Licensing cost of MS Direct Access & MS Always-On VPN

How is the licensing cost charged for deploying MS Always-On VPN
and MS Direct Access?

Need to present a budget for it for the 250+ laptops (about half on
Win10+8 and the other half on Win 7).

We have Win 2012 R2 servers & our AD is running one.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mr MystikalCommented:
Hi Sunhux,

I'll try my best to help out here , if you have a Microsoft Account manager also loop them in with your concerns :

For the Windows workstations accessing the feature , you typically needed to be running Windows Enterprise OS's  , since Always-On VPN appears to be supported in Windows10 , you should be looking to upgrade your Win7 & 8 workstations when convenient , I think MS stops support January 2020 for Windows 7 , Windows 8.1 still has some life in it , but why hold back ?

Anyway , other than the Workstation licensing , you've also got your server infrastructure , with Direct Access you typically needed one or two servers in an NLB config for Direct Access role , and naturally you already have your DC's with CA capabilities,  depending on your choices with your certificates you could incur an additional cost for a trusted 3rd party cert.
Where Always-On VPN comes in , it's a traditional VPN connection with IKEv2 reconnect features and a chunk of nifty features added on , have a look at the prerequisites here : Always On VPN deployment for Windows Server and Windows 10 -

If you have a choice between Direct Access and Always-ON , from what I've researched , Always-On seems more hopeful , as we encountered a bit of a performance hit with Direct-Access due to it's double tap on encryption and decryption , so if you can rid yourself of your legacy machines , opt to either direct deploy Always-On or Migrate from Direct Access.

Hope this helps a little ?
sunhuxAuthor Commented:
So if the laptops are running Win 10 Pro or Win 8 Pro, they are not on
Windows Enterprise and thus we have to upgrade them to Win 10 or
8 Enterprise and roughly what's the cost like for upgrading?

If we don't upgrade (to save us the labour of upgrading), will it work
technically if we just pay the difference in the licence cost?
Jian An LimSolutions ArchitectCommented:
direct access will need (windows 7,8.1 or 10) enterprise edition, but always on VPN support any version of windows 10

deploying direct access need a windows 2008r2 or 2012r2
deploying always on vpn need a windows 2016.

for device, i think it is better to engage a local reseller to quote you the latest, personally, I don't see a reason to upgrade existing windows 7 or 7.1 to the highest version

your proposal is to move forward and not offering co-existence.
Always on VPN will be cheaper to run in an overall picture.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Don't forget about needing CALS for the OS providing the service
sunhuxAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.