>why should your remote employees _not_ have access to your corporate resources.
This would be an extranet. For untrusted vendors, sub-contractors, etc. Mega-CorpA subcontracts to Mega-CorpB. Mega-CorpB needs access to certain information inside Mega-CorpA. Mega-CorpA sets up a segment of their network into an extranet, allowing limited use of internal resources. --- I personally, am platform agnostic. I'll use whatever gets the job done. But, when it comes to protocols or standards(or odd things like ActiveX), I'm an opensource advocate all the way. Microsoft, has been known to intentionally create protocols and standards that sound great, look great, and lock you into the MS ecosystem. If this is a compromise you are willing to make. So be it. This DirectAccess product sounds great, looks great, and hasn't even been released yet. IMO, using MS products usually means you end up buying your way out of problems, rather than thinking your way out. --- Full Disclosure: I am currently working in an all Microsoft environment(except for a Zenoss server). And, yes, I like powershell. On Tue, Oct 20, 2009 at 2:11 PM, Luke Quattrochi <luke.quattro...@gmail.com> wrote: > On Tue, Oct 20, 2009 at 12:14 PM, <da...@lang.hm> wrote: >> >> it may make sense for you, but my initial reaction is why not just use a >> VPN? >> why should your remote employees _not_ have access to your corporate >> resources. >> >> this doesn't even need to be a VPN on each machine, the cost of a router >> that can implement a site to site VPN is very low, that would give you the >> benifits of being on the WAN without the cost of the WAN connection. >> >> David Lang > > I'm still having trouble seeing your perspective on the lock in issue but I > would rather not sidetrack the thread. > Currently my remote sites are not even connected by VPN for a variety of > legitimate reasons. Rest assured that there are reasons these sites should > *not* have access to corporate resources. The big one (that I can talk > about) is that basically these sites don't generate enough revenue to pay > any forward to IT, so they don't get much in the way of support. > You did inspire some thought on my part though. The cost issues will still > be similar for my particular company between DirectAccess and a cheapy VPN. > The root problem is that our IT department is brutally small for the size > of our company. We don't have a network admin. Unfortunately I'm not one > of those brilliant do it all types, and I am best kept out of the Cisco > equipment. Any type of network configuration is done by consultant (meaning > they are rare, and this is limiting). This means even if I buy a cheap $400 > router for site to site VPN I have to pay an expensive hourly rate to get it > configured. > For DirectAccess I don't need a consultant. I would need to buy a new > physical server, which means more cost justifcation. Since it can't be > behind NAT I can't just provision a VM on my ESX cluster like I do for > everything else. > >> >> _______________________________________________ >> Discuss mailing list >> Discuss@lopsa.org >> http://lopsa.org/cgi-bin/mailman/listinfo/discuss >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> > > > _______________________________________________ > Discuss mailing list > Discuss@lopsa.org > http://lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
