• Contact Sales
  • Company Blog
  • Events
  • Submit a ticket
  • Docs
  • About Celestix
Celestix Networks The Secure Access Company
  • Products
  • Solutions
  • Purchase
  • Support
  • Partners
  • Resources

Always On VPN

Microsoft DirectAccess

DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known as a private network or intranet. DirectAccess establishes bi-directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.

You can use the DirectAccess Management Console to set up a DirectAccess infrastructure by performing the following tasks:

  • Specify the client computers that can use DirectAccess by selecting the security groups to which they belong
  • Configure the network adapters on the DirectAccess server that are connected to your internal network and the Internet and the certificates that you want to use for authentication
  • Configure the location of an internal Web site so that DirectAccess client computers can determine when they are located on the internal network
  • Configure the Domain Name Service (DNS) names that must be resolved by internal network DNS servers
  • Identify infrastructure servers (network location, DNS, and management servers)
  • Identify application servers for optional authentication

Download the Quick Guide to Simple Implementation.

DirectAccess is one of the Unified Remote Access components in Celestix SecureAccess Solution, please click here for more information.

As of today, Microsoft has not announced the End of Life of DirectAccess.  It is currently available in Windows Server 2016 Operating Systems. Based on Microsoft’s standard product life cycle, DirectAccess will be available and supported for many years to come.

Benefits of deploying Microsoft DirectAccess on a Celestix appliance or a Celestix Virutal Appliance:

  • Procurement – With Celestix SecureAccess appliances, you purchase integrated solutions from one source. With white box deployments, you purchase separate hardware, operating system, and Microsoft components—each requiring a separate approval cycle.
  • Integration: Celestix comes fully integrated and ready to use straight from the box. The time spent integrating and testing white box deployments adds significant costs and delays to deployments.
  • COMET Appliance Engine – Based on Microsoft Windows Server 2012/2016, Celestix’ COSMOS engine provides several unique features for ease of use:
    • Web UI for: simple setup, remote configuration of network settings, options to view logs/reboot/receive alerts/updating software, and other management tasks.
    • Disaster Recovery – Each Celestix appliance includes One-button rollback to factory presets.
    • Celestix has optimized and hardened the operating system and Microsoft security solution.
    • Time – With Celestix appliances, there is no need to dedicate long hours of staff time to configure individual white boxes.  Celestix has fully packaged and pre-configured to minimize the burden on your IT staff.

Microsoft Alway On VPN

The official name of AutoVPN is Always-on VPN profile.  It is a client-side technology that requires existing VPN solution in place like Cisco AnyConnect.  It allows you to configure connection profiles that can connect automatically.  AutoVPN requires either an Intune subscription or System Center Configuration Manager to configure.  Always-on VPN is also part of the components of Celestix SecureAccess.

Celestix SecureAccess

Deploying complex connectivity customizations without specific experience or with limited time actually, increases the Organizational risk for information security. The Celestix SecureAccess appliance provides a more secure, cost-efficient deployment option for both Microsoft DirectAccess and Always On VPN.

Unified Platform

Various remote access infrastructure components are consolidated to provide different connectivity options from a single appliance without the hassle of dealing with different cross-vendor solutions.

Setup Simplicity

Administrators can configure the IP address, subnet mask, default gateway, and static routes in minutes, without the need for a keyboard, mouse, or monitor.  Deployment options include hardware appliance, Virtual Appliance, and Amazon Web Services.

Centralized Administration

The SecureAccess includes the new Comet 2.0 web user interface (web UI). The web UI centralizes general Windows Server administration and Remote Access (RA) configuration, so administrators can go to one place to customize the deployment. One-click installation for several RA features relieves the tedious task of installing features one by one. Administrative efficiency can offset appliance costs by saving IT staff hours.

Access Multiplicity

Every Organization is different, there is no one size fits all scheme for remote access. The SecureAccess provides for multiple access scenarios and the supporting functions they require. Secure access strategies can include managed/unmanaged devices, application publishing, and facilitation for public and private cloud connectivity.

Expanded Functionality

The SecureAccess improves upon current Server 2012 functionality with exclusive features. Reporting, alerting, and monitoring tools both simplify daily management and support compliance requirements. Real-time connection management provides greater control over user access to resources.

Future Ready

Future enhancements can be added through updates to both Remote Access and the Comet platform. Examples include virtualization, SSO enhancements, and forms-based authentication. By allowing Organizations to leverage new features, the SecureAccess continues to provide value for the investment.

Comparison Chart

Celestix SecureAccess

Microsoft Direct Access

Microsoft VPN Anywhere

TypeAppliance or Virtual Appliance based or AWSSoftware Server basedClient-side only.  Supports RRAS, or any VPN servers.
Management ToolCelestix Comet Web UIWindows Server 2012 R2/Windows Server 2016Microsoft SCCM/Intune
DeliveryPhysical and
virtual appliance
Amazon Web Services
SoftwareSoftware client only, it requires an existing VPN server deployed.
Supported clientAny Windows
edition and Mac OSX
Windows 7,8,10
Enterprise only
Windows 10 only
Protocols
Supported
DA Transition
Protocol along with Traditional protocol
DA Transition
Protocol along with Traditional protocol
L2TP, SSTP, IKE
PrerequisitesDomain Join or Non-domain joined for Secure Access

If Microsoft Always On VPN is deployed:

– Domain Join or managed by Microsoft Intune.

– Window 10 Anniversary Update

–

Have successfully logged in using either corporate
email account or Windows Hello.

Domain Join– Domain Join or managed by Microsoft Intune.

– Window 10 Anniversary Update

– Have successfully logged in using either corporate
email account or Windows Hello.

Methods of
Authentication supported
Domain
Authentication / Radius / Certificate
Domain
Authentication / Radius / Certificate
– Domain Authentication / Certificate

– Windows Hello

Settings deliveryDistributed to
the client via Group Policy, Secure Access Offline or SCCM
Distributed to
the client via Group Policy
Via Intune
ReportingEnhancedBasicNot applicable
Device ManagementYesNoVia Intune
Hardened OSYesNoNot applicable

  • Always On VPN
  • KEMP for Celestix SecureAccess VPN
  • Validation for Remote Working
  • Multi-Factor Authentication
  • Single Sign-On (SSO)
  • Web Application Proxy
  • Client Automation

Copyright © 2001-2020 Celestix Networks, Inc. ALL RIGHTS RESERVED. Privacy Policy.