How does DirectAccess compare to Pertino
-
DA you have to host yourself. Pertino is cloud hosted for you giving you an enterprise backbone.
-
DA does not include support. Pertino comes with great support.
-
DA is just a VPN replacement. Pertino is the beginning of an SDN ecosystem with apps existing on the network. So what you see today is only foundational.
-
Pertino has automatic load balancing across the country (or globe.) DA does not include that ability although with some effort you could build your own.
-
DA will allow you to control latency better. Pertino you have less flexibility to adjust that.
-
Pertino has @josh and @tomta1 here in the community. DA does not
-
Are you working on your post count today @scottalanmiller ? LOL
All great points.
Do you know if Pertino is working on a gateway appliance to allow access to devices that you can't install their software directly on? Say an AS400 (iSeries).
-
They have a theoretical gateway already. But it isn't available. Making a gateway is known to be a requirement but it injects a lot if technical problems that they have to figure out before they can role one out. A gateway on a full mesh is a very confusing thing.
-
Scott: This goes back to our discussion we had at Pertino. I want it on my router (DD-WRT / Linux Based) make it happen. I recall you guys were ranting about the even crazier use cases for installing pertino on other devices than just the pcs and mobile. Support gave me a link to install the pertino client to my linux machine
I haven't tried it yet but sounds promising. -
@krisleslie said:
Scott: This goes back to our discussion we had at Pertino. I want it on my router (DD-WRT / Linux Based) make it happen. I recall you guys were ranting about the even crazier use cases for installing pertino on other devices than just the pcs and mobile. Support gave me a link to install the pertino client to my linux machine
I haven't tried it yet but sounds promising.Putting Pertino on a device as a gateway is a completely different security and business model. I know they are working on it, and @josh said that they actually had it implemented once in testing but there was no way to secure what was past the gateway.
So you put it in gateway mode on a laptop and take the laptop to Starbucks. Everyone on the wifi is now able to access your network.
Yeah that is a stupid admin that sets it up, but when you are trying to sell security, you need to think about that kind of thing.
Side note, don't use ddwrt in the first place.
-
@krisleslie said:
Scott: This goes back to our discussion we had at Pertino. I want it on my router (DD-WRT / Linux Based) make it happen. I recall you guys were ranting about the even crazier use cases for installing pertino on other devices than just the pcs and mobile. Support gave me a link to install the pertino client to my linux machine
I haven't tried it yet but sounds promising.We have Pertino running on Linux all over the place now
-
-
@JaredBusch said:
@krisleslie said:
Scott: This goes back to our discussion we had at Pertino. I want it on my router (DD-WRT / Linux Based) make it happen. I recall you guys were ranting about the even crazier use cases for installing pertino on other devices than just the pcs and mobile. Support gave me a link to install the pertino client to my linux machine
I haven't tried it yet but sounds promising.Putting Pertino on a device as a gateway is a completely different security and business model. I know they are working on it, and @josh said that they actually had it implemented once in testing but there was no way to secure what was past the gateway.
So you put it in gateway mode on a laptop and take the laptop to Starbucks. Everyone on the wifi is now able to access your network.
Yeah that is a stupid admin that sets it up, but when you are trying to sell security, you need to think about that kind of thing.
Side note, don't use ddwrt in the first place.
There is more than that too. How do you monetize if you go by device and suddenly devices are unlimited and unmeasurable? How do you handle the IP address assignments for devices that aren't getting it automatically assigned by the TUN device? That's actually one of the hardest parts - controlling the IP addressing scheme once you go with a gateway. That will cause all kinds of problems.
-
wait, what's wrong with Ddwrt?
-
@scottalanmiller said:
DirectAccess is IPv6 only. Pertino is both IPv4 and IPv6.
True for Server 2008. Not true for Server 2012.
But DA requires Win7 or Win8 Enterprise clients
-
@Dashrender said:
wait, what's wrong with Ddwrt?
Personal dislike for anything using consumer grade gear in a business setting.
@Bill-Kindle said:
hides in shame
use it at home if you want, but personally, I would not want to use it even there.
Nothing against linux based stuff. I ran ClearOS 5.2 for a long time, then switched to pfSense. I recently (last week) purchased an Ubiquiti EdgeRouter Lite for home since I am using it at client sites. Those are running Vyatta on some version of Debian (I believe).
-
@Dashrender said:
wait, what's wrong with Ddwrt?
Hobbyist firewall for home use. Not a bad system but not designed for business use and doesn't run on business class hardware. It's just meant for having fun with consumer ARM devices.
-
@RoguePacket said:
But DA requires Win7 or Win8 Enterprise clients
I was all excited for DA when I first heard about it, too. Then I read about it and learned that. Turned me right off.
-
@RoguePacket said:
@scottalanmiller said:
DirectAccess is IPv6 only. Pertino is both IPv4 and IPv6.
True for Server 2008. Not true for Server 2012.
But DA requires Win7 or Win8 Enterprise clients
Oh, IPv4 has been added?
Yes. You need enterprise on the clients. That's the only place that Microsoft offers that term.
-
@scottalanmiller "New & improved", right?
Reasonable reads (& for @dashrender)—
- http://blogs.technet.com/b/meamcs/archive/2012/05/03/windows-server-2012-direct-access-part-1-what-s-new.aspx (pt 1)
- http://blogs.technet.com/b/meamcs/archive/2012/05/14/windows-server-2012-direct-access-part-2-how-to-build-a-test-lab.aspx (pt 2)
- http://en.wikipedia.org/wiki/DirectAccess (short!)
@JaredBusch said:
@RoguePacket said:
But DA requires Win7 or Win8 Enterprise clients
I was all excited for DA when I first heard about it, too. Then I read about it and learned that. Turned me right off.
But, but, but MSFT employees need to put bread on the table for their families!!
