SlideShare une entreprise Scribd logo

Microsoft Direct Access (Part II)_John Delizo

Quek Lilian
Quek Lilian
TechnologieBusiness
1  sur  21
Télécharger pour lire hors ligne
Corporate Trusted, compliant, Network healthy machine DC & DNS (Win 2008) Applications & Data Windows 7 client NAP Forefront Windows BitLocker IAG SP2 (includes Client Firewall + Trusted Server & Security Platform Domain Module Isolation (TPM) [SDI]) Microsoft Confidential
INET1 DC1 NAT1 Internet Corpnet 131.107.0.0/24 DA1 10.0.0.0/24 APP1 Homenet 192.168.137.0/24 CLIENT1
Internet Compliant Compliant NAP / NPS Client Client Servers Tunnel over IPv4 UDP, HTTPS, etc. DirectAccess Server Assume the underlying Intranet network is always insecure User Data Center and Business Redefine CORPNET edge to Critical Resources insulate the datacenter and Intranet User business critical resources Enterprise Security policies based on Network identity, not location Microsoft Confidential
Internet Intranet DirectAccess client DirectAccess server Corporate resources Internal traffic Internet traffic Internet servers
Microsoft Windows 7 clients Microsoft Windows 7 DirectAccess Server Application servers Windows Server 2008 (for native IPv6 support) Exception: When Windows Firewall Authentication policy is used, application servers must be Windows Server 2008 R2 DC/DNS servers Windows Server 2008 Exception: When two-factor authentication is required for end-to-end authentication a Windows 7 DC-based Active Directory NAT-PT server if IPv4 access is desired Microsoft Confidential
DirectAccess Overview Supporting infrastructure and technologies Using DirectAccess with Windows 7
Client Receives configuration while directly connected to corpnet (provisioning) via Group Policy NAP used to check configuration and health when remotely connected Server DirectAccess wizard to set up DirectAccess Server(s) Policies controlled via Group Policy Microsoft Confidential
Configure DirectAccess Server Requires Windows Server 2008 R2 Use DirectAccess server MMC Author DirectAccess policies for clients, application servers, DC/DNS and IPsec gateway Windows 7 Enterprise & Ultimate SKU Client Machines Done using DirectAccess configuration wizard Customize policies as needed Microsoft Confidential
Facing Internet Forwarding Gateway for native IPv6 IPv6 over IPv4 services 6to4 relay Teredo Relay (optionally also Teredo Server) Firewall/Proxy Travel IP-TLS relay Internal IPsec Dos Protection Facing Corpnet Gateway for native IPv6 IPv6 over IPv4 Service for Enterprise SATAP Relay IPsec Gateway (Tunnel Mode Endpoint) Microsoft Confidential
Be ready to monitor IPv6 traffic Choose an Access Model: Full Intranet Access vs. Selected Server Access? Assess deployment scale Microsoft Confidential
DirectAccess Overview Supporting infrastructure and technologies Configuring DirectAccess
What Happens At Client Client tries to access Looks in provisioned list for DNS Connects with DNS thru DAS. IPv6 route again server (using Client tries to connect to target .corp.phiwug.com server(s) associated with .phiwug.com IPsec. IPv6required. IPsec is is thru DAS What happens at DAS/DNS After negotiation, DAS lets ESP packets thru between client and DNS. DNS returns target address DAS lets thru AuthIP packets from client to DNS Microsoft Confidential information to client. DNS registers clients current address information
Evolution, not revolution Upgrade your network to an IPv6 end state Requires Windows 7 on the client Transition to Windows Server 2008 simplifies the solution Little or no change to applications – upgrade the server platform 30 Microsoft LOB applications today on Windows Server 2008 running end-to-end IPsec/IPv6 Additional 40 planned to upgrade in next two months Allows you to take concrete steps toward satisfying any IPv6 mandate Seamless integration with your current access and security solutions Seamless transition to DirectAccess over time Integrates with Forefront solutions Microsoft Confidential
http://technet.microsoft.com DirectAccess Design Guide: http://www.microsoft.com/downloadS/details.aspx?familyid=647222D1-A41E- 4CDB-BA34-F057FBC7198F&displaylang=en Step by Step Guide: http://www.microsoft.com/downloads/details.aspx?FamilyID=8D47ED5F-D217- 4D84-B698-F39360D82FAC&displaylang=en Next Generation Remote Access with DirectAccess and VPNs: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=70723e47-3d57-415b-9182- 744ceaf8c04a#tm Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2: http://www.microsoft.com/downloads/details.aspx?FamilyID=64966e88-1377-4d1a-be86- ab77014495f4&DisplayLang=en Microsoft Server and Tools solution site for Direct Access: http://www.microsoft.com/servers/directaccess.mspx
http://johndelizo.spaces.live.com http://technetphilippines.net/blogs/johndelizo johndelizo@live.com
http://msforums.ph http://msforums.ph/blogs/phiwug http://phiwug.org http://technetphilippines.net
Microsoft Confidential

