Always On VPN
Microsoft DirectAccess
DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known as a private network or intranet. DirectAccess establishes bi-directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.
You can use the DirectAccess Management Console to set up a DirectAccess infrastructure by performing the following tasks:
- Specify the client computers that can use DirectAccess by selecting the security groups to which they belong
- Configure the network adapters on the DirectAccess server that are connected to your internal network and the Internet and the certificates that you want to use for authentication
- Configure the location of an internal Web site so that DirectAccess client computers can determine when they are located on the internal network
- Configure the Domain Name Service (DNS) names that must be resolved by internal network DNS servers
- Identify infrastructure servers (network location, DNS, and management servers)
- Identify application servers for optional authentication
Download the Quick Guide to Simple Implementation.
DirectAccess is one of the Unified Remote Access components in Celestix SecureAccess Solution, please click here for more information.
As of today, Microsoft has not announced the End of Life of DirectAccess. It is currently available in Windows Server 2016 Operating Systems. Based on Microsoft’s standard product life cycle, DirectAccess will be available and supported for many years to come.
Benefits of deploying Microsoft DirectAccess on a Celestix appliance or a Celestix Virutal Appliance:
- Procurement – With Celestix SecureAccess appliances, you purchase integrated solutions from one source. With white box deployments, you purchase separate hardware, operating system, and Microsoft components—each requiring a separate approval cycle.
- Integration: Celestix comes fully integrated and ready to use straight from the box. The time spent integrating and testing white box deployments adds significant costs and delays to deployments.
- COMET Appliance Engine – Based on Microsoft Windows Server 2012/2016, Celestix’ COSMOS engine provides several unique features for ease of use:
- Web UI for: simple setup, remote configuration of network settings, options to view logs/reboot/receive alerts/updating software, and other management tasks.
- Disaster Recovery – Each Celestix appliance includes One-button rollback to factory presets.
- Celestix has optimized and hardened the operating system and Microsoft security solution.
- Time – With Celestix appliances, there is no need to dedicate long hours of staff time to configure individual white boxes. Celestix has fully packaged and pre-configured to minimize the burden on your IT staff.
Microsoft Alway On VPN
The official name of AutoVPN is Always-on VPN profile. It is a client-side technology that requires existing VPN solution in place like Cisco AnyConnect. It allows you to configure connection profiles that can connect automatically. AutoVPN requires either an Intune subscription or System Center Configuration Manager to configure. Always-on VPN is also part of the components of Celestix SecureAccess.
Celestix SecureAccess
Deploying complex connectivity customizations without specific experience or with limited time actually, increases the Organizational risk for information security. The Celestix SecureAccess appliance provides a more secure, cost-efficient deployment option for both Microsoft DirectAccess and Always On VPN.
Unified Platform
Various remote access infrastructure components are consolidated to provide different connectivity options from a single appliance without the hassle of dealing with different cross-vendor solutions.
Setup Simplicity
Administrators can configure the IP address, subnet mask, default gateway, and static routes in minutes, without the need for a keyboard, mouse, or monitor. Deployment options include hardware appliance, Virtual Appliance, and Amazon Web Services.
Centralized Administration
The SecureAccess includes the new Comet 2.0 web user interface (web UI). The web UI centralizes general Windows Server administration and Remote Access (RA) configuration, so administrators can go to one place to customize the deployment. One-click installation for several RA features relieves the tedious task of installing features one by one. Administrative efficiency can offset appliance costs by saving IT staff hours.
Access Multiplicity
Every Organization is different, there is no one size fits all scheme for remote access. The SecureAccess provides for multiple access scenarios and the supporting functions they require. Secure access strategies can include managed/unmanaged devices, application publishing, and facilitation for public and private cloud connectivity.
Expanded Functionality
The SecureAccess improves upon current Server 2012 functionality with exclusive features. Reporting, alerting, and monitoring tools both simplify daily management and support compliance requirements. Real-time connection management provides greater control over user access to resources.
Future Ready
Future enhancements can be added through updates to both Remote Access and the Comet platform. Examples include virtualization, SSO enhancements, and forms-based authentication. By allowing Organizations to leverage new features, the SecureAccess continues to provide value for the investment.
Comparison Chart
Celestix SecureAccess | Microsoft Direct Access | Microsoft VPN Anywhere | |
Type | Appliance or Virtual Appliance based or AWS | Software Server based | Client-side only. Supports RRAS, or any VPN servers. |
Management Tool | Celestix Comet Web UI | Windows Server 2012 R2/Windows Server 2016 | Microsoft SCCM/Intune |
Delivery | Physical and virtual appliance Amazon Web Services | Software | Software client only, it requires an existing VPN server deployed. |
Supported client | Any Windows edition and Mac OSX | Windows 7,8,10 Enterprise only | Windows 10 only |
Protocols Supported | DA Transition Protocol along with Traditional protocol | DA Transition Protocol along with Traditional protocol | L2TP, SSTP, IKE |
Prerequisites | Domain Join or Non-domain joined for Secure Access If Microsoft Always On VPN is deployed: – Domain Join or managed by Microsoft Intune. – Window 10 Anniversary Update – Have successfully logged in using either corporate | Domain Join | – Domain Join or managed by Microsoft Intune. – Window 10 Anniversary Update – Have successfully logged in using either corporate |
Methods of Authentication supported | Domain Authentication / Radius / Certificate | Domain Authentication / Radius / Certificate | – Domain Authentication / Certificate – Windows Hello |
Settings delivery | Distributed to the client via Group Policy, Secure Access Offline or SCCM | Distributed to the client via Group Policy | Via Intune |
Reporting | Enhanced | Basic | Not applicable |
Device Management | Yes | No | Via Intune |
Hardened OS | Yes | No | Not applicable |