Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Microsoft Direct Access (part 1)_John Delizo

1,927 views

Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

Microsoft Direct Access (part 1)_John Delizo

  1. 1.
  2. 2. DirectAccess Solution<br />Philippine Windows Users Group<br />John D. Delizo, MCTS MCPD<br />
  3. 3. What will we cover?<br />DirectAccess Solution<br />DirectAccessDeployment<br />Windows 7 and Direct Access<br />
  4. 4. Helpful Experience<br />IPv4<br />IPv6<br />NAT<br />Firewall<br />IIS, HTTP & HTTPS<br />IPSEC<br />ADDS<br />ADCS<br />
  5. 5. Agenda<br />DirectAccess Overview<br />Supporting infrastructure and technologies<br />Configuring DirectAccess<br />Using DirectAccess with Windows 7<br />
  6. 6. Agenda<br />DirectAccess Overview<br />Supporting infrastructure and technologies<br />Configuring DirectAccess<br />Using DirectAccess with Windows 7<br />
  7. 7. Information Worker’s World Has Been Changing…<br />CENTRAL OFFICE<br />REMOTE WORK<br />BRANCH OFFICES<br />MOBILE & DISTRIBUTED WORKFORCE<br />
  8. 8. Building A Trusted Stack<br />Identity Claims<br />Authentication<br />Authorization<br />Access Control Mechanisms<br />Audit<br />Core Security Components<br />“I+4A”<br />Trusted Data<br />Trusted People<br />Trusted<br />Stack<br />Trusted Software<br />Trusted Hardware<br />Integrated Protection<br />Secure<br />Foundation<br />SDL and<br /> SD3<br />Defensein Depth<br />Threat<br />Mitigation<br />
  9. 9. What Is DirectAccess?<br />Comprehensive anywhere access solution available in Windows 7 and Windows Server 2008 R2<br />Provides seamless, always-on, secure connectivity to on-premise and remote users alike<br />Eliminates the need to connect explicitly to corpnet while remote<br />Facilitates secure, end-to-end communication and collaboration<br />Leverages a policy-based network access approach <br />Enables IT to easily service/secure/update/provision mobile machines whether they are inside or outside the network<br />
  10. 10. The DirectAccess Vision<br />Internet<br />Always-on connectivity across different <br />networks<br />Always on<br />Always healthy<br />Always secure<br />ISA FW, TSG<br />802.1x<br />Customer Site<br />Compliant Windows 7 Client<br />Compliant Windows 7 Client<br />Compliant Windows 7 Client<br />Non-compliant Client Device<br />Lab, Client<br />Non-compliant Client Device<br />A focus on driving access decisions based on “policy and a trusted identity,” rather than the limitations of network topology. <br />RODC<br />X<br />Cust FW<br />Downlevel or Mobile Client<br />Secure Boundary<br />Compliant Client<br />Dedicated Resources<br />Corporate Network<br />Business Partner<br />Healthy Resources<br />VPN Gateway<br />Non-compliant Client Device<br />NPS/NAP Servers<br />Requires users to connect (lost productivity)<br />Client must be made healthy prior to network access(Lost productivity plus IT time and expense)<br />
  11. 11. Benefits Of DirectAccessBringing Corpnet to the User<br />
  12. 12. Benefits Of DirectAccessBringing Corpnet to the User<br />More productivity<br />Always-on access to corpnet while roaming<br />No explicit user action required – it just works<br />Same user experience on premise and off<br />
  13. 13. Benefits Of DirectAccessBringing Corpnet to the User<br />More secure<br />More productivity<br />Always-on access to corpnet while roaming<br />No explicit user action required – it just works<br />Same user experience on premise and off<br />Healthy, trustable host regardless of network<br />Fine grain per app/server policy control<br />Richer policy control near assets<br />Ability to extend regulatory compliance to roaming assets<br />Incremental deployment path toward IPv6<br />
  14. 14. Benefits Of DirectAccessBringing Corpnet to the User<br />More secure<br />More manageable and cost effective<br />More productivity<br />Always-on access to corpnet while roaming<br />No explicit user action required – it just works<br />Same user experience on premise and off<br />Simplified remote management of mobile resources as if they were on the LAN<br />Lower total cost of ownership (TCO) with an “always managed” infrastructure <br />Unified secure access across all scenarios and networks<br />Integrated administration of all connectivity mechanisms<br />Healthy, trustable host regardless of network<br />Fine grain per app/server policy control<br />Richer policy control near assets<br />Ability to extend regulatory compliance to roaming assets<br />Incremental deployment path toward IPv6<br />
  15. 15. Agenda<br />DirectAccess Overview<br />Supporting infrastructure and technologies<br />Configuring DirectAccess<br />Using DirectAccess with Windows 7<br />
  16. 16. DirectAccess Components<br />
  17. 17. DirectAccess Components<br />DirectAccess client<br />DirectAccess server<br />Network location server.<br />Certificate revocation list (CRL) distribution points<br />NAP / Health Validation<br />ADDS<br />Native IPv6 (Globally Routable)<br />6to4<br />Teredo<br />IP-HTTPS<br />
  18. 18. DirectAccess & Enabling IPv6<br />Internet<br />DirectAccessServer<br />DirectAccessClient<br />Tunnel over IPv4 UDP, HTTPS, etc.<br />Native IPv6<br />6to4<br />Teredo<br />IP-HTTPS<br />
  19. 19. DirectAccess & IPsec<br />EnterpriseNetwork<br />DirectAccess Server<br />Line of Business Applications<br />No IPsec<br />IPsec Integrity Only (Auth)<br />IPsec Integrity + Encryption<br />
  20. 20. DirectAccess Supporting Technologies<br />Corporate Network<br />Trusted, compliant,<br />healthy machine<br />DC & DNS(Win 2008)<br />Applications & Data<br />Windows 7 client<br />IAG SP2<br />NAP (includes Server & Domain Isolation [SDI])<br />Forefront Client Security<br />Windows Firewall<br />BitLocker + Trusted Platform Module (TPM)<br />

×