Recommandé

What is direct access?
What is direct access?What is direct access?
What is direct access?
Shery Techyboy
 
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John DelizoMicrosoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Quek Lilian
 
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012 Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Microsoft TechNet - Belgium and Luxembourg
 
Microsoft direct access
Microsoft direct accessMicrosoft direct access
Microsoft direct access
Martin Hairer
 
DirectAccess, do’s and don’ts
DirectAccess, do’s and don’tsDirectAccess, do’s and don’ts
DirectAccess, do’s and don’ts
kieranjacobsen
 
DirectAccess
DirectAccessDirectAccess
DirectAccess
Digicomp Academy AG
 
Jabber making the most of
Jabber making the most ofJabber making the most of
Jabber making the most of
Cisco Canada
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
Cisco Canada
 

Recommandé

What is direct access?
What is direct access?What is direct access?
What is direct access?
Shery Techyboy
 
Microsoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John DelizoMicrosoft Direct Access (part 1)_John Delizo
Microsoft Direct Access (part 1)_John Delizo
Quek Lilian
 
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012 Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
Microsoft TechNet - Belgium and Luxembourg
 
Microsoft direct access
Microsoft direct accessMicrosoft direct access
Microsoft direct access
Martin Hairer
 
DirectAccess, do’s and don’ts
DirectAccess, do’s and don’tsDirectAccess, do’s and don’ts
DirectAccess, do’s and don’ts
kieranjacobsen
 
DirectAccess
DirectAccessDirectAccess
DirectAccess
Digicomp Academy AG
 
Jabber making the most of
Jabber making the most ofJabber making the most of
Jabber making the most of
Cisco Canada
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
Cisco Canada
 
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
Farooq Khan
 
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Canada
 
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Canada
 
Forefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise FeaturesForefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Fabrizio Volpe
 
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Fabrizio Volpe
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online Operations
ThousandEyes
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IP
F5NetworksAPJ
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
AEC Networks
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
patmisasi
 
Optimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online GloballyOptimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online Globally
ThousandEyes
 
Ons 2013-nv
Ons 2013-nvOns 2013-nv
Ons 2013-nv
Bruce Davie
 
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini SummitF5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
kimw001
 
F5 beyond load balancer (nov 2009)
F5 beyond load balancer (nov 2009)F5 beyond load balancer (nov 2009)
F5 beyond load balancer (nov 2009)
Information Technology
 
Cisco contact center
Cisco contact centerCisco contact center
Cisco contact center
Cisco Canada
 
2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis
ThousandEyes
 
Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016
Scott Sims
 
Multi cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architectureMulti cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architecture
Matsuo Sawahashi
 
Will SDN kill Ethernet Fabrics?
Will SDN kill Ethernet Fabrics?Will SDN kill Ethernet Fabrics?
Will SDN kill Ethernet Fabrics?
Brocade
 
Oracle Virtualization "OVM"
Oracle Virtualization "OVM"Oracle Virtualization "OVM"
Oracle Virtualization "OVM"
markgatkinson
 
Desayuno Tecnico OVN - Xsigo
Desayuno Tecnico OVN - XsigoDesayuno Tecnico OVN - Xsigo
Desayuno Tecnico OVN - Xsigo
Fran Navarro
 
Windows 7 For Itpro
Windows 7 For ItproWindows 7 For Itpro
Windows 7 For Itpro
Eduardo Castro
 
Direct access
Direct accessDirect access
Direct access
Nitin Goyal
 

Contenu connexe

Tendances

Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Fabrizio Volpe
 

Tendances (20)

SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
 
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
 
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
 
Forefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise FeaturesForefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise Features
 
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online Operations
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IP
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
Optimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online GloballyOptimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online Globally
 
Ons 2013-nv
Ons 2013-nvOns 2013-nv
Ons 2013-nv
 
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini SummitF5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
 
F5 beyond load balancer (nov 2009)
F5 beyond load balancer (nov 2009)F5 beyond load balancer (nov 2009)
F5 beyond load balancer (nov 2009)
 
Cisco contact center
Cisco contact centerCisco contact center
Cisco contact center
 
2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis
 
Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016
 
Multi cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architectureMulti cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architecture
 
Will SDN kill Ethernet Fabrics?
Will SDN kill Ethernet Fabrics?Will SDN kill Ethernet Fabrics?
Will SDN kill Ethernet Fabrics?
 
