VPN vendor-lock in Windows 7
For all of the good news about Windows 7, one issue has come to light as a major stumbling block for enterprises - especially from a security standpoint.
Though Microsoft doesn't tout DirectAccess as a VPN (presumably to avoid the stigma of complexity associated with VPNs), their server setup guide calls it exactly that. What's more, the DirectAccess IPsec connection requires enterprises to deploy Microsoft's server... a large investment of resources and a warning sign for future vendor lock-in.
Meanwhile, Cisco has discontinued support for IPsec clients in order to promote their AnyConnect solutions. What this creates is a large divergence of product options for customers. SSL is not ideal for all VPN needs, however Cisco is aggressively pushing this on their customers. At the same time, we predict that companies are going to resist the investment to upgrade to a new server, which will hinder adoption of DirectAccess for Windows 7. Rather than the major industry players working toward a standard, they are trying to force the market to choose one over the other. Unfortunately, security doesn't work that way... NCP customers we've spoken to are angry with the situation, and many bloggers and forum posters agree that the conflicting strategies are counterproductive to the real aims of network security.