NetMotion Mobility as an Alternative to DirectAccess

Learn more about NetMotion Mobility by registering for my free live webinar here!

NetMotion Mobility as an Alternative to DirectAccessAs I outlined in a recent blog post, there has been much speculation surrounding the end of life for Microsoft DirectAccess. This is not surprising, as Microsoft has not made any investments in DirectAccess since the introduction of Windows Server 2012. Recently, Microsoft began promoting its Always On VPN solution as an alternative for DirectAccess. While DirectAccess has not been formally deprecated, Microsoft is actively encouraging organizations considering DirectAccess to deploy Always On VPN instead, as indicated here.

NetMotion Mobility as an Alternative to Microsoft DirectAccess

Source: https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-top#advanced-vpn-connectivity

DirectAccess Alternatives

It’s important to state that, at the time of this writing, DirectAccess is still fully supported in Windows 10 and Windows Server 2016 and will be for quite some time. However, the future for DirectAccess is definitely limited, and customers should start considering alternative remote access solutions.

Always On VPN

Microsoft is positioning Always On VPN as the replacement for DirectAccess. Always On VPN offers some important new capabilities missing from DirectAccess. For example, Always On VPN supports all Windows 10 client SKUs, not just Enterprise and Education as DirectAccess does. Always On VPN includes important security enhancements such as conditional access with system health checks, access control list (ACL) enforcement per device and per application, and more.

Always On VPN Limitations

But Always On VPN has some serious limitations too. For example, Always On VPN works only with Windows 10. Windows 7 is not supported at all. Managing and supporting Always On VPN has its own challenges. It cannot be managed using Active Directory and group policy in the traditional way. You must use System Center Configuration Manager (SCCM), Intune, or PowerShell to configure and manage VPN clients.

NetMotion Mobility

I’m excited to announce I’ve recently partnered with NetMotion to provide their secure remote access solutions to organizations looking for alternatives to DirectAccess and Always On VPN. NetMotion Mobility provides the same seamless and transparent, always on remote access with some additional important features not included in DirectAccess and Always On VPN.

Broad Client Support – NetMotion Mobility can provide DirectAccess-like remote access for all versions and SKUs of Windows as well as Mac, iOS (iPhone and iPad), and Android.

Enhanced Security – NetMotion Mobility includes fine-grained policy enforcement to restrict network access based on a wide range of parameters including IP address, protocol, port, application, time of day, location, and type of network (e.g. wired, Wi-Fi, wireless, etc.). NetMotion Mobility also includes integrated Network Access Control (NAC) to validate device configuration prior to connecting, ensuring the highest level of security for remote endpoints. More details here and here.

Improved Performance – NetMotion Mobility client to server communication is optimized to improve reliability and performance. Network traffic is compressed and prioritized to ensure optimum performance for critical applications. Session persistence allows mobile workers to remain connected during times of poor connectivity or when roaming between different networks. More details here.

Greater Visibility – NetMotion Mobility provides a wealth of detailed information to perform analysis and troubleshooting for remote connections. Performance and diagnostic information is logged in real-time and provides administrators with crucial data and insight to quickly identify and resolve connectivity issues. More details here.

Better Supportability – NetMotion Mobility is supported by dedicated, highly trained support engineers with deep product experience. NetMotion support is not tiered. The support engineer who answers the phone will handle the case until resolution.

Learn More about NetMotion

NetMotion Mobility is a truly comprehensive remote access solution and an excellent alternative to DirectAccess. To learn more about NetMotion Mobility and to see it in action, fill out the form below and I’ll get in touch with you. You can also register for my upcoming free live webinar here.

Additional Information

Webinar: Comparing DirectAccess and NetMotion Mobility

Always On VPN and the Future of DirectAccess

NetMotion and DirectAccess Comparison Whitepaper

NetMotion and Skype for Business demonstration video

NetMotion Website

Always On VPN and the Future of Microsoft DirectAccess

Since the introduction of Windows Server 2012 in September of 2012, no new features or functionality have been added to DirectAccess. In Windows Server 2016, the only real change aside from bug fixes for DirectAccess is the removal of Network Access Protection (NAP) integration support.

