Your SlideShare is downloading. ×
0
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Configuring and Implementing DirectAccess with Windows Server 2012

6,058

Published on

More info on http://techdays.be.

More info on http://techdays.be.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
6,058
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
242
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Remote access is a blessing and a curseFine line between enabling productive users and increasing exposure to risk.Corporate managed laptop leaves the network in a pristine state, never to be seen or heard from again. ;)What state is it in? Is it up to date? Users lament VPN because it is clunky! Name resolution challenges, password sync issues (cached credentials)Managing remote devices for BofA…
  • Legacy VPN is difficult to manage. Often requires manual client configuration, can be automated using CMAK (clunky). DirectAccess is configured automatically via group policy, which is much more efficient.
  • Password change via CTRL+ALT+DEL
  • IP-HTTPS improvements in interoperability and performance.
  • Transcript

    • 1. Implementing DirectAccess inWindows Server 2012Richard Hicks – Microsoft MVPFishNet Security
    • 2. Agenda• What is DirectAccess?• What are the Benefits of DirectAccess?• What’s New in Windows Server 2012 DirectAccess• DirectAccess Components• Limitations of DirectAccess• How DirectAccess Works• Planning and Implementation• Demonstration• Security Considerations
    • 3. What Is DirectAccess? Next Generation Remote Access Always On Seamless and Transparent Bi-Directional Connectivity NOT a VPN!
    • 4. DirectAccess vs. Legacy VPN• VPN • Intrusive • User Initiated Remote User Connects to Corporate Network• DirectAccess • Seamless and Transparent • No User Action Required Extend Corporate Network to the User
    • 5. DirectAccess Benefits • Streamlined User Experience End User • Familiar Access • Increased Productivity • Always Managed Administrator • Improved Compliance • Reduced Administration Costs
    • 6. Evolution of DirectAccess
    • 7. What’s New in Windows Server 2012DirectAccess Integrated Simplified Perimeter/DMZ and RRAS No PKI Network Load Deployment DeploymentCoexistence Balancing AutomatedMulti-Domain NAP OTP/Virtual IP-HTTPS Force Support Integration Smartcard Improvements Tunneling Monitoring andManage Out Multi-Site Server Core PowerShell Reporting
    • 8. New Feature Highlights• Easier to Deploy • Simplified Deployment • Flexible Network Placement • Performs Better • IP-HTTPS Improvements• Scalable Solution • Load Balancing • Multi-Site• More Manageable • Monitoring, Accounting, Reporting, Diagnostics • PowerShell
    • 9. DirectAccess Components Windows Server 2012 Windows 8 Enterprise *Windows 7 Ultimate/Enterprise IPv6 and IPsec Active Directory and Group Policy
    • 10. DirectAccess Components• Certificates • PKI is Optional (Strongly Recommended!) • PKI Required for Windows 7 Clients• Network Location Server (NLS)• DNS64/NAT64• Name Resolution Policy Table (NRPT)• Windows Firewall w/Advanced Security
    • 11. IPv6 Transition Protocols 6to4 Teredo IP-HTTPS ISATAP• Public Client • Private • 6to4/Teredo • Intranet IP Address Client IP Not Manage Out• IP Protocol Address Available • ISATAP 41 • UDP Port • SSL/TLS Router 3544 • DNS
    • 12. A Word About ISATAP• ISATAP Not Recommended• Global In Scope• Lower Layer Protocols Depend On Upper Layer Protocols• Lack of Monitoring and Management• Deploy IPv6• Restrict ISATAP to Specific Hosts • Group Policy • HOSTS File
    • 13. DirectAccess Limitations Supported Clients Non-Supported Clients • Windows 8 Enterprise • Windows 8 Professional • Windows 7 Enterprise • Windows Vista • Windows 7 Ultimate • Windows XP • Domain-Joined • Non domain-joined
    • 14. DirectAccess Limitations Client Compatibility Issues • Protocols with Embedded IPv4 Addresses • Applications with Hard Coded IPv4 Addresses
    • 15. How DirectAccess Works• Client Assumes it is Not Connected to the Intranet• Establishes HTTPS Connection to NLS• Domain WFAS Profile Activated• NRPT Disabled• No DirectAccess IPsec Tunnels
    • 16. How DirectAccess Works• Client Assumes it is Not Connected to the Intranet• Fails to Establish HTTPS Connection to NLS• Public or Private WFAS Profile Activated• NRPT Enabled• DirectAccess IPsec Tunnels Enabled
    • 17. Planning for DirectAccess• Prerequisites • Windows Server 2012 • Windows 8 Enterprise • Windows 7 Enterprise/Ultimate • Domain-joined• Network Placement • Edge • Perimeter/DMZ• High Availability and Redundancy
    • 18. Implementing DirectAccess• Install RemoteAccess Feature • GUI • PowerShell• Configure RemoteAccess • Simplified Deployment • Complex Deployment
    • 19. Security Considerations Authentication Endpoint Infrastructure• Password Policy • Whole Disk • NAP Integration• SmartCards Encryption • Remote Content• Dynamic • Boot PIN Filtering Passwords (OTP) • Anti-Virus • Disable Computer Account for Lost/Stolen Machines
    • 20. Thank You! Richard Hicks Microsoft MVP FishNet Security rich@richardhicks.com richardhicks.com/connect

    ×