Oracle Virtualization "OVM"
Oracle Virtualization "OVM"Oracle Virtualization "OVM"
Oracle Virtualization "OVM"
 
Desayuno Tecnico OVN - Xsigo
Desayuno Tecnico OVN - XsigoDesayuno Tecnico OVN - Xsigo
Desayuno Tecnico OVN - Xsigo
 

Similaire à Microsoft Direct Access (Part II)_John Delizo

Microsoft India - Whats New in Windows Server 2008 R2 Presentation
Microsoft India - Whats New in Windows Server 2008 R2 PresentationMicrosoft India - Whats New in Windows Server 2008 R2 Presentation
Microsoft India - Whats New in Windows Server 2008 R2 Presentation
Microsoft Private Cloud
 
Windows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined ValueWindows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined Value
Amit Gatenyo
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P Ns
AamirAziz
 

Similaire à Microsoft Direct Access (Part II)_John Delizo (20)

Windows 7 For Itpro
Windows 7 For ItproWindows 7 For Itpro
Windows 7 For Itpro
 
Direct access
Direct accessDirect access
Direct access
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
 
Da for dummies techdays 2012
Da for dummies techdays 2012Da for dummies techdays 2012
Da for dummies techdays 2012
 
Server 2008 R2 Yeniliklər
Server 2008 R2 YeniliklərServer 2008 R2 Yeniliklər
Server 2008 R2 Yeniliklər
 
Windows 7 by microsoft
Windows 7 by microsoft Windows 7 by microsoft
Windows 7 by microsoft
 
Microsoft India - Whats New in Windows Server 2008 R2 Presentation
Microsoft India - Whats New in Windows Server 2008 R2 PresentationMicrosoft India - Whats New in Windows Server 2008 R2 Presentation
Microsoft India - Whats New in Windows Server 2008 R2 Presentation
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
Windows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined ValueWindows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined Value
 
Moving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWSMoving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWS
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
Moving Enterprise Windows Workloads to AWS – Peter Stanski
Moving Enterprise Windows Workloads to AWS – Peter StanskiMoving Enterprise Windows Workloads to AWS – Peter Stanski
Moving Enterprise Windows Workloads to AWS – Peter Stanski
 
Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV
 
VMware world news
VMware world newsVMware world news
VMware world news
 
Resume
ResumeResume
Resume
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P Ns
 
InduSoft Web Studio and DCS Conversion and Integration Webinar
InduSoft Web Studio and DCS Conversion and Integration WebinarInduSoft Web Studio and DCS Conversion and Integration Webinar
InduSoft Web Studio and DCS Conversion and Integration Webinar
 
Acit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsAcit Mumbai - understanding vpns
Acit Mumbai - understanding vpns
 

Plus de Quek Lilian

Expression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok ChiannExpression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok Chiann
Quek Lilian
 
Installation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP PadmanInstallation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP Padman
Quek Lilian
 
Exchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP PadmanExchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP Padman
Quek Lilian
 
Installing managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP ShamindaInstalling managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP Shaminda
Quek Lilian
 
SharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath PereraSharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath Perera
Quek Lilian
 
NUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul AmriNUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul Amri
Quek Lilian
 
Windows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP FajarWindows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP Fajar
Quek Lilian
 
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Quek Lilian
 
Windows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez GanWindows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez Gan
Quek Lilian
 
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayLkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
Quek Lilian
 
Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)
Quek Lilian
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev Chalermvong
Quek Lilian
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev Chalermvong
Quek Lilian
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy Pradeep
Quek Lilian
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy Pradeep
Quek Lilian
 
Introduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez GanIntroduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez Gan
Quek Lilian
 
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok ChernVs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Quek Lilian
 
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath PereraWindows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Quek Lilian
 

Plus de Quek Lilian (20)

Sgug print copy pdf ll
Sgug print copy pdf llSgug print copy pdf ll
Sgug print copy pdf ll
 
Singapore MVP gazette
Singapore MVP gazetteSingapore MVP gazette
Singapore MVP gazette
 
Expression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok ChiannExpression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok Chiann
 
Installation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP PadmanInstallation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP Padman
 
Exchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP PadmanExchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP Padman
 
Installing managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP ShamindaInstalling managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP Shaminda
 
SharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath PereraSharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath Perera
 
NUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul AmriNUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul Amri
 
Windows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP FajarWindows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP Fajar
 
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
 
Windows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez GanWindows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez Gan
 
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayLkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
 
Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev Chalermvong
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev Chalermvong
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy Pradeep
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy Pradeep
 
Introduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez GanIntroduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez Gan
 
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok ChernVs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
 
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath PereraWindows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

