Simplify user experience for collaboration Difficulty in extending business resources Provide secure access to applications from anywhere Multiple locations and devices Prevent sensitive information from leaking Increasing.
Download ReportTranscript Simplify user experience for collaboration Difficulty in extending business resources Provide secure access to applications from anywhere Multiple locations and devices Prevent sensitive information from leaking Increasing.
Simplify user experience for collaboration Provide secure access to applications from anywhere Prevent sensitive information from leaking Protect from threats
BUSINESS Needs Agility
and
Flexibility
Difficulty in extending business resources Multiple locations and devices Increasing volume of sensitive information Financially motivated evolving threats
IT Needs Control
Help securely enable business by managing risk and empowering people
Identity Highly Secure & Interoperable Platform
Across on-premises & cloud
from:
Block Cost Siloed
to:
Enable Value Seamless
Secure Messaging Secure Collaboration Secure Endpoint Information Protection Identity and Access Management
Limited collaboration impacts user productivity
Sensitive information is sent via e-mail since partners do not have access to collaboration site Limited to no access Malware on non-trusted machines Limited to no access
Enable more secure business collaboration from virtually anywhere and across devices, while preventing unauthorized use of confidential information
• Automatically secure sensitive documents with AD RMS • Ensure only authorized usage through persistent policies • Works online and offline, across organizations • Integrated malware protection
“
Source: Food Distributor Deploys Enterprise Rights Management to Help Protect Sensitive Data. Microsoft case study, February 2008. http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000001482
Workstaton •RMS Lockbox •Client API •Templates
RMS Server
•Certification •Licensing •Templates Clients and Servers compatible with RMS
Active Directory
•Authentication •Service Discovery •Group Membership
SQL Server
•Configuration data •Logging •Cache
MOSS 2007
• Document Libraries with IRM
Exchange Server
• • •
2007/2010
Pre-licensing Fetching Content filtering Keyword filtering
3 AD RMS Server 1 2 4 5 Author using Office 2010/2007/2003 The Recipient 1. Author publishes content into SharePoint Server 2. Recipient requests document from SharePoint.
3. SharePoint requests credentials (the first time), then protects the file according to the permissions on the document library 4. SharePoint sends protected file to recipient 5. The RMS-enabled application renders file and enforces rights
Single Engine Multiple Engines 38 times faster response An AV-Test of consumer antivirus products revealed: On average, Forefront engine sets provided a response in Automatic Engine Updates Single-engine vendors provided responses in 5 days, 4 days, and 6 days respectively. Eliminates single point of failure
“
Source: SAS Gains Extranet Benefits with Confidence – Security Solution Makes it Easy. Microsoft case study, March 2007. http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=201164
• • Simplified, always-on access Consolidated secure portal to simplify remote access • Restricted, policy-based access to SharePoint
“
Source: Easy, Integrated Solution Gives Workers Remote Access, Improved Productivity. Microsoft case study, July 2007 http://www.microsoft.com/emea/partnersolutionmarketplace/CaseStudyDetail.aspx?casestudyid=4000000405
• •
Empower Business
Ability to move seamlessly between applications using a single identity Collaboration across organizations • • •
Empower IT
No need to manage external accounts Simplified and flexible claims-based federation Common authentication controls for building custom applications
“
Source: RSA: Microsoft Pushes 'Geneva' In War On Passwords. Information Week, April 2009. http://www.informationweek.com/news/security/app-security/showArticle.jhtml?articleID=216600105&pgno=2&queryText =
• • • Single user access model with single sign on (SSO) and easy to setup federation to on premise and cloud services Helps provide consistent security with user access model externalized from applications Based on industry standard protocols for interoperability Security Token (e.g., Kerberos Ticket) Corporate User • • Shared identity with partners and cloud services Boost cross-organizational efficiency − − Share rights-protected messages Improved support for SharePoint as a claims-aware application Exchange AD DS Partner Claims-Aware Application AD FS SharePoint
CLOUD SERVICE S
Web App Claims Aware app
Woodgrove AD AD FS Relying Party RMS WebSSO 9 4 Forefront TMG/UAG 3 8 5 7 1 RAC CLC 2 12 PL AD AD FS Identity Provider 6 10 RAC CLC Trey Engineering
1.
UL 11
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Assume author is already bootstrapped Author sends protected email to recipient at Trey Engineering post to Extranet Sharepoint Recipient contacts Published Woodgrove RMS server to get bootstrapped WebSSO agent intercepts request RMS client is redirected to FS-RP for home realm discovery through TMG or UAG RMS client is redirected to FS-IP for authentication RMS client is redirected back to FS-RP for authentication RMS client makes request to RMS server for bootstrapping WebSSO agent intercepts request, checks authentication, and sends request to RMS server RMS server returns bootstrapping certificates to recipient RMS server returns use license to recipient Recipient accesses protected content
www.microsoft.com/brs
http://www.microsoft.com/downloads/details.aspx?FamilyID=726f943e-d107-4b4d-a86e-dfb605e30ce5&displaylang=en
www.microsoft.com/forefront/en/us/secure-collaboration.aspx
Learn more about our solutions:
http://www.microsoft.com/forefront
Try our products:
http://www.microsoft.com/forefront/trial
www.microsoft.com/teched http://microsoft.com/technet www.microsoft.com/learning http://microsoft.com/msdn
Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31
st