Unknown. We do have an EA with bridge licensing, but how quickly we move to the cloud is undetermined.
And, I haven't even looked at what O365/Azure Constrained Access" might be. Kurt On Tue, Nov 14, 2017 at 5:42 PM, Michael B. Smith <[email protected]> wrote: > Sorry I wasn't clear. > > I meant, will you require "Office 365/Azure Constrained Access"? > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Tuesday, November 14, 2017 8:21 PM > To: ntsysadm > Subject: Re: [NTSysADM] Looking for a global VPN solution - looking for input > > Do you mean need mobile/BYOD? > > Likely will, but whether we'll be on O365/Azure by then is an open question > in my mind. > > I'd prefer not, but I recognize that MSFT wants their money, so will do > everything they can to force us there. > > Kurt > > On Tue, Nov 14, 2017 at 1:56 PM, Michael B. Smith <[email protected]> > wrote: >> I can't speak to your environment, but many of my customers are pushing for >> Office 365/Azure Constrained Access. >> >> Especially because of mobile/BYOD. >> >> I suggest you should consider the likelihood or whether you'll NEED that >> capability within 5 years. >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Kurt Buff >> Sent: Tuesday, November 14, 2017 4:31 PM >> To: ntsysadm >> Subject: Re: [NTSysADM] Looking for a global VPN solution - looking >> for input >> >> Ran through your posts in this thread, and i have to say that it looks like >> the days of DA are numbered. >> >> However, if I implement it under 2016, it should be supported for at least 5 >> more years (assuming that Win10 still supports it, too). >> >> So, I'm not worried too much about that as such, but AVPN support for >> non-domain-joined devices looks very interesting, and the fact that DA only >> supported IPv6 was sometimes limiting. >> >> I think I'll explore AVPN a bit more, and probably include it as an option. >> >> On Mon, Nov 13, 2017 at 6:08 PM, Michael B. Smith <[email protected]> >> wrote: >>> So.... just a data point to consider. >>> >>> Microsoft is kinda moving away from DirectAccess. >>> >>> Many of the security functionalities added in Server 2016 won't work with >>> DA. >>> >>> Instead you need to be using their Automatic VPN. The endpoint isn't very >>> relevant, although they push RRAS. >>> >>> For example, WIP doesn't work properly with DA. Only with AVPN. >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Kurt Buff >>> Sent: Monday, November 13, 2017 8:19 PM >>> To: ntsysadm >>> Subject: Re: [NTSysADM] Looking for a global VPN solution - looking >>> for input >>> >>> Arg - that should be "seeking commercial services".. >>> >>> And, once I bring recommendations, it might well be that we just fall back >>> to a DirectAccess server in each office, with our without a multi-site >>> configuration, potentially with an SSP VPN appliance also at each office >>> for backup and contractors, and call it good. >>> >>> Kurt >>> >>> On Mon, Nov 13, 2017 at 5:03 PM, Kurt Buff <[email protected]> wrote: >>>> I'm not sure either, but that's the task I've been given - not >>>> necessarily to implement at this stage, but to scope out the >>>> alternatives and come up with some possibilities. >>>> >>>> It's also why I'm seeing recommendations on commercial services, so >>>> that our implementation requirements are minimized. >>>> >>>> Kurt >>>> >>>> On Mon, Nov 13, 2017 at 4:38 PM, Joseph L. Casale >>>> <[email protected]> wrote: >>>>> I've done a lot of openvpn setups in a myriad of formats, site to site, >>>>> hub and spoke, client etc. >>>>> It works well and there are even some lesser documented features that do >>>>> some neat stuff but you are now rolling your solution and marinating it >>>>> manually. >>>>> Not sure how well that will scale unless you have a skilled team. >>>>> >>>>>> -----Original Message----- >>>>>> From: [email protected] >>>>>> [mailto:[email protected]] On Behalf Of Kurt Buff >>>>>> Sent: Monday, November 13, 2017 5:22 PM >>>>>> To: ntsysadm <[email protected]> >>>>>> Subject: [NTSysADM] Looking for a global VPN solution - looking >>>>>> for input >>>>>> >>>>>> All, >>>>>> >>>>>> 1) For staff, currently we're using DirectAccess on 2012R2 as our >>>>>> primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto >>>>>> Global Protect) as primary for our overseas offices and secondary >>>>>> for the US (Sonicwall). >>>>>> >>>>>> 2) In the US office, we also have contractors/consultants needing >>>>>> to use our SSL VPN for access to various resources, and that will >>>>>> likely expand to our overseas offices soon. Differentiation and >>>>>> securing resources is even more important here than in 1). >>>>>> >>>>>> 3) We also stand up IPSec tunnels for vendors/partners as needed >>>>>> (lab to lab), for interoperability/compatibility testing. >>>>>> >>>>>> We're looking to get into a solution that will take care of at >>>>>> least the first two (and ideally the third as well), so that we >>>>>> don't have so many platforms to support, and so that we can make >>>>>> sure that staff in the field get the fasted connection available. >>>>>> >>>>>> I've taken a quick gander at the websites for vyprvpn (Golden >>>>>> Frog), and OpenVPN (commercial client offering), but don't have >>>>>> much of an opinion on them, as info about them is a bit thin. >>>>>> >>>>>> Anyone have experience with solutions like this, and care to comment? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Kurt >>>>>> >>>>> >>> >>> >> >> > >