Microsoft Direct Access (Part II)_John Delizo

  • 1. Corporate Trusted, compliant, Network healthy machine DC & DNS (Win 2008) Applications & Data Windows 7 client NAP Forefront Windows BitLocker IAG SP2 (includes Client Firewall + Trusted Server & Security Platform Domain Module Isolation (TPM) [SDI]) Microsoft Confidential
  • 2.
  • 3. INET1 DC1 NAT1 Internet Corpnet 131.107.0.0/24 DA1 10.0.0.0/24 APP1 Homenet 192.168.137.0/24 CLIENT1
  • 4. Internet Compliant Compliant NAP / NPS Client Client Servers Tunnel over IPv4 UDP, HTTPS, etc. DirectAccess Server Assume the underlying Intranet network is always insecure User Data Center and Business Redefine CORPNET edge to Critical Resources insulate the datacenter and Intranet User business critical resources Enterprise Security policies based on Network identity, not location Microsoft Confidential
  • 5. Internet Intranet DirectAccess client DirectAccess server Corporate resources Internal traffic Internet traffic Internet servers
  • 6. Microsoft Windows 7 clients Microsoft Windows 7 DirectAccess Server Application servers Windows Server 2008 (for native IPv6 support) Exception: When Windows Firewall Authentication policy is used, application servers must be Windows Server 2008 R2 DC/DNS servers Windows Server 2008 Exception: When two-factor authentication is required for end-to-end authentication a Windows 7 DC-based Active Directory NAT-PT server if IPv4 access is desired Microsoft Confidential
  • 7. DirectAccess Overview Supporting infrastructure and technologies Using DirectAccess with Windows 7
  • 8. Client Receives configuration while directly connected to corpnet (provisioning) via Group Policy NAP used to check configuration and health when remotely connected Server DirectAccess wizard to set up DirectAccess Server(s) Policies controlled via Group Policy Microsoft Confidential
  • 9.
  • 10. Configure DirectAccess Server Requires Windows Server 2008 R2 Use DirectAccess server MMC Author DirectAccess policies for clients, application servers, DC/DNS and IPsec gateway Windows 7 Enterprise & Ultimate SKU Client Machines Done using DirectAccess configuration wizard Customize policies as needed Microsoft Confidential
  • 11. Facing Internet Forwarding Gateway for native IPv6 IPv6 over IPv4 services 6to4 relay Teredo Relay (optionally also Teredo Server) Firewall/Proxy Travel IP-TLS relay Internal IPsec Dos Protection Facing Corpnet Gateway for native IPv6 IPv6 over IPv4 Service for Enterprise SATAP Relay IPsec Gateway (Tunnel Mode Endpoint) Microsoft Confidential
  • 12. Be ready to monitor IPv6 traffic Choose an Access Model: Full Intranet Access vs. Selected Server Access? Assess deployment scale Microsoft Confidential
  • 13. DirectAccess Overview Supporting infrastructure and technologies Configuring DirectAccess
  • 14.
  • 15. What Happens At Client Client tries to access Looks in provisioned list for DNS Connects with DNS thru DAS. IPv6 route again server (using Client tries to connect to target .corp.phiwug.com server(s) associated with .phiwug.com IPsec. IPv6required. IPsec is is thru DAS What happens at DAS/DNS After negotiation, DAS lets ESP packets thru between client and DNS. DNS returns target address DAS lets thru AuthIP packets from client to DNS Microsoft Confidential information to client. DNS registers clients current address information
  • 16. Evolution, not revolution Upgrade your network to an IPv6 end state Requires Windows 7 on the client Transition to Windows Server 2008 simplifies the solution Little or no change to applications – upgrade the server platform 30 Microsoft LOB applications today on Windows Server 2008 running end-to-end IPsec/IPv6 Additional 40 planned to upgrade in next two months Allows you to take concrete steps toward satisfying any IPv6 mandate Seamless integration with your current access and security solutions Seamless transition to DirectAccess over time Integrates with Forefront solutions Microsoft Confidential
  • 17.
  • 18. http://technet.microsoft.com DirectAccess Design Guide: http://www.microsoft.com/downloadS/details.aspx?familyid=647222D1-A41E- 4CDB-BA34-F057FBC7198F&displaylang=en Step by Step Guide: http://www.microsoft.com/downloads/details.aspx?FamilyID=8D47ED5F-D217- 4D84-B698-F39360D82FAC&displaylang=en Next Generation Remote Access with DirectAccess and VPNs: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=70723e47-3d57-415b-9182- 744ceaf8c04a#tm Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2: http://www.microsoft.com/downloads/details.aspx?FamilyID=64966e88-1377-4d1a-be86- ab77014495f4&DisplayLang=en Microsoft Server and Tools solution site for Direct Access: http://www.microsoft.com/servers/directaccess.mspx