AOVPN Dynamic Profile Configurator

Dynamically include Office 365 route list exclusions

Useful when you implement a forced tunnel but want to allow devices to connect directly to Office 365 traffic (To minimise latency and bandwidth)

• Existing solution: Manually (or develop script) to update the route list (hundreds of IPs) potentially weekly or start to see routing issues over time
• DPC Solution: Check for changes every time the profile is evaluated

Manage VPN Protocols used

By default AoVPN can only be configured for IKEv2 or Any VPN Protocol causing non-ideal behaviour (typical desired behaviour would be IKEv2 Fallback to SSTP)

• Existing Solution: Run some kind of script on every device after initial deployment to update the configuration
• DPC Solution: Protocol choice is Group Policy setting which is then updated after every connection attempt

Enable SSTP and Custom Cryptography

Due to a bug in Windows, it is not possible to install a AoVPN profile that supports SSTP and allows for IKEv2 custom cryptography

• Existing Solution: Use a primary and manual backup profile or deploy scripts to change the profile from IKEv2 only to SSTP after deployment
• DPC Solution: DPC technically deploys all tunnels are IKEv2 only but then immediately enables SSTP if desired to avoid this bug. From a user perspective SSTP and Custom Cryptography simply works

DPC vs PowerShell Scripts

Significant numbers of organisations use PowerShell scripts provided by Microsoft or Richard M Hicks to deploy the AoVPN XML files. Deployment is typically done via existing application deployment tools such as Configuration Manager (SCCM) or in some cases directly via Group Policy.

DPC offers these specific advantages over these kinds of solutions:

Robust and Error resistant delivery mechanism

• DPC utilises existing software deployment tools for installation while using Group Policy for settings replication. Errors are automatically retired with messages saved to event logs.
• Avoids custom and complex update scripts

Removes the need and complexity from managing XML configurations

• Using Group Policy for management allows administrators to utilise existing tools and experiences while minimising syntax errors

Updates are queued to avoid disrupting users

• Unlike other solutions existing connections are not dropped when changes are required, changes are applied after connections disconnect to minimise user disruption

DPC vs Intune also included in EM+S, M365  

Microsoft Intune does have the capability to graphically define AoVPN settings, however, Intune also does not provide a great way to deploy Registry Settings or ADMX (Group Policy) Files. There are ways to do it, but these typically provide an even worse user experience than the Microsoft provided approach.

DPC can still be useful in these scenarios:

• Certain features of AoVPN are needed but aren't available through the Intune console
• if your having issues with one of the items in the DPC Unique Features List
• They explicitly wish to maintain consistency between GPO managed devices and Intune managed devices

Current deployment plans for Intune consist of core settings and applications deployed via a PSADT package (deployed via Intune). Updates could either be shipped as an updated PSADT or via Intune Proactive remediations.

Licencing, Commercials & Support

DPC is procured as a perpetual license with support maintenance contracts that meet the life of the service required. This means that once you have purchased the solution you can continue to use it without any ongoing licensing requirements. 

Pricing is banded into the number of devices that the DPC will be deployed to (not the number of concurrent connections).  

Initial Purchase

As part of the initial purchase, a license key will be provided along with access to install the latest version of the product at the time of purchase. This version can then be used forever without additional purchase, providing the number of devices is below the upper limit of the device band. 

The initial purchase also includes one year of ongoing maintenance.

Ongoing Maintenance

For the period of a year (or more if purchased) you are able to submit support tickets relating to the functioning of the product (not your their wider AoVPN deployment - that would need a separate Enablement Support contract from PowerON). 

You are also able to download and use the latest versions of the product published during the support period.

License Uplift

If you wish to deploy DPC to more devices than the current band limit, you will need to purchase a license uplift (both for ongoing support and the initial purchase). This is typically covered by identifying the new cost and removing the currently paid cost (taking into account time parsed etc). If you are in any doubt consult with the team at PowerON before committing to an uplift price.  

Professional Services

A DPC purchase on its own doesn't include any support (apart from the KB and Videos) for initial setup and deployment. Most organisations should be more than capable of deploying it themselves, however, if you feel that you need some assistance PowerON have Professional Services options in place for onboarding support based on their standard consultancy rates.