How does DirectAccess compare to Pertino

scottalanmiller

@Dashrender said:

wait, what's wrong with Ddwrt?

Hobbyist firewall for home use. Not a bad system but not designed for business use and doesn't run on business class hardware. It's just meant for having fun with consumer ARM devices.

JaredBusch

@RoguePacket said:

But DA requires Win7 or Win8 Enterprise clients

I was all excited for DA when I first heard about it, too. Then I read about it and learned that. Turned me right off.

scottalanmiller

@RoguePacket said:

@scottalanmiller said:

DirectAccess is IPv6 only. Pertino is both IPv4 and IPv6.

True for Server 2008. Not true for Server 2012.

But DA requires Win7 or Win8 Enterprise clients

Oh, IPv4 has been added?

Yes. You need enterprise on the clients. That's the only place that Microsoft offers that term.

RoguePacket

@scottalanmiller "New & improved", right?

Reasonable reads (& for @dashrender)—

• http://blogs.technet.com/b/meamcs/archive/2012/05/03/windows-server-2012-direct-access-part-1-what-s-new.aspx (pt 1)
• http://blogs.technet.com/b/meamcs/archive/2012/05/14/windows-server-2012-direct-access-part-2-how-to-build-a-test-lab.aspx (pt 2)
• http://en.wikipedia.org/wiki/DirectAccess (short!)

@JaredBusch said:

@RoguePacket said:

But DA requires Win7 or Win8 Enterprise clients

I was all excited for DA when I first heard about it, too. Then I read about it and learned that. Turned me right off.

But, but, but MSFT employees need to put bread on the table for their families!!

Lost_Signal773

@RoguePacket You can do Windows Enterprise now WITHOUT SA (its not cheap, but its doable).

RoguePacket

@Lost_Signal773 Don't bring that up to M- Olan. Someone would be liable to get hurt.

Carnival Boy

I tried to get a guy to setup DirectAccess here about 3 years ago. He completely failed, I don't know why. It did seem very complicated to setup. We've been using Hamachi for a couple of years, without any major issues. The only issue is that very occasionally the Hamachi service sometimes needs restarting on the client for whatever reason. The one thing I really want is iOS access. Hamachi released a beta app a year or so ago, but it's still in beta for some reason and I've never managed to get it working.

I've just started trialling Pertino. Erm, how does Hamachi compare to Pertino?

A Former User

@Carnival-Boy said:

I've just started trialling Pertino. Erm, how does Hamachi compare to Pertino?

I am on my phone so I am going to have to keep in short, but Pertino will give you everything Hamachi does, plus more. The community loves Pertino, LogMeIn, not so much

Carnival Boy

Not quite everything, I guess. We mainly use Hamachi for remote workers to access the corporate intranet, which is running on Windows 2003 Server. I believe Pertino won't support this

I've fallen at the first hurdle.

scottalanmiller

@Carnival-Boy you are correct. Hamachi is older and not maintained but has modes like full mesh, hub and spoke and gateway.

JaredBusch

@Carnival-Boy said:

Not quite everything, I guess. We mainly use Hamachi for remote workers to access the corporate intranet, which is running on Windows 2003 Server. I believe Pertino won't support this

I've fallen at the first hurdle.

Read the above posts discussing the subject. I would never have deployed hamachi as you did for security purposes. Yes, it works, but I do not like the method.
Then again, I do not like a VPN gateway for users either since it does the same thing. For IT staff yes, but not users.

scottalanmiller

Full mesh / SDN definitely brings some amazing new capabilities.

Carnival Boy

@JaredBusch said:

Read the above posts discussing the subject. I would never have deployed hamachi as you did for security purposes. Yes, it works, but I do not like the method.
Then again, I do not like a VPN gateway for users either since it does the same thing. For IT staff yes, but not users.

I did, but I don't understand them

Josh

@Dashrender said:

I just read @bill-kindle post about a new 2012 R2 book that appears to focus on DirectAccess.

We've touched on it here in these boards recently - but what do you think?

I've been meaning to get around to setting up a DA lab with @tomta1 to see the differences personally. We've had customers choose to PAY for Pertino networks despite haveing both hardware VPNs and Server 2012 w/ DA due to two reasons: complexity to deploy (both) and end user experience (hardware/OS support for DA).

To be honest, when I first came to Pertino and saw DA, I was a little nervous. Competition isn't always a bad thing, especially when you're trying to create a new market, but it is a challenge when it is a "free" product packaged with a software our target customers are going to deploy anyway. Then I started to read about the limitations - Enterprise editions, Win 7/8 only, Win 7 is a completely different setup process, server has to compute all the network connections = single point of failure, no support, etc.

This is something we need to investigate first hand, but we aren't expecting it to impact our target user base all that much given the reliability, OS requirements, and configuration differences.

Thanks for bringing this top of mind!

Bill Kindle

@Josh TBH, I haven't seen very many people post about it in the forums either.

scottalanmiller

@Bill-Kindle said:

@Josh TBH, I haven't seen very many people post about it in the forums either.

No, DA has gotten nearly a complete snub in the SMB world because of the cost, complexity and limitations.

Carnival Boy

@Carnival-Boy said:

@JaredBusch said:

Read the above posts discussing the subject. I would never have deployed hamachi as you did for security purposes. Yes, it works, but I do not like the method.
Then again, I do not like a VPN gateway for users either since it does the same thing. For IT staff yes, but not users.

I did, but I don't understand them

Seriously, if anyone could explain, in simple terms, the security risks in Hamachi (or similar VPN) I would be really, really grateful.

scottalanmiller

It's not the security risk of the VPN but of a gateway component. When you have a VPN that simply exposes a tunnel then anything that gets onto the network at one end has access to everything at the other end.

What Pertino is trying to do is bring a higher level of control and security assurance often to people lacking network engineers. If you have a gateway, this blinds Pertino's software to what is going onto the network and it lacks the ability to identify and cut off a foreign attacker that without a gateway it does naturally.

It is not that a gateway is insecure, it is that it lacks the lock down, visibility and control features that only a full mesh can provide.

Nara

@scottalanmiller said:

Pertino has automatic load balancing across the country (or globe.) DA does not include that ability although with some effort you could build your own.

DirectAccess can be set up to select servers by geolocation.

scottalanmiller

@Nara said:

@scottalanmiller said:

Pertino has automatic load balancing across the country (or globe.) DA does not include that ability although with some effort you could build your own.

DirectAccess can be set up to select servers by geolocation.

That's cool, is that a new feature added in later versions?