DirectAccess is a mechanism available to companies running Windows 7 Enterprise/Ultimate and Windows Server 2008 R2. It allows roaming access to SMB and HTTP resources on internal network without using a VPN client. It uses a new protocol called IP-HTTPS. That allows a secure IP tunnel to be encapsulated in HTTPS. Dropping the VPN client allows a roaming user to just access a resource without starting up some client that complicates their experience. It also allows secure access to the internal resource while they still maintain open access to other Internet resources.
Microsoft has published a guide for designing a DA architecture.
“This guide provides recommendations to help you plan a DirectAccess deployment using the Windows Server® 2008 R2 operating system. It is intended for use by infrastructure specialists or system architects who are planning a new DirectAccess deployment. This guide covers DirectAccess deployment goals and design considerations for Internet Protocol version 6 (IPv6) connectivity, access models, packet filtering, infrastructure requirements, and server placement, redundancy, and capacity planning”.
Note: Users who don’t use Enterprise/Ultimate editions of Windows 7 cannot use DirectAccess which is a shame.