Top 5 Reasons to Deploy Windows 10 with DirectAccess

Deployed DirectAccess WITHOUT Windows 10 Enterprise Edition

Celestix SecureAcces extends DirectAccess experience for roaming users even for Windows Professional editions and Mac OSX computers.DirectAccess has been with us for many years now, and organizations who were early adopters, have been enjoying the benefits of a seamless and transparent, always on, bi-directional, secure, remote access solution for quite some time. When DirectAccess (DA) was first introduced, Windows 7 was the latest supported DA client. From a DA perspective, it left quite a bit to be desired. Windows 7 lacked many native features that make implementing and supporting DA easier.

Looking ahead to the imminent release of Windows 10, there are many new features and functionalities included in this latest release that will make the DA experience much better from an end user and an administrator’s perspective. In fact, many organizations haven’t deployed DA at all because Windows 7 lacked essential features required for their deployments. As many organizations are beginning to plan for their Windows 10 upgrade, let’s take a look at:

Top 5 reasons why DA is better and more effective with Windows 10 clients

1. Windows 10 DA Clients include native support for geographic redundancy and transparent entry point failover.

As organizations increasingly rely on their DA deployments for remote worker productivity, ensuring that the solution is highly available is of paramount importance. DA can be configured to provide geographic redundancy, allowing administrators to place DA entry points in multiple physical locations. However, Windows 7 clients don’t support this feature and must be assigned to a single entry point. Windows 10 clients fully support geographic redundancy and transparent site fail over and will automatically select the nearest entry point to connect to. If that entry point becomes unavailable, the client will transparently fail over to one of the other remaining entry points.

2. Windows 10 DirectAccess Clients perform better, and scale more effectively.

Traditionally the IP-HTTPS IPv6 transition protocol was considered the protocol of “last resort” for DA connections because Windows 7 clients would encrypt DA traffic using SSL/TLS. This introduced high protocol overhead as the DA traffic is already encrypted using IPsec. As a result, performance and scalability was negatively affected for organizations supporting a large number of Windows 7 clients. Windows 10 includes support for null encryption for IP-HTTPS connections, which greatly improves scalability and performance by eliminating this needless additional layer of encryption. This results in a better end user experience and a single DA server can support many more Windows 10 clients as compared to Windows 7.

3. Windows 10 DirectAccess clients have an integrated connectivity status indicator.

For Windows 7, DA was a bit of an afterthought. As a result, the operating system lacks any native visual indicator for DA connectivity status. The client is left to assume that DA is working, or to simply attempt to connect to corporate resources to see if they are reachable. To address this shortcoming, Microsoft released the DirectAccess Connectivity Assistant (DCA) which is an optional component that can be deployed on Windows 7 clients to provide DA connectivity status. Windows 10 includes native graphical support for DA including an intuitive status indicator for DA connectivity status. This eliminates the need to deploy, manage, and maintain additional software for monitoring DAconnectivity on the client.

4. Windows 10 DirectAccess clients feature improved client-side troubleshooting.

Typically, once DA is installed and configured, it really is a “set-it-and-forget-it” solution. Once it works, it usually just continues to work. However, there are times when it doesn’t, and Windows 7 sorely lacks any helpful troubleshooting tools on the client side. In contrast, Windows 10 includes full support for DirectAccess configuration and troubleshooting with PowerShell. Windows 10 clients include numerous native PowerShell cmdlets to perform essential DA parameter evaluation, configuration review, and connectivity testing. Troubleshooting client-side DA on Windows 10 clients is infinitely easier than it is on Windows 7.

5. Windows 10 DirectAccess clients may not require a Public Key Infrastructure (PKI).

Windows 7 DA clients require computer certificates be issued from an existing internal private PKI for all deployment scenarios. Although this is a very secure way to configure DirectAccess, for smaller deployments with less stringent security requirements it adds significant burden both in terms of management and performance. For some deployment scenarios, Windows 10 clients can support DirectAccess configuration using Kerberos Proxy, which eliminates the requirement for PKI and PKI-managed computer certificates. This reduces the management overhead of a full PKI implementation to support DirectAccess. It also reduces the amount of work the DirectAccess server has to perform, improving performance and scalability by reducing resource consumption on the DirectAccess server.

If you’ve already deployed DirectAccess and are supporting Windows 7 clients, there are many more features you’ll be able to take advantage of, when you get to Windows 10. Fully supported geographic redundancy with transparent site failover is sure to make many administrators very happy. Performance and scalability will improve, and the folks on the helpdesk will be much happier with built-in configuration and troubleshooting tools at their disposal. Users will appreciate having the native connectivity status indicator available to confirm corporate network connectivity, and network architects can now take advantage of new deployment scenarios made possible by Windows 10, that will reduce the complexity of the overall solution.

For more information, watch our on-demand webinar here. To learn more about how Celestix can improve and enhance your DirectAccess deployment, learn more here or drop us a note at [email protected]. You can also call us on +1 (510) 668 0700 if you have any questions or would like more information.

DirectAccess vs. SecureAccess

more blogs