Vishal Shirodkar Technology Specialist Microsoft India Session Code:

Similar documents
Henk Den Baes Technology Advisor Microsoft BeLux

Mohit Saxena Senior Technical Lead Microsoft Corporation

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Windows Server Network Access Protection. Richard Chiu

Security Enhancements

Expert Reference Series of White Papers. DirectAccess: The New VPN

20413B: Designing and Implementing a Server Infrastructure

Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

10970B: Networking with Windows Server

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

Configuring & Troubleshooting a Windows Server 2008 R2 Network Infrastructure

Designing Windows Server 2008 Network and Applications Infrastructure

Howard Chow Microsoft MVP. Microsoft Preliminary Information Subject To Change

Module 2a. Part 1 Deploying Microsoft Lync Server 2010

70-647: Windows Server Enterprise Administration. Course Overview. Course Outline

Agenda. This Session: Azure Networking Basics, On-prem connectivity options DEMO Create VNET/Gateway Cost-estimation for VNET/Gateways

Windows Mobile. Bob Hunt Sr. Messaging Technology Specialist Microsoft Corporation

MOC 6421B: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

MCSA Windows Server 2012

Planning IPv4 addressing Configuring an IPv4 host Managing and troubleshooting IPv4 network connectivity

Networking with Windows Server 2016

Mobility Windows 10 Bootcamp

Course 20741B: Networking with Windows Server 2016

Administering Windows Server 2012

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Symantec Network Access Control Starter Edition

Administering Windows Server 2012 (20411D)

R5: Configuring Windows Server 2008 R2 Network Infrastructure

Administering Windows Server 2012 (NI104)

Administering Windows Server 2012

Administering Windows Server 2012

NetMotion Mobility and Microsoft DirectAccess Comparison

Experience working with Windows Server 2008 or Windows Server Experience working in a Windows Server infrastructure enterprise environment

Corente Cloud Services Exchange

Microsoft Certified System Engineer

COURSE OUTLINE MOC 20411: ADMINISTERING WINDOWS SERVER 2012 MODULE 1: CONFIGURING AND TROUBLESHOOTING DOMAIN NAME SYSTEM

IPv6 Enablement for Enterprises. Waliur Rahman Managing Principal, Global Solutions April, 2011

Secure Industrial Automation Remote Access Connectivity. Using ewon and Talk2M Pro solutions

COURSE 20741B: NETWORKING WITH WINDOWS SERVER 2016

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Simplify Application Access with Azure Active Directory

Networking with Windows Server 2016

Updating Your Technology Knowledge of Microsoft Windows XP to Windows 7 Beta

20741 Networking with Windows Server 2016

Windows Server Discussion with BCIU. Kevin Sullivan Management TSP US Education

Windows Server : Administering Windows Server 2012 R2. Upcoming Dates. Course Description. Course Outline

NE Administering Windows Server 2012

Updating Your Windows Server 2003 Technology Skills to Windows Server 2008

Course : Installing and Configuring Windows 10

Administering Windows Server 2012

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

Course Outline. Implementing and Managing Windows 10 Course C: 5 days Instructor Led

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

10/4/2016. Advanced Windows Services. IPv6. IPv6 header. IPv6. IPv6 Address. Optimizing 0 s

Installing and Configuring Windows 10 5 Days, Instructor-led

Course D:Implementing and Managing Windows 100

EZY Intellect Pte. Ltd.,

Cisco Start. IT solutions designed to propel your business

"Charting the Course... MOC 6435 B Designing a Windows Server 2008 Network Infrastructure Course Summary

Name : Bobby Davasia Title : Technology Specialist Company : Microsoft India

What s in Installing and Configuring Windows Server 2012 (70-410):

Features. HDX WAN optimization. QoS

20741: Networking with Windows Server Course Content. Course ID #: W Hours: 35. Course Description: At Course Completion:

PRAGATHI TECHNOLOGIES BTM Marathahalli Ph:

MCITP CURRICULUM Windows 7

Windows Server Upgrade tips and tricks. Winnie Leung Technology Specialist Microsoft Corporation

Course Networking with Windows Server 2016

Networking with Windows Server 2016

Implementing and Managing Windows 10

Module 9. Configuring IPsec. Contents:

