Archive for August, 2011

By Bernd Reder

Microsoft’s DirectAccess allows users to access a company’s IT system from a Windows computer, without using a VPN — but by using IPsec to secure the connection and all data transferred in the communication. In contrast to a VPN, a DirectAccess client sets up a connection to the corresponding server after it has booted and set up a connection to the Internet. The user does not have to start a VPN session manually and log in to the company network. Nor does the administrator have to manage the system—for instance, roll out new software versions—until a client has set up a VPN connection.

So what’s the benefit of DirectAccess? Here are the main ones:

  • It supports different protocols and communication processes like IP-HTTPS, SSL and IPsec.
  • It provides authentication and encryption options.

Before you rush out to get DirectAccess though, you should hear the drawbacks, which are significant.

Restricted to the world of Windows

Does DirectAccess foretell the end for common VPN solutions? Definitely not. Microsoft’s technology only works if the whole system is based on Windows 7: running on Windows 7 (Professional, Business or Ultimate) and a Windows server (Windows server 2008 R2). This means employees working on a Mac or with a Linux notebook can’t access the company network.

Smartphone users with iPhones, BlackBerrys or other devices running Android also can’t access the company network. And even more paradoxical, DirectAccess doesn’t even work on mobile devices running Windows Mobile or the new Windows Phone 7.

It is safe to assume that Windows will support DirectAccess in future versions of its Windows 7 phone, as well as the Windows OS for tablet PCs. However, until then, there is still a long way to go. On top of that, there is hardly any company in which only Windows devices are used across the spectrum of devices—smartphones, client PCs, tablet PCs, servers, etc. In most companies, several platforms and devices are used in parallel, leaving the company with heterogenic IT equipment.

Companies use heterogenic IT equipment

This fact will not change. If anything, trends (like the consumerization of IT) lead to employees bringing a diversity of cell phones, tablets and notebooks at an even faster rate. Of course, with these mobile devices, employees check their business emails on the road or in the home office, synchronize dates and contact details, and download documents from the company server. This simply can’t be done without a VPN solution that supports various operating systems and client systems.

Another problem with DirectAccess is that one of its mandatory pre-requisites is a Public Key Infrastructure (PKI) and the use of IPv6. However, not all companies use this version of the Internet protocol, yet. That’s still years away. In fact, thanks to Network Address Translation (NAT), many companies will continue to use IPv4 for quite a while.

So, what should companies do? Write off DirectAccess? Definitely not. Microsoft’s DirectAccess technology offers solid advantages, like easy handling and easy management—as well as a high level of security. On top of that, it comes as standard with each Windows 7 packet, which means there are no additional charges. But the reality remains, DirectAccess is restricted to the world of Windows. In other words, the end of traditional VPN solutions is still a very long way off—especially for flexible solutions that support various operating systems and devices.

VPN Haus: What vertical industries are asking for tools to secure mobile devices or remote access? I would think healthcare would be big on this list.

Desmet: That’s a great question. Without question, security and mobility go hand-in-hand with healthcare. As medical practices advance, technology is enabling us to receive even better treatment. For a doctor, being able to access a patient’s medical record no matter where their primary physician is located means that they not only have access to complete information, but can quickly offer a diagnoses. It goes without saying that security is very important here.

Mosaic also does a lot of work with higher education. Universities tend to have users that are very technology savvy and mobile. Students and professors need access to their personalized information no matter where they are within the university campus. For example, Massachusetts College of Pharmacy deployed a virtualized architecture that enable students to access their profile no matter what campus they on. Connecting campuses, securely, is table stakes for higher education environments.

VPN Haus: What trends are you noticing in demand for remote access tools?

Desmet: The tremendous growth in connected devices is driving IT organizations to keep pace with new programs and tools. Virtualized architectures are a big piece of that equation. In the last 6-months, nearly 70% of our business is from organizations leveraging a virtualized architecture. Our 15 year expertise in the IT industry means that we are taking on more of a partnership role with our customers and they sort through the options for remote access.

What We’re Reading, Week of 8/22

Posted: August 26, 2011 in Highlights

Dark Reading, Baking Security Into Open WiFi Networks
NetworkWorld, Stronger IPsec VPN Configurations Needed
eWeek, Global Mobile-Security Market Worth $14.4B in 2017: Report
Computerworld, Security Manager’s Journal: Keeping the DMZ safe

VPN Haus: What kind of demand do you see for VPNs or other remote access tools?

Thomas Desmet: At Mosaic, VPNs are incredibly useful for our mobile workforce. Our sales team is always on the road. We have remote workers around the country and VPNs allow them to connect to Mosaic’s database at anytime, anywhere – and most importantly, it allows them to do this securely. Using our VPN, the team can leverage our internal sales tool such as quoting applications and contact database. That means the sales team doesn’t have to wait to be in physically in a Mosaic office to provide customers with the information they need and it allows me a holistic and real-time view of our business activity. We also harness a VPN to connect our West Coast and East Coast locations. That is critical for any business with multiple locations.

VPN Haus:  Are more customers asking for IPsec given the attention to IPv6 recently? Is IPv6 playing a role in the types of technology customers are asking for?

Desmet: First a little background on IPv6. The Internet Engineering Task Force (IETF) established IPv6 to address the main problem of IPv4 address exhaustion. IPv4 allows for approximately 4.3 billion addresses, which given the explosion in connected devices is no longer sufficient. IPv6 has a very large address space and consists of 128 bits as compared to 32 bits in IPv4.

Even with all the attention and future need for IPv6 – we haven’t seen a shift back toward IPsec VPNs and client software programs. Many of the SSL VPN solutions today do allow for IPv6. The need for IPv6 underscores how important mobility is in today’s workforce. We are no longer tied to our desks and wired devices. It is a mobile and connected world, which makes SSL VPN even more useful.



What We’re Reading, Week of 8/15

Posted: August 19, 2011 in Highlights, IPv6: The security risks to business
Healthcare Technology Online, 4 Reasons Why Now is the Time for Teleheatlh
InformationWeek, Public Hotspot Safety Hinges on VPNs
eWeek, Improper SSL Implementations Leave Websites Wide Open to Attack
allBusiness, Bring Your Own Technology Trend Brings Growing Risks