SlideShare ist ein Scribd-Unternehmen logo
1 von 21
Downloaden Sie, um offline zu lesen
Corporate
Trusted, compliant,                                                              Network
 healthy machine
                                                                 DC & DNS
                                                                 (Win 2008)
                                                                              Applications & Data



  Windows 7 client




    NAP      Forefront   Windows    BitLocker      IAG SP2
 (includes    Client     Firewall   + Trusted
 Server &    Security               Platform
  Domain                             Module
 Isolation                            (TPM)
   [SDI])



                                        Microsoft Confidential
Microsoft Direct Access (Part II)_John Delizo
INET1                     DC1




NAT1


                   Internet                 Corpnet
                131.107.0.0/24   DA1       10.0.0.0/24   APP1

           Homenet
       192.168.137.0/24




                                 CLIENT1
Internet                Compliant              Compliant
                              NAP / NPS          Client                 Client
                              Servers


                                                                    Tunnel over IPv4 UDP, HTTPS, etc.




                                      DirectAccess Server
                                                                   Assume the underlying
Intranet                                                         network is always insecure
User



           Data Center and Business
                                                                 Redefine CORPNET edge to
           Critical Resources                                    insulate the datacenter and
                                             Intranet
                                             User                 business critical resources
           Enterprise
                                                                  Security policies based on
           Network                                                  identity, not location




                                        Microsoft Confidential
Internet                            Intranet



DirectAccess
    client
                                  DirectAccess
                                     server         Corporate resources



                                                 Internal traffic
                                                 Internet traffic

               Internet servers
Microsoft Windows 7 clients
Microsoft Windows 7 DirectAccess Server
Application servers
  Windows Server 2008 (for native IPv6 support)
  Exception: When Windows Firewall Authentication policy is used,
  application servers must be Windows Server 2008 R2
DC/DNS servers
  Windows Server 2008
  Exception: When two-factor authentication
  is required for end-to-end authentication
  a Windows 7 DC-based Active Directory
NAT-PT server if IPv4 access is desired


                           Microsoft Confidential
DirectAccess Overview
Supporting infrastructure and technologies

Using DirectAccess with Windows 7
Client
  Receives configuration while directly connected
  to corpnet (provisioning) via Group Policy
  NAP used to check configuration and health
  when remotely connected

Server

  DirectAccess wizard to set up
  DirectAccess Server(s)
  Policies controlled via
  Group Policy

                      Microsoft Confidential
Microsoft Direct Access (Part II)_John Delizo
Configure DirectAccess Server
   Requires Windows Server 2008 R2
   Use DirectAccess server MMC


Author DirectAccess policies
for clients, application servers,
DC/DNS and IPsec gateway
   Windows 7 Enterprise & Ultimate SKU Client
   Machines
   Done using DirectAccess configuration wizard


Customize policies as needed


                         Microsoft Confidential
Facing Internet
    Forwarding Gateway for native IPv6
    IPv6 over IPv4 services
       6to4 relay
       Teredo Relay (optionally also Teredo Server)

Firewall/Proxy Travel
    IP-TLS relay

Internal
    IPsec Dos Protection

Facing Corpnet

   Gateway for native IPv6
   IPv6 over IPv4 Service for Enterprise
      SATAP Relay
   IPsec Gateway (Tunnel Mode Endpoint)
                                Microsoft Confidential
Be ready to monitor IPv6 traffic
Choose an Access Model:
  Full Intranet Access vs.
  Selected Server Access?
Assess deployment scale




                  Microsoft Confidential
DirectAccess Overview
Supporting infrastructure and technologies
Configuring DirectAccess
Microsoft Direct Access (Part II)_John Delizo
What Happens At Client




    Client tries to access          Looks in provisioned list for DNS    Connects with DNS thru DAS.
                                                                           IPv6 route again server (using
Client tries to connect to target
     .corp.phiwug.com            server(s) associated with .phiwug.com       IPsec. IPv6required.
                                                                               IPsec is is thru DAS

What happens at DAS/DNS




  After negotiation, DAS lets ESP packets thru between client and DNS. DNS returns target address
                        DAS lets thru AuthIP packets from client to DNS
                                          Microsoft Confidential
                 information to client. DNS registers clients current address information
Evolution, not revolution
   Upgrade your network to an IPv6 end state
   Requires Windows 7 on the client
   Transition to Windows Server 2008 simplifies the
   solution
      Little or no change to applications – upgrade the
      server platform
      30 Microsoft LOB applications today on Windows
      Server 2008 running end-to-end IPsec/IPv6
      Additional 40 planned to upgrade in next two
      months
   Allows you to take concrete steps toward
   satisfying any IPv6 mandate
Seamless integration with your current access
and security solutions
   Seamless transition to DirectAccess over time
   Integrates with Forefront solutions


                               Microsoft Confidential
Microsoft Direct Access (Part II)_John Delizo
http://technet.microsoft.com
DirectAccess Design Guide:
 http://www.microsoft.com/downloadS/details.aspx?familyid=647222D1-A41E-
4CDB-BA34-F057FBC7198F&displaylang=en
Step by Step Guide:
http://www.microsoft.com/downloads/details.aspx?FamilyID=8D47ED5F-D217-
4D84-B698-F39360D82FAC&displaylang=en
Next Generation Remote Access with DirectAccess and VPNs:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=70723e47-3d57-415b-9182-
744ceaf8c04a#tm
Technical Overview of DirectAccess in Windows 7 and
Windows Server 2008 R2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=64966e88-1377-4d1a-be86-
ab77014495f4&DisplayLang=en
Microsoft Server and Tools solution site for Direct Access:
http://www.microsoft.com/servers/directaccess.mspx
http://johndelizo.spaces.live.com
http://technetphilippines.net/blogs/johndelizo
johndelizo@live.com
http://msforums.ph

http://msforums.ph/blogs/phiwug

http://phiwug.org

http://technetphilippines.net
Microsoft Confidential

Weitere ähnliche Inhalte

Was ist angesagt?

SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...Farooq Khan
 
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Canada
 
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Canada
 
Forefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise FeaturesForefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise FeaturesFabrizio Volpe
 
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?Fabrizio Volpe
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsThousandEyes
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
Optimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online GloballyOptimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online GloballyThousandEyes
 
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks -  - OpenStack Summit 2016/Red Hat NFV Mini SummitF5 Networks -  - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summitkimw001
 
Cisco contact center
Cisco contact centerCisco contact center
Cisco contact centerCisco Canada
 
2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis ThousandEyes
 
Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Scott Sims
 
Multi cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architectureMulti cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architectureMatsuo Sawahashi
 
Will SDN kill Ethernet Fabrics?
Will SDN kill Ethernet Fabrics?Will SDN kill Ethernet Fabrics?
Will SDN kill Ethernet Fabrics?Brocade
 
Oracle Virtualization "OVM"
Oracle Virtualization "OVM"Oracle Virtualization "OVM"
Oracle Virtualization "OVM"markgatkinson
 
Desayuno Tecnico OVN - Xsigo
Desayuno Tecnico OVN - XsigoDesayuno Tecnico OVN - Xsigo
Desayuno Tecnico OVN - XsigoFran Navarro
 

Was ist angesagt? (20)

SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
 
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WANCisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
Cisco Connect Toronto 2017 - Understanding Cisco Next Generation SD-WAN
 
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
 
Forefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise FeaturesForefront Unified Access Gateway 2010: An Introduction To Enterprise Features
Forefront Unified Access Gateway 2010: An Introduction To Enterprise Features
 
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
Hybrid Clouds: “Silver Bullet” of the Cloud Computing?
 
Monitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online OperationsMonitoring and Troubleshooting for Online Operations
Monitoring and Troubleshooting for Online Operations
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IP
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
Optimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online GloballyOptimizing WAN to Deliver SharePoint Online Globally
Optimizing WAN to Deliver SharePoint Online Globally
 
Ons 2013-nv
Ons 2013-nvOns 2013-nv
Ons 2013-nv
 
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks -  - OpenStack Summit 2016/Red Hat NFV Mini SummitF5 Networks -  - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
 
F5 beyond load balancer (nov 2009)
F5 beyond load balancer (nov 2009)F5 beyond load balancer (nov 2009)
F5 beyond load balancer (nov 2009)
 
Cisco contact center
Cisco contact centerCisco contact center
Cisco contact center
 
2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis 2016 Internet Outages: Trends, Insights & Analysis
2016 Internet Outages: Trends, Insights & Analysis
 
Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016
 
Multi cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architectureMulti cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architecture
 
Will SDN kill Ethernet Fabrics?
Will SDN kill Ethernet Fabrics?Will SDN kill Ethernet Fabrics?
Will SDN kill Ethernet Fabrics?
 
Oracle Virtualization "OVM"
Oracle Virtualization "OVM"Oracle Virtualization "OVM"
Oracle Virtualization "OVM"
 
Desayuno Tecnico OVN - Xsigo
Desayuno Tecnico OVN - XsigoDesayuno Tecnico OVN - Xsigo
Desayuno Tecnico OVN - Xsigo
 

Ähnlich wie Microsoft Direct Access (Part II)_John Delizo

Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortEduardo Castro
 
Windows Server 2008 Security Overview Short
Windows  Server 2008  Security  Overview  ShortWindows  Server 2008  Security  Overview  Short
Windows Server 2008 Security Overview ShortEduardo Castro
 
Da for dummies techdays 2012
Da for dummies techdays 2012Da for dummies techdays 2012
Da for dummies techdays 2012Alex de Jong
 
Microsoft India - Whats New in Windows Server 2008 R2 Presentation
Microsoft India - Whats New in Windows Server 2008 R2 PresentationMicrosoft India - Whats New in Windows Server 2008 R2 Presentation
Microsoft India - Whats New in Windows Server 2008 R2 PresentationMicrosoft Private Cloud
 
Windows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined ValueWindows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined ValueAmit Gatenyo
 
Moving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWSMoving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWSAmazon Web Services
 
Moving Enterprise Windows Workloads to AWS – Peter Stanski
Moving Enterprise Windows Workloads to AWS – Peter StanskiMoving Enterprise Windows Workloads to AWS – Peter Stanski
Moving Enterprise Windows Workloads to AWS – Peter StanskiAmazon Web Services
 
VMware world news
VMware world newsVMware world news
VMware world newsASBIS SK
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
12 Understanding V P Ns
12  Understanding  V P Ns12  Understanding  V P Ns
12 Understanding V P NsAamirAziz
 
InduSoft Web Studio and DCS Conversion and Integration Webinar
InduSoft Web Studio and DCS Conversion and Integration WebinarInduSoft Web Studio and DCS Conversion and Integration Webinar
InduSoft Web Studio and DCS Conversion and Integration WebinarAVEVA
 
Acit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsAcit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsSleek International
 

Ähnlich wie Microsoft Direct Access (Part II)_John Delizo (20)

Windows 7 For Itpro
Windows 7 For ItproWindows 7 For Itpro
Windows 7 For Itpro
 
Direct access
Direct accessDirect access
Direct access
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
 
Windows Server 2008 Security Overview Short
Windows  Server 2008  Security  Overview  ShortWindows  Server 2008  Security  Overview  Short
Windows Server 2008 Security Overview Short
 
Da for dummies techdays 2012
Da for dummies techdays 2012Da for dummies techdays 2012
Da for dummies techdays 2012
 
Server 2008 R2 Yeniliklər
Server 2008 R2 YeniliklərServer 2008 R2 Yeniliklər
Server 2008 R2 Yeniliklər
 
Windows 7 by microsoft
Windows 7 by microsoft Windows 7 by microsoft
Windows 7 by microsoft
 
Microsoft India - Whats New in Windows Server 2008 R2 Presentation
Microsoft India - Whats New in Windows Server 2008 R2 PresentationMicrosoft India - Whats New in Windows Server 2008 R2 Presentation
Microsoft India - Whats New in Windows Server 2008 R2 Presentation
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
Windows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined ValueWindows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined Value
 
Moving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWSMoving Enterprise Windows Workloads to AWS
Moving Enterprise Windows Workloads to AWS
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
Moving Enterprise Windows Workloads to AWS – Peter Stanski
Moving Enterprise Windows Workloads to AWS – Peter StanskiMoving Enterprise Windows Workloads to AWS – Peter Stanski
Moving Enterprise Windows Workloads to AWS – Peter Stanski
 
Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV
 
VMware world news
VMware world newsVMware world news
VMware world news
 
Resume
ResumeResume
Resume
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
12 Understanding V P Ns
12  Understanding  V P Ns12  Understanding  V P Ns
12 Understanding V P Ns
 
InduSoft Web Studio and DCS Conversion and Integration Webinar
InduSoft Web Studio and DCS Conversion and Integration WebinarInduSoft Web Studio and DCS Conversion and Integration Webinar
InduSoft Web Studio and DCS Conversion and Integration Webinar
 
Acit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsAcit Mumbai - understanding vpns
Acit Mumbai - understanding vpns
 

Mehr von Quek Lilian

Sgug print copy pdf ll
Sgug print copy pdf llSgug print copy pdf ll
Sgug print copy pdf llQuek Lilian
 
Singapore MVP gazette
Singapore MVP gazetteSingapore MVP gazette
Singapore MVP gazetteQuek Lilian
 
Expression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok ChiannExpression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok ChiannQuek Lilian
 
Installation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP PadmanInstallation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP PadmanQuek Lilian
 
Exchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP PadmanExchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP PadmanQuek Lilian
 
Installing managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP ShamindaInstalling managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP ShamindaQuek Lilian
 
SharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath PereraSharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath PereraQuek Lilian
 
NUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul AmriNUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul AmriQuek Lilian
 
Windows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP FajarWindows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP FajarQuek Lilian
 
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk Quek Lilian
 
Windows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez GanWindows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez GanQuek Lilian
 
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayLkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayQuek Lilian
 
Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)Quek Lilian
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongQuek Lilian
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongQuek Lilian
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepQuek Lilian
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepQuek Lilian
 
Introduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez GanIntroduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez GanQuek Lilian
 
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok ChernVs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok ChernQuek Lilian
 
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath PereraWindows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath PereraQuek Lilian
 

Mehr von Quek Lilian (20)

Sgug print copy pdf ll
Sgug print copy pdf llSgug print copy pdf ll
Sgug print copy pdf ll
 
Singapore MVP gazette
Singapore MVP gazetteSingapore MVP gazette
Singapore MVP gazette
 
Expression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok ChiannExpression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok Chiann
 
Installation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP PadmanInstallation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP Padman
 
Exchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP PadmanExchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP Padman
 
Installing managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP ShamindaInstalling managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP Shaminda
 
SharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath PereraSharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath Perera
 
NUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul AmriNUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul Amri
 
Windows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP FajarWindows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP Fajar
 
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
 
Windows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez GanWindows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez Gan
 
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayLkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
 
Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev Chalermvong
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev Chalermvong
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy Pradeep
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy Pradeep
 
Introduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez GanIntroduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez Gan
 
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok ChernVs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
 
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath PereraWindows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
 

Kürzlich hochgeladen

OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 

Kürzlich hochgeladen (20)

OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 

Microsoft Direct Access (Part II)_John Delizo

  • 1. Corporate Trusted, compliant, Network healthy machine DC & DNS (Win 2008) Applications & Data Windows 7 client NAP Forefront Windows BitLocker IAG SP2 (includes Client Firewall + Trusted Server & Security Platform Domain Module Isolation (TPM) [SDI]) Microsoft Confidential
  • 3. INET1 DC1 NAT1 Internet Corpnet 131.107.0.0/24 DA1 10.0.0.0/24 APP1 Homenet 192.168.137.0/24 CLIENT1
  • 4. Internet Compliant Compliant NAP / NPS Client Client Servers Tunnel over IPv4 UDP, HTTPS, etc. DirectAccess Server Assume the underlying Intranet network is always insecure User Data Center and Business Redefine CORPNET edge to Critical Resources insulate the datacenter and Intranet User business critical resources Enterprise Security policies based on Network identity, not location Microsoft Confidential
  • 5. Internet Intranet DirectAccess client DirectAccess server Corporate resources Internal traffic Internet traffic Internet servers
  • 6. Microsoft Windows 7 clients Microsoft Windows 7 DirectAccess Server Application servers Windows Server 2008 (for native IPv6 support) Exception: When Windows Firewall Authentication policy is used, application servers must be Windows Server 2008 R2 DC/DNS servers Windows Server 2008 Exception: When two-factor authentication is required for end-to-end authentication a Windows 7 DC-based Active Directory NAT-PT server if IPv4 access is desired Microsoft Confidential
  • 7. DirectAccess Overview Supporting infrastructure and technologies Using DirectAccess with Windows 7
  • 8. Client Receives configuration while directly connected to corpnet (provisioning) via Group Policy NAP used to check configuration and health when remotely connected Server DirectAccess wizard to set up DirectAccess Server(s) Policies controlled via Group Policy Microsoft Confidential
  • 10. Configure DirectAccess Server Requires Windows Server 2008 R2 Use DirectAccess server MMC Author DirectAccess policies for clients, application servers, DC/DNS and IPsec gateway Windows 7 Enterprise & Ultimate SKU Client Machines Done using DirectAccess configuration wizard Customize policies as needed Microsoft Confidential
  • 11. Facing Internet Forwarding Gateway for native IPv6 IPv6 over IPv4 services 6to4 relay Teredo Relay (optionally also Teredo Server) Firewall/Proxy Travel IP-TLS relay Internal IPsec Dos Protection Facing Corpnet Gateway for native IPv6 IPv6 over IPv4 Service for Enterprise SATAP Relay IPsec Gateway (Tunnel Mode Endpoint) Microsoft Confidential
  • 12. Be ready to monitor IPv6 traffic Choose an Access Model: Full Intranet Access vs. Selected Server Access? Assess deployment scale Microsoft Confidential
  • 13. DirectAccess Overview Supporting infrastructure and technologies Configuring DirectAccess
  • 15. What Happens At Client Client tries to access Looks in provisioned list for DNS Connects with DNS thru DAS. IPv6 route again server (using Client tries to connect to target .corp.phiwug.com server(s) associated with .phiwug.com IPsec. IPv6required. IPsec is is thru DAS What happens at DAS/DNS After negotiation, DAS lets ESP packets thru between client and DNS. DNS returns target address DAS lets thru AuthIP packets from client to DNS Microsoft Confidential information to client. DNS registers clients current address information
  • 16. Evolution, not revolution Upgrade your network to an IPv6 end state Requires Windows 7 on the client Transition to Windows Server 2008 simplifies the solution Little or no change to applications – upgrade the server platform 30 Microsoft LOB applications today on Windows Server 2008 running end-to-end IPsec/IPv6 Additional 40 planned to upgrade in next two months Allows you to take concrete steps toward satisfying any IPv6 mandate Seamless integration with your current access and security solutions Seamless transition to DirectAccess over time Integrates with Forefront solutions Microsoft Confidential
  • 18. http://technet.microsoft.com DirectAccess Design Guide: http://www.microsoft.com/downloadS/details.aspx?familyid=647222D1-A41E- 4CDB-BA34-F057FBC7198F&displaylang=en Step by Step Guide: http://www.microsoft.com/downloads/details.aspx?FamilyID=8D47ED5F-D217- 4D84-B698-F39360D82FAC&displaylang=en Next Generation Remote Access with DirectAccess and VPNs: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=70723e47-3d57-415b-9182- 744ceaf8c04a#tm Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2: http://www.microsoft.com/downloads/details.aspx?FamilyID=64966e88-1377-4d1a-be86- ab77014495f4&DisplayLang=en Microsoft Server and Tools solution site for Direct Access: http://www.microsoft.com/servers/directaccess.mspx