In last week blog, I wrote about SSTP – the new VPN tunnel which goes over HTTPS – hence increasing the coverage area of VPN connection to “everywhere”. Today I am going to talk about advantages of SSTP compared to “network extension or full tunnel” solution delivered by other SSL products.
Note: I am not comparing web based access (i.e. clientless access) delivered by SSL vendors with SSTP.
* SSTP client will be available inside Vista SP1 clients and SSTP server will be available in LH Server OS.
* Integrated NAP support for client health-check. And NAP includes support for different kind of health check with extensibility by third party vendors (like antivirus, firewall etc).
* Full support for IPv6. SSTP VPN tunnel can be established across IPv6 internet. And IPv6 (or PPPv6) can be sent over SSTP based VPN tunnel.
* SSTP establishes single HTTPS channel from client to server – compared to two channel approach done by other vendors. This leads to better networ utilization (because outer TCP ACK/data can be piggy-backed) and load balancing story (every VPN session is one HTTPS session)
The good part of SSTP is it integrates with MS RAS client/server infrastructure seamlessly. For example, SSTP supports password + strong user authentication (like smart-card, RSA securID, etc) using various PPP authentication algorithm. Other features of RAS (like generating profiles using connection manager administration kit, remote access policies, etc) – just works – similar to other PPTP/L2TP.
This means just enable SSTP as a VPN tunnel on remote access client and RRAS server side and you are ready to go.
Lead Program Manager
RRAS, Windows Enterprise Networking
[This posting is provided “AS IS” with no warranties, and confers no rights.]