How does DirectAccess compare to Pertino

scottalanmiller

@krisleslie said:

Scott: This goes back to our discussion we had at Pertino. I want it on my router (DD-WRT / Linux Based) make it happen. I recall you guys were ranting about the even crazier use cases for installing pertino on other devices than just the pcs and mobile. Support gave me a link to install the pertino client to my linux machine I haven't tried it yet but sounds promising.

We have Pertino running on Linux all over the place now

Bill Kindle

@JaredBusch said:

Side note, don't use ddwrt in the first place.

hides in shame

scottalanmiller

@JaredBusch said:

@krisleslie said:

Scott: This goes back to our discussion we had at Pertino. I want it on my router (DD-WRT / Linux Based) make it happen. I recall you guys were ranting about the even crazier use cases for installing pertino on other devices than just the pcs and mobile. Support gave me a link to install the pertino client to my linux machine I haven't tried it yet but sounds promising.

Putting Pertino on a device as a gateway is a completely different security and business model. I know they are working on it, and @josh said that they actually had it implemented once in testing but there was no way to secure what was past the gateway.

So you put it in gateway mode on a laptop and take the laptop to Starbucks. Everyone on the wifi is now able to access your network.

Yeah that is a stupid admin that sets it up, but when you are trying to sell security, you need to think about that kind of thing.

Side note, don't use ddwrt in the first place.

There is more than that too. How do you monetize if you go by device and suddenly devices are unlimited and unmeasurable? How do you handle the IP address assignments for devices that aren't getting it automatically assigned by the TUN device? That's actually one of the hardest parts - controlling the IP addressing scheme once you go with a gateway. That will cause all kinds of problems.

Dashrender

wait, what's wrong with Ddwrt?

RoguePacket

@scottalanmiller said:

DirectAccess is IPv6 only. Pertino is both IPv4 and IPv6.

True for Server 2008. Not true for Server 2012.

But DA requires Win7 or Win8 Enterprise clients

JaredBusch

@Dashrender said:

wait, what's wrong with Ddwrt?

Personal dislike for anything using consumer grade gear in a business setting.

@Bill-Kindle said:

hides in shame

use it at home if you want, but personally, I would not want to use it even there.

Nothing against linux based stuff. I ran ClearOS 5.2 for a long time, then switched to pfSense. I recently (last week) purchased an Ubiquiti EdgeRouter Lite for home since I am using it at client sites. Those are running Vyatta on some version of Debian (I believe).

scottalanmiller

@Dashrender said:

wait, what's wrong with Ddwrt?

Hobbyist firewall for home use. Not a bad system but not designed for business use and doesn't run on business class hardware. It's just meant for having fun with consumer ARM devices.

JaredBusch

@RoguePacket said:

But DA requires Win7 or Win8 Enterprise clients

I was all excited for DA when I first heard about it, too. Then I read about it and learned that. Turned me right off.

scottalanmiller

@RoguePacket said:

@scottalanmiller said:

DirectAccess is IPv6 only. Pertino is both IPv4 and IPv6.

True for Server 2008. Not true for Server 2012.

But DA requires Win7 or Win8 Enterprise clients

Oh, IPv4 has been added?

Yes. You need enterprise on the clients. That's the only place that Microsoft offers that term.

RoguePacket

@scottalanmiller "New & improved", right?

Reasonable reads (& for @dashrender)—

• http://blogs.technet.com/b/meamcs/archive/2012/05/03/windows-server-2012-direct-access-part-1-what-s-new.aspx (pt 1)
• http://blogs.technet.com/b/meamcs/archive/2012/05/14/windows-server-2012-direct-access-part-2-how-to-build-a-test-lab.aspx (pt 2)
• http://en.wikipedia.org/wiki/DirectAccess (short!)

@JaredBusch said:

@RoguePacket said:

But DA requires Win7 or Win8 Enterprise clients

I was all excited for DA when I first heard about it, too. Then I read about it and learned that. Turned me right off.

But, but, but MSFT employees need to put bread on the table for their families!!

Lost_Signal773

@RoguePacket You can do Windows Enterprise now WITHOUT SA (its not cheap, but its doable).

RoguePacket

@Lost_Signal773 Don't bring that up to M- Olan. Someone would be liable to get hurt.

Carnival Boy

I tried to get a guy to setup DirectAccess here about 3 years ago. He completely failed, I don't know why. It did seem very complicated to setup. We've been using Hamachi for a couple of years, without any major issues. The only issue is that very occasionally the Hamachi service sometimes needs restarting on the client for whatever reason. The one thing I really want is iOS access. Hamachi released a beta app a year or so ago, but it's still in beta for some reason and I've never managed to get it working.

I've just started trialling Pertino. Erm, how does Hamachi compare to Pertino?

A Former User

@Carnival-Boy said:

I've just started trialling Pertino. Erm, how does Hamachi compare to Pertino?

I am on my phone so I am going to have to keep in short, but Pertino will give you everything Hamachi does, plus more. The community loves Pertino, LogMeIn, not so much

Carnival Boy

Not quite everything, I guess. We mainly use Hamachi for remote workers to access the corporate intranet, which is running on Windows 2003 Server. I believe Pertino won't support this

I've fallen at the first hurdle.

scottalanmiller

@Carnival-Boy you are correct. Hamachi is older and not maintained but has modes like full mesh, hub and spoke and gateway.

JaredBusch

@Carnival-Boy said:

Not quite everything, I guess. We mainly use Hamachi for remote workers to access the corporate intranet, which is running on Windows 2003 Server. I believe Pertino won't support this

I've fallen at the first hurdle.

Read the above posts discussing the subject. I would never have deployed hamachi as you did for security purposes. Yes, it works, but I do not like the method.
Then again, I do not like a VPN gateway for users either since it does the same thing. For IT staff yes, but not users.

scottalanmiller

Full mesh / SDN definitely brings some amazing new capabilities.

Carnival Boy

@JaredBusch said:

Read the above posts discussing the subject. I would never have deployed hamachi as you did for security purposes. Yes, it works, but I do not like the method.
Then again, I do not like a VPN gateway for users either since it does the same thing. For IT staff yes, but not users.

I did, but I don't understand them

Josh

@Dashrender said:

I just read @bill-kindle post about a new 2012 R2 book that appears to focus on DirectAccess.

We've touched on it here in these boards recently - but what do you think?

I've been meaning to get around to setting up a DA lab with @tomta1 to see the differences personally. We've had customers choose to PAY for Pertino networks despite haveing both hardware VPNs and Server 2012 w/ DA due to two reasons: complexity to deploy (both) and end user experience (hardware/OS support for DA).

To be honest, when I first came to Pertino and saw DA, I was a little nervous. Competition isn't always a bad thing, especially when you're trying to create a new market, but it is a challenge when it is a "free" product packaged with a software our target customers are going to deploy anyway. Then I started to read about the limitations - Enterprise editions, Win 7/8 only, Win 7 is a completely different setup process, server has to compute all the network connections = single point of failure, no support, etc.

This is something we need to investigate first hand, but we aren't expecting it to impact our target user base all that much given the reliability, OS requirements, and configuration differences.

Thanks for bringing this top of mind!