"So what are the major DirectAccess Infrastructure Componenets?"
That's a good question! Here's my general description:
Windows 7 or above clients - the DA client needs to have the capabilities to initiate the DA connection. The major components on the client include the new features included with the Windows Firewall with Advanced Security and Connection Security policies. Win7+ meets this requirement
Windows Server 2008 R2 - only required for the UAG DA server itself. No othe machine on the network needs to be Windows Server 2008 or above. However, it would help since they are IPv6 capabable, but it's definitely not required
PKI - you need certificates to DA. Computer certificates are required on the DA clients and UAG DA server. A Web site certificate is required on the Network Location Server (I'll talk about that next) and also for the UAG DA server. You should use a commerical certificate for the web site certificate on the UAG DA server, which will be used by the UAG DA server's IP-HTTPS listener.
Network Location Server - This is a Web server that the DA clients connect to using HTTPS. If the DA client can connect to this server using HTTPS, then it knows its on the corpnet and it turns off it's DA components. If the DA client can't connet to this server, then it turns on it's DA client components and connects to the UAG DA server over the Internet. The NLS should be highly available, but doesn't require any special configuration other than need to accept SSL connections. Since this is an internal server, a private certificate is fine.
Active Directory - Configuration settings and Authentication require AD. The UAG DA server and the DA clients need to belong to a AD domain. The UAG AD server and clients don't need to belong to the same forest, but if they don't, there needs to be a two-way trust between the DA server and DA client domain
There you go! Not that complicated and not stuff that you don't already work with just about every day. Make sure to check out the UAG DirectAccess when you get a chance.
From: United Kingdom
Win 7 also needs to be Enterprise/Ultimate edition IIRC.
Is "manage out" viable without a Windows Server 2008 DNS server? I am thinking about how you can connect to a DA client using it's IPv6 address if you cannot resolve the computer name to an IPv6 address?