All posts tagged Important Links

Windows Server 2012 DirectAccess IP-HTTPS and Windows 7 Clients

With Windows Server 2008 R2, IP-HTTPS used standard SSL cipher suites to encrypt sessions. However, those sessions are already encrypted using IPsec, which is needlessly redundant. The protocol overhead for this double encryption placed an extreme burden on the DirectAccess server in terms of CPU utilization and memory consumption. Throughput and performance suffered greatly in large deployments. To address this issue, Microsoft included two new SSL cipher suites in Windows Server 2012 and Windows 8 that use NULL encryption. IP-HTTPS sessions are fully authenticated, but encrypted only once using IPsec. This significantly reduced resource demand on the DirectAccess gateway and improves performance greatly. Unfortunately, only Windows 8 clients can take advantage of this new IP-HTTPS functionality in Windows Server 2012 DirectAccess. When Windows 7 clients establish an IP-HTTPS session with a Windows Server 2012 DirectAccess gateway they will still request the use of fully encrypted cipher suites, as shown here:

Windows 7 IP-HTTPS Client Hello

Windows 7 DirectAccess IPHTTPS Cipher Suites

Windows 8 IP-HTTPS Client Hello

Windows 8 DirectAccess IPHTTPS Cipher Suites

Windows 8.1 IP-HTTPS Client Hello

Windows 8.1 DirectAccess SSL Cipher Suites

So, if you want to take advantage of the IP-HTTPS performance improvements in Windows Server 2012 DirectAccess, be sure to use Windows 8 clients!

Update: Recently with the help of the folks at F5, I developed a solution to emulate Windows 8 client behavior for Windows 7 DirectAccess clients using the F5 BIG-IP Local Traffic Manager (LTM). Using this technique allows you to *effectively* offload SSL for Windows 7 DirectAccess clients. Fore more details click here.

8 Comments
by Richard M. Hicks on February 15, 2013  •  Permalink
Posted in Important Links, IPv6, Remote Access, Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012
Tagged , , , , , , , , , , , ,

Posted by Richard M. Hicks on February 15, 2013

https://directaccess.richardhicks.com/2013/02/15/windows-server-2012-directaccess-ip-https-and-windows-7-clients/

Presenting DirectAccess at Microsoft TechDays Belgium 2013

Join me in Belgium for Microsoft TechDays 2013! The event takes place at Kinepolis in Antwerp on March 5-6-7. I will be presenting a session on DirectAccess in Windows Server 2012 on March 7. The event will include sessions from many top speakers including Marcus Murray, Paula Januskiewicz, Tom Decaluwe, and more. There will be separate tracks for IT professionals and developers, so there will be something of interest to everyone. In addition, all attendees will receive a free 3 month TechNet subscription. Register today and don’t miss out on this amazing event!

Microsoft TechDays Belgium 2013

Leave a comment
by Richard M. Hicks on February 12, 2013  •  Permalink
Posted in Important Links, Remote Access, Windows Server 2012
Tagged , , , , , , , , ,

Posted by Richard M. Hicks on February 12, 2013

https://directaccess.richardhicks.com/2013/02/12/presenting-directaccess-at-microsoft-techdays-belgium-2013/

DirectAccess and the Microsoft Surface Pro

With the recent release of the Microsoft Surface Pro, many people have been asking me about DirectAccess connectivity for these devices. One of the requirements for DirectAccess connectivity is that the device be joined to a domain, a capability that the Surface RT lacked. Although the Surface Pro runs the full version of Windows 8, it is Windows 8 Professional. Sadly, DirectAccess connectivity is only supported for Windows 8 Enterprise edition clients, along with Windows 7 Enterprise and Ultimate editions.

Windows Server 2012 DirectAccess Client Requirements

So, if you have just purchased a new Microsoft Surface Pro and are hoping to configure it as a DirectAccess client, I’m afraid you’re out of luck. In my opinion, the lack of DirectAccess support for Windows 8 and Windows 7 Professional is a serious flaw, especially when you consider all of the great use cases you can imagine when you have a full featured tablet with always-on, secure remote network connectivity. It’s a shame, really. Let’s hope this changes in the future!

Update: Read my post on how to install Windows 8 Enterprise and configure DirectAccess on the Microsoft Surface Pro here.

10 Comments
by Richard M. Hicks on February 10, 2013  •  Permalink
Posted in Important Links, Windows 8, Windows Server 2012
Tagged , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on February 10, 2013

https://directaccess.richardhicks.com/2013/02/10/directaccess-and-the-microsoft-surface-pro/

« Older Posts
Newer Posts »