Always On VPN and the Future of Microsoft DirectAccessFigure 1. Remote Access Setup wizard with NAP integration option in Windows Server 2012/R2.

Always On VPN and the Future of Microsoft DirectAccess

Figure 2. Remote Access Setup wizard without NAP integration option in Windows Server 2016.

DirectAccess Roadmap

It’s clear to see that Microsoft is no longer investing in DirectAccess, and in fact their field sales teams have been communicating this to customers for quite some time now. Microsoft has been actively encouraging organizations who are considering a DirectAccess solution to instead implement client-based VPN with Windows 10.

Always On VPN

New features introduced in the Windows 10 Anniversary Update allow IT administrators to configure automatic VPN connection profiles. This Always On VPN connection provides a DirectAccess-like experience using traditional remote access VPN protocols such as IKEv2, SSTP, and L2TP/IPsec. It comes with some additional benefits as well.

  • Conditional access and device compliance with system health checks
  • Windows Hello for Business and Azure multifactor authentication
  • Windows Information Protection (WIP) integration
  • Traffic filters to restrict VPN network access
  • Application-trigger VPN connections

DirectAccess Deprecated?

There has been rampant speculation that Microsoft plans to deprecate and retire DirectAccess. While that may in fact be true, Microsoft has yet to make a formal end-of-life announcement. There’s no reason DirectAccess and VPN couldn’t co-exist, so it’s not a certainty Microsoft will do this. However, there’s also no need to have multiple remote access solutions, and it is abundantly clear that the future for Microsoft remote access is Always On VPN and not DirectAccess.

Always On VPN and the Future of Microsoft DirectAccess

Source: https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-top#advanced-vpn-connectivity

Always On VPN Advantages and Disadvantages

Windows 10 Always On VPN has some important advantages over DirectAccess. It has some crucial limitations as well.

Advantages

  • Always On VPN supports non-Enterprise Windows 10 client SKUs (Windows 10 Home and Professional)
  • Always On VPN includes support for granular network access control
  • Always On VPN can use both IPv4 and IPv6
  • Always On VPN is infrastructure independent. In addition to supporting Windows RRAS, any third-party network device can be used such as Cisco, Checkpoint, Juniper, Palo Alto, SonicWALL, Fortinet, Sophos, and many more

Disadvantages

  • Always On VPN works only with Windows 10. It is not supported for Windows 7
  • Always On VPN cannot be managed natively using Active Directory and group policy. It must be configured and managed using Microsoft System Center Configuration Manager (SCCM), Microsoft Intune, or PowerShell

DirectAccess or Always On VPN?

Should you deploy DirectAccess today or implement Always On VPN with Windows 10 instead? That depends on a number of factors. It’s important to understand that DirectAccess is fully supported in Windows Server 2016 and will likely be for many years to come. If DirectAccess meets your needs today, you can deploy it with confidence that it will still have a long support life. If you have reservations about the future viability of DirectAccess, and if you meet all of the requirements to support Always On VPN with Windows 10, then perhaps that’s a better choice. If you’d like to discuss your remote access options in more detail, fill out the form below and I’ll get in touch with you.

Additional Resources

5 Things DirectAccess Administrators Should Know About Always On VPN

3 Important Advantages of Always On VPN over DirectAccess

NetMotion Mobility as an Alternative to DirectAccess

DirectAccess vs. VPN

Always On VPN Deployment Guide for Windows Server 2016 and Windows 10

Planning and Implementing DirectAccess with Windows Server 2016 Video Training Course on Pluralsight

Managing and Supporting DirectAccess with Windows Server 2016 Video Training Course on Pluralsight

Implementing DirectAccess with Windows Server 2016 Book

%d bloggers like this: