With respect folks, I think you should be careful to avoid spreading even accidental FUD without attempting to research the product in question. It has been quite awhile since I looked at it Tom, but from what I recall:
* set specific policies (no split tunneling) >>>>>>>>>>>>>>>>> it's in the best practices, and definitely possible * force specific VPN technology including encryption algorithms (IPSEC, AES, etc) >>>>>>>>>> IPSEC is actually required (as is IPv6, at least that's what MS says. you could use a translator I assume) * ensure proper key and credential management, including two-factor or challenge/response >>>>>>>>>> yes * audit activities while user is connected to the VPN >>>>>>>>>>> need to research the auditing capabilities myself It also integrates with existing NAP and isolation solutions. I'm not really sure where people get the idea that MS is recommending you use this on somebody's home PC. The impression I got was that it was for more of a small remote site or branch. One that you some limited control over, but is not worth investing in serious infrastructure for. I could be wrong though, I haven't paid too much attention to marketing. Anyway I'm just suggesting perhaps a cursory technet search before we get into the negativity. In fact a quick look at technet reveals a page with the answer to the first three of your listed requirements: http://technet.microsoft.com/en-us/library/dd637812(WS.10).aspx BTW responding on this list makes me nervous. I am a young SA of less experience, and probably of a smaller company than many of you are at. If my tone seems off, please give me the benefit of the doubt. On Mon, Oct 19, 2009 at 7:32 PM, Esther Schindler <est...@bitranch.com>wrote: > On Oct 19, 2009, at 3:11 PM, Tom Perrine wrote: > > Depending on the company, it may mean "yet another MS feature that > > we have to disable". > > This alone makes me very glad I asked. <big smile> > > Because if YOU folks don't know about this stuff already then for > damnedsure the average CIO won't know about it. Which means it's great > fodder for Lisa's article. > _______________________________________________ > Discuss mailing list > Discuss@lopsa.org > http://lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
