Esther Schindler wrote: > > > Anyhow, here's what she's looking for: > >> Microsoft demonstrated DirectAccess for its new OS, Windows 7. >> DirectAccess is a way to give mobile users more convenient access to >> the network without having to fire up a VPN connection. On the user >> side, we get to eliminate VPN connectivity issues, while on the admin >> side, well, what does that mean? I want to talk to sysadmins who have >> been testing Windows 7 so we can get a good look at what sysadmin >> headaches, if any, are being eliminated by this new feature, and then >> again, what new headaches are being introduced? >> >> I'm a technology reporter, and I'm looking to speak to enterprise >> system administrators about this. Your answers will feed into a >> feature article that will appear on a new news site run by a major PC >> vendor, but this article will feature input from users of a diverse >> range of PC brands. >> >> If you have 20 minutes to spare between now and Oct. 27, I'd love to >> get you on the phone. I look forward to getting your input--thanks in >> advance.
Lisa: If you are going to write an article about it, I am assuming you understand the technology, and possibly have "played" with it. Do you mind give us a quick overview (possibly through Esther if you cannot post here) ? Now to answer the request, knowing that I have zero experience with Windows and that I market myself as a UNIX person: I did a quick google, and was surprised to find little information about the technology. The only few links that helped me are: http://technet.microsoft.com/en-us/library/ee382279(WS.10).aspx http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-IPHTTPS%5D.pdf (PDF file) http://www.microsoft.com/servers/directaccess.mspx So my understanding of the product is: -MS implements an ip tunnel over https (so inovative :-) -there is a layer within some new version of Windows to make this transparent to the user -the connection is made to a DirectAccess server which, it seems, can restrict the type of access that can be done. How is that going to affect people in the real world ? Tiny companies who do not care (or do not understand) security and just want to get things done will love it. They probably have a bunch of confidential data on their laptop drive and on usb drives, so this will not really affect their security model. Companies that are very security conscious, won't be affected either because they are probably already using something like blue coat to restrict https traffic, because, tunneling over https isn't that new. Having said that, large companies will probably use this technology, depending on what can be restricted on the DirectAccess server. People who have headaches managing and patching laptops in the field are going to be interested in this (from the last link above): "With DirectAccess, mobile computers can be managed any time the mobile computer has Internet connectivity, even if the user is not logged on. This allows remote computers to be managed regularly and helps ensure mobile users stay up-to-date with security and system health policies. DirectAccess helps ensure that organizations can meet regulatory and privacy mandates for security and data protection for assets that must roam beyond the corporate network" In conclusion... If I were the author, I wouldn't write about the death of VPN. this is not replacing VPNs. VPNs are more used to link two location over a non-secure link these days (because of the security issues discussed on this list), and would research the capabilities of the Direct Access server, how can it restrict traffic: Can it prevent access to corporate information ? What are its logging capabilities ? etc... -- Yves. http://www.sollers.ca/ _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
