Licensing cost of MS Direct Access & MS Always-On VPN

sunhux used Ask the Experts™
How is the licensing cost charged for deploying MS Always-On VPN
and MS Direct Access?

Need to present a budget for it for the 250+ laptops (about half on
Win10+8 and the other half on Win 7).

We have Win 2012 R2 servers & our AD is running one.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi Sunhux,

I'll try my best to help out here , if you have a Microsoft Account manager also loop them in with your concerns :

For the Windows workstations accessing the feature , you typically needed to be running Windows Enterprise OS's  , since Always-On VPN appears to be supported in Windows10 , you should be looking to upgrade your Win7 & 8 workstations when convenient , I think MS stops support January 2020 for Windows 7 , Windows 8.1 still has some life in it , but why hold back ?

Anyway , other than the Workstation licensing , you've also got your server infrastructure , with Direct Access you typically needed one or two servers in an NLB config for Direct Access role , and naturally you already have your DC's with CA capabilities,  depending on your choices with your certificates you could incur an additional cost for a trusted 3rd party cert.
Where Always-On VPN comes in , it's a traditional VPN connection with IKEv2 reconnect features and a chunk of nifty features added on , have a look at the prerequisites here : Always On VPN deployment for Windows Server and Windows 10 -

If you have a choice between Direct Access and Always-ON , from what I've researched , Always-On seems more hopeful , as we encountered a bit of a performance hit with Direct-Access due to it's double tap on encryption and decryption , so if you can rid yourself of your legacy machines , opt to either direct deploy Always-On or Migrate from Direct Access.

Hope this helps a little ?


So if the laptops are running Win 10 Pro or Win 8 Pro, they are not on
Windows Enterprise and thus we have to upgrade them to Win 10 or
8 Enterprise and roughly what's the cost like for upgrading?

If we don't upgrade (to save us the labour of upgrading), will it work
technically if we just pay the difference in the licence cost?
Solutions Architect
Top Expert 2016
direct access will need (windows 7,8.1 or 10) enterprise edition, but always on VPN support any version of windows 10

deploying direct access need a windows 2008r2 or 2012r2
deploying always on vpn need a windows 2016.

for device, i think it is better to engage a local reseller to quote you the latest, personally, I don't see a reason to upgrade existing windows 7 or 7.1 to the highest version

your proposal is to move forward and not offering co-existence.
Always on VPN will be cheaper to run in an overall picture.
Don't forget about needing CALS for the OS providing the service



Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial