Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Why bother to use secure Enterprise WiFi when I could use Microsoft's Direct Access on a non secure WiFi network?
schulzbot

5 posts

Wannabe Geek


#173613 29-May-2015 12:33
Send private message

I've just started using Direct Access at a company I work at - although its limited to Windows devices,  it seems to work pretty well.

It got me thinking that, if you are in a reasonably big company and you're happy to restrict yourself to Windows based devices, then why would you bother with installing secure Wifi when you could just use Direct Access on a non secure network to access your company's servers and files and services etc - even when working from your desk?

What would the benefits of having both secure WiFi and Direct Access available be if you only used Windows based devices??

Does using secure WiFi lessen the load somehow for network administrators?

Or is it cheaper for an organisation to run with both for some reason?

I dont really know what the reason to have secure WiFi would be if Direct Access was available.... but there must be some reasons since when I looked into a bit more - it seems companies that use DA also have secure WiFi...


Any thoughts?

Thanks!

Create new topic
andrewNZ
2487 posts

Uber Geek
Inactive user


  #1314050 29-May-2015 12:36
Send private message

Doesn't secure wifi encrypt the traffic so it can't just be sniffed by anyone.



schulzbot

5 posts

Wannabe Geek


  #1314070 29-May-2015 12:39
Send private message

Hi AndrewNZ - I have no idea.. So DA would be more secure than "secure" WiFI?

Cheers

lxsw20
3552 posts

Uber Geek

Subscriber

  #1314072 29-May-2015 12:45
Send private message

Direct Access would make my life so much easier as a SysAdmin. I really wish it was available in W7/W8 Pro, not just Enterprise. 



xontech
268 posts

Ultimate Geek


  #1314078 29-May-2015 13:00
Send private message

No experience with DA, but it sounds like you have to have some sort of WiFi for DA to use. If you are deploying WiFi in a "reasonably big company" then "turning on" the  security features of the WiFi isn't going to be a big deal in the scheme of things that need to be done to have an acceptably performing WiFi.

schulzbot

5 posts

Wannabe Geek


  #1314145 29-May-2015 14:27
Send private message

Yeh the thing I like about DA is that you can use ANY WiFi access - public Wifi included - and it lets you access your company servers and services without having to go through any process - its like its always on so thats why I'm wondering what the advantage of having secure Wifi to do the same thing would be..
Maybe its a cost thing?
Or if I had 500 people using DA, then it would slow everything down ?

lxsw20
3552 posts

Uber Geek

Subscriber

  #1314156 29-May-2015 14:44
Send private message

So what you're saying is why have internal WiFi when you could just come in to the firm over the internet using DirectAccess (VPN). In which case, because going over the internet is never going to be as fast or reliable as using a direct attachment to your internal network, bandwith cost, use of bandwidth etc etc. 

schulzbot

5 posts

Wannabe Geek


  #1314159 29-May-2015 14:51
Send private message

Yeh I think youre right. - I figured a direct connection on WiFi MUST be better than using DA over WiFi then internet but Ive struggled to find any proof that it really makes much difference. Cheers

 
 
 
 

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).
toyonut
1508 posts

Uber Geek


  #1314204 29-May-2015 15:50
Send private message

Having secure wifi is part and parcel of any of the wireless access controller and it ties to AD/Radius really easily. It is also fast and direct and ties directly into your core routers, switches and firewall.

Why would you egress all your internal network traffic to the internet, only to bring it back in through a direct access server. It makes no sense. Sure it is secured, but it is a dumb double handling of data. You also have to have the webservers set up internally for the clients to check if they are inside or outside the corpnet which adds to the infrastructure setup.

Direct access is an IPV6 transport/tunnel and makes some internal resources hard to get to. If it is not on your DNS, it may or may not be able to be accessed over DA. In particular, we have trouble with clients trying to RDP to non-domain test servers, where they work perfectly over an SSTP IPV4 VPN. Also related, routing is nearly impossible over DA, but it is trivial when your users are on a corporate network.

Lastly, if your DA server goes down or the NLA servers go down, suddenly all your internal clients wouldn't be able get to corporate resources.

Don't get me wrong, I love Direct Access, but what you are suggesting is much harder than just having simple radius secured WPA-Enterprise wifi. I am going to guess you have never had to set it up, but even the simplified and friendly DA in server 2012+ is much harder to set up than enterprise wifi and has a lot more places that it can go wrong. Even a bad gpupdate  can break the whole thing as it is pushed to the clients over group policy (Thankfully this is rare now.)

*EDIT* Sorry, not sure why I went into grumpy sysadmin mode there. I have had to install and upgrade every version since it was released as forefront UAG. It has caused plenty lost sleep because it is so critical for our staff to have access, so if it goes down, it is a big deal. The 2012R2 version on decent hardware has been rock solid though. Even server updates have failed to kill it unlike our previous 2012 and 2008R2/UAG server implementations.




Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B

schulzbot

5 posts

Wannabe Geek


  #1314211 29-May-2015 15:57
Send private message

OK great - this helps clarify things a LOT!
The point about if DA falls over then we're all stuffed is a great one. 
Hmm..

Thanks to all who posted :)

Cheers 

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright