5. Agenda DirectAccess Overview Supporting infrastructure and technologies Configuring DirectAccess Using DirectAccess with Windows 7
6. Agenda DirectAccess Overview Supporting infrastructure and technologies Configuring DirectAccess Using DirectAccess with Windows 7
7. Information Worker’s World Has Been Changing… CENTRAL OFFICE REMOTE WORK BRANCH OFFICES MOBILE & DISTRIBUTED WORKFORCE
8. Building A Trusted Stack Identity Claims Authentication Authorization Access Control Mechanisms Audit Core Security Components “I+4A” Trusted Data Trusted People Trusted Stack Trusted Software Trusted Hardware Integrated Protection Secure Foundation SDL and SD3 Defensein Depth Threat Mitigation
9. What Is DirectAccess? Comprehensive anywhere access solution available in Windows 7 and Windows Server 2008 R2 Provides seamless, always-on, secure connectivity to on-premise and remote users alike Eliminates the need to connect explicitly to corpnet while remote Facilitates secure, end-to-end communication and collaboration Leverages a policy-based network access approach Enables IT to easily service/secure/update/provision mobile machines whether they are inside or outside the network
10. The DirectAccess Vision Internet Always-on connectivity across different networks Always on Always healthy Always secure ISA FW, TSG 802.1x Customer Site Compliant Windows 7 Client Compliant Windows 7 Client Compliant Windows 7 Client Non-compliant Client Device Lab, Client Non-compliant Client Device A focus on driving access decisions based on “policy and a trusted identity,” rather than the limitations of network topology. RODC X Cust FW Downlevel or Mobile Client Secure Boundary Compliant Client Dedicated Resources Corporate Network Business Partner Healthy Resources VPN Gateway Non-compliant Client Device NPS/NAP Servers Requires users to connect (lost productivity) Client must be made healthy prior to network access(Lost productivity plus IT time and expense)
12. Benefits Of DirectAccessBringing Corpnet to the User More productivity Always-on access to corpnet while roaming No explicit user action required – it just works Same user experience on premise and off
13. Benefits Of DirectAccessBringing Corpnet to the User More secure More productivity Always-on access to corpnet while roaming No explicit user action required – it just works Same user experience on premise and off Healthy, trustable host regardless of network Fine grain per app/server policy control Richer policy control near assets Ability to extend regulatory compliance to roaming assets Incremental deployment path toward IPv6
14. Benefits Of DirectAccessBringing Corpnet to the User More secure More manageable and cost effective More productivity Always-on access to corpnet while roaming No explicit user action required – it just works Same user experience on premise and off Simplified remote management of mobile resources as if they were on the LAN Lower total cost of ownership (TCO) with an “always managed” infrastructure Unified secure access across all scenarios and networks Integrated administration of all connectivity mechanisms Healthy, trustable host regardless of network Fine grain per app/server policy control Richer policy control near assets Ability to extend regulatory compliance to roaming assets Incremental deployment path toward IPv6
15. Agenda DirectAccess Overview Supporting infrastructure and technologies Configuring DirectAccess Using DirectAccess with Windows 7
17. DirectAccess Components DirectAccess client DirectAccess server Network location server. Certificate revocation list (CRL) distribution points NAP / Health Validation ADDS Native IPv6 (Globally Routable) 6to4 Teredo IP-HTTPS
18. DirectAccess & Enabling IPv6 Internet DirectAccessServer DirectAccessClient Tunnel over IPv4 UDP, HTTPS, etc. Native IPv6 6to4 Teredo IP-HTTPS
19. DirectAccess & IPsec EnterpriseNetwork DirectAccess Server Line of Business Applications No IPsec IPsec Integrity Only (Auth) IPsec Integrity + Encryption
20. DirectAccess Supporting Technologies Corporate Network Trusted, compliant, healthy machine DC & DNS(Win 2008) Applications & Data Windows 7 client IAG SP2 NAP (includes Server & Domain Isolation [SDI]) Forefront Client Security Windows Firewall BitLocker + Trusted Platform Module (TPM)