Microsoft Windows Server 2012                                Seminar: Wat mag ik met Dynamic Access in                    ...
 Windows Server 2012 Trends and Challenges Dynamic Access Get Started: Advies en Doen!
The Cloud OS
66%                                              run                                                        20%           ...
ENABLING                       ROL & DEVICE      ALLOW CUSTOMERS               AVAILABILITY  DEVICES                     D...
f                               CENTRALIZE &RAPID RESPONSE    PROTECT                     REPORT & AUDIT                  ...
USERS & DEVICES                                       PRIVATE                     PUBLICINFRASTRUCTURE       APPS & SERVIC...
User and Device Claims      • User and computer attributes can be used in ACEs  Expression-Based ACEs       • ACEs with co...
AD DS                                 File Server        User claims                         Device claims                ...
1
In-box               3rd party                 content             classification                 classifier             p...
12
Share              Security Descriptor               Share Permissions                                                    ...
File                                          Access         Share PermissionsAccess                   NTFS Permissions   ...
File     Share Permissions                             AccessAccess           NTFS Permissions                     Control...
Classifications on File Being Accessed                                      Department               Engineering          ...
2012 Token                          User Account                 User             GroupsPre-2012 Token                    ...
NT Access Token        ContosoAlice                                       Claim typeUser     Groups:….                    ...
Windows Server 2012                                                            Active Directory                           ...
01• Manual tagging by content            • Central access policies           • Central audit policies that can   • Automat...
Download Windows Server2012LearnAct
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Windows server 2012 Wat mag ik met Dynamic Access
Upcoming SlideShare
Loading in …5
×

Windows server 2012 Wat mag ik met Dynamic Access

457 views
352 views

Published on

Windows Server 2012 introduceert Dynamic Access. Dynamic Access is een verzameling features om ervoor te zorgen dat gebruikers en hun data conform de bedrijfsregels beschikbaar en beschermd zijn. Bestaande technieken, zoals IRM en Kerberos zijn vereenvoudigd en uitgebreid. Ook kunt u met File Classifications ervoor zorgen dat gevoelige bestanden die per ongeluk op publieke shares komen, beschermd worden dankzij “tags” die hen bijvoorbeeld aan uw afdeling Juridische zaken koppelen. Met Dynamic Access heeft u daarmee meer controle wie toegang heeft en tot welke data. Wilt u de beste beveiliging en toch uw gebruikers de mogelijkheid bieden van ‘het nieuwe werken’ of ‘bring your own device’, dan is deze techniek voor u!

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
457
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Windows Server 2012 brings Microsoft’s experience from building and operating public clouds to deliver a highly dynamic, available, and cost-effective server platform for your private cloud. It offers businesses and hosting providers a scalable, dynamic, and multitenant-aware cloud infrastructure that securely connects across premises and allows IT to respond to business needs faster and more efficiently. Microsoft’s Cloud OS uniquely delivers on customer needs across these scenarios. The Cloud OS is a consistent platform with a common set of technologies you can use to develop and manage applications for all environments using the same skills, knowledge and experience:Agile development Platform: Use the tools you know build the apps you need, new modern apps and traditional apps, wherever they need to run to get to your customers or users. Those tools may be Visual Studio and .NET or open source technologies and languages, such REST, JSON, PHP, Java.Unified Dev-ops & Management: Use System Center as single pane of glass for all apps coupled with Visual Studio as common platform to build once, deploy anywhere with integration to manage apps across their lifecycles for quick time to solution and easy troubleshooting/management.Common identity: Implement Active Directory as a powerful asset across environments to help you extend your enterprise to the cloud with internet scale security using a single identity and/or securely extend apps and data to devices.Integrated virtualization: Microsoft is engineered for cloud from the metal up with virtualization built as an integrated element of the OS, not layered on the OS with no need for additional add-ons.Complete data platform: Microsoft delivers comprehensive technologies to manage petabytes of data in the cloud to millions of transactions for your most mission-critical applications to billions of rows in the hands of end users for predictive and adhoc analytics in IT-managed offerings. Microsoft uniquely delivers the Cloud OS as a consistent and comprehensive set of capabilities across on-premises, Microsoft Cloud or service provider’s cloud to support the world’s apps and data anywhere.
  • Windows server 2012 Wat mag ik met Dynamic Access

