I am currently trying to determine if I should just dump WSAM and go with Network Connect for all my applications that are not web based. Currently I am running 6.4R4.1
I am trying to understand the benefits of WSAM. Drive mapping does not work very well thru it. Kerberos is not supported. You still have to setup a proxy for users to have internet access. I also have a handful of OS X users.
So folks, what do you think? Why is WSAM better than Network Connect?
this is going to depend on your needs, we originally implemented NC but had issues with our restaurants online ordering failing due to the IP given out by NC. we then went with WSAM and had an issue with drive mappings from other remote sites until i named it as an allowed resource in wsam, now all my users can map drives.
all in all it seemed there were more issues with NC than wsam, for instance if a user internal to our network launched NC they would get disconnected from outlook until the new IP was acquired, this does not happen with WSAM.
I prefer to only use NC as a last resort because of what it does. WSAM acts as a reverse proxy and only allows what you give access to through it (even down to the process name) whereas NC actually puts that computer on your network and gives it an IP address. Sure it's restricted then by the ACL and Split Tunneling policies you put into place, but that simple difference gives me enough pause to only ever use NC when either the endpoint is a company controlled asset (company issued laptop, in which case Host Checker makes sure it is before proceeding) or when I have no choice due to the complexity / circumstances of the access being required. The use of NC then also requires you to make decisions about Split Tunneling (which most companies try to disable and many audits require it off), bandwidth consumption, etc.
In the end, as said before it depends on what your needs are, but me personally I prefer WSAM under most situations.
For your Mac OS X users, i would recommend Network Connect or if there is neither server-inititated traffic nor client-initiated UDP, you could use JSAM if all the servers users are connecting to have a fully qualified name.
WSAM has benefits in that it is a one-way psuedo-tunnel; only traffic for the defined applications and servers are going to the backend and it is not possible for an internal resource to reach out to the remote client. you do not have to worry about IP addressing and routing.
What type of proxy are you configuring for users to connect?
In your situation, it sounds like Network Connect would be the better option.