Q&A on VPNs & DirectAccess with Patrick Oliver Graf, Part 2

Posted: November 27, 2012 in Expert Q&A, VPN, Windows, Windows 7, Windows 8

This is part two in a series of questions related to DirectAccess and VPNs. Last week, we addressed why VPNs are still necessary with Windows 8.

Question: Does DirectAccess have any hardware requirements?

Patrick Oliver Graf: While DirectAccess doesn’t require the Trusted Platform Module (TPM) – based virtual smart card capabilities in Windows Server 2012/Windows 8, it is an optional component. It’s worth noting, as small and medium-sized businesses, in particular, often use Windows consumer PCs that do not feature TPM. However, Microsoft does require TPM to be enabled and configured for its employees who wish to enable DirectAccess connectivity. VPN solutions do not have such requirements.

Question: Does DirectAccess in combination with Windows 8 supersede VPNs?

Patrick Oliver Graf: No, it does not, because Windows 8 systems are only able to use DirectAccess to communicate with servers and clients in pure Windows environments. Users of mixed environments cannot forego a VPN, if their environments include Linux Server, MacOS computers or end devices running on the Android operating system. The BYOD trend will only put further momentum towards environments with a multitude of platforms, which will further diminish the influence of DirectAccess.

Moreover, a lot of companies and public institutions, like educational institutions or authorities, have already implemented a VPN infrastructure. Those customers will unlikely abandon their VPNs in favor of Windows 8, in combination with Windows Server 2012.

Stay tuned as Patrick addresses more questions related to DirectAccess and VPNs. If you have any questions that you would like answered, send them to editor@vpnhaus.com. 

Patrick Oliver Graf is General Manager at NCP engineering.

  1. Just an FYI, TPM is not a requirement for DirectAccess in Windows 7 or Windows 8. In fact, there’s no support for TPM in Windows 7 and it is optional with Windows 8.

    • VPN Haus says:

      Thanks for your comment, Richard. We understand there’s some confusion with regards to DirectAccess, but if you check Microsoft’s document, “Work Smart: Connecting Remotely Using Windows 8 DirectAccess,” it states: “Your computer must have a Trusted Platform Module (TPM) and it must be initialized.” This is also the case for Windows 7, Enterprise or Ultimate. Again, thanks for the comment and we look forward to hearing from you again.

      • The document you are referring to is targeted at Microsoft employees who wish to enable DirectAccess connectivity on their corporate issued laptops. Although Microsoft requires TPM to be enabled and configured for accessing their network, it is by no means a requirement for DirectAccess in general. I’m speaking from experience here, having deployed DirectAccess with Forefront UAG and Windows Server 2012 on many occasions. In addition, please refer to the Remote Access Overview document [http://technet.microsoft.com/en-us/library/hh831416.aspx] where it states “…DirectAccess can use the Trusted Platform Module (TPM)-based virtual smart card…”. Not must, but can. Again, TPM is an optional component of DirectAccess in Windows Server 2012/Windows 8 and not a requirement. Thanks!

      • VPN Haus says:

        Thanks for input, Richard. You are correct – while DirectAccess can use the TPM virtual smart card capabilities, it is in fact not a requirement. Thus, the post has been amended to reflect this correction. We appreciate your continued reading of VPN Haus, as well as your active participation.

  2. […] Q&A on VPNs & DirectAccess with Patrick Oliver Graf, Part 2 […]

  3. […] of dollars. Microsoft released Windows 8, thus sparking the debate over exclusively relying on DirectAccess in lieu of virtual private networks (VPNs). As a result of these major trends, we’re […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s