Always On VPN Planning, Migration, Training, and Support

Always On VPNMicrosoft is positioning Always On VPN as the replacement for DirectAccess. Always On VPN was first introduced in Windows 8 and has received significant enhancements in Windows 10. Windows 10 Always On VPN can be configured to provide a seamless and transparent, DirectAccess-like remote access experience for remote users.

Hands-on Windows 10 Always On VPN training classes now forming. More details here!

Always On VPN Advantages and Disadvantages

Windows 10 Always On VPN has some important advantages over DirectAccess. It has some crucial limitations as well.

Advantages

  • Always On VPN supports non-Enterprise Windows 10 client SKUs (Windows 10 Home and Professional)
  • Always On VPN includes support for granular network access control
  • Always On VPN can use both IPv4 and IPv6
  • Always On VPN is infrastructure independent. In addition to supporting Windows RRAS, any third-party network device can be used such as Cisco, Checkpoint, Juniper, Palo Alto, SonicWALL, Fortinet, Sophos, strongSwan, OpenVPN, and many more

Disadvantages

  • Always On VPN works only with Windows 10. It is not supported for Windows 7
  • Always On VPN cannot be managed natively using Active Directory and group policy. It must be configured and managed using a Mobile Device Management (MDM) solution such as Microsoft Intune. Alternatively, Always On VPN client settings can be deployed using Microsoft System Center Configuration Manager (SCCM) or PowerShell

DirectAccess or Always On VPN?

Should you deploy DirectAccess today or implement Always On VPN with Windows 10 instead? That depends on a number of factors. Windows 10 Always On VPN is clearly the future of remote access for Microsoft, making it the best option going forward for organizations who need to additional security, support for non-managed clients, and modern authentication (for example Windows Hello for Business). However, it’s important to understand that DirectAccess is fully supported in Windows Server 2016 and will likely be for many years to come. If DirectAccess meets your needs today, you can deploy it with confidence knowing that it will still have a long support life. If you have reservations about the future viability of DirectAccess, and if you meet all of the requirements to support Always On VPN with Windows 10, then perhaps that’s a better choice.

Consulting Services

If you are looking for the best chance of success for your Always On VPN deployment, consider a consulting engagement with me. I can provide assistance with the planning, design, and implementation of a scalable and robust Always On VPN infrastructure for your organziation. In addition, I can help with migration from DirectAccess to Always On VPN, and provide training and support. If you’d like to discuss your remote access options in more detail, fill out the form below and I’ll get in touch with you.

Additional Resources

NetMotion Mobility as an Alternative to DirectAccess

5 Things DirectAccess Administrators Should Know about Always On VPN

3 Important Advantages of Always On VPN over DirectAccess

Contact Me

 

%d bloggers like this: