CLI-307<br />Welcome<br />
Do Not Delete This Slide<br />We appreciate hearing from you. To send your feedback, click the following link and type you...
Connect Remotely Using Windows® 7 DirectAccess<br />Level 300<br />
What Will We Cover?<br />The Value and Benefits of DirectAccess<br />Configuring DirectAccess<br />Using Network Access Pr...
Agenda<br />DirectAccess Capabilities <br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring and Connec...
DirectAccess: Benefits<br />More manageable and cost effective<br />More productivity<br />More secure<br />Always-on acce...
DirectAccess: Advantages<br />DirectAccess overcomes the limitations of VPNs by automatically establishing a bi-directiona...
Agenda<br />DirectAccess Capabilities <br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring and Connec...
Deploying DirectAccess<br />Client<br />Receives configuration while directly connectedto corporate network (provisioning)...
Policies controlled via Group Policy</li></li></ul><li>DirectAccess on Windows Server 2008 R2<br />Authentication<br />Enc...
DirectAccess Deployment Requirements<br />Client/Server<br />Windows 7 clients<br />Windows Server 2008 R2<br />Applicatio...
DirectAccess Deployment Requirements<br />Client/Server<br />Windows 7 clients<br />Windows Server 2008 R2<br />Applicatio...
Deployment Scenario : End-to-Edge Authentication<br />Corporate Network<br />Trusted, compliant,<br />healthy machine<br /...
Deployment Scenario: End-to-End Authentication<br />Corporate Network<br />Trusted, compliant,<br />healthy machine<br />D...
Demonstration Environment<br />
Configure DirectAccess Server<br />Connect a Windows 7 Client Using DirectAccess<br />Manage a Windows 7 Remote Client Usi...
Agenda<br />DirectAccess Capabilities <br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring and Connec...
DirectAccess in Windows 7<br />Network connection<br />The client detects the network connection<br />Is client on intrane...
Configuring Windows 7 for DirectAccess<br />Verify certificate<br />Add Client to DirectAccess Security Group<br />Set cli...
Agenda<br />DirectAccess Capabilities <br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring and Connec...
Configuring NAP<br />Factors in configuring NAP<br />Staging strategy<br />Server placement<br />System health and complia...
Deferred enforcement
Full enforcement</li></ul>A NAP server infrastructure includes NAP health policy servers and NAP enforcement points<br />Y...
Configuring NAP - Notes<br />Factors in configuring NAP<br />Staging strategy<br />Server placement<br />System health and...
Deferred enforcement
Full enforcement</li></ul>A NAP server infrastructure includes NAP health policy servers and NAP enforcement points<br />Y...
Create Connection Request Policy<br />Configure the Windows Security Health Validators<br />Create Health Policies<br />De...
Agenda<br />DirectAccess Capabilities <br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring and Connec...
Windows 7, DirectAccess, and NAP<br />NAP on the Client<br />Windows<br />Client<br />DirectAccess server<br />NAP Policy ...
Configure DirectAccess IPSec Rules<br />Configure DirectAccess Client for NAP<br />Enforce NAP Protection through DirectAc...
Upcoming SlideShare
Loading in …5
×

Connect Remotely Using Windows® 7 Direct Access

13,171 views

Published on

The session will focus on Windows 7 Direct Access to provide secure anywhere access on the network. We will explore how Direct Access solution makes it easier for IT Professionals to manage the network infrastructure and how it reduces IT costs. We will discuss how Direct Access works, network infrastructure requirements, and how to setup and configure Direct Access on the WS08 R2 Server and Windows 7 Client. In addition, we will include how NAP connections are integrated with Direct Access for Windows 7 remote clients to comply with network policy before connecting to intranet resources. The topics will include WS08 R2 configuration and the Windows 7 connection process through the Direct Access server to the NAP server. The session will include demonstrations on how to setup and configure Direct Access on the Windows 7 client and Windows Server 2008 R2. Finally, the session will include demonstrations to configure NPS Server on Windows Server 2008 R2 and connecting Windows 7 NAP client through the Direct Access Server to NPS Server.

  • Be the first to comment

Connect Remotely Using Windows® 7 Direct Access

  1. 1. CLI-307<br />Welcome<br />
  2. 2. Do Not Delete This Slide<br />We appreciate hearing from you. To send your feedback, click the following link and type your comments in the message body. <br />Note: The subject-line information is used to route your feedback. If you remove or modify the subject line we may be unable to process your feedback.<br />Send feedback<br />
  3. 3. Connect Remotely Using Windows® 7 DirectAccess<br />Level 300<br />
  4. 4. What Will We Cover?<br />The Value and Benefits of DirectAccess<br />Configuring DirectAccess<br />Using Network Access Protection (NAP) and DirectAccess<br />
  5. 5. Agenda<br />DirectAccess Capabilities <br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring and Connecting Clients to DirectAccess Server<br />Configuring NAP on Windows Server 2008 R2<br />Connecting Windows 7 Clients to NAP Servers through DirectAccess<br />
  6. 6. DirectAccess: Benefits<br />More manageable and cost effective<br />More productivity<br />More secure<br />Always-on access to corporate network while roaming<br />No explicit user action required – it just works<br />Same user experience on premises and off<br />Simplified remote management of mobile resources as if they were on the LAN<br />Lower total cost of ownership (TCO) with an “always managed” infrastructure <br />Unified secure access across all scenarios and networks<br />Integrated administration of all connectivity mechanisms<br />Healthy, trustable host regardless of network<br />Fine grain per app/server policy control<br />Richer policy control near assets<br />Ability to extend regulatory compliance to roaming assets<br />Incremental deployment path toward IPv6<br />
  7. 7. DirectAccess: Advantages<br />DirectAccess overcomes the limitations of VPNs by automatically establishing a bi-directional connection from client computers to the corporate network. <br />DirectAccess is built on a foundation of proven, standards-based technologies: Internet Protocol security (IPSec) and Internet Protocol version 6 (IPv6).<br />
  8. 8. Agenda<br />DirectAccess Capabilities <br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring and Connecting Clients to DirectAccess Server<br />Configuring NAP on Windows Server 2008 R2<br />Connecting Windows 7 Clients to NAP Servers through DirectAccess<br />
  9. 9. Deploying DirectAccess<br />Client<br />Receives configuration while directly connectedto corporate network (provisioning) via Group Policy<br />NAP used to check configuration and healthwhen remotely connected (not required)<br />Server<br /><ul><li>DirectAccess wizard to set up DirectAccess server(s)
  10. 10. Policies controlled via Group Policy</li></li></ul><li>DirectAccess on Windows Server 2008 R2<br />Authentication<br />Encryption<br />Access Control<br />Integration with NAP<br />Split-Tunnel Routing<br />
  11. 11. DirectAccess Deployment Requirements<br />Client/Server<br />Windows 7 clients<br />Windows Server 2008 R2<br />Application Servers <br />Windows Server 2008 (for native IPv6 support)<br />Exception: When Windows Firewall Authentication policy is used, application servers must be Windows Server 2008 R2<br />DC/DNS Servers<br />Windows Server 2008 SP2 or Windows Server 2008 R2<br />NAT-PT Server if IPv4 Access Is Desired<br />
  12. 12. DirectAccess Deployment Requirements<br />Client/Server<br />Windows 7 clients<br />Windows Server 2008 R2<br />Application Servers <br />Windows Server 2008 (for native IPv6 support)<br />Exception: When Windows Firewall Authentication policy is used, application servers must be Windows Server 2008 R2<br />DC/DNS Servers<br />Windows Server 2008 SP2 or Windows Server 2008 R2<br />NAT-PT Server if IPv4 Access Is Desired<br />
  13. 13. Deployment Scenario : End-to-Edge Authentication<br />Corporate Network<br />Trusted, compliant,<br />healthy machine<br />DirectAccess server<br />Optional NATPT<br />DC & DNS(Win 2008)<br />Domain clients<br />Internet<br />Windows 7 client<br />Application Servers<br />IPSec ESP tunnel using machine cert (DC/DNS access)<br />IPSec ESP tunnel using machine cert and user credentials (App server access)<br />
  14. 14. Deployment Scenario: End-to-End Authentication<br />Corporate Network<br />Trusted, compliant,<br />healthy machine<br />DirectAccess server<br />Optional NATPT<br />DC & DNS(Win 2008)<br />Domain clients<br />Internet<br />Windows 7 client<br />Application Servers<br />IPSec ESP tunnel using machine cert and user credentials (App server access)<br />
  15. 15. Demonstration Environment<br />
  16. 16. Configure DirectAccess Server<br />Connect a Windows 7 Client Using DirectAccess<br />Manage a Windows 7 Remote Client Using DirectAccess<br />Demonstration: Introducing DirectAccess<br />
  17. 17. Agenda<br />DirectAccess Capabilities <br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring and Connecting Clients to DirectAccess Server<br />Configuring NAP on Windows Server 2008 R2<br />Connecting Windows 7 Clients to NAP Servers through DirectAccess<br />
