AOVPN Dynamic Profile Configurator

Imagine you could tick a box, and your AOVPN is set up with no XML skills required, is always up to date and managed through existing tools. Sound too good to be true?

We’ve developed the Dynamic Profile Creator (DPC) service. This is a Windows service which runs on each client device; it receives configuration via group policy (or other tools which support registry configuration) and generates the profile automatically on the device. This enables easy administrative management, dynamic Active Directory based group management, automatic updating to Office 365 routes and more.

Key features

Manage through Intune or Group Policy

No XML creation required

Saves hours of time each month

Automatically updated Office 365 exclusions

Respond faster to configuration needs

Interested in DPC?

Request more info

Enter your details below and one of our team will be in touch.

What's involved?

Dynamic Profile Creator service is a Windows service which runs on each client device.

It receives configuration via group policy (or other tools which support registry settings) and generates the profile automatically on the device. This enables easy administrative management, dynamic Active Directory based group management, automatic updating to Office 365 routes and more.

Key information that normally goes in the XML profile goes into DPC instead and rolls out via group policy

Microsoft office traffic is automatically filtered out forever instead of incrementally changing to include more and more traffic on your VPN over time.

What are the benefits?

Take a look at some of the key benefits of using AOVPN DPC below:

Consistent Profiles

Always up to date
Profiles updated on disconnect (ensuring minimal user interruption)
Office 365 exclusions are updated automatically and without admin interaction

Graphical Management Experience

No XML creation required
Manage through Intune or Group Policy
Full help documentation of options
Supports all common configuration options (Including Custom Cryptography)

Easy Deployment

Simple MSI deployment
No scripting required for deployment
Profile changes are handled automatically without redeployment of client

Reduces Admin Interaction

Takes the manual work out of AOVPN management – hours of admin work removed each month
Enables you to stick to best practice without manual intervention, minimising end user interruption and support requests.

In-Depth Service Description

Dynamically include Office 365 route list exclusions

Useful when you implement a forced tunnel but want to allow devices to connect directly to Office 365 traffic (To minimise latency and bandwidth)

Existing solution: Manually (or develop script) to update the route list (hundreds of IPs) potentially weekly or start to see routing issues over time
DPC Solution: Check for changes every time the profile is evaluated

Manage VPN Protocols used

By default AoVPN can only be configured for IKEv2 or Any VPN Protocol causing non-ideal behaviour (typical desired behaviour would be IKEv2 Fallback to SSTP)

Existing Solution: Run some kind of script on every device after initial deployment to update the configuration
DPC Solution: Protocol choice is Group Policy setting which is then updated after every connection attempt

Enable SSTP and Custom Cryptography

Due to a bug in Windows, it is not possible to install a AoVPN profile that supports SSTP and allows for IKEv2 custom cryptography

Existing Solution: Use a primary and manual backup profile or deploy scripts to change the profile from IKEv2 only to SSTP after deployment
DPC Solution: DPC technically deploys all tunnels are IKEv2 only but then immediately enables SSTP if desired to avoid this bug. From a user perspective SSTP and Custom Cryptography simply works

DPC vs PowerShell Scripts

Significant numbers of organisations use PowerShell scripts provided by Microsoft or Richard M Hicks to deploy the AoVPN XML files. Deployment is typically done via existing application deployment tools such as Configuration Manager (SCCM) or in some cases directly via Group Policy.

DPC offers these specific advantages over these kinds of solutions:

Robust and Error resistant delivery mechanism

DPC utilises existing software deployment tools for installation while using Group Policy for settings replication. Errors are automatically retired with messages saved to event logs.
Avoids custom and complex update scripts

Removes the need and complexity from managing XML configurations

Using Group Policy for management allows administrators to utilise existing tools and experiences while minimising syntax errors

Updates are queued to avoid disrupting users

Unlike other solutions existing connections are not dropped when changes are required, changes are applied after connections disconnect to minimise user disruption

DPC vs Intune also included in EM+S, M365

Microsoft Intune does have the capability to graphically define AoVPN settings, however, Intune also does not provide a great way to deploy Registry Settings or ADMX (Group Policy) Files. There are ways to do it, but these typically provide an even worse user experience than the Microsoft provided approach.

DPC can still be useful in these scenarios:

Certain features of AoVPN are needed but aren't available through the Intune console
if your having issues with one of the items in the DPC Unique Features List
They explicitly wish to maintain consistency between GPO managed devices and Intune managed devices

Current deployment plans for Intune consist of core settings and applications deployed via a PSADT package (deployed via Intune). Updates could either be shipped as an updated PSADT or via Intune Proactive remediations.

Licencing, Commercials & Support

DPC is procured as a perpetual license with support maintenance contracts that meet the life of the service required. This means that once you have purchased the solution you can continue to use it without any ongoing licensing requirements.

Pricing is banded into the number of devices that the DPC will be deployed to (not the number of concurrent connections).

Initial Purchase

As part of the initial purchase, a license key will be provided along with access to install the latest version of the product at the time of purchase. This version can then be used forever without additional purchase, providing the number of devices is below the upper limit of the device band.

The initial purchase also includes one year of ongoing maintenance.

Ongoing Maintenance

For the period of a year (or more if purchased) you are able to submit support tickets relating to the functioning of the product (not your their wider AoVPN deployment - that would need a separate Enablement Support contract from PowerON).

You are also able to download and use the latest versions of the product published during the support period.

License Uplift

If you wish to deploy DPC to more devices than the current band limit, you will need to purchase a license uplift (both for ongoing support and the initial purchase). This is typically covered by identifying the new cost and removing the currently paid cost (taking into account time parsed etc). If you are in any doubt consult with the team at PowerON before committing to an uplift price.

Professional Services

A DPC purchase on its own doesn't include any support (apart from the KB and Videos) for initial setup and deployment. Most organisations should be more than capable of deploying it themselves, however, if you feel that you need some assistance PowerON have Professional Services options in place for onboarding support based on their standard consultancy rates.