Windows Vista and the Optimized Desktop. Danny Beck Senior Enterprise Windows Manager Microsoft Australia

Technical Overview: Always On VPN

Domain Isolation Planning Guide for IT Managers

Implementing Security in Windows 2003 Network (70-299)

TECHNOLOGY Introduction The Difference Protection at the End Points Security made Simple

Cisco ISR G2 Management Overview

The Device Has Left the Building

COURSE B: INSTALLING AND CONFIGURING WINDOWS 10

6421A: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

Installing and Configuring Windows 10

WHITE PAPER. Applying Software-Defined Security to the Branch Office

COURSE OUTLINE MOC 20697: INSTALLING AND CONFIGURING WINDOWS 10

MOC 6419B: Configuring, Managing and Maintaining Windows Server based Servers

Microsoft IT deploys Work Folders as an enterprise client data management solution

Cisco Update 2009 Das Netzwerk als Plattform für Collaboration

Implementing and Managing Windows 10

Holistic IPv6 Transition Yanick Pouffary HP Distinguished Technologist HP IPv6 Global Leader, HP Technology Services Office of the CTO

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

NETLOGIC TRAINING CENTER

Implementing and Supporting Windows Intune

Session 7: Configuration Manager

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

Windows Server 2012 R2 DirectAccess. Deployment Guide

Microsoft Updating Your Windows Server 2003 Technology Skills to Windows Server 2008

MS20741: NETWORKING WITH WINDOWS SERVER 2016

Virtualized Network Services SDN solution for enterprises

Exam /Course C or B Configuring Windows Devices

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Reaping the Full Benefits of a Hybrid Network

Sentinet for Microsoft Azure SENTINET

Transcription:

Vishal Shirodkar Technology Specialist Microsoft India Session Code:

Session Objectives And Takeaways Explain how DirectAccess differs from a traditional VPN Identify some of the key requirements for installing DirectAccess Discuss various methods for deploying IPv6 in the enterprise to support DirectAccess

Agenda Secure Access Landscape What is Direct Access DirectAccess Solution Benefits Deployment Models Deployment considerations Demo Questions & Answers

Information Worker s World Has Been Changing CENTRAL OFFICE REMOTE WORK MOBILE & DISTRIBUTED WORKFORCE BRANCH OFFICES

Building A Trusted Stack Core Security Components Identity Claims Authentication Authorization Access Control Mechanisms Audit I+4A Trusted Data Trusted Stack Trusted People Trusted Software Trusted Hardware Secure Foundation SDL and SD3 Integrated Protection Defense in Depth Threat Mitigation

Industry Trends Assume the underlying network is always unsecure Redefine the corporate edge to protect the datacenter Security policies based on identity, not location DirectAccess Server Data Center and Business Critical Resources Local User Remote User

What Is DirectAccess? Comprehensive anywhere access solution available in Windows 7 and Windows Server 2008 R2 Provides seamless, always-on, secure connectivity to on-premise and remote users alike Eliminates the need to connect explicitly to corpnet while remote Facilitates secure, end-to-end communication and collaboration Leverages a policy-based network access approach Enables IT to easily service/secure/update/provision mobile machines whether they are inside or outside the network

The DirectAccess Vision ISA FW, TSG 802.1x Non-compliant Lab, Client Client Device Non-compliant Client Device Secure Boundary X Internet Dedicated Resources VPN Gateway Compliant Windows 7 Client Healthy Resources Always on Always healthy Always secure RODC Compliant Client Corporate Network Compliant Windows 7 Client Customer Site Compliant Windows 7 Client Cust FW Downlevel or Mobile Client Business Partner Always-on connectivity across different networks A focus on driving access decisions based on policy and a trusted identity, rather than the limitations of network topology. Non-compliant Client Device Requires users to connect (lost productivity) Client must be made healthy prior to network access (Lost productivity plus IT time and expense) NPS/NAP Servers

More productivity More secure More manageable and cost effective Always-on access to corpnet while roaming No explicit user action required it just works Same user experience on premise and off Connects Automatically Adapts to changing networks Internet connectivity=corpnet connectivity Healthy, trustable host regardless of network Fine grain per app/server policy control Richer policy control near assets Ability to extend regulatory compliance to roaming assets Incremental deployment path toward IPv6 Fully supports smart card authentication Simplified remote management of mobile resources as if they were on the LAN Lower total cost of ownership (TCO) with an always managed infrastructure Unified secure access across all scenarios and networks Integrated administration of all connectivity mechanisms

