How does DirectAccess compare to Pertino
-
Not quite everything, I guess. We mainly use Hamachi for remote workers to access the corporate intranet, which is running on Windows 2003 Server. I believe Pertino won't support this
I've fallen at the first hurdle.
-
@Carnival-Boy you are correct. Hamachi is older and not maintained but has modes like full mesh, hub and spoke and gateway.
-
@Carnival-Boy said:
Not quite everything, I guess. We mainly use Hamachi for remote workers to access the corporate intranet, which is running on Windows 2003 Server. I believe Pertino won't support this
I've fallen at the first hurdle.
Read the above posts discussing the subject. I would never have deployed hamachi as you did for security purposes. Yes, it works, but I do not like the method.
Then again, I do not like a VPN gateway for users either since it does the same thing. For IT staff yes, but not users. -
Full mesh / SDN definitely brings some amazing new capabilities.
-
@JaredBusch said:
Read the above posts discussing the subject. I would never have deployed hamachi as you did for security purposes. Yes, it works, but I do not like the method.
Then again, I do not like a VPN gateway for users either since it does the same thing. For IT staff yes, but not users.I did, but I don't understand them
-
@Dashrender said:
I just read @bill-kindle post about a new 2012 R2 book that appears to focus on DirectAccess.
We've touched on it here in these boards recently - but what do you think?
I've been meaning to get around to setting up a DA lab with @tomta1 to see the differences personally. We've had customers choose to PAY for Pertino networks despite haveing both hardware VPNs and Server 2012 w/ DA due to two reasons: complexity to deploy (both) and end user experience (hardware/OS support for DA).
To be honest, when I first came to Pertino and saw DA, I was a little nervous. Competition isn't always a bad thing, especially when you're trying to create a new market, but it is a challenge when it is a "free" product packaged with a software our target customers are going to deploy anyway. Then I started to read about the limitations - Enterprise editions, Win 7/8 only, Win 7 is a completely different setup process, server has to compute all the network connections = single point of failure, no support, etc.
This is something we need to investigate first hand, but we aren't expecting it to impact our target user base all that much given the reliability, OS requirements, and configuration differences.
Thanks for bringing this top of mind!
-
@Josh TBH, I haven't seen very many people post about it in the forums either.
-
@Bill-Kindle said:
@Josh TBH, I haven't seen very many people post about it in the forums either.
No, DA has gotten nearly a complete snub in the SMB world because of the cost, complexity and limitations.
-
@Carnival-Boy said:
@JaredBusch said:
Read the above posts discussing the subject. I would never have deployed hamachi as you did for security purposes. Yes, it works, but I do not like the method.
Then again, I do not like a VPN gateway for users either since it does the same thing. For IT staff yes, but not users.I did, but I don't understand them
Seriously, if anyone could explain, in simple terms, the security risks in Hamachi (or similar VPN) I would be really, really grateful.
-
It's not the security risk of the VPN but of a gateway component. When you have a VPN that simply exposes a tunnel then anything that gets onto the network at one end has access to everything at the other end.
What Pertino is trying to do is bring a higher level of control and security assurance often to people lacking network engineers. If you have a gateway, this blinds Pertino's software to what is going onto the network and it lacks the ability to identify and cut off a foreign attacker that without a gateway it does naturally.
It is not that a gateway is insecure, it is that it lacks the lock down, visibility and control features that only a full mesh can provide.
-
@scottalanmiller said:
Pertino has automatic load balancing across the country (or globe.) DA does not include that ability although with some effort you could build your own.
DirectAccess can be set up to select servers by geolocation.
-
@Nara said:
@scottalanmiller said:
Pertino has automatic load balancing across the country (or globe.) DA does not include that ability although with some effort you could build your own.
DirectAccess can be set up to select servers by geolocation.
That's cool, is that a new feature added in later versions?
-
I set up DirectAccess over the weekend, and it only took me about 40 minutes. Server 2012's implementation is absurdly quick and easy for a basic single-server deployment. It even creates the necessary GPOs for you. All you need to do is select the group of computers it applies to and tweak any related DNS resolution table entries. If you want to go into a more advanced deployment, it could potentially get a bit more involved.
It's location-aware and doesn't enable itself when it can see the corporate network. The moment I switched over to an external network, DA engaged. If you have software assurance on your computers, you really should be considering this. While I haven't tested any quirky legacy applications with it, typical file services and use cases seem to work fine. If you test it and don't like it, you can use the same wizard to pull out the entire configuration, GPOs and all.
Having used both, they're really for different environments. Pertino's good for accessing other computers directly. DirectAccess is good for accessing infrastructure. If you're in a workgroup setup, Pertino would be great. You get the unstructured cross-communication that you'd expect. If you're on a domain, DirectAccess shines. You get timely connectivity to your environment when you need it, and don't need to modify any of your other servers or devices. I'm sure that as both technologies evolve and mature, things may change, but for now, that's how I've experienced it.
-
I assume that there is no means of using DA with Macs, for example?
-
@scottalanmiller said:
What Pertino is trying to do ....
Still don't have a firm "knowing" of what Pertino is, but that has been more helpful than anything thus far.
-
@scottalanmiller said:
It is not that a gateway is insecure, it is that it lacks the lock down, visibility and control features that only a full mesh can provide.
So what's the difference between Pertino's mesh and Hamachi in mesh mode?
The biggest problem I had trying to implement DA in Server 2008 was that I wasn't running Forefront UAG, and Microsoft made it very complicated to implement without it. Is that still the case with 2012?
-
@Carnival-Boy said:
@scottalanmiller said:
So what's the difference between Pertino's mesh and Hamachi in mesh mode?
At the moment they are pretty similar. Pertino's product is current and not many years abandoned though. Hamachi was abandonware when we moved off of it four or five years ago.
Hamachi isn't cross platform so if you have Linux or smartphones you are just out of luck which is hugely limiting today. Not sure if there is even Mac support. Pertino handles windows, Mac, Linux, android and iOS is on the way. After those I will be pushing them for FreeBSD.
But all this for hamachi is the last part of the story. With hamachi we are just waiting for things to spin down as they no longer push or develop the platform. With Pertino things are just spinning up and what you see today is just the tip of the iceberg.
Pertino's strength is in their vision and in how the platform is implemented. There is a lot of performance and robustness built in from day one.
-
@scottalanmiller said:
I assume that there is no means of using DA with Macs, for example?
Not at present. You can, however, use the same RAS servers for VPN. Perhaps if/when Macs gain more traction in the mainstream business market, we'll see that shift.