  18. 18. DirectAccess in Windows 7<br />Network connection<br />The client detects the network connection<br />Is client on intranet?<br />If client is on intranet, DirectAccess connection stops<br />If not on intranet, use DirectAccess<br />The client attempts to use various methods to connect to DirectAccess server<br />
  19. 19. Configuring Windows 7 for DirectAccess<br />Verify certificate<br />Add Client to DirectAccess Security Group<br />Set client as an ISATAP Host<br />Verify name resolution and IPv6 access to the domain controller<br />
  20. 20. Agenda<br />DirectAccess Capabilities <br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring and Connecting Clients to DirectAccess Server<br />Configuring NAP on Windows Server 2008 R2<br />Connecting Windows 7 Clients to NAP Servers through DirectAccess<br />
  21. 21. Configuring NAP<br />Factors in configuring NAP<br />Staging strategy<br />Server placement<br />System health and compliance<br /><ul><li>Reporting mode
  22. 22. Deferred enforcement
  23. 23. Full enforcement</li></ul>A NAP server infrastructure includes NAP health policy servers and NAP enforcement points<br />You must define which client configuration will be considered compliant and which will be considered noncompliant with health requirements<br />
  24. 24. Configuring NAP - Notes<br />Factors in configuring NAP<br />Staging strategy<br />Server placement<br />System health and compliance<br /><ul><li>Reporting mode
  25. 25. Deferred enforcement
  26. 26. Full enforcement</li></ul>A NAP server infrastructure includes NAP health policy servers and NAP enforcement points<br />You must define which client configuration will be considered compliant and which will be considered noncompliant with health requirements<br />
  27. 27. Create Connection Request Policy<br />Configure the Windows Security Health Validators<br />Create Health Policies<br />Demonstration: Configuring Network Policy and Access Services<br />
  28. 28. Agenda<br />DirectAccess Capabilities <br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring and Connecting Clients to DirectAccess Server<br />Configuring NAP on Windows Server 2008 R2<br />Connecting Windows 7 Clients to NAP Servers through DirectAccess<br />
  29. 29. Windows 7, DirectAccess, and NAP<br />NAP on the Client<br />Windows<br />Client<br />DirectAccess server<br />NAP Policy Servers<br />Corporate Network<br />
  30. 30. Configure DirectAccess IPSec Rules<br />Configure DirectAccess Client for NAP<br />Enforce NAP Protection through DirectAccess<br />Demonstration: Integrating NAP with DirectAccess<br />
  31. 31. Session Summary<br />Configuring DirectAccess on Windows Server 2008 R2<br />Configuring Windows 7 to Use DirectAccess<br />Adding a NAP Server to Your DirectAccess Topology<br />
  32. 32. Where to Find More Information?<br />Visit TechNet at technet.microsoft.com<br />Also check out TechNet Edge <br />edge.technet.com<br />Or just visit http://go.microsoft.com/?linkid=9662639<br />for additional information on this session.<br />
  33. 33. For more titles, visit<br />http://go.microsoft.com/?linkid=9662639<br />Supporting Publications<br />©2009 Microsoft Corporation. All Rights Reserved.<br />
  34. 34. For more training information http://go.microsoft.com/?linkid=9662636http://www.microsoft.com/directaccess <br />Training Resources<br />©2009 Microsoft Corporation. All Rights Reserved.<br />
  35. 35. Become a Microsoft Certified Professional <br />What Are MCP Certifications?<br />Validation in performing critical IT functions.<br />Why Certify?<br />Worldwide recognition of skills gained via experience.<br />More effective deployments with reduced costs<br />What Certifications Are There for IT Pros?<br />MCTS, MCITP.<br />www.microsoft.com/certification<br />
  36. 36. Microsoft TechNet Plus<br />TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning. <br />Evaluate & Learn<br />Plan & Deploy<br />Support & Maintain<br />2 complimentaryProfessional Support incidents for use 24/7 (20% discount on additional incidents)<br />Access over 100 managed newsgroups and get next business day response--guaranteed<br />Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities<br />Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training<br />Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager<br />Evaluate full versions of all Microsoft commercial software for evaluation—without time limits. This includes all client, server and Office applications.<br />Try out all the latest betas before public release<br />Keep your skills current with quarterly training resources including select Microsoft E-Learning courses<br />Get all these resources and more with a TechNet Plus subscription.<br />For more information visit: technet.microsoft.com/subscriptions<br />
  37. 37. Your potential. Our Passion<br />
  38. 38. Do Not Delete This Slide<br />We appreciate hearing from you. To send your feedback, click the following link and type your comments in the message body. <br />Note: The subject-line information is used to route your feedback. If you remove or modify the subject line we may be unable to process your feedback.<br />Send feedback<br />
  39. 39. Session Credits<br />Author:<br />Editor: Resources Online<br />MS Producer: Alan Le Marquand<br />Technical Specialists<br />[Reviewer 1]<br />[Reviewer 2]<br />Microsoft Reviewers<br />

×