I have some technicians with laptops that roam all over the place, that needs to be allways connected back to the HQ. Normally clients needing access to the HQ network just gets access through a regular VPN solution.
But this is kind of a pain in the ass for them as they move frequently throughout the day, and they are asking for a solution that does not need them to keep entering their credentials multiple times daily, and waiting to logon to the VPN.
I have looked at MS Direct Access, and this seems to do excactly that. But this requires Enterprise licensing, i would hope to avoid that... Also, im not really sure what foot MS is standing at for the long term with Allways on being introduced (as a replacement for Direct Access?!?).
So i have thought about alternatives. I am NOT looking for more information, or start a debate, on Direct Access or Allways on VPN! I just want to hear experience and usefull stuff on alternatives.
First option i have thougt about is using Windows native IPsec from Windows PC to central firewall - to make a permanent host-to-site connection (possibly using AD certificates), that does not even run in user space or require anything from the user. Just like we do on a lot of our remote technical installations (router or endpoint equipment).
But i am not really sure if this can be done on a machine to site base. Googling seems a bit unclear for me on this...
The second option i have thougt about is using client VPN, that automatically connects, and reconnects, when the user is logged in to the workstation. But i dont know how reliable this will be. I dont want the users to troubleshoot connection problems, if the tunnels is not up, or be asked again about VPN credentials.
I was thinking about setting up a MS SSTP VPN server, and let Windows native client autoconnect to this with AD credentials. I think this would be possible to push out through GPOs too, wich is a nice bonus... Whats your experience here? Is this a workable and reliable solution?
Option three???
No comments:
Post a Comment