Microsoft Direct Access (part 1)_John Delizo

  • 1,223 views
Uploaded on

 

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,223
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
85
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • PRODUCTIVESECURECOST EFFECTIVE

Transcript

  • 1.
  • 2. DirectAccess Solution
    Philippine Windows Users Group
    John D. Delizo, MCTS MCPD
  • 3. What will we cover?
    DirectAccess Solution
    DirectAccessDeployment
    Windows 7 and Direct Access
  • 4. Helpful Experience
    IPv4
    IPv6
    NAT
    Firewall
    IIS, HTTP & HTTPS
    IPSEC
    ADDS
    ADCS
  • 5. Agenda
    DirectAccess Overview
    Supporting infrastructure and technologies
    Configuring DirectAccess
    Using DirectAccess with Windows 7
  • 6. Agenda
    DirectAccess Overview
    Supporting infrastructure and technologies
    Configuring DirectAccess
    Using DirectAccess with Windows 7
  • 7. Information Worker’s World Has Been Changing…
    CENTRAL OFFICE
    REMOTE WORK
    BRANCH OFFICES
    MOBILE & DISTRIBUTED WORKFORCE
  • 8. Building A Trusted Stack
    Identity Claims
    Authentication
    Authorization
    Access Control Mechanisms
    Audit
    Core Security Components
    “I+4A”
    Trusted Data
    Trusted People
    Trusted
    Stack
    Trusted Software
    Trusted Hardware
    Integrated Protection
    Secure
    Foundation
    SDL and
    SD3
    Defensein Depth
    Threat
    Mitigation
  • 9. What Is DirectAccess?
    Comprehensive anywhere access solution available in Windows 7 and Windows Server 2008 R2
    Provides seamless, always-on, secure connectivity to on-premise and remote users alike
    Eliminates the need to connect explicitly to corpnet while remote
    Facilitates secure, end-to-end communication and collaboration
    Leverages a policy-based network access approach
    Enables IT to easily service/secure/update/provision mobile machines whether they are inside or outside the network
  • 10. The DirectAccess Vision
    Internet
    Always-on connectivity across different
    networks
    Always on
    Always healthy
    Always secure
    ISA FW, TSG
    802.1x
    Customer Site
    Compliant Windows 7 Client
    Compliant Windows 7 Client
    Compliant Windows 7 Client
    Non-compliant Client Device
    Lab, Client
    Non-compliant Client Device
    A focus on driving access decisions based on “policy and a trusted identity,” rather than the limitations of network topology.
    RODC
    X
    Cust FW
    Downlevel or Mobile Client
    Secure Boundary
    Compliant Client
    Dedicated Resources
    Corporate Network
    Business Partner
    Healthy Resources
    VPN Gateway
    Non-compliant Client Device
    NPS/NAP Servers
    Requires users to connect (lost productivity)
    Client must be made healthy prior to network access(Lost productivity plus IT time and expense)
  • 11. Benefits Of DirectAccessBringing Corpnet to the User
  • 12. Benefits Of DirectAccessBringing Corpnet to the User
    More productivity
    Always-on access to corpnet while roaming
    No explicit user action required – it just works
    Same user experience on premise and off
  • 13. Benefits Of DirectAccessBringing Corpnet to the User
    More secure
    More productivity
    Always-on access to corpnet while roaming
    No explicit user action required – it just works
    Same user experience on premise and off
    Healthy, trustable host regardless of network
    Fine grain per app/server policy control
    Richer policy control near assets
    Ability to extend regulatory compliance to roaming assets
    Incremental deployment path toward IPv6
  • 14. Benefits Of DirectAccessBringing Corpnet to the User
    More secure
    More manageable and cost effective
    More productivity
    Always-on access to corpnet while roaming
    No explicit user action required – it just works
    Same user experience on premise and off
    Simplified remote management of mobile resources as if they were on the LAN
    Lower total cost of ownership (TCO) with an “always managed” infrastructure
    Unified secure access across all scenarios and networks
    Integrated administration of all connectivity mechanisms
    Healthy, trustable host regardless of network
    Fine grain per app/server policy control
    Richer policy control near assets
    Ability to extend regulatory compliance to roaming assets
    Incremental deployment path toward IPv6
  • 15. Agenda
    DirectAccess Overview
    Supporting infrastructure and technologies
    Configuring DirectAccess
    Using DirectAccess with Windows 7
  • 16. DirectAccess Components
  • 17. DirectAccess Components
    DirectAccess client
    DirectAccess server
    Network location server.
    Certificate revocation list (CRL) distribution points
    NAP / Health Validation
    ADDS
    Native IPv6 (Globally Routable)
    6to4
    Teredo
    IP-HTTPS
  • 18. DirectAccess & Enabling IPv6
    Internet
    DirectAccessServer
    DirectAccessClient
    Tunnel over IPv4 UDP, HTTPS, etc.
    Native IPv6
    6to4
    Teredo
    IP-HTTPS
  • 19. DirectAccess & IPsec
    EnterpriseNetwork
    DirectAccess Server
    Line of Business Applications
    No IPsec
    IPsec Integrity Only (Auth)
    IPsec Integrity + Encryption
  • 20. DirectAccess Supporting Technologies
    Corporate Network
    Trusted, compliant,
    healthy machine
    DC & DNS(Win 2008)
    Applications & Data
    Windows 7 client
    IAG SP2
    NAP (includes Server & Domain Isolation [SDI])
    Forefront Client Security
    Windows Firewall
    BitLocker + Trusted Platform Module (TPM)