This is a mirror of official site: http://jasper-net.blogspot.com/

How Microsoft IT Leverages Security Enhancements from Windows Server 2008 R2

Posted by jasper22 at 12:31 | Monday, November 29, 2010
Introduction

Windows Server 2008 R2 is an incremental upgrade that builds on the Windows Server 2008 foundation. By simultaneously releasing Windows Server 2008 R2 and Windows 7, Microsoft was able to build significant synergy between the two products. This article focuses on some of the technologies made possible by that synergy, including DirectAccess, BranchCache™, Network Access Protection (NAP), and AppLocker™. The article shows how the Information Security and Risk Management (InfoSec) team in Microsoft IT use these technologies and Extended Protection for Integrated Windows Authentication (IWA) to fulfill their mission of enabling secure and reliable business for Microsoft and its customers.

DirectAccess

DirectAccess is a new feature in Windows Server 2008 R2 and Windows 7 that provides increased productivity for the mobile work force by offering the same connectivity experience inside and outside the office. With DirectAccess, trusted users on healthy devices on the Internet can securely access corporate resources such as e-mail servers, shared folders, or intranet Web sites without connecting through a Virtual Private Network (VPN). DirectAccess is on whenever the user has an Internet connection, giving users seamless access to intranet resources whether they are traveling, at the local coffee shop, or at home.

DirectAccess combines multiple Windows technologies to enable IP-layer connectivity between Windows computers and any other devices inside the corporate network. It is secured with Internet Protocol Security (IPsec) and strong host protections, including the Trusted Platform Module (TPM) and NAP. IPsec is used to enforce several security requirements that were traditionally implemented by VPNs, including encryption and user authentication.

Situation

Multiple remote access methods at Microsoft led to end user confusion about which technology to use at which time. And with the previous VPN solution, users had to wait through a long quarantine period while the system checked to see if the user's computer had the latest software patches, anti-virus signatures, and so on. Having multiple remote access technologies also led to increased overall overhead at Microsoft IT.

Deployment

Microsoft IT first offered DirectAccess as a pilot to a subset of employees. Microsoft IT is currently deploying DirectAccess globally in a phased manner to all employees.

Read more: Technet

Posted via email from .NET Info

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)