1. Accessibility Because IKE/PPTP need commonly closed firewall ports opened, and for routers to support pass through, whereas an SA will fall back to SSL, and port 443 is open on pretty much all firewalls. 2. Authorisation Host Checker features are far more advances than Microsoft Statement of health etc, you can check AV signatures, software firewall etc in a good level of detail, and provide remediation options to fix them. 3. Scalability Using resource profiles and roles mean that you can scale very specific security requirements easily across thousands of users with very little effort. You can use Single Sign on to many web applications, Citrix, terminal services. 4. Network appliance The device is designed and manufactured to provide excellent VPN encryption and decryption, it can be placed in a network behind IPS/IDS and work solely as an SSL gateway, why on earth would you want to use your processing power to run Windows, anti virus etc. 5. Reliability A planned OS release schedule which can be done with no downtime in a cluster, a completely standard architecture, client and everything else means support is easy. Are VPN users going to have to disconnect every Friday for M$ updates on the server? 6. Security Exposing a windows box to web traffic, tut tut. The SA is Debian Linux hardened by Juniper, with very few vulnerabilities (OK, nothing is perfect) but your average script kiddie won't be able to touch it. 7. Interoperability The SA doesn't just work with M$ stuff, what about pulse from an Iphone/Android, this is the way remote access is going... The SA is designed to do exactly what it is doing. Server 2k8 is a jack of all trades, and certainly not a master of this one. :) Sam.
... View more