    1. 1. Microsoft Windows Server 2012 Seminar: Wat mag ik met Dynamic Access in Windows Server 2012 Windows Server 2012 introduceert Dynamic Access. Dynamic Access is een verzameling features om ervoor te zorgen dat gebruikers en hun data conform de bedrijfsregels beschikbaar en beschermd zijn. Bestaande technieken, zoals IRM en Kerberos zijn vereenvoudigd en uitgebreid. Ook kunt u met File Classifications ervoor zorgen dat gevoelige bestanden die per ongeluk op publieke shares komen, beschermd worden dankzij “tags” die hen bijvoorbeeld aan uw afdeling Juridische zaken koppelen. Met Dynamic Access heeft u daarmee meer controle wie toegang heeft en tot welke data. Wilt u de beste beveiliging en toch uw gebruikers de mogelijkheid bieden van „het nieuwe werken‟ of „bring your own device‟, dan is deze techniek voor u!!
    2. 2.  Windows Server 2012 Trends and Challenges Dynamic Access Get Started: Advies en Doen!
    3. 3. The Cloud OS
    4. 4. 66% run 20% grow 14% transform EXPLOSIVE BUDGET IT MULTIPLE DEVICESDATA GROWTH REDUCTIONS CONSTRAINTS Companies are under pressure to do more with less
    5. 5. ENABLING ROL & DEVICE ALLOW CUSTOMERS AVAILABILITY DEVICES DRIVEN PRIVILEGES & PARTNERSCompanies must facilitate productivity without impacting security
    6. 6. f CENTRALIZE &RAPID RESPONSE PROTECT REPORT & AUDIT STANDARDIZE Companies need an integrated security strategy
    7. 7. USERS & DEVICES PRIVATE PUBLICINFRASTRUCTURE APPS & SERVICES TRADITIONAL IT IDENTITY HYBRID CLOUD
    8. 8. User and Device Claims • User and computer attributes can be used in ACEs Expression-Based ACEs • ACEs with conditions, including Boolean logic and relative operators • File classifications can be used in authorization decisionsClassification Enhancements • Continuous automatic classification • Automatic RMS encryption based on classification Central Access and Audit • Central authorization/audit rules defined in AD and applied across multiple file Policies servers • Allow users to request access Access Denied Assistance • Provide detailed troubleshooting info to admins
    9. 9. AD DS File Server User claims Device claims Resource properties User.Department = Finance Device.Department = Finance Resource.Department = Finance User.Clearance = High Device.Managed = True Resource.Impact = High ACCESS POLICY Applies to: @File.Impact = HighAllow | Read, Write | if (@User.Department == @File.Department) AND (@Device.Managed == True)
    10. 10. 1
    11. 11. In-box 3rd party content classification classifier pluginResourcePropertyDefinitions See modified / created file Save classification FCI For Security
    12. 12. 12
    13. 13. Share Security Descriptor Share Permissions Active Directory (cached in local Registry) File/Folder Cached Central Access Policy Security Descriptor Definition Central Access Policy Reference Cached Central Access Rule NTFS Permissions Cached Central Access Rule Cached Central Access RuleAccess Control Decision:1) Access Check – Share permissions if applicable2) Access Check – File permissions3) Access Check – Every matching Central Access Rule in Central Access Policy
    14. 14. File Access Share PermissionsAccess NTFS Permissions Control Decision
    15. 15. File Share Permissions AccessAccess NTFS Permissions Control Central Access Policy Decision
    16. 16. Classifications on File Being Accessed Department Engineering Sensitivity HighPermission Type Target Files Permissions Engineering Engineering Sales Full-Time Part-Time Full-TimeShare Everyone:Full Full Full FullRule 1: Engineering Docs Dept=Engineering Engineering:Modify Modify Modify Read Everyone: ReadRule 2: Sensitive Data Sensitivity=High FT:Modify Modify None ModifyRule 3: Sales Docs Dept=Sales Sales:Modify [rule ignored – not processed]NTFS FT:Modify Modify Read Modify Part-Time:Read Effective Rights: Modify None Read
    17. 17. 2012 Token User Account User GroupsPre-2012 Token Claims User Account Device Groups User Groups Claims [other stuff] [other stuff]
    18. 18. NT Access Token ContosoAlice Claim typeUser Groups:…. Display Name Claims: Title=SDE Source Suggested values Value type Kerberos Ticket ContosoAlice User Groups:…. Claims: Title=SDE
    19. 19. Windows Server 2012 Active Directory Claims ResourceIn Active Directory: Property Definitions Access PolicyOn File Server:At Runtime: End User Windows Server 2012 File Server
    20. 20. 01• Manual tagging by content • Central access policies • Central audit policies that can • Automatic Rights owners targeted based on file tags be applied across multiple file Management Services (RMS) servers protection for Microsoft Office• Automatic classification (tagging) • Expression-based access documents based on file tags conditions with support for • Expression-based auditing• Application-based tagging user claims, device claims, and conditions with support for • Near real-time protection file tags user claims, device claims, and soon after the file is tagged file tags • Access denied remediation • Extensibility for non-Office • Policy staging audits to RMS protectors simulate policy changes in a real environment
    21. 21. Download Windows Server2012LearnAct

    ×