Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

5 posts

Wannabe Geek

# 173613 29-May-2015 12:33
Send private message

I've just started using Direct Access at a company I work at - although its limited to Windows devices,  it seems to work pretty well.

It got me thinking that, if you are in a reasonably big company and you're happy to restrict yourself to Windows based devices, then why would you bother with installing secure Wifi when you could just use Direct Access on a non secure network to access your company's servers and files and services etc - even when working from your desk?

What would the benefits of having both secure WiFi and Direct Access available be if you only used Windows based devices??

Does using secure WiFi lessen the load somehow for network administrators?

Or is it cheaper for an organisation to run with both for some reason?

I dont really know what the reason to have secure WiFi would be if Direct Access was available.... but there must be some reasons since when I looked into a bit more - it seems companies that use DA also have secure WiFi...

Any thoughts?


Create new topic
2116 posts

Uber Geek
+1 received by user: 1194

  # 1314050 29-May-2015 12:36
Send private message

Doesn't secure wifi encrypt the traffic so it can't just be sniffed by anyone.

Location: Dunedin


5 posts

Wannabe Geek

  # 1314070 29-May-2015 12:39
Send private message

Hi AndrewNZ - I have no idea.. So DA would be more secure than "secure" WiFI?



2258 posts

Uber Geek
+1 received by user: 703


  # 1314072 29-May-2015 12:45
One person supports this post
Send private message

Direct Access would make my life so much easier as a SysAdmin. I really wish it was available in W7/W8 Pro, not just Enterprise. 

255 posts

Ultimate Geek
+1 received by user: 53

  # 1314078 29-May-2015 13:00
Send private message

No experience with DA, but it sounds like you have to have some sort of WiFi for DA to use. If you are deploying WiFi in a "reasonably big company" then "turning on" the  security features of the WiFi isn't going to be a big deal in the scheme of things that need to be done to have an acceptably performing WiFi.

5 posts

Wannabe Geek

  # 1314145 29-May-2015 14:27
Send private message

Yeh the thing I like about DA is that you can use ANY WiFi access - public Wifi included - and it lets you access your company servers and services without having to go through any process - its like its always on so thats why I'm wondering what the advantage of having secure Wifi to do the same thing would be..
Maybe its a cost thing?
Or if I had 500 people using DA, then it would slow everything down ?

2258 posts

Uber Geek
+1 received by user: 703


  # 1314156 29-May-2015 14:44
Send private message

So what you're saying is why have internal WiFi when you could just come in to the firm over the internet using DirectAccess (VPN). In which case, because going over the internet is never going to be as fast or reliable as using a direct attachment to your internal network, bandwith cost, use of bandwidth etc etc. 

5 posts

Wannabe Geek

  # 1314159 29-May-2015 14:51
Send private message

Yeh I think youre right. - I figured a direct connection on WiFi MUST be better than using DA over WiFi then internet but Ive struggled to find any proof that it really makes much difference. Cheers


1508 posts

Uber Geek
+1 received by user: 213

  # 1314204 29-May-2015 15:50
Send private message

Having secure wifi is part and parcel of any of the wireless access controller and it ties to AD/Radius really easily. It is also fast and direct and ties directly into your core routers, switches and firewall.

Why would you egress all your internal network traffic to the internet, only to bring it back in through a direct access server. It makes no sense. Sure it is secured, but it is a dumb double handling of data. You also have to have the webservers set up internally for the clients to check if they are inside or outside the corpnet which adds to the infrastructure setup.

Direct access is an IPV6 transport/tunnel and makes some internal resources hard to get to. If it is not on your DNS, it may or may not be able to be accessed over DA. In particular, we have trouble with clients trying to RDP to non-domain test servers, where they work perfectly over an SSTP IPV4 VPN. Also related, routing is nearly impossible over DA, but it is trivial when your users are on a corporate network.

Lastly, if your DA server goes down or the NLA servers go down, suddenly all your internal clients wouldn't be able get to corporate resources.

Don't get me wrong, I love Direct Access, but what you are suggesting is much harder than just having simple radius secured WPA-Enterprise wifi. I am going to guess you have never had to set it up, but even the simplified and friendly DA in server 2012+ is much harder to set up than enterprise wifi and has a lot more places that it can go wrong. Even a bad gpupdate  can break the whole thing as it is pushed to the clients over group policy (Thankfully this is rare now.)

*EDIT* Sorry, not sure why I went into grumpy sysadmin mode there. I have had to install and upgrade every version since it was released as forefront UAG. It has caused plenty lost sleep because it is so critical for our staff to have access, so if it goes down, it is a big deal. The 2012R2 version on decent hardware has been rock solid though. Even server updates have failed to kill it unlike our previous 2012 and 2008R2/UAG server implementations.

Try Vultr using this link and get us both some credit:

5 posts

Wannabe Geek

  # 1314211 29-May-2015 15:57
Send private message

OK great - this helps clarify things a LOT!
The point about if DA falls over then we're all stuffed is a great one. 

Thanks to all who posted :)


Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20

New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09

ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05

New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35

Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39

TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18

E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34

Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51

Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47

100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35

5G uptake even faster than expected
Posted 12-Jun-2019 10:01

Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24

Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24

Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10

Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.