View
200
Download
0
Category
Preview:
DESCRIPTION
Learn about the advances in Windows 8.1 and Windows Server 2012R2 that allow your users to work from anywhere in the world. Kieran Jacobsen will cover topics client seamless corporate connectivity with DirectAccess, managing BitLocker with MBAM, user document synchronization with Work Folders, addressing the needs of enterprise security and any performance requirements you might have.
Citation preview
Enabling Enterprise Mobility
Kieran JacobsenHP Enterprise Services
@kjacobsenAperturescience.su
2013
What is enterprise mobility?
What is enterprise mobility?
Enterprise mobility != BYODEnterprise mobility is not BYOD, but can be a stepping stone.Company still owns end user devices.Enterprise mobility is not just hardware and software, but policy and procedures.
Core solution conceptsConnectivity,Data,Security,Self service,Policy.
Connectivity RequirementsConfirm you have enough bandwidth.Confirm usage billing.Confirm network device capacity and licencing.
Virtual Private NetworksVPN required for:Legacy applications,Windows file sharing.
User experience:Demand dial,Automatically triggered connections,Always on connections.
Automatically triggered connectionsWindows 8.1 introduces:Automatically connect to a VPN connection.Trigger based upon DNS names or applications.Support for PPTP, L2TP and 3rd Party VPN (F5, CheckPoint, SonicWall).
Requirements:Split tunnel VPN.User can forcibly disable automatic triggering.
Not supported on domain joined devices
Demo
Triggering VPN based up DNS names
DirectAccessSeamless corporate connectivity.No changes from 8 to 8.1.Significant improvements from 7 to 8:More deployment options,No IPv6 requirements,Plenty of authentication options.
Must be Enterprise Edition on clients.
Demo
DirectAccess
VPN: SummaryEnterprise licence – DirectAccessNon domain joined – VPN TriggeringRest?
De-centralization of user dataMainframe era:Processing and storage is centralised on mainframes.User devices were “dumb” thin clients.
Personal PC era:Processing moved to user devices.Storage still centralised – Central SMB clusters, NAS, SharePoint.
Mobile device era:Processing and storage moved to user devices.
Storage technologiesPreviously:User home drives.Network shares.Roaming profiles.
Now:File and folder synchronization,Public or private cloud,Cloud – SkyDrive, SkyDrive Pro, DropBox, Box, Google Drive,Host your own – Work Folders, SharePoint, OwnCloud.
Evaluating storage technologiesIntegration:Web UI,Microsoft Office Suite,Client applications.
Sharing capabilities:Between different usersBetween 3rd Parties
Data retention.Trust!
Work FoldersBrand new in Windows 8.1Generation 1 technologyFile synchronization,No web interface,One folder structure per user,Integrates well with existing user home drives.
OwnCloudCloud storage like user experience.Designed, deployed and managed by YOU!Free!!!!!Features:File, folder, contact, calendar and bookmark synchronization,Multiple operating systems,Lots of out-of-box features,Rich plugin landscape offering even more features.
Demo
Deploying OwnCloud with Windows Azure, VM Depot and BitNami
AntivirusWe need to know:Clients a protected,Definitions are being updated,When threats occur.
Consider cloud based solutions:Windows Intune,Symantec,Sophos,McAfee.
Client BackupsTraditionally:Backup central data stores/shares/servers.
Enterprise World:Decentralised data requires decentralised backups.
Consider:Storage costs,Data transfer costs,Backup frequencies,User self service restoration.
Demo
Revisiting OwnCloud
EncryptionProtect data at transport:VPN,HTTPS/SSL.
Protect data at rest:File Encryption,Full Disk Encryption (FDE) – BitLocker, TrueCrypt, GPGDisk
FDE recovery key management:USB keys and file shares,Active Directory,MBAM.
MBAMMicrosoft BitLocker Administration and Monitoring.Part of Microsoft Desktop Optimisation Pack.Simplification of BitLocker management:Secure storage of recovery information,User self service portal,Helpdesk focused recovery portal,Reporting of encryption compliance,Auditing of access to recovery key information.
Improves security by resetting recovery key upon access
Demo
Self service recovery in MBAM
Device LossCorporate policy:Do you have a policy defining an employees responsibility when a device containing corporate data is lost?What is the IT process for these incidents?
Credentials:When devices are lost, consider disabling computer accounts, resetting user’s passwords, revoking certificates.
Device recovery products:Track devices using geolocation services,Allow for devices to be recovered by LAW ENFORCEMENT,Some can be highly persistent even after Windows reinstallation.Recommended – Prey, CompuTrace
Things I wish I could mention…EmailInstant MessagingAudio/Video conferencingRemote DesktopGroup PolicyHelp Desk ticketingAuthenticationDisaster RecoveryAdmin rightsWindows To GoBitLocker To GoBranchCacheWeb filteringClient firewalls…
Sponsors
2013
Recommended