Three Network Technologies in Windows 7 and Server 2008 R2 You Should Know About

When Windows 7 and Windows Server 2008 R2 were released to manufacturing three important new networking capabilities were introduced that could only be used if Windows 7 and Windows Server 2008 R2 were paired together.  The new features,  DirectAccess, BranchCache and VPN Reconnect are all designed to give Windows 7 clients and 2008 R2 Servers more reliable, secure and efficient long distance connections. Let ‘s examine each of these new technologies.


One of the challenges for organizations that have a large population of mobile workers is allocating the time and effort needed to create, maintain and troubleshoot  VPN connected client computers. When VPN connections fail support calls ensue. DirectAccess creates an always-on, highly secure VPN connection that can be configured largely though Group Policy Settings. DirectAccess connections are automatically provisioned whenever Windows 7 Ultimate or Enterprise editions computers detect an Internet connection. Direct Access connections use IPv6 and IPsec to create and secure connections from individual computers across the Internet to Windows 2008 R2 DirectAccess servers.

DirectAccess requires that the following services be available on the network:

  • A Certificate Authority Server that can issue computer certificates for IPsec authentication between Windows 7 clients and DirectAccess servers.  The DirectAccess server will also need an SSL certificate from the CA.  A Certificate Revocation List Distribution Point for the CA must be accessible from the Internet.
  • Active Directory Domain Services; DirectAccess requires that all computers be members of an Active Directory Domain. Group Policy is the best method to configure clients and Servers for Direct Access.
  • A DNS server is also required for name resolution over ISATAP connections.

A DirectAccess Server is usually located in the Perimeter network and will have two network interface cards. One Internet-facing interface will receive IPsec- secured IP traffic from Internet clients which will be forwarded to the internal interface connected to the private network. If the Internet is IPv4 either a 6 to 4 or Teredo connection can be used to move the IPv6 packets from client to server. DirectAccess servers can allow unfettered access to all internal network servers or can limit DirectAccess clients to specific servers on the internal network.


BranchCache can optimize the use of network bandwidth over a WAN connection between branch office clients and file and web servers at a main office site. Windows 7 Ultimate or Enterprise edition must be the client and Windows Server 2008 R2 must be the server. When a client in the branch office site requests web content or a file download from a server at the main office, a hash value that precisely identifies the file will be returned to the client. The BranchCache client will then check with the other clients in the branch office to see if another computer has already downloaded and cached a file with the same hash. If one has, the client will request a copy of the file from that computer instead of obtaining it from the server. BranchCache can greatly reduce WAN traffic and give branch office users a faster, more responsive network experience. BranchCache can operate in distributed cache mode in which Windows 7 clients share their cached files in a peer-to-peer fashion, and in hosted cache mode which requires a  2008 R2 server be installed in the branch office site. If set to hosted cache mode all files requested by BranchCache clients will be copied into a centralized cache on the hosted cache server. If a BranchCache client is shut down all of the cached files will still be available on the Server.

VPN Reconnect

Many users require Internet connectivity at all times regardless of their location. Wireless mobile broadband is a popular solution because it has become faster and more widely available. Mobile broadband networks can suffer momentary network outages as clients move from one cell tower coverage area to another. VPN connections can break down and must be restarted and user credentials may have to be re-entered. Only Windows 7 clients support VPN Reconnect which temporarily suspends VPN connections until Internet access is restored. VPN Reconnect uses Internet Key Exchange version 2 (IKEv2) to resume the VPN connection without user intervention. To implement VPN Reconnect the VPN server must be Windows Server 2008 R2 with the Routing and Remote Access Service.  IPsec certificates are required to secure the connection.

These three innovative features available when you put Windows 7 and Windows Server 2008 R2 together allow users to be more productive from anywhere they happen to be.

Author – Mark Menges

Related Courses

Administering and Maintaining Windows 7 (M50292)

Planning and Managing Windows 7 Desktop Deployments and Environments (M6294)

Configuring, Managing, and Maintaining Server 2008 R2 (M6419)

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services (M6425)

Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure (M6421)

In this article

Join the Conversation