SlideFinderPowerPoint search engine with thumbnail results
Newest Viewed Downloaded

Template: Kaylee McAvoy, Silver Fox Productions Formatting: Greg Flowers, Silver Fox Productions Event Date: July 27 - July 31, 2009 Event Location: Washington State Convention and Trade Center, Seattle, WA Audience Type: internal

Windows 7

Jón Harry Óskarsson Presales Architect Microsoft Íslandi Harry.oskarsson@microsoft.com 10/20/2009 8:49 PM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. ‹#›

Session Objectives

Session Objective(s) Design Philosophy Identify options and infrastructure requirements around Windows 7 networking features Define a work anywhere infrastructure for a remote workforce with appropriate security User interface enhancements Key Takeaways Windows 7 provides solutions for the evolving needs of a mobile workforce DirectAccess deployment requires a phased approach involving strategy, infrastructure readiness, and rollout BranchCache deployment requires a phased approach involving strategy, infrastructure deployment, and client configuration © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 10/20/2009

PLANNING PREDICTABILITY ECOSYSTEM The Making of Listen & Learn Quality & Fundamentals Enable IT Pros & Developers Excite End-Users ‹#›

Windows 7 for the Enterprise At their desk In a branch On the road Enhance Security & Control Protect data & PCs Built on Windows Vista foundation Streamline PC Management Easy migration Keep PCs running Virtualization Make Users Productive Anywhere ‹#›

How can Uers be Productive Anywhere?

End-Users Hard for remote users to connect to resources Hard to find information across PCs & data portals IT Hard to ensure secure connectivity for remote users Hard for you to manage mobile PCs and keep them up-to date Hard for you to provide and manage access to information Search Federation BranchCache™ DirectAccess Home Office ‹#›

Information Worker’s World Has Been Changing BRANCH OFFICES MOBILE & DISTRIBUTED WORKFORCE CENTRAL OFFICE REMOTE WORK ‹#›

Supporting IT Professionals Addressing User Needs Windows 7 Addressing Enterprise Needs Secure & Flexible Infrastructure DirectAccess VPN Reconnect & Mobile Broadband DNS Security Reduce Costs BranchCache™ & SMB Enhancements URL based QoS Support for Green IT Work Anywhere Infrastructure DirectAccess VPN Reconnect Mobile Broadband Fast Access BranchCache™ SMB Enhancements ‹#› Microsoft Confiential: Preliminary Information: NDA Only

DirectAccess

‹#›

Datacenter Servers Internet Enterprise Network Identity: Strong authentication required for all users Authorization: Machine health is validated or remediated before allowing network access Trustworthy Networking Vision Protection: All network transactions are authenticated and encrypted Remote Client Local Client Policies are based on identity, not on location ‹#›

Simplified connectivity Applies GPOs to remote computers Full NAP integration Authentication and encryption mitigate many attacks DirectAccess: More than Remote Access VPNs connect the user to the network DirectAccess extends the network to the computer and user Always On Manage Out Access Policies Protected Transactions Improved productivity Not user initiated "Light up" remote clients Decreases patch miss rates Pre-logon health checks and remediation Replaces modal "connect-time" health checks Supports authenticated transactions Supports encrypted transactions ©2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. ‹#›

The Evidence DirectAccess with Windows Server 2008 R2 and Windows 7 Operating System “Recently, a sales account executive and I had about an hour-long drive back to the office from a customer site. With DirectAccess, he was able to log on to our network, access the documents he needed, and write the proposal while I drove. By the time we got back to the office, he was already hitting the send button to deliver the proposal.” Rand Morimoto, President, Convergent Computing ‹#›

DirectAccess: Technical Foundation Connectivity: IPv6 Data Protection: IPsec Name Resolution: DNS and NRPT ‹#›

Connectivity: IPv6 DirectAccess requires IPv6 If native IPv6 isn't available, remote clients use IPv6 transition technologies The corporate network can deploy native IPv6, transition technologies, or NAT-PT IPv6 Options Intranet Internet NAT-PT Native IPv6 IPv6 Transition Technologies IPv4 DirectAccess works best if the corporate network has native IPv6 deployed

Data Protection: IPsec IPsec tightly integrates with IPv6, allowing rules engine to determine when and how traffic should be protected End to edge End to end End to edge End to end IPsec Encryption Authentication ‹#›

Name Resolution: DNS and the NRPT Remote DirectAccess clients use smart routing for DNS queries by default The Name Resolution Policy Table (NRPT) allows this to happen efficiently DirectAccess sends name queries to intranet DNS servers based on pre-configured namespace DirectAccess Connection Internet Connection ‹#›

Name Resolution Policy Table (NRPT)

Pertains to the client side only Uses a static table to define which DNS servers will be used by the client for the listed names Is configurable via Group Policy Objects (GPO) at Computer Configuration/ Windows Settings/Name Resolution Policy Can be viewed with netsh name show policy NRPT .ad.contoso.com 2001:db8:b90a:c7d8::178 2001:db8:b90a:c7d8::183 .lab.contoso.com 2001:db8:b90a:c7a8::202 .nls.contoso.com 2001:db8:b90a:c7e4::801

IPsec Tunnel Detail Tunnel 1: Infrastructure Tunnel Authentication: Computer Certificate + NTLM Client Access: AD/DNS/Management Tunnel 2: Intranet Tunnel Authentication: Computer Certificate + User Kerberos Client Access: Other available resources DirectAccess Client DirectAccess Server ‹#›

Requirements for DirectAccess

DirectAccess Clients Windows 7 Enterprise Edition or Windows 7 Ultimate Edition Domain-joined computers Others DNS Servers Supporting DirectAccess Clients - Windows Server 2008 SP2 or later A public key infrastructure (PKI) to issue computer certificates, smart card certificates, and, for NAP, health certificates. Customer Knowledge Should have a basic working knowledge of IPsec or TCP/IP Should be interested in learning and deploying new technologies, such as IPv6 DirectAccess Server Windows Server 2008 R2, Standard Edition or Higher Domain-joined computers ‹#›

Multi Factor Credentials for Intranet Access

Users are assigned a well-known SID when they log on with a smartcard (S-1-5-65-) Two Factor Authentication (TFA) is fully supported but not required Edge-based enforcement is a smarter way to enforce TFA Users may log on to a laptop without TFA When users access corporate resources, the IPsec authorization policy checks for the SID…

Direct Access Deployment

Deployment Strategy Prepare to monitor IPv6 traffic Choose an access model (e.g., full intranet access vs. selected server access) Determine deployment scale Deployment Process Prepare infrastructure Configure DirectAccess server Customize policies, as needed © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 10/20/2009

Showing 1 - 20 of 35 items Details

Name: 
SKY-20-10-2009 - S...
Author: 
Sandeep Singhal
Company: 
Microsoft
Description: 
Template: Kaylee McAvoy, Silver Fox Productions Formatting: Greg Flowers, Silver Fox Productions Event Date: July 27 - July 31, 2009 Event Location: Washington State Convention and Trade Center, Seattle, WA Audience Type: internal
Tags: 
techready9 - CLI311 - Planning Infrastructure to Support Networking Enhancements in Windows 7 | the | and | directaccess | for | data | cache | windows | server
Created: 
5/26/2009 5:06:57 PM
Slides: 
35
Views: 
0
Downloads: 
0
Rating: 
0


> Comment



Share this presentation
|
12 Next >>

Comments

Share this presentation:

|
Sitemap