IT education firm Algebra used virtual private networking (VPN) to connect remote PCs to the corporate network—with uneven success. PCs in its remote offices couldn’t be managed fully or easily, and business users often couldn’t connect from
customer locations or public hotspots that didn’t accommodate VPN. The company is resolving those issues by deploying Windows Server 2012 with DirectAccess technology. Now, PCs in remote offices are managed with the same tools and Group Policies as network-joined
PCs, and remote users can access the network from more places more easily. Algebra expects that help-desk calls will decline by about 15 percent, and that time spent on troubleshooting will decline by 50 percent.
With technology redefining the way people work, it’s important for companies to learn to use technology for maximum advantage. It’s even more important if you’re the company teaching the others.
||With our use of DirectAccess, our people will be more productive not only at our remote offices, but also when they’re meeting with customers or trying to connect from airports or hotels.
| Marin Franković
Microsoft IT Pro Trainer
and Head of the Department of Operating Systems, Algebra
That was the situation facing Algebra, Croatia’s only Microsoft Partner Network member with Gold certification in learning. The company has grown rapidly over the past 12 years to encompass seven locations throughout the country. Four years ago, it opened a
With many of its 60 full-time and 350 part-time employees working via laptops at the company’s remote locations, at its customers’ locations, and elsewhere, Algebra needed to maintain effective data connections among them and the central office. The days
of employees working primarily at domain-joined desktop PCs in the office, PCs with fast, secure, and reliable data connections, were gone. To accommodate the change, Algebra, like many other companies, relied on virtual private networking (VPN) technology.
That technology was great—when it worked. But employees often found themselves at locations such as customer sites, hotels, and airports where VPN connections were difficult or impossible to establish. Remote or mobile employees might lack data connections
when they needed them most, for example, while they were meeting with customers and needed to access updated presentations, price lists, or other content.
Using VPN connections wasn’t always intuitive for employees, either. The technology required employees to maintain both logon and VPN credentials. Forgetting or misusing passwords meant employees couldn’t connect to the network. Passwords would expire without
any warning to employees. All this spurred calls to the help desk, primarily for password resets. Given its lean IT staff, Algebra needed to avoid every password reset call it could.
Those help-desk calls were only one way that the VPN consumed the time of the IT staff. Client computers that weren’t joined to the domain through the network were largely unmanaged. They could be missing updated antivirus protection or other software. They
weren’t subject to Group Policies.
“We had no good management solution for the PCs outside of our main office in Zagreb,” says Igor Pavlekovic, Chief Technology Officer at Algebra. “And much of our continued growth is going to come from outside Zagreb. We needed a solution to support the
new ways in which our employees are increasingly working.”
Pavlekovic and his colleagues considered the acquisition and deployment of Cisco technology to solve the connectivity issues at the remote offices.
||We had no good management solution for the PCs outside of our main office in Zagreb.
| Igor Pavlekovic
Chief Technology Officer, Algebra
“We found Cisco was just too expensive for us,” says Pavlekovic. “It offered more than we needed at a price we couldn’t afford. In addition to the software licensing, we’d have needed additional hardware in every remote office we operated. And it wouldn’t have
helped us to give employees connectivity at customer sites or public hotspots.”
Instead, Algebra found what it was looking for in the Windows Server 2012 operating system. The software’s DirectAccess feature was seemingly designed with Algebra in mind. The company has begun to use it to connect remote users securely to corporate resources
on the network without the need for VPN connectivity. The connection is made transparently every time a client computer connects to the Internet.
Microsoft introduced DirectAccess in Windows Server 2008 R2, but Pavlekovic was particularly interested in the enhancements to the feature that he saw in Windows Server 2012—so interested that Algebra participated in the Windows Server 2012 Rapid Deployment
Program (RDP) and began to deploy it even before its formal release in September 2012. For example, Windows Server 2012 makes it faster and easier for IT staff to deploy DirectAccess and for business users to work through it. Algebra was assisted in its RDP
participation by IT services provider and Microsoft Partner Network member Combis.
To host DirectAccess, Algebra deployed a single hardware server, an HP DL380. The company runs DirectAccess as a single virtual machine on the server. It plans to add virtual machines—all running on Hyper-V virtualization technology, also part of Windows
Server 2012—to support unrelated functions as the need arises.
“We’ve chosen HP as our primary hardware supplier over the last few years, even when it wasn’t the lowest-priced option,” says Pavlekovic. “We get more with HP than we do with other vendors. HP management tools are well organized, making it easy to manage
the hardware. Upgrading drivers, for example, is very easy. And HP’s retail and service network is the best; there are many suppliers, which increases our options for cost-effective parts and service.”
Algebra is updating client computers to the Windows 8 operating system—but it doesn’t have to do so in order to connect those PCs to corporate resources via DirectAccess. The company has the flexibility to deploy DirectAccess on both Windows 7– and Windows
8–based computers—the primary difference being that PCs running Windows 7 require machine certificates, while PCs running Windows 8 don’t. Either way, Algebra deploys DirectAccess by establishing a VPN connection between a remote PC and the network, joining
the PC to the domain, implementing the DirectAccess connection, and dissolving the VPN link.
