Your SlideShare is downloading. ×
0
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Microsoft Direct Access (part 1)_John Delizo

1,324

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,324
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
90
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • PRODUCTIVESECURECOST EFFECTIVE
  • Transcript

    • 1.
    • 2. DirectAccess Solution<br />Philippine Windows Users Group<br />John D. Delizo, MCTS MCPD<br />
    • 3. What will we cover?<br />DirectAccess Solution<br />DirectAccessDeployment<br />Windows 7 and Direct Access<br />
    • 4. Helpful Experience<br />IPv4<br />IPv6<br />NAT<br />Firewall<br />IIS, HTTP & HTTPS<br />IPSEC<br />ADDS<br />ADCS<br />
    • 5. Agenda<br />DirectAccess Overview<br />Supporting infrastructure and technologies<br />Configuring DirectAccess<br />Using DirectAccess with Windows 7<br />
    • 6. Agenda<br />DirectAccess Overview<br />Supporting infrastructure and technologies<br />Configuring DirectAccess<br />Using DirectAccess with Windows 7<br />
    • 7. Information Worker’s World Has Been Changing…<br />CENTRAL OFFICE<br />REMOTE WORK<br />BRANCH OFFICES<br />MOBILE & DISTRIBUTED WORKFORCE<br />
    • 8. Building A Trusted Stack<br />Identity Claims<br />Authentication<br />Authorization<br />Access Control Mechanisms<br />Audit<br />Core Security Components<br />“I+4A”<br />Trusted Data<br />Trusted People<br />Trusted<br />Stack<br />Trusted Software<br />Trusted Hardware<br />Integrated Protection<br />Secure<br />Foundation<br />SDL and<br /> SD3<br />Defensein Depth<br />Threat<br />Mitigation<br />
    • 9. What Is DirectAccess?<br />Comprehensive anywhere access solution available in Windows 7 and Windows Server 2008 R2<br />Provides seamless, always-on, secure connectivity to on-premise and remote users alike<br />Eliminates the need to connect explicitly to corpnet while remote<br />Facilitates secure, end-to-end communication and collaboration<br />Leverages a policy-based network access approach <br />Enables IT to easily service/secure/update/provision mobile machines whether they are inside or outside the network<br />
    • 10. The DirectAccess Vision<br />Internet<br />Always-on connectivity across different <br />networks<br />Always on<br />Always healthy<br />Always secure<br />ISA FW, TSG<br />802.1x<br />Customer Site<br />Compliant Windows 7 Client<br />Compliant Windows 7 Client<br />Compliant Windows 7 Client<br />Non-compliant Client Device<br />Lab, Client<br />Non-compliant Client Device<br />A focus on driving access decisions based on “policy and a trusted identity,” rather than the limitations of network topology. <br />RODC<br />X<br />Cust FW<br />Downlevel or Mobile Client<br />Secure Boundary<br />Compliant Client<br />Dedicated Resources<br />Corporate Network<br />Business Partner<br />Healthy Resources<br />VPN Gateway<br />Non-compliant Client Device<br />NPS/NAP Servers<br />Requires users to connect (lost productivity)<br />Client must be made healthy prior to network access(Lost productivity plus IT time and expense)<br />
    • 11. Benefits Of DirectAccessBringing Corpnet to the User<br />
    • 12. Benefits Of DirectAccessBringing Corpnet to the User<br />More productivity<br />Always-on access to corpnet while roaming<br />No explicit user action required – it just works<br />Same user experience on premise and off<br />
    • 13. Benefits Of DirectAccessBringing Corpnet to the User<br />More secure<br />More productivity<br />Always-on access to corpnet while roaming<br />No explicit user action required – it just works<br />Same user experience on premise and off<br />Healthy, trustable host regardless of network<br />Fine grain per app/server policy control<br />Richer policy control near assets<br />Ability to extend regulatory compliance to roaming assets<br />Incremental deployment path toward IPv6<br />
    • 14. Benefits Of DirectAccessBringing Corpnet to the User<br />More secure<br />More manageable and cost effective<br />More productivity<br />Always-on access to corpnet while roaming<br />No explicit user action required – it just works<br />Same user experience on premise and off<br />Simplified remote management of mobile resources as if they were on the LAN<br />Lower total cost of ownership (TCO) with an “always managed” infrastructure <br />Unified secure access across all scenarios and networks<br />Integrated administration of all connectivity mechanisms<br />Healthy, trustable host regardless of network<br />Fine grain per app/server policy control<br />Richer policy control near assets<br />Ability to extend regulatory compliance to roaming assets<br />Incremental deployment path toward IPv6<br />
    • 15. Agenda<br />DirectAccess Overview<br />Supporting infrastructure and technologies<br />Configuring DirectAccess<br />Using DirectAccess with Windows 7<br />
    • 16. DirectAccess Components<br />
    • 17. DirectAccess Components<br />DirectAccess client<br />DirectAccess server<br />Network location server.<br />Certificate revocation list (CRL) distribution points<br />NAP / Health Validation<br />ADDS<br />Native IPv6 (Globally Routable)<br />6to4<br />Teredo<br />IP-HTTPS<br />
    • 18. DirectAccess & Enabling IPv6<br />Internet<br />DirectAccessServer<br />DirectAccessClient<br />Tunnel over IPv4 UDP, HTTPS, etc.<br />Native IPv6<br />6to4<br />Teredo<br />IP-HTTPS<br />
    • 19. DirectAccess & IPsec<br />EnterpriseNetwork<br />DirectAccess Server<br />Line of Business Applications<br />No IPsec<br />IPsec Integrity Only (Auth)<br />IPsec Integrity + Encryption<br />
    • 20. DirectAccess Supporting Technologies<br />Corporate Network<br />Trusted, compliant,<br />healthy machine<br />DC & DNS(Win 2008)<br />Applications & Data<br />Windows 7 client<br />IAG SP2<br />NAP (includes Server & Domain Isolation [SDI])<br />Forefront Client Security<br />Windows Firewall<br />BitLocker + Trusted Platform Module (TPM)<br />

    ×