Is there a way with Pulse or Network connect to have the VPN client connect "on demand"?
We have an SA running 7.4 and I've been playing with solultions like Direct Access and Pertino which are both completely seamless for the end user.
We're only talking about domain joined computers.
We use Pulse with a location awareness rule based on a DNS lookup that only resolves the correct address on LAN to automatically connect when the user are out of the office. We use certificate based authentication (and a machine certificate host check) so there is no interaction required by the user.
It is not "on-demand" in the sense that is always connects regardless of whether access to the corporate network is needed or not but in reality a domain registered machine always wants to talk to the domain or other corporate resources in the background so it would probably trigger an "on-demand" solution anyway.
We did have a concern about a big increase in concurrent connections when we first switched from Network Connect via a web page login. In the end the jump in peak usage doesn't seem to have been that big but it's difficult to put a figure on it because we rolled out over a period on months and year on year there has been a steady increase anyway in usage.
It is definitely something you should think about though and the smaller your license the more likely the impact will be significant. Things to consider are who are the people not regularly connecting and when might they connecting their laptops to the internet. If your peak is during the day but most of your laptop users are normally in the office during business hours then the impact will be less (we did notice the off peak usage went up but this didn't impact the licensing)
That was all sounding very good until the penny just dropped - potentially that is a lot of concurrent connections isn't it
I suspect that's just ruled out using our SA for this since we have hundreds of laptops but at any given time currently only a few people connect concurrently whilst offsite.