Before implementation, I was simply collecting some information on Security perspective of DirectAccess, the new powerful feature in Windows 7 for accessing Corporate Intranets without manual headache of connecting to VPNs. There are few queries to which I'm not able to find an answer; I read "DirectAccess client & server authenticate each other by machine certificate. Server consults AD and validates client accordingly. If all goes well result is an IPSec ESP tunnel, maintained continuously whenever client can reach the server." now, I wanted to know if this entire process is followed very time or once validated, client uses some other form of identity proof if once authenticated, is connection refreshed after certain time of inactivity if client's machine has more than 1 IP... does it work; does it work over all (multi-path); does it give any security based error on connection from more than 1 IP in any case, does it locks Client's Access other than it being locked at ActiveDir level could Server be tweaked to use some other protocol tunneling than IP-HTTPS