IPv6 - Microsoft

Download Report

Transcript IPv6 - Microsoft

Bill Orme
Microsoft Corporation
[email protected]
Increasingly, people envision a world of anywhere access - a
world in which the information, the communities, and the content
that they value is available instantly and easily, no matter where
they are.
Bill Gates, Enabling Secure Anywhere Access in a Connected
World, Feb 2007
Unified Access Gateway is next version of
Intelligent Application Gateway (IAG) with a
vision and mission to provide managed,
unmanaged & mobile devices with unified
secure anywhere access to on-premise and inthe-cloud applications. Also unite all Microsoft
Access gateways into a single solution platform.
Secure Access from Managed and
Unmanaged Devices
Simplified and Granular Access Control
Application Interoperability Outside the
Corporate Network
Full Enablement of Mobile Devices
2 factor authentication for all applications
Demand for access
•
Many access points
•
Various devices
•
Intranet/Extranet
Escalating threats
Comprehensive
•
•
•
More advanced
More frequent
Profit motivated
Fragmented technology
•
•
•
Integrated
Point products
Difficult to manage
•
•
Multiple security consoles
•
Granular policy hard to
deploy
Poor interoperability
Lack of integration
Complex reporting and
analysis
Simplified
Security requirements based on policy
Who gets access?
What do they get access too?
What can they do with it?
Can we protect our Infrastructure and application servers?
Detach security policies from technology solutions
Where (Device)
Who (Identity)
Each session is tailored according to its user and the device
in use, maximizing security and productivity for that session.
Internal & External
Users
Financial
Partner or
Financial
Field Agent
Partner or
Field Agent
Logistics
Partner
Logistics
Partner
Project Manager
Employee
Project Manager
Employee
Remote
Technician
Employee
Remote
Technician
Employee
Managed &
Unmanaged Devices
Home PC
Home PC
Private
Resources
Legacy Apps
Limited Intranet
Custom Financials
Kiosk
Kiosk
Limited Webmail:
no attachments
Web Apps
Client-Server Apps
Corporate
Laptop
Full Intranet
Supply Chain
Payroll & HR
File Access
Legacy Apps
Third-Party Apps
Corporate
Unmanaged
Managed Laptop
Partner PC
Webmail
Unmanaged
Partner PC
Homegrown Apps
Tech Support App
File Access
•Exchange
•CRM
•SharePoint
•IIS based
•IBM, SAP,
Oracle
Mobile
Home / Friend /
Kiosk
Internet
HTTPS (443)
TS
Direct Access
Non web
Business Partners /
Sub - Contractors
Employees Managed Machines
Internet / home / hotel / other company
Authentication
End-point health detection
Enterprise Readiness
Edge Ready
Information Leakage Prevention
Non-Windows
AD, ADFS,
RADIUS, LDAP….
Data Center /
Corporate Network
Control
Protect
Safeguard
Native AD integration
w/strong and two-factor
authentication
File upload / download
control; .EXE identification
Session termination &
inactivity timeouts
SQL
Server
Active
Directory
File
Shares
Comprehensive
monitoring and logging
Single sign-on to
multiple and
custom directories
ISA
Server
Endpoint policydefined micro-portal
IIS
Intelligent Application
Gateway™
Portal defined by
user identity
‘Restricted zones’
definitions for URLs
Endpoint compliance
check and clean-up
External
Firewall
Web application firewall
w/app-specific content,
command, and URL filtering
SharePoint
Server
Policy-driven intranet
access with ACLlevel controls
Exchange
Server
Positive and negativelogic filtering rules
MANAGED
IPv6
Windows7
IPv6
Windows7
DirectAccess Server
Comprehensive anywhere access solution available in Windows 7 and Windows Server 2008 R2
•Provides seamless, always-on, secure connectivity to on-premise and remote users alike
•Eliminates the need to connect explicitly to corporate network while remote
•Facilitates secure, end-to-end communication and collaboration
•Leverages a policy-based network access approach
•Enables IT to easily service/secure/update/provision mobile machines whether they are inside or outside
the network
MANAGED
Windows7
Windows7
UAG and DirectAccess better together:
1. Extends access to line of business servers with IPv4 support
2. Access for down level and non Windows clients
3. Enhances scalability and management
4. Simplifies deployment and administration
5. Hardened Edge Solution
Always On
DirectAccess
IPv6
IPv6
UNMANAGED
Vista
XP
Extend support
to IPv4 servers
IPv4
SSL VPN
Non
Windows
PDA
DirectAccess
Server
+
IPv4
IPv4
UAG
provides
access
forextends
down
level
and
Windows
clients
enhances
scale
and
management
with
integrated
LB
and
array
capabilities.
UAGis
improves
adoption
and
access
existing
infrastructure
a hardened
edge
available
intonon
HW
and
virtual
options
UAG UAG
uses
wizards
and
tools
toappliance
simplify
deployments
and
ongoing
management.
Instead of the application handling the “checklist” individually, IAG features are
overlaid for each resource
Financial
Partner
Field Sales
Rep
Home PC
Project Manager
Employee
Kiosk
Encryption
Corporate
Laptop
Unmanaged
Partner PC
Endpoint Scan
Authentication
SSL VPN
Remote
Technician
Access Control
Cache Cleaning
URL Translation
MOSS
AD
File Access
Related Apps
Application Intelligence and Publishing
End Point Security
SSL Tunneling
Information Leakage Prevention
Robust Authentication Support (KCD, ADFS, OTP)
IAG 2007