VPN vs. DirectAccess - Value VPN DirectAccess

DirectAccess Solution Overview Internet NAP / NPS Servers Compliant Client Compliant Client Tunnel over IPv4 UDP, HTTPS, etc. Intranet User DirectAccess Server Assume the underlying network is always insecure Data Center and Business Critical Resources Enterprise Network Intranet User Redefine CORPNET edge to insulate the datacenter and business critical resources Security policies based on identity, not location

Microsoft Windows 7 clients Microsoft Windows 7 DirectAccess Server Application servers Windows Server 2008 (for native IPv6 support) Exception: When Windows Firewall Authentication policy is used, application servers must be Windows Server 2008 R2 DC/DNS servers Windows Server 2008 Exception: When two-factor authentication is required for end-to-end authentication a Windows 7 DC-based Active Directory NAT-PT server if IPv4 access is desired

Deployment Scenario Trusted, compliant, healthy machine Internet DirectAcc ess Server (Win7) Optional NATPT DC & DNS (Win 2008) Corporate Network Applications & Data Windows 7 client IPsec ESP tunnel using machine cert (DC/DNS access) IPsec ESP tunnel using machine cert and user credentials (App server access)

Deployment Scenario What Happens At Client Client tries to access Client tries to connect to target.corpnet.com Looks in provisioned list for DNS server(s) associated with.corpnet Connects IPv6 route with again DNS thru server DAS. (using IPsec. IPv6 is required. is thru DAS What happens at DAS/DNS DAS lets thru AuthIP packets from client to DNS After negotiation, DAS lets ESP packets thru between client and DNS. DNS returns target address information to client. DNS registers clients current address information

DirectAccess wizard to set up DirectAccess Server(s) Policies controlled via Group Policy Configuring for DirectAccess Client Receives configuration while directly connected to corpnet (provisioning) via Group Policy NAP used to check configuration and health when remotely connected Server

Server Runs on Windows Server 2008 R2 Sits on network edge Single box by default Services can be split up for scalability Client Runs on Windows 7 Domain-joined Initial configuration done on Corpnet or over VPN

Roles of DirectAccess Server Facing Internet Forwarding Gateway for native IPv6 IPv6 over IPv4 services 6to4 relay Teredo Relay (optionally also Teredo Server) Firewall/Proxy Travel Internal IP-TLS relay IPsec Dos Protection Facing Corpnet Gateway for native IPv6 IPv6 over IPv4 Service for Enterprise SATAP Relay IPsec Gateway (Tunnel Mode Endpoint)

DirectAccess Deployment Be ready to monitor IPv6 traffic Choose an Access Model: Full Intranet Access vs. Selected Server Access? Assess deployment scale

DirectAccess Deployment Configure DirectAccess Server Requires Windows Server 2008 R2 Use DirectAccess server MMC Author DirectAccess policies for clients, application servers, DC/DNS and IPsec gateway Windows 7 Enterprise & Ultimate SKU Client Machines Done using DirectAccess configuration wizard Customize policies as needed

DirectAccess Supporting Technologies Trusted, compliant, healthy machine DC & DNS (Win 2008) Corporate Network Applications & Data Windows 7 client NAP (includes Server & Domain Isolation [SDI]) Forefront Client Security Windows Firewall BitLocker + Trusted Platform Module (TPM) IAG SP2

DirectAccess User Interface DirectAccess is available! 1 Built-in Troubleshooting

Why Windows 7 only? Significant component changes for DirectAccess: Name Resolution Policy Table IP-HTTPS Group Policy changes And others

Direct Access in Action

It Works Today, Simply Evolution, not revolution Upgrade your network to an IPv6 end state Requires Windows 7 on the client Transition to Windows Server 2008 simplifies the solution Little or no change to applications upgrade the server platform 30 Microsoft LOB applications today on Windows Server 2008 running end-to-end IPsec/IPv6 Additional 40 planned to upgrade in next two months Allows you to take concrete steps toward satisfying any IPv6 mandate Seamless integration with your current access and security solutions Seamless transition to DirectAccess over time Integrates with Forefront solutions

2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback