Windows 7 Direct Access Won’t Put Conventional VPN’s Out Of Business
Last week, I attended a presentation at the West Sound Technology Association about Windows 7. The presenter, Chris Avis, showed many of the new and interesting features present in Windows 7. He didn’t present slides, but simply demonstrated the various features using a freshly installed copy of the public Windows 7 beta code.
One of the features Chris demonstrated was something called Direct Access. It is essentially a “transparent” VPN that is activated automatically when the user tries to access a resource in the corporate network. There is no indication or icon that the user is connecting via some sort of encrypted tunnel, it “just happens,” assuming the action is allowed.
While I have to admit, this is pretty slick from an end user perspective, it will take large businesses years to get corporate desktops, laptops, and servers upgraded to the necessary levels in order to take advantage of this feature–Windows 7 and Windows Server 2008 R2. In the meantime, more conventional VPN solutions, such as provided by my employer Check Point Software, provide solutions today. The end user experience may not be as “transparent” as Microsoft is demonstrating, but it is not the hurdle Microsoft is making it out to be, either.
It’s also clear to note that this solution is really going after the client-to-site VPN. The conventional site-to-site VPNs aren’t going anywhere anytime soon. Do you really want to run separate VPN solutions for site-to-site and client-to-site? What does Microsoft’s solution do with respect to ensuring that endpoint remains secure and uncompromised?
Related articles by Zemanta
- Windows 7: Enterprise Features Explained (infoworld.com)
- Get Your Windows 7 Updates from Microsoft Connect (on10.net)
- Windows 7 Starter Edition: ‘No, you can’t’ is a deterrent (blogs.chron.com)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=9040a84b-1769-4013-ab56-65424afaaf89)
Bookmark with: del.icio.us Digg it Furl iFeedReaders ma.gnolia Maple.nu RawSugar reddit Simpy StumbleUpon
Tags: check point, Microsoft, Virtual private network, Windows 7, Windows Server 2008 Fnord
Comment by Aaron Huslage
This isn’t a new feature in Win7. It’s a new name for NAP…and it works really nicely.
http://technet.microsoft.com/en-us/network/cc984252.aspx
Comment by PhoneBoy
It looks nice, but I don’t think I’ve ever seen or heard anyone use this feature outside of Microsoft employees
Comment by Kyle Jones
Microsoft has always made a half-assed attempt at client-to-site VPNs. Mostly because most VPN solutions out there prefer that people use their own VPN client software to handle other things like policies, software version and patch checking, and client-side firewall to take load off the VPN device. Of course, if you just want a wide-open VPN without any propreitary control, you can use Microsoft’s VPN client, but FW admins prefer to NOT make their lives hell by having to make a policy for every client out there. Nice try Microsoft, but I think you’ll have to try much harder to get vendors and admins to allow your client to be used.