Sorry I wasn't clear. I meant, will you require "Office 365/Azure Constrained Access"?
-----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Tuesday, November 14, 2017 8:21 PM To: ntsysadm Subject: Re: [NTSysADM] Looking for a global VPN solution - looking for input Do you mean need mobile/BYOD? Likely will, but whether we'll be on O365/Azure by then is an open question in my mind. I'd prefer not, but I recognize that MSFT wants their money, so will do everything they can to force us there. Kurt On Tue, Nov 14, 2017 at 1:56 PM, Michael B. Smith <mich...@smithcons.com> wrote: > I can't speak to your environment, but many of my customers are pushing for > Office 365/Azure Constrained Access. > > Especially because of mobile/BYOD. > > I suggest you should consider the likelihood or whether you'll NEED that > capability within 5 years. > > -----Original Message----- > From: listsad...@lists.myitforum.com > [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff > Sent: Tuesday, November 14, 2017 4:31 PM > To: ntsysadm > Subject: Re: [NTSysADM] Looking for a global VPN solution - looking > for input > > Ran through your posts in this thread, and i have to say that it looks like > the days of DA are numbered. > > However, if I implement it under 2016, it should be supported for at least 5 > more years (assuming that Win10 still supports it, too). > > So, I'm not worried too much about that as such, but AVPN support for > non-domain-joined devices looks very interesting, and the fact that DA only > supported IPv6 was sometimes limiting. > > I think I'll explore AVPN a bit more, and probably include it as an option. > > On Mon, Nov 13, 2017 at 6:08 PM, Michael B. Smith <mich...@smithcons.com> > wrote: >> So.... just a data point to consider. >> >> Microsoft is kinda moving away from DirectAccess. >> >> Many of the security functionalities added in Server 2016 won't work with DA. >> >> Instead you need to be using their Automatic VPN. The endpoint isn't very >> relevant, although they push RRAS. >> >> For example, WIP doesn't work properly with DA. Only with AVPN. >> >> -----Original Message----- >> From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >> Sent: Monday, November 13, 2017 8:19 PM >> To: ntsysadm >> Subject: Re: [NTSysADM] Looking for a global VPN solution - looking >> for input >> >> Arg - that should be "seeking commercial services".. >> >> And, once I bring recommendations, it might well be that we just fall back >> to a DirectAccess server in each office, with our without a multi-site >> configuration, potentially with an SSP VPN appliance also at each office for >> backup and contractors, and call it good. >> >> Kurt >> >> On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff <kurt.b...@gmail.com> wrote: >>> I'm not sure either, but that's the task I've been given - not >>> necessarily to implement at this stage, but to scope out the >>> alternatives and come up with some possibilities. >>> >>> It's also why I'm seeing recommendations on commercial services, so >>> that our implementation requirements are minimized. >>> >>> Kurt >>> >>> On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale >>> <jcas...@activenetwerx.com> wrote: >>>> I've done a lot of openvpn setups in a myriad of formats, site to site, >>>> hub and spoke, client etc. >>>> It works well and there are even some lesser documented features that do >>>> some neat stuff but you are now rolling your solution and marinating it >>>> manually. >>>> Not sure how well that will scale unless you have a skilled team. >>>> >>>>> -----Original Message----- >>>>> From: listsad...@lists.myitforum.com >>>>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >>>>> Sent: Monday, November 13, 2017 5:22 PM >>>>> To: ntsysadm <NTSysADM@lists.myitforum.com> >>>>> Subject: [NTSysADM] Looking for a global VPN solution - looking >>>>> for input >>>>> >>>>> All, >>>>> >>>>> 1) For staff, currently we're using DirectAccess on 2012R2 as our >>>>> primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto >>>>> Global Protect) as primary for our overseas offices and secondary >>>>> for the US (Sonicwall). >>>>> >>>>> 2) In the US office, we also have contractors/consultants needing >>>>> to use our SSL VPN for access to various resources, and that will >>>>> likely expand to our overseas offices soon. Differentiation and >>>>> securing resources is even more important here than in 1). >>>>> >>>>> 3) We also stand up IPSec tunnels for vendors/partners as needed >>>>> (lab to lab), for interoperability/compatibility testing. >>>>> >>>>> We're looking to get into a solution that will take care of at >>>>> least the first two (and ideally the third as well), so that we >>>>> don't have so many platforms to support, and so that we can make >>>>> sure that staff in the field get the fasted connection available. >>>>> >>>>> I've taken a quick gander at the websites for vyprvpn (Golden >>>>> Frog), and OpenVPN (commercial client offering), but don't have >>>>> much of an opinion on them, as info about them is a bit thin. >>>>> >>>>> Anyone have experience with solutions like this, and care to comment? >>>>> >>>>> Thanks, >>>>> >>>>> Kurt >>>>> >>>> >> >> > >
