DirectAccess Solution

Enabling Secure Always-On Connectivity[Name]Microsoft Corporation

Microsoft Confidential

ImplicationsTraditional network security no longer sufficientComplex security and access management driving up IT costsSecurity and connectivity limitations inhibit productivity and collaboration

De-perimeterization of the network

Evolutionary shift of protection to host and data level

Mobile Technology TrendsData is walking out the front door

Laptops, USB drives, cellular network cards, Smart Phones/PDAs

Malware and spyware can spread to allPressure to extend regulatory compliancebeyond corpnet boundaries

Mobile Workforce TrendsAlways-remote employees Flexible definition of “office”Corpnet access from customer sites

Globalization and OutsourcingOthers managing your network and data centersGrowing complexity of Software as a Service (SaaS) and cloud computing

Secure Access Landscape

Microsoft Confidential

Building A Trusted Stack

“I+4A”

Trusted Hardware

SecureFoundation

Core Security Components

Identity ClaimsAuthentication

AuthorizationAccess Control Mechanisms

Audit

Trusted PeopleTrustedStack

Trusted Data

Trusted Software

Integrated Protection

SDL and SD3

Defensein Depth

ThreatMitigatio

n

Microsoft Confidential

What Is DirectAccess?Comprehensive anywhere access solution available in Windows 7

Provides seamless, always-on, secure connectivity to on-premise and remote users alikeEliminates the need to connect explicitly to corpnet while remoteFacilitates secure, end-to-end communication and collaborationLeverages a policy-based network access approach Simplifies IT management and lowers total cost of ownershipEnables IT to easily service/secure/update/provision mobile machines whether they are inside or outside the network

Microsoft Confidential

The DirectAccess Vision

Always-on connectivity across different networks

A focus on driving access decisions based on “policy and a trusted identity,” rather than the limitations of network topology.

Always onAlways healthyAlways secure

X

Lab, Client

ISA FW, TSG 802.1x

Non-compliant Client Device

Non-compliant Client Device

Compliant Windows 7

Client

RODC

Secure Boundary

Dedicated Resources

Compliant Client

Healthy Resources

NPS/NAP Servers

Business Partner

Downlevel or Mobile

Client

Cust FW

VPN Gateway

Customer Site

Internet

Corporate Network

Compliant Windows 7

Client

Compliant Windows 7

Client

Requires users to connect (lost productivity)Client must be made healthy prior to network access(Lost productivity plus IT time and expense)

Non-compliant

Client Device

Microsoft Confidential

More ProductivityAlways-on access to corpnet while roamingNo explicit user action required – it just worksSame user experience on premise and off

More secureHealthy, trustable host regardless of networkRicher policy control near assetsAbility to extend regulatory compliance to roaming assets

More manageable and cost effectiveSimplified remote management of mobile resources as if they were on the LANLower total cost of ownership (TCO) with an “always managed” infrastructure Unified secure access across all scenarios and networksIntegrated administration of all connectivity mechanisms

Benefits Of DirectAccessBringing Corpnet to the User

Microsoft Confidential

Deployment Requirements

Microsoft Windows 7 clientsMicrosoft Windows 7 DirectAccess serverApplication servers

Windows Server 2008Exception: When Windows Firewall Authentication policy is used, application servers must be Windows Server 2008 R2

DC/DNS serversWindows Server 2008Exception: When two-factor authentication is required for end-to-end authentication a Windows 7 DC-based Active Directory

NAT-PT server if IPv4 access is desired

Microsoft Confidential

Direct Access Supporting TechnologiesTrusted, compliant,healthy machine

Windows 7 client

Corporate Network

Applications & Data

DC & DNS(Win 2008)

NAP (includes Server

& Domain Isolation [SDI])

Forefront

Client Security

Windows

Firewall

BitLocker +

Trusted Platform Module (TPM)

Microsoft Confidential

DA Works Today, SimplyWith DirectAccess, remote computers are

Always connectedAlways secureAlways managed and healthy

Unique BenefitsUses policy-based approach Is network agnosticMakes it easy for IT to work with mobile machines inside or outside the networkLowers total cost of ownership

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.