Upload
donald-montgomery
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
DirectAccess Solution
Enabling Secure Always-On Connectivity[Name]Microsoft Corporation
Microsoft Confidential
ImplicationsTraditional network security no longer sufficientComplex security and access management driving up IT costsSecurity and connectivity limitations inhibit productivity and collaboration
De-perimeterization of the network
Evolutionary shift of protection to host and data level
Mobile Technology TrendsData is walking out the front door
Laptops, USB drives, cellular network cards, Smart Phones/PDAs
Malware and spyware can spread to allPressure to extend regulatory compliancebeyond corpnet boundaries
Mobile Workforce TrendsAlways-remote employees Flexible definition of “office”Corpnet access from customer sites
Globalization and OutsourcingOthers managing your network and data centersGrowing complexity of Software as a Service (SaaS) and cloud computing
Secure Access Landscape
Microsoft Confidential
Building A Trusted Stack
“I+4A”
Trusted Hardware
SecureFoundation
Core Security Components
Identity ClaimsAuthentication
AuthorizationAccess Control Mechanisms
Audit
Trusted PeopleTrustedStack
Trusted Data
Trusted Software
Integrated Protection
SDL and SD3
Defensein Depth
ThreatMitigatio
n
Microsoft Confidential
What Is DirectAccess?Comprehensive anywhere access solution available in Windows 7
Provides seamless, always-on, secure connectivity to on-premise and remote users alikeEliminates the need to connect explicitly to corpnet while remoteFacilitates secure, end-to-end communication and collaborationLeverages a policy-based network access approach Simplifies IT management and lowers total cost of ownershipEnables IT to easily service/secure/update/provision mobile machines whether they are inside or outside the network
Microsoft Confidential
The DirectAccess Vision
Always-on connectivity across different networks
A focus on driving access decisions based on “policy and a trusted identity,” rather than the limitations of network topology.
Always onAlways healthyAlways secure
X
Lab, Client
ISA FW, TSG 802.1x
Non-compliant Client Device
Non-compliant Client Device
Compliant Windows 7
Client
RODC
Secure Boundary
Dedicated Resources
Compliant Client
Healthy Resources
NPS/NAP Servers
Business Partner
Downlevel or Mobile
Client
Cust FW
VPN Gateway
Customer Site
Internet
Corporate Network
Compliant Windows 7
Client
Compliant Windows 7
Client
Requires users to connect (lost productivity)Client must be made healthy prior to network access(Lost productivity plus IT time and expense)
Non-compliant
Client Device
Microsoft Confidential
More ProductivityAlways-on access to corpnet while roamingNo explicit user action required – it just worksSame user experience on premise and off
More secureHealthy, trustable host regardless of networkRicher policy control near assetsAbility to extend regulatory compliance to roaming assets
More manageable and cost effectiveSimplified remote management of mobile resources as if they were on the LANLower total cost of ownership (TCO) with an “always managed” infrastructure Unified secure access across all scenarios and networksIntegrated administration of all connectivity mechanisms
Benefits Of DirectAccessBringing Corpnet to the User
Microsoft Confidential
Deployment Requirements
Microsoft Windows 7 clientsMicrosoft Windows 7 DirectAccess serverApplication servers
Windows Server 2008Exception: When Windows Firewall Authentication policy is used, application servers must be Windows Server 2008 R2
DC/DNS serversWindows Server 2008Exception: When two-factor authentication is required for end-to-end authentication a Windows 7 DC-based Active Directory
NAT-PT server if IPv4 access is desired
Microsoft Confidential
Direct Access Supporting TechnologiesTrusted, compliant,healthy machine
Windows 7 client
Corporate Network
Applications & Data
DC & DNS(Win 2008)
NAP (includes Server
& Domain Isolation [SDI])
Forefront
Client Security
Windows
Firewall
BitLocker +
Trusted Platform Module (TPM)
Microsoft Confidential
DA Works Today, SimplyWith DirectAccess, remote computers are
Always connectedAlways secureAlways managed and healthy
Unique BenefitsUses policy-based approach Is network agnosticMakes it easy for IT to work with mobile machines inside or outside the networkLowers total cost of ownership
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.