which has a preschool through eighth-grade campus in Lyndhurst and a ninth- through 12th-grade campus in Gates Mills. But school leaders wanted to extend that capability to faculty and students so they could continue to collaborate after school hours, especially as the school prepares to expand its 3-year-old one-to-one program from the middle grades to the high school.

So last fall, Hawken started ­rolling out DirectAccess, a feature in Microsoft Windows 7 that offers seamless ­remote access to the school's network. Unlike a traditional virtual private network, users don't need to establish a connection; they're automatically connected when they're online. About two-thirds of Hawken's employees are now using DirectAccess, and the IT department plans to roll it out to remaining faculty and staff, as well as students, next year.

"It looks the same as it does when they're at school," says Matthew Young, director of Hawken's middle school. "It's another way that we're removing the barrier to collaborative work. I want our students to be hardcore users of these tools, and this makes them much more accessible."

Homework Hurdle

Teaching and learning at Hawken are much different than they were a few years ago. Students take tests and write papers on their computers. Teachers monitor students' screens and offer feedback directly in student files. "It's embedded in everything we do," Kachurek says of the school's integration of technology throughout the curriculum. "We haven't used ­paper and pencil all year."

Microsoft OneNote is a cornerstone of the middle school program, where Hawken's one-to-one program started three years ago, explains Ryan Wooley, director of technology, library and media services. OneNote syncs files every 10 seconds so ­students and teachers can access and comment on them in real time.

"It's the most ­advanced school I've seen in terms of wanting to get technology into the hands of its kids," says Matt Riley, technical lead for CDW•G's Microsoft professional services team, who helped Hawken with its DirectAccess implementation.

As OneNote began to play a bigger role in the curriculum, IT anticipated a potential issue. When someone works on a file while disconnected from the network, OneNote makes a shadow copy of the file. When the person ­reconnects, the shadow copy replaces the original file. But if a student and teacher were to work on the same file while offline, the application would create duplicate copies when they ­reconnect.

IT explored VPNs as an option, "but we didn't want to create another layer of difficulty for everyone," says Systems Administrator Rick Bartel. "We wanted an always-on, instant connection to our network."

They found their answer in 2009, at a seminar previewing Windows 7 and Windows Server 2008 R2. It was there that they learned about DirectAccess, which "had all of the conveniences of a VPN without all the hassles," Bartel says. "It's the evolution of VPN technology."

And yet, DirectAccess' adoption has been relatively slow — likely ­because many organizations ­already have remote-access technologies, says information security consultant Kevin Beaver, founder of Principle Logic. "But I could see DirectAccess being deployed in all sorts of ­scenarios," he adds. "It'll take some tech­nical expertise and time to set up initially, but it could end up being a more streamlined remote-access ­solution for Windows-centric shops."

Hawken began testing DirectAccess after that 2009 seminar. But the IT team quickly ran into some issues. For instance, the feature requires Internet Protocol version 6 (IPv6), but the school was using IPv4 to ­direct Internet traffic. CDW•G's Riley helped them deploy IPv4-to-IPv6 transition technologies using Microsoft Forefront Unified Access Gateway 2010 software. With UAG, the protocols can coexist without a costly, complicated network overhaul.

"We had a few roadblocks with network infrastructure," says Dave Solema, the school's project manager and technology support specialist. "But we were able to get over that pretty easily with Matt's help."

Round-the-Clock Learning

Because DirectAccess works only on machines running Windows 7 Enterprise or Ultimate, Hawken ­upgraded from Windows 7 Professional to Enterprise. Thanks to Microsoft's new licensing model, there were no additional costs associated with the upgrade, Solema says.

School employees couldn't have been happier about the change. When the IT department asked for volunteers to have their computers enabled for DirectAccess, the reaction was swift. "There are a lot of people who aren't tech-savvy, and even superficial extra layers are off-putting," Wooley says. But they don't even have to think about DirectAccess: "It's there, it's ­invisible, and it just works for them."

DirectAccess also made life ­easier for IT staff. Because users are connected to the network whenever they're online, administrators can monitor machines and push updates and applications to users' machines whether they're on or off campus. They also can decide which network resources users can access and monitor network utilization. "When you're trying to deliver a persistent connection for a lot of people, bandwidth is something you have to pay attention to," Wooley explains. "It's hard to predict. You have to ease into it. We didn't want a bottleneck."

Already, those steps are having a profound impact on how students and teachers work. "I can seamlessly view my network drives from home, and I don't even think about it," Kachurek says. "I can grade at home without having to haul a stack of papers."

Plus, DirectAcess is still new at Hawken. Who knows what benefits the school will discover down the road. "I think there are good things ahead," Kachurek says.