Is Celestix SecureAccess Always On VPN an alternative to Microsoft DirectAccess or Microsoft Always On VPN?

What is Microsoft Always On VPN?

The official name of AutoVPN is Always-on VPN profile.  It is a client-side technology that requires existing VPN solution in place like Cisco AnyConnect.  It allows you to configure connection profiles that can connect automatically.  AutoVPN requires either an Intune subscription or System Center Configuration Manager to configure.

Now, you are able to deploy Celestix SecureAccess Virtual Appliance or Physical Appliance as an Always On VPN server

Celestix SecureAccess vs. Generic Microsoft Windows Server 201x White Box

Organizations may wonder whether an appliance provides worthwhile advantages over deploying a generic Windows Server 2012 R2/2016 white box. While Server 201x offers a host of connectivity features, most companies don’t have specialized or in-depth knowledge regarding best configuration practices for the features that are now included. To help IT departments handle an ever-increasing scope of services, reducing complexity while maintaining security is essential to advance organizational goals.

Celestix strives to deliver high value to our customers. Our appliances save installation time, ease configuration tasks, and reduce licensing costs. They are hardened for security and undergo extensive, purpose-specific testing. Celestix also adds functionality not available in standard Server 201x deployments. Imminent product releases will provide a wealth of additional features that will continue to return on connectivity investments.

Why Celestix SecureAccess VPN?

Deploying complex connectivity customizations without specific experience or with limited time actually, increases the Organizational risk for information security. The Celestix SecureAccess appliance provides a more secure, cost-efficient deployment option.

Setup Simplicity

Administrators can configure the IP address, subnet mask, default gateway, and static routes in minutes, without the need for a keyboard, mouse, or monitor. The platform also features a compact appliance form factor, allowing our devices to be mounted in any standard 19” equipment rack. Hardware-integrated disaster recovery is also included.

Centralized Administration

The SecureAccess includes the new Comet 2.0 web user interface (web UI). The web UI centralizes general Windows Server administration and Remote Access (RA) configuration, so administrators can go to one place to customize the deployment. One-click installation for several RA features relieves the tedious task of installing features one by one. Administrative efficiency can offset appliance costs by saving IT staff hours.

Tuned Hardware

Our hardware has undergone extensive testing and minimizes the attack surface by engineering just the services and applications that are necessary for security and connectivity. Hardware is hardened based on expertise gained through years of experience in networking security.

Access Multiplicity

Every Organization is different, there is no one size fits all scheme for remote access. The SecureAccess provides for multiple access scenarios and the supporting functions they require. Secure access strategies can include managed/unmanaged devices, application publishing, and facilitation for public and private cloud connectivity.

Expanded Functionality

The SecureAccess improves upon current Server 2012 functionality with exclusive features. Reporting, alerting, and monitoring tools both simplify daily management and support compliance requirements. Real-time connection management provides greater control over user access to resources.

Future Ready

Future enhancements can be added through updates to both Remote Access and the Comet platform. Examples include virtualization, SSO enhancements, and forms-based authentication. By allowing Organizations to leverage new features, the SecureAccess continues to provide value for the investment.

As of today, Microsoft has not announced the End of Life of DirectAccess.  It is currently available in Windows Server 2016 Operating Systems. Based on Microsoft’s standard product life cycle, DirectAccess will be available and supported for many years to come.

Comparison Chart

Microsoft Direct Access

Celestix SecureAccess

Microsoft Always On VPN

TypeSoftware Server basedAppliance or Virtual Appliance basedClient-side only.  Supports RRAS, or any VPN servers.
Management ToolWindows Server 2012 R2/Windows Server 2016Celestix Comet Web UIMicrosoft SCCM/Intune
DeliverySoftwarePhysical and
virtual appliance
Amazon Web Services
Software client only, it requires an existing VPN server deployed.
Supported clientWindows 7,8,10
Enterprise only
Any Windows
edition and Mac OSX
Windows 10 only
DA Transition
Protocol along with Traditional protocol
DA Transition
Protocol along with Traditional protocol
PrerequisitesDomain JoinDomain Join or Non-domain joined for Secure Access– Domain Join or managed by Microsoft Intune.

– Window 10 Anniversary Update

– Have successfully logged in using either corporate
email account or Windows Hello.

Methods of
Authentication supported
Authentication / Radius / Certificate
Authentication / Radius / Certificate
– Domain Authentication / Certificate

– Windows Hello

Settings deliveryDistributed to
the client via Group Policy
Distributed to
the client via Group Policy, Secure Access Offline or SCCM
Via Intune
ReportingBasicEnhancedNot applicable
Device ManagementNoYesVia Intune
Hardened OSNoYesNot applicable

more blogs