This is part four in a series of questions related to DirectAccess and VPNs. Last week we addressed whether Microsoft can improve the implementation of DirectAccess under Windows Server 2012. Earlier in our series we examined the hardware requirements with DirectAccess and whether DirectAccess, in combination with Windows 8, supersedes VPNs.
Question: Do networks that employ the Windows Server 2008 R2 and the Windows Server 2012 also feature the improved configuration and management features of DirectAccess?
Patrick Oliver Graf: No, they do not. The improvements for DirectAccess are only available for Windows Server 2012. It can be expected that users will slowly migrate their systems from Windows Server 2008 R2 to version 2012. This means, companies will have to continue living with the restrictions resulting from DirectAccess in a Windows Server 2008 environment for quite a time.
Question: Can companies use DirectAccess in combination with a VPN? For example can they use DirectAccess for computers running on Windows 7 and Windows 8 while they need an IPsec/SSL VPN for Windows XP, MacOS, iOS, Android or Linux at the same time?
Patrick Oliver Graf: Windows Server 2012 does not change anything in this scenario. DirectAccess can only be used for Windows 7/8 clients. Anybody who wants to use other clients (MacOS, iOS, Android, Linux, Unix) has to setup and operate a parallel VPN infrastructure. Although Windows Server 2012 offers the default setting of an additional installation of VPNs for non-Windows clients upon implementation of DirectAccess, two separate worlds remain if a user also uses clients with other operating systems, other than Windows 7 and 8. This naturally increases the installation, configuration and operating effort. And due to its high complexity, the system is more likely to be prone to vulnerabilities.
If you have any questions that you would like answered, send them to firstname.lastname@example.org.
Patrick Oliver Graf is General Manager at NCP engineering.