Your SlideShare is downloading. ×

Direct access for dummies

4,371
views

Published on

Slidedeck used for the Microsoft Windows Bootcamp in Oslo, 2012.

Slidedeck used for the Microsoft Windows Bootcamp in Oslo, 2012.


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
4,371
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
110
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Direct Access is the ultimate VPNsolution that is one of the enablers for the New Way of Work
  • 2. Direct Access Benefits
  • 3. Always On Patch management, health check and GPOs Corporate Netw. Lvl. computer/user authentication and encryption Network Automaticallyconnects throughNAT and firewalls VPNs connect the user to the network DirectAccess extends the network to the remote computer and user
  • 4. Client Client and Server applications must be IPv6 compatible Server app appIPV6 IPV6 Internet Corporate intranet 
  • 5. Internet Corporate intranetTunnelling technologies for the Internet and intranet to support IPv6 over IPv4Internet tunnelling selection based on client location – Internet, NAT, firewaEncryption/authentication of Internet traffic (end-to-edge/end-to-end) Client location detection: Internet or corporate intranet
  • 6. Forefront Native IPv6 Unified Access IPv4 Internet Gateway ISATAP 6to4 tunnel (UAG) IPv6 in IPv4 protocol 41 IPv6 in IPv4 protocol 41 Corporate Network Teredo tunnel DNS64NAT IPv6 in UDP port 3544 NAT64 IPv4 IPHTTPS tunnelNAT IPv6 in HTTPS UDP port 3544 blocked
  • 7. transition mechanism IPv4 IPv6Internet tunnels
  • 8. transition technology IPv6 IPv4 Internetnetwork address translation
  • 9. IPv6 packets dual-stackIPv4 Neighbor Discovery
  • 10. Forefront Native IPv6 Unified Access IPv4 Internet Gateway ISATAP 6to4 tunnel (UAG) IPv6 in IPv4 protocol 41 IPv6 in IPv4 protocol 41 Corporate Network Teredo tunnel DNS64NAT IPv6 in UDP port 3544 NAT64 IPv4 IPHTTPS tunnelNAT IPv6 in HTTPS UDP port 3544 blocked
  • 11. Direct Access
  • 12. corp.example.com zoneIP configured DNS 1 DNS 2DNS address Corporate intranet Internet
  • 13. For end-to-edge protection, DirectAccess clients establish an IPsec session to an IPsecgateway server (which by default is the same computer as the DirectAccess server). TheIPsec gateway server then forwards unprotected traffic, shown in red, to applicationservers on the intranet. This architecture works with any IPv6-capable application serverbut does not require that server to run IPsec, simplifying the configuration and setup
  • 14. For end-to-edge with End to End IPSec protection, DirectAccess clientsestablish an IPsec session to an IPsec gateway server, and that IPSec trafficcontinues all the way to the Intranet server for end to end IPSec protection.This architecture provides better security than just the End to Edge model.
  • 15. With end-to-end IPSec protection, DirectAccess clients establish an IPsecsession through the DirectAccess server to each application server to whichthey connect. This provides the highest level of security because you canconfigure access control on the DirectAccess server and extend IPSec all theway to the internal server. This architecture requires that application serversrun Windows Server 2008 SP2 or Windows Server 2008 R2 and use both IPv6and IPsec.
  • 16. DirectAccess Server Line of Business (Server 2008 R2) Using ISATAP Applications IPv6 IPv4 IPv6On all internal DCs: Dnscmd /config /globalqueryblocklist wpad
  • 17. MANAGED 1. Extends access to line of business servers with IPv4 support 2. Access for down level and non Windows clients IPv6 3. Enhances scalability and managementWindows7 4. Simplifies deployment and administration 5. Hardened Edge Solution IPv6 DirectAccess Always OnWindows7 UNMANAGED Vista Extend support IPv4 XP SSL VPN to IPv4 serversNon DA Server IPv4Windows + PDA IPv4