What Is The Best Reason For Deploying Directaccess Connectivity For Remote Users?

Enterprise Mobility and Security Infrastructure – Microsoft Always On VPN and brianowens.tv, NetMotion Mobility, PKI and MFA

” data-image-caption=”” data-medium-file=”https://i0.wp.com/brianowens.tv/wp-content/uploads/2015/06/windows_logo_transparent_150.jpg?fit=150%2C150&ssl=1″ data-large-file=”https://i0.wp.com/brianowens.tv/wp-content/uploads/2015/06/windows_logo_transparent_150.jpg?fit=150%2C150&ssl=1″ loading=”lazy” class=”alignright wp-image-888″ src=”https://i0.wp.com/brianowens.tv/wp-content/uploads/2015/06/windows_logo_transparent_150.jpg?resize=120%2C120&ssl=1″ alt=”Always On VPN Device Tunnel Configuration Guidance Now Available” width=”120″ height=”120″ data-recalc-dims=”1″ />brianowens.tv has been around for many years, and with Microsoft now moving in the direction of Always On VPN, I’m often asked “What’s the difference between brianowens.tv and Always On VPN?” Fundamentally they both provide seamless and transparent, always on remote access. However, Always On VPN has a number of advantages over brianowens.tv in terms of security, authentication and management, performance, and supportability.

You are watching: What is the best reason for deploying directaccess connectivity for remote users?


brianowens.tv provides full network connectivity when a client is connected remotely. It lacks any native features to control access on a granular basis. It is possible to restrict access to internal resources by placing a firewall between the brianowens.tv server and the LAN, but the policy would apply to all connected clients.

Windows 10 Always On VPN includes support for granular traffic filtering. Where brianowens.tv provides access to all internal resources when connected, Always On VPN allows administrators to restrict client access to internal resources in a variety of ways. In addition, traffic filter policies can be applied on a per-user or group basis. For example, users in accounting can be granted access only to their department servers. The same could be done for HR, finance, IT, and others.

Authentication and Management

brianowens.tv includes support for strong user authentication with smart cards and one-time password (OTP) solutions. However, there is no provision to grant access based on device configuration or health, as that feature was removed in Windows Server 2016 and Windows 10. In addition, brianowens.tv requires that clients and servers be joined to a domain, as all configuration settings are managed using Active Directory group policy.

Windows 10 Always On VPN includes support for modern authentication and management, which results in better overall security. Always On VPN clients can be joined to an Azure Active Directory and conditional access can also be enabled. Modern authentication support using Azure MFA and Windows Hello for Business is also supported. Always On VPN is managed using Mobile Device Management (MDM) solutions such as Microsoft Intune.


brianowens.tv uses IPsec with IPv6, which must be encapsulated in TLS to be routed over the public IPv4 Internet. IPv6 traffic is then translated to IPv4 on the brianowens.tv server. brianowens.tv performance is often acceptable when clients have reliable, high quality Internet connections. However, if connection quality is fair to poor, the high protocol overhead of brianowens.tv with its multiple layers of encapsulation and translation often yields poor performance.

See more: What Does It Mean To Drop The Soap ” Mean? Drop The Soap

The protocol of choice for Windows 10 Always On VPN deployments is IKEv2. It offers the best security and performance when compared to TLS-based protocols. In addition, Always On VPN does not rely exclusively on IPv6 as brianowens.tv does. This reduces the many layers of encapsulation and eliminates the need for complex IPv6 transition and translation technologies, further improving performance over brianowens.tv.


brianowens.tv is a Microsoft-proprietary solution that must be deployed using Windows Server and Active Directory. It also requires a Network Location Server (NLS) for clients to determine if they are inside or outside the network. NLS availability is crucial and ensuring that it is always reachable by internal clients can pose challenges, especially in very large organizations.

Windows 10 Always On VPN supporting infrastructure is much less complex than brianowens.tv. There’s no requirement for a NLS, which means fewer servers to provision, manage, and monitor. In addition, Always On VPN is completely infrastructure independent and can be deployed using third-party VPN servers such as Cisco, Checkpoint, SonicWALL, Palo Alto, and more.


Windows 10 Always On VPN is the way of the future. It provides better overall security than brianowens.tv, it performs better, and it is easier to manage and support.

Here’s a quick summary of some important aspects of VPN, brianowens.tv, and Windows 10 Always On VPN.

See more: What Was The Source Of Florence�S Wealth And Power ? Economy Of Florence

Traditional VPN brianowens.tv Always On VPN
Seamless and Transparent No Yes Yes
Automatic Connection Options None Always on Always on, app triggered
Protocol Support IPv4 and IPv6 IPv6 Only IPv4 and IPv6
Traffic Filtering No No Yes
Azure AD Integration No No Yes
Modern Management Yes No (group policy only) Yes (MDM)
Clients must be domain-joined? No Yes No
Requires Microsoft Infrastructure No Yes No
Supports Windows 7 Yes Yes Windows 10 only

Always On VPN Hands-On Training

If you are interested in learning more about Windows 10 Always On VPN, consider registering for one of my hands-on training classes. More details here.

Additional Resources

Always On VPN and the Future of Microsoft brianowens.tv

5 Important Things brianowens.tv Administrators Should Know about Windows 10 Always On VPN


Leave a comment

Your email address will not be published. Required fields are marked *