Comparing NetMotion Mobility and Microsoft DirectAccess
DirectAccess is a Microsoft remote access technology designed for managed (domain-joined) Windows client computers. Much like NetMotion Mobility®, it provides seamless and transparent remote network connectivity. However, it differs dramatically in many important ways. This is part two in a series of articles that compare NetMotion Mobility and Microsoft DirectAccess in terms of their security, performance, visibility, supported clients and solution support.
Part 2) Comparing Performance
Both Microsoft DirectAccess and NetMotion Mobility provide a VPN connection between client and server, but they do this in different ways. How each solution establishes and maintains its connection has a tremendous impact on device performance.
Unlike DirectAccess, Mobility offers advanced features that are built to perform in wireless environments. This focus on mobile uniquely positions NetMotion to deliver its users access to the same high-speed performance they experience in wired environments.
DirectAccess uses authenticated and encrypted IPsec to establish secure tunnels for remote client communication. IPsec VPNs are not uncommon, and typically they provide reasonable performance. However, the DirectAccess connection is much more complicated than simple IPsec and often leads to poor performance for remote connections.
DirectAccess relies exclusively on IPv6 for transport, which means an IPv6 transition technology must be leveraged to allow communication over the more common IPv4 Internet. The most commonly deployed IPv6 transition technology is IP-HTTPS, which encapsulates IPv6 traffic in IPv4 using HTTP. SSL/TLS is used for authentication. Depending on DirectAccess configuration settings and the client’s operating system, IP-HTTPS will also use encryption.
Double Encryption for IP-HTTPS
In many cases IP-HTTPS will encrypt the encapsulated IPsec traffic, which itself is already encrypted. This double encryption is gratuitous and dramatically increases protocol overhead, which leads to fragmentation, increased network latency and reduced throughput. In addition, server scalability and performance are reduced significantly as the number of concurrent users increases.
IPv6 is not widely deployed on corporate networks today, so the DirectAccess server must also translate IPv6 traffic from DirectAccess clients to IPv4 for internal hosts. A DNS proxy running on the DirectAccess server is used to translate DNS queries on behalf of the client, and an IPv6 to IPv4 NAT service translates IPv6 packets to IPv4. Here again, the server must perform additional work to facilitate remote communication for DirectAccess clients. This results in increased resource utilization on the DirectAccess server, and degraded performance for all connected DirectAccess clients.
Mobility uses IPv4 natively, eliminating the need for version encapsulation and translation. Mobility also relies on the User Datagram Protocol (UDP) for transport, which is arguably better suited for communication over unreliable networks than the Transmission Control Protocol (TCP) used by DirectAccess.
Mobility’s proprietary transport protocol improves mobile communication and data streaming. Mobility boasts native support for data compression and acceleration, traffic prioritization, error correction, automatic packet loss recovery, and session persistence to ensure optimal and reliable wireless connections even over high latency or high loss links such as cellular and satellite networks.
To further improve performance, Mobility can enact policies to ensure mission-critical applications receive highest priority. Policies can also be implemented to prevent superfluous traffic from travelling over a remote connection with reduced bandwidth. In addition, the Mobility client can be configured to automatically roam between networks (for example between cellular and Wi-Fi) based on available bandwidth to ensure optimal performance.
Providing optimal performance is crucial to maintaining the highest levels of productivity for mobile workers. The mechanics of DirectAccess, with its burdensome connectivity requirements and complex protocols, compromises mobile performance even under the best circumstances. In contrast, Mobility is designed to support remote access, so it’s features don’t depend on reliable connectivity. Mobility provides an efficient, high performance, and streamlined remote access connection with advanced capabilities to further optimize connectivity during times of limited bandwidth. The result is that NetMotion Mobility provides the fastest and most stable remote access experience and ensures the best possible wireless performance for mission critical data and applications.
Guest Author: Richard Hicks | Founder & Principal Consultant, Richard M. Hicks Consulting
The views and opinions of guest authors do not necessarily reflect the views and opinions of NetMotion Software.
- Voices of NetMotion: working parents in the age of Covid
- IDC Technology Spotlight discusses the evolution of SDP for mobile remote access
- A majority of enterprises can bridge the gap to Zero Trust by migrating their VPN to the Cloud
- NetMotion featured in the Verizon Mobile Security Index 2021
- UK IT leaders are on the ball when it comes to SASE