DirectAccess is a Microsoft remote access technology designed for managed (domain-joined) Windows client computers. Much like NetMotion Mobility, it provides seamless and transparent remote network connectivity. However, it differs dramatically in many important ways. This is part three in a continuing series of articles that will compare NetMotion Mobility and Microsoft DirectAccess in terms of their security, performance, visibility, supported clients, and solution support.
Having visibility in to remote client activity is crucial to ensuring the highest levels of performance for mobile workers. There are important security and compliance reasons for monitoring client activity too. Administrators may wish to understand application connectivity requirements and bandwidth usage. Security engineers are looking for indicators of compromise and often require detailed logging information for forensic review. The product of increased client visibility often informs policy decisions made by administrators that can be used to improve the end user experience and to remediate malware infected machines.
Visibility for connected DirectAccess clients is quite limited. By default, the DirectAccess management console provides only limited details about the remote connection. Basic information such as the client’s hostname, the IPv6 transition technology used to establish the connection, the duration of the connection, it’s IPv6 tunnel address, the server it connected to, and information about the amount of data transferred inbound and outbound are available to the administrator. However, DirectAccess lacks essential detailed information about client application connectivity and behavior. In addition, Microsoft does not enable historical data logging by default. If logging was not enabled during the initial configuration, even this minimal amount of information may not be available for review at all.
NetMotion Mobility offers deep insight in to client connectivity and application behavior for all traffic. The NetMotion Analytics module offers administrators a granular view of client behavior with detailed network usage reports that include comprehensive information about resource utilization down to the individual application and process level. Details about client connection status, and successful and failed connection attempts are also available. The ability to view which applications are being used and how often they are being launched is visible too. Client-side details such as battery status, network roaming, and even SSID usage can also be reported on.
NetMotion Diagnostics and Mobile IQ
In addition to the Analytics module that is part of the NetMotion Mobility solution, the NetMotion Diagnostics and Mobile IQ platforms offer even more visibility and deeper insight in to user and application behavior for mobile devices outside the firewall. Diagnostics provides low-level information about client device status and configuration, as well as highly detailed information about connectivity, location, and more. MobileIQ takes telemetry data from both Mobility and Diagnostics and presents that information with highly intuitive dashboards, allowing administrators to visualize and drill down in to real-time information being collected.
Having visibility in to the behavior and performance of mobile devices is crucial for providing the best experience and maintaining a positive security posture for mobile workers. Visibility provides administrators with the ability to observe and respond to security threats and malicious software in a timely manner. Risky behaviors can be identified and addressed, and usage trends can be identified, and policy put in place to optimize data usage, if required. Additionally, utilizing Diagnostics and Mobile IQ provides an order of magnitude more visibility than DirectAccess offers.