Remote access isn’t the only use that Algebra intends to make of Windows Server 2012. Pavlekovic says that Algebra plans to use the operating system, together with Microsoft System Center 2012, to implement a private cloud that provides efficiencies and
capabilities that the company doesn’t get from its current virtualization environment alone. It will use Windows Server 2012 as the foundation for a better-managed and more cost-effective infrastructure. And it will use Windows Server 2012 to host more flexible,
scalable applications that can live on-premises, in the cloud, or in hybrid environments.
Algebra has already begun to see benefits, and anticipates more, from its use of Windows Server 2012 with DirectAccess, including better and simpler network access for business users, and better and simpler network management for IT personnel.
Remote Users Gain Broader, More Transparent Network Access
Pavlekovic says that Algebra is on its way to solving the challenges that employees have with the traditional VPN technology. He’s echoed in that assessment by Marin Franković, Microsoft IT Pro Trainer and Head of the Department of Operating Systems
||Our business users could have problems establishing VPN links to our main office in Zagreb, and now they won’t even have to think about the link; DirectAccess will establish it for them, even before they log on to their computers.
| Marin Franković
Microsoft IT Pro Trainer and Head of the Department of Operating Systems, Algebra
“Our business users could have problems establishing VPN links to our main office in Zagreb, and now they won’t even have to think about the link; DirectAccess will establish it for them, even before they log on to their computers,” Franković says. “That’s
a tremendous difference, and one that will make our employees more effective whenever they need a network connection.”
Similarly, Algebra will use the new technology to minimize the issues that arise over password resets, since the technology will make the direct connections for users transparently, without the need for them to remember, enter, or change a separate set of
passwords. Algebra will also use DirectAccess to solve the challenges to network access from customer sites or public hotspots that don’t accept VPN connections.
“With our use of DirectAccess, our people will be more productive not only at our remote offices, but also when they’re meeting with customers or trying to connect from airports or hotels,” Franković says. “This is the way people need to work, and we’re
using Windows Server 2012 to support them.”
Help-Desk Calls Expected to Decline by 15 Percent and Troubleshooting by 50 Percent
Business users aren’t the only ones who will find network connections easier to manage, thanks to their use of DirectAccess—Algebra’s IT personnel will, too. Pavlekovic notes that when business users have fewer problems with remote passwords, they
make fewer calls to the help desk. He estimates that as Algebra continues to deploy DirectAccess, help-desk calls will decline by 15 percent, and time spent on troubleshooting will decline by 50 percent—freeing precious time that can be reinvested in proactive
The IT staff at Algebra will find DirectAccess connections easier to deploy and manage, too, according to Pavlekovic. Deployment is proving easier, thanks to an installation and configuration process designed to eliminate previous requirements—such as security
certificates—and to support rapid deployments. Algebra’s initial deployment of 100 clients was accomplished in just 10 hours. It currently uses DirectAccess with users at eight locations.
“In the past, it would have taken us much longer to deploy technology like DirectAccess,” says Goran Svetlečić, Senior Systems Engineer at Combis, citing simplifications such as the need to deploy only one Internet Protocol Security (IPsec) tunnel to both
authenticate clients and provide access to corporate resources. Previously, DirectAccess required two IPsec tunnels. DirectAccess also includes enhancements such as better support for forced tunneling, simpler configuration of Network Access Protection compliance,
and easier multiple-domain and multiple-site deployment.
IT Staff Gains Fuller, Enterprisewide PC Management
Algebra IT personnel find that DirectAccess provides fuller and more sophisticated management capabilities, not just streamlined ones.
“With Windows Server 2012 and DirectAccess, we have a fully managed solution for remote clients,” says Pavlekovic. “We can use System Center to manage our remote PCs as well as our domain-joined ones. We can push software installations and updates to all
our clients at the same time, ensuring that all computers have the latest versions of software such as Microsoft System Center Endpoint Protection. We can manage our remote PCs with the same Group Policies we use for domain-joined PCs, which makes those PCs
more secure, more reliable, and more responsive to users.”
Those changes will also change the way that Algebra uses its remote PCs, according to Pavlekovic. Traditionally, remote PCs at Algebra had more limited access to corporate resources—such as applications, protocols, and data—than did domain-joined PCs, because
the former represented a greater security risk. With the company’s use of DirectAccess helping to eliminate that difference, all of Algebra’s PCs can have the same, full network access.
“That alone will make our remote users more productive than they could be before—and that will make the entire company more productive,” Pavlekovic says.
Windows Server 2012
Windows Server drives many of the world’s largest data centers, empowers small businesses around the world, and delivers value to organizations of all sizes in between. Building on this legacy, Windows Server 2012 redefines the category, delivering hundreds
of new features and enhancements that span virtualization, networking, storage, user experience, cloud computing, automation, and more. Simply put, Windows Server 2012 helps you transform your IT operations to reduce costs and deliver a whole new level of
For more information, visit
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers in the United States and Canada who are deaf or hard-of-hearing
can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to
For more information about Combis products and services, call 385 (0) 1 3651 222 or visit the website at:
For more information about Algebra products and services, call 385 (0) 1 2332 861 or visit the website at: