Excellent feedback.
Can you please elaborate on para 8. What do you mean by ‘discarded’? interally, most of our boxes have IPv6 enabled, but all communications use IPv4. Are you saying that the encapsulation of v6 in a v4 packet will not work with all apps and protocols? KnK From: [email protected] [mailto:[email protected]] On Behalf Of Emin Sent: Tuesday, March 15, 2016 03:53 PM To: [email protected] Subject: Re: [NTSysADM] DirectAccess 1. It's a project. There was a project manager, meetings, purchase orders, a schedule,.... Technically I did it myself with the help of a consultant. 2. Technically not difficult or time-consuming if you've followed a MS course https://www.microsoft.com/en-us/learning/course.aspx?cid=22411 The difficulty in this kind of projects is change management as well as getting the network and security guys do/accept what's required to implement this solution. 3. Deployment started with a pilot,... now we've slowed it down (because we gave users a brand new sexy and expensive laptop). We've 250 computers in production. 4. Yes, it does. 5. It depends on the target operating systems. Windows 7 is encrypting network packets twice, so it could be slower than a VPN. Anyway, we've focused on a specific user scenario and coupled the DA deployment with Offline Caching and Exchange cache mode. The feedback from users is excellent because they don't care if the tunnel is up or down, they just continue working. 6. Are your client machines running Win7 or Win8.x? Windows 7 7. AFAIK, CA requirement doesn't exist if you've only Windows 8 or more recent clients. 8. any unintended consequences of having always connected laptops? Yes, if you don't have full IPV6 internally, anything pushed or initiated from the intranet towards connected clients is discarded. Example: the helpdesk tool to remotely help the end user. On Tue, Mar 15, 2016 at 12:30 PM, Kish n Kepi <[email protected] <mailto:[email protected]> > wrote: I would like to hear from people who have implemented DirectAccess on Windows Server 2012 R2. 1. Did you do it yourself or hire a consultant 2. Was it difficult, or time-consuming to deploy the solution 3. To how many computers did you deploy 4. Does it work seamlessly as advertised 5. Is throughput same, faster or slower than conventional VPN? Any other questions I’m not knowledgeable enough to ask? Kish
