All posts in category Absolute

What’s New in Absolute Secure Access v14

Absolute Software recently announced a significant upgrade for its popular secure remote access and Zero Trust Network Access (ZTNA) solution. Version 14 of Secure Access introduces many compelling new features and updates that administrators will find beneficial. In addition, crucial security vulnerabilities in the previous release have been addressed.

New Features

Absolute Secure Access v14.x includes many enhancements over previous releases. Here are a few of the highlights.

Improved Performance

Absolute Secure Access v14 provides much faster throughput on multi-gigabit networks (e.g., 2.5Gbps Wi-Fi 6E/7 or 10Gbps wired). New kernel-level optimizations reduce CPU overhead by up to 40% on high-speed links, improving performance on faster networks.

Modern Certificate Handling

SHA-1 has been deprecated since 2011, and beginning with Absolute Secure Access v14, support for SHA-1 certificates has been removed completely.

Enhanced Client Auto Reconnect

Improved client auto-reconnect logic now survives Windows standby mode for more than 12 hours (previous versions were capped at around 4 hours). This will reduce frustration when devices return from standby for extended periods.

Automatic Host Group Updates

Host groups are an excellent way to streamline policy configuration for services like Microsoft 365 and AWS. These cloud providers publish the IP addresses of their services, which are dynamic and often change over time. Absolute Secure Access v14 now supports automatic host group updates for these services. Microsoft 365 updates occur every 28 days, and AWS updates occur every 5 days by default. This interval is configurable for administrators.

Security Updates

Absolute Secure Access v14 closes four server-side CVEs as well as 14 third-party CVEs (Apache, OpenSSL, etc.) that were not patched in v13.x.

Summary

If you have deployed previous versions of Absolute Secure Access, consider upgrading to v14.x today. You’ll gain improved performance, reduced administrative overhead, critical security updates, and much more. If you’d like help with your migration or want to learn more about the new capabilities in Absolute Secure Access v14, fill out the form below, and I’ll provide more information.

Additional Information

Absolute Secure Access

Absolute Secure Access Enterprise VPN Advanced Features In Depth

Absolute Secure Access and IPv6

Microsoft DirectAccess Formally Deprecated

Today, Microsoft has announced the formal deprecation of DirectAccess. Microsoft DirectAccess is a widely deployed enterprise secure remote access solution that provides seamless, transparent, always-on remote network connectivity for managed (domain-joined) Windows clients. First introduced in Windows Server 2008 R2, it’s been a popular solution with many advantages over ordinary VPN technologies of the past.

Windows Server 2012

DirectAccess was almost entirely rewritten in Windows Server 2012. Many of the features and enhancements offered for DirectAccess with the Unified Access Gateway (UAG – a separate product with additional costs) were built into the operating system directly. In addition, Microsoft introduced integrated load balancing and geographic redundancy features.

Demise of DirectAccess

DirectAccess relies heavily on classic on-premises technologies like Active Directory. All DirectAccess servers and clients must be joined to a domain. In addition, all DirectAccess clients must be running the Enterprise edition of Windows. With organizations rapidly adopting cloud services such as Azure and Entra ID, Microsoft began to develop an alternative solution that better integrated with the cloud. That solution is Always On VPN. With that, Microsoft stopped developing DirectAccess after the release of Windows Server 2012 R2. No new features or capabilities have been added to DirectAccess since that time.

Deprecation

We’ve been speculating about the end of life for DirectAccess for quite some time now. However, this formal deprecation announcement from Microsoft is official. It is the end of the road for this technology. To be clear, though, DirectAccess is available today in Windows Server 2022 and Windows 11. DirectAccess will be included in the upcoming release of Windows Server 2025. However, formal deprecation from Microsoft means they will remove DirectAccess components from the next release of the operating system.

What Happens Now?

Organizations should begin formal planning efforts to migrate away from DirectAccess. Here are a few popular solutions to consider.

Always On VPN

Always On VPN is the direct replacement for DirectAccess. It was designed to provide feature parity for DirectAccess, with seamless, transparent, always-on remote network connectivity. However, Always On VPN better integrates with Entra ID and supports conditional access. It does not require domain-joined devices or servers and works well with cloud-native endpoints. Always On VPN is a good choice for organizations that employ hybrid Entra-joined devices.