UAG









Product Certification (Common Criteria, ICSA)
 New
NAP Integration
 New
Terminal Services Integration
 New
Array Management
 New
Enhanced Management and Monitoring (MOM Pack)
 New
Enhanced Mobile Solutions
 New
New and Customizable User Portal
 New
Wizard Driven Configuration
 New
Direct Access and SSTP Integration
 New
•Array management
•Simplified wizard-based
deployment
•Wizards for Microsoft
Applications publishing
•Customizable Portal and
Internal Site
•Virtual appliance
•SQL logging
•SCOM Pack
•Detection & Responses
(ESAS) – SDK-only
integration
•Performance
•Reliability
•Scalability
•Improved CEC compliance
•SDL
•Common Criteria
•SW only
•Improved SP publishing
•Single IP Exchange Server
publishing
•Web application load
balancing
•Kerberos delegation, IWA
Deployment
and Admin
Monitoring
Enterprise
Readiness
Application
Publishing
•NAP integration side by side
with UAG's end point
security
•Non IE Browser support
(Firefox on Windows, Mac,
Linux)
•Windows Mobile / Simbian Active Sync
•Feature Phones – EasyPass
Login *
•SharePoint Mobile
•Office Mobile support
•Remote Terminal
Application Publishing
•Portal with web & TS apps
•SSTP side by side with
network connector and
IPSec VPN
•Smart Card / Cert only
authentication
•OTP-only authentication
•Partner Federation with
ADFS
End Point
Compliance
Mobile
Rich Access
Technologies
Microsoft Confidential
Authentication
Intelligent Application Gateway
HA
T
Content
Inspectio
n
Policy
Engin
e
SSL
VP
N
User
Interaction
Pages
Session/User
Manager
•Active Directory®
•RADIUS
•TACACS+
•Novell eDirectory®
•Sun Netscape LDAP
•HTTP authentication
•„Other“ (API)
•…
Int.
NIC
•web apps
•client/server apps
•other apps, VoIP etc.
Internet Information Server
Internet Security & Acceleration Server
Windows Server 2003 R2
Ext.
NIC
Appliance Hardware
Hyper-V VHD
Application
Access
SSL VPN
Tunneling
Application
Intelligence
End Point
Detection
Multiple tunnels
providing access
for non web
applications
Optimizers for
core, common,
scenarios
enabling security
and functionality
Client and deep
policies for
security health
assessment
Reverse Proxy
Intelligent URL
rewriting and
manipulation
engine to simplify
publishing
Policy and
Security
Management
Wizard driven configuration for
core scenarios allowing easy
implementation and
enforcement of granular
policies. Web based
monitoring and control
across arrays.
Consolidated Gateways
TS Gateway, ADFS
Proxy, RRAS
Ext. NIC
Appliance Hardware
Hyper-V VHD
MSI
Int. NIC
Virtually every application 
Web Applications – Assumed
Non-Web/Native Applications
Provide Full Network Connectivity
Active Directory
LDAP
TACACS
RADIUS
RSA
Smart Card
Certificates
Etc … using IAG Hooks
Endpoint Security
Single Sign-On
Multi Factor Authentication
Authentication on Demand
Group Authorization
Access Policy and Control
Data Cleaning - Attachment Wiper
Integrated Application Firewall
Granular Access Control
O
N
&
O
F
F
To know more about our next version “UAG”
please visit http://microsoft.com/uag