1
00:00:03,940 --> 00:00:08,210
So that wraps up this module on deploying Always On VPN in Azure.

2
00:00:08,210 --> 00:00:10,230
We covered a lot of ground in this module,

3
00:00:10,230 --> 00:00:13,070
and you saw that there were a couple of different options

4
00:00:13,070 --> 00:00:19,020
for cloud‑native VPN infrastructure, specifically the Azure VPN Gateway,

5
00:00:19,020 --> 00:00:20,660
or virtual network gateway.

6
00:00:20,660 --> 00:00:23,340
Although that's a pretty decent solution,

7
00:00:23,340 --> 00:00:26,210
you saw that it had some rather important limitations,

8
00:00:26,210 --> 00:00:29,230
specifically around supporting device and

9
00:00:29,230 --> 00:00:31,610
user‑based connections at the same time.

10
00:00:31,610 --> 00:00:35,160
Also some, you know, interesting limitations on scalability,

11
00:00:35,160 --> 00:00:38,670
but still a good solution, and it may work in some scenarios.

12
00:00:38,670 --> 00:00:41,940
We also talked a little bit about Azure Virtual WAN,

13
00:00:41,940 --> 00:00:45,500
which as you saw, has some very powerful capabilities,

14
00:00:45,500 --> 00:00:48,250
and it certainly is incredibly scalable,

15
00:00:48,250 --> 00:00:52,960
but it seems to be even more limited for its support of Always On VPN.

16
00:00:52,960 --> 00:00:57,720
Specifically, and I think this is the showstopper for Azure Virtual WAN,

17
00:00:57,720 --> 00:01:00,530
is that it has no support at all for SSTP,

18
00:01:00,530 --> 00:01:01,490
which is a really,

19
00:01:01,490 --> 00:01:06,140
really good option to use for Always On VPN and the user tunnel.

20
00:01:06,140 --> 00:01:08,350
We talked a little bit about Windows Server,

21
00:01:08,350 --> 00:01:10,050
and as I described there,

22
00:01:10,050 --> 00:01:13,510
it's really the solution of choice if you're deploying

23
00:01:13,510 --> 00:01:15,860
Always On VPN infrastructure in Azure.

24
00:01:15,860 --> 00:01:19,470
The real problem there is that it's just not formally supported,

25
00:01:19,470 --> 00:01:21,240
but if you can accept that,

26
00:01:21,240 --> 00:01:26,210
deploying Windows Server RRAS in Azure can be a pretty viable option,

27
00:01:26,210 --> 00:01:30,860
and I think it's one in which you'll find it meets your requirements quite well,

28
00:01:30,860 --> 00:01:33,680
and it has a great, you know, user experience,

29
00:01:33,680 --> 00:01:36,530
as well as administrative experience also.

30
00:01:36,530 --> 00:01:40,220
And then finally we talked a little bit about using a network virtual appliance,

31
00:01:40,220 --> 00:01:41,340
or NVA.

32
00:01:41,340 --> 00:01:44,320
Those are available from your favorite third‑party vendors.

33
00:01:44,320 --> 00:01:44,910
Unfortunately,

34
00:01:44,910 --> 00:01:47,880
time prohibits us from really diving deep into those options

35
00:01:47,880 --> 00:01:49,780
simply because there's so many of them.

36
00:01:49,780 --> 00:01:52,830
But ultimately, if you have a solution of choice,

37
00:01:52,830 --> 00:01:54,570
a favorite solution you like to use,

38
00:01:54,570 --> 00:01:59,460
more often than not there's going to be a marketplace appliance

39
00:01:59,460 --> 00:02:10,000
available that you can leverage for Always On VPN. Join me in the next module where we'll deploy certificates using Intune.