Entra Private Access

Entra Private Access, part of the Entra Global Secure Access suite, is an identity-centric zero-trust network access (ZTNA) solution from Microsoft. It is in public preview now and has some compelling advantages over traditional VPNs. However, Entra Private Access is not feature complete today. In addition, it is best suited to cloud-native (Entra-joined only) endpoints.

Absolute Secure Access

Absolute Secure Access (formerly NetMotion Mobility) is a premium enterprise remote access solution with many advanced options. It is by far the best solution on the market today. Absolute Secure Access is a software solution that supports zero-trust configuration and includes many features to improve and enhance security, performance, and visibility. In addition, it provides cross-platform support, including Windows, macOS, iOS, and Android operating systems.

Learn More

We have several decades of experience working with secure remote access technologies. We can help you and your organization find the best solution for your needs. Fill out the form below for a free one-hour consultation to discuss your DirectAccess migration strategy today.

Additional Information

Deprecated Features for Windows Client

1 Comment

by Richard M. Hicks on June 12, 2024 • Permalink

Posted in Absolute, Absolute Secure Access, Absolute Software, Active Directory, Always On VPN, AOVPN, Azure, Azure Active Directory, Azure AD, Azure AD Join, Azure Conditional Access, cloud, Cloud Service, Consulting Services, Deployment, Device Management, DirectAccess, DirectAccess Deprecated, DirectAccess End of Life, DirectAccess EOL, end of life, Enterprise, enterprise mobility, Entra, Entra Global Secure Access, Entra ID, Entra Private Access, EOL, Forefront UAG 2010, Group Policy, Hybrid Azure AD Join, Infrastructure, Microsoft, Microsoft Entra ID, Microsoft Entra Private Access, Mobility, NetMotion Mobility, Windows 10, Windows 11, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025, Zero Trust, Zero Trust Network Access, ZTNA

Posted by Richard M. Hicks on June 12, 2024

https://directaccess.richardhicks.com/2024/06/12/microsoft-directaccess-formally-deprecated/

Absolute Secure Access and IPv6

Absolute Secure Access (formerly NetMotion Mobility) is a premium enterprise secure remote access solution with deep user and application insight supporting Windows, Mac, iOS (iPhone and iPad), and Android devices. Although Absolute Secure Access supports IPv6 for remote network connections and client IP address assignment, the latter is not enabled by default. Administrators must make additional changes to the configuration to assign IPv6 addresses to their clients so they can access resources inside the tunnel using IPv6.

DHCPv6 and SLAAC

Absolute Secure Access supports DHCPv6 and Stateless Address Autoconfiguration (SLAAC) methods for assigning IPv6 addresses to connected clients. Although IPv6 client addressing is not enabled by default, it is quick and easy to configure.

Note: Absolute Secure Access does not currently support static IPv6 prefix assignment.

Enable IPv6

To enable IPv6 global support for all Absolute Secure Access clients, open the Secure Access management console and navigate to Configure > Client Settings > Virtual Address > Allocation Method: IPv6. Administrators can choose to support either DHCPv6 alone or DHCPv6 and SLAAC. After making a selection, click the Apply button to save the changes.

Once configured, Absolute Secure Access clients will be assigned an IPv6 address and can access IPv6 resources over the Secure Access tunnel.

Split Tunneling

If you have configured the Absolute Secure Access policy for split tunneling, ensure you have included your internal IPv6 prefix(es) defined in the split tunneling policy.

Additional Information

NetMotion Mobility is now Absolute Secure Access

Absolute Secure Access Zero Trust Network Access (ZTNA)

What’s New in Absolute Secure Access v13

Absolute Secure Access Features and Capabilities

Absolute Secure Access Advanced Features In Depth

Enterprise Zero Trust Network Access (ZTNA) and VPN

1 Comment

by Richard M. Hicks on March 14, 2024 • Permalink

Posted by Richard M. Hicks on March 14, 2024

https://directaccess.richardhicks.com/2024/03/14/absolute-secure-access-and-ipv6/

Richard M. Hicks Consulting, Inc.

Awards

Consulting

Pluralsight

Newsletter

All posts in category Absolute

What’s New in Absolute Secure Access v14