Transcript Help securely enable business by managing risk and empowering people Identity Highly Secure & Interoperable Platform Across on-premises & cloud from: Block Cost Siloed to: Enable Value Seamless.

Help securely enable business by managing risk and empowering people
Identity
Highly Secure & Interoperable
Platform
Across on-premises & cloud
from:
Block
Cost
Siloed
to:
Enable
Value
Seamless
Secure Messaging
Secure Collaboration
Information Protection
Identity and Access Management
Secure Endpoint
Enable more secure business collaboration from virtually anywhere and across devices, while
preventing unauthorized use of confidential information
PROTECT everywhere
ACCESS anywhere
• Secure, seamless access
• Protect sensitive information
in documents
• Best-in-class anti-malware
INTEGRATE and
EXTEND security
• Deep Microsoft SharePoint
and Office integration
• Standards-based
interoperability across
organizations and cloud
SIMPLIFY security,
MANAGE compliance
• Enterprise-wide visibility
• Easier partner
management
• Active Directory Rights Management Services (AD RMS) template is built in with SharePoint.
• Windows SharePoint with AD RMS can be used to convert the stored file to an encrypted format each time a user downloads the file.
Single Engine
Multiple Engines
38 times faster response
Automatic Engine Updates
Eliminates single point of failure
“
,
• Shared identity with partner organizations and cloud services
• Boost cross-organizational efficiency and communication with more secure access
− Support the sharing of rights-protected messages between organizations
− Improved support for Microsoft SharePoint Server as a claims-aware application
Trey Research
Account Forest
Woodgrove Bank
Resource Forest
Federation
Trust
AD DS
AD FS
AD FS
AD DS
AD RMS
Exchange 2010
Application Access
Business Partners
User Account/Credentials
Post claims
Redirect to Security Token
Service (STS)
Security Token
SharePoint Server
Farm
• Integrated SSL VPN capabilities
• Simplified remote access by non-Windows, down-level, or non-trusted endpoints
• DirectAccess in Windows Server 2008 R2, along with Unified Access Gateway, enables secure, seamless, always-on
access to messaging and applications from Windows 7 clients.
Data Center/Corporate Network
Exchange
CRM
Mobile
SharePoint
IIS based
IBM, SAP, Oracle
Home/Kiosk
Layer3 VPN
Internet
HTTPS (443)
TS/ RDS
Citrix
DirectAccess
Non-Web
Business
Partners
AD, ADFS,
RADIUS, LDAP….
Employee-Managed Machines
NPS, ILM
•
•
•
•
Single point of entry to shared and published applications
Can locate applications without tracking site addresses
Offers same user experience for remote users
Supports strong two-factor authentication, which can help organizations to keep their shared information safe
Remote user can have access to corporate
applications and shared folders without direct access
to internal resources.
Business partner has limited access to corporate
network; Unified Access Gateway allows access only
to those applications for which users have
permissions.
• Identity-centered, policy-based granular access and security for shared resources on collaborative portals
• Policy definitions to help provide controlled access to application areas and operations
• Can allow or block application functions,
including:
– Document download/upload
– Document check out/check in
– Edit document/properties
– Delete
Simplified Management
• Simplifies deployment and ongoing tasks through wizards and built-in policies.
• Simplified user experience - reducing support costs
• Consolidates remote access infrastructure
Step 2:
Stepthe
1: internal
Provide
type of
nameChoose
of the the
SharePoint
Step 3:
application you wish to
Server.
Configure the
same
publish.
external name on your
SharePoint Server.
Provide the external
name.
All
Done!
Zone
Internal URL
Public URL for Zone
Default
http://hrportal
http://hrportal
Internet
http://hrportal.woodgrovebank.com
https://hrportal.woodgrovebank.com
Internet
https://hrportal.woodgrovebank.com
https://hrportal.woodgrovebank.com
Zone
Internal URL
Public URL for Zone
Default
http://hrportal
http://hrportal
Internet
https://hrportal.woodgrovebank.com
https://hrportal.woodgrovebank.com
Integrated Security
•
•
•
•
•
Overlay granular access control to specific sites and/or features within sites
Built-in endpoint security policies (integrated with NAP)
Expanded authentication and authorization capabilities
Session clean-up and information leakage prevention
Integrated network security
Anywhere Access
. . . And simple, secure access optimized for Exchange
Publish all Exchange mail services as a single UAG
application:
•
Easier publishing experience
•
Symmetrical topology for all front-end mail services
Publish each Exchange service as a separate application:
•
Greater back-end topology
Browse a site
and view list &
libraries easily
Access
multiple sites
and libraries
Access your
documents
offline
Anywhere Access
Forefront UAG: A key enabler of DirectAccess
Always
On
Manage
Out
Access
Policies
Protected
Transactions
UAG extends the benefits of Windows DirectAccess across your infrastructure, enhancing scalability and simplifying deployments
and ongoing management
UAG and DirectAccess better together:
Extends access to line of business servers with IPv4 support
Access for down level and non Windows clients
Enhances scalability and management
Simplifies deployment and administration
Hardened Edge Solution
Always On
IPv6
SSL-VPN
+
IPv4
UAG and DirectAccess better together:
Extends access to line of business servers with IPv4 support
Access for down level and non Windows clients
Enhances scalability and management
Simplifies deployment and administration
Hardened Edge Solution
Always On
IPv6
IPv6
SSL-VPN
+
IPv4
IPv6
or
IPv4
From IAG to UAG
IAG
UAG
Granular Application Filtering


Session cleanup and removal


End point health detection


Improved
Integrated with NAP policies

New
Remote Desktop and RemoteApp integration

New
Extends and simplifies DirectAccess deployments

New
Built in load balancing

New
Array management capabilities

New
Enhanced monitoring and management (SCOM)

New
APPLICATION PUBLISHING
Improved
INTEGRATION
SCALE AND MANAGEMENT
UAG Form Factors
OEM partners
23
How to Buy
guide
blog
TechNet
www.microsoft.com/teched
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
• Enterprise policy enforcement to
protect from unauthorized access
• Enhanced security with reduced
risk of information leaks through
persistent data protection
• Streamlined adoption and
deployment with out-of-the-box
integration with collaboration
workflow, the Microsoft Office
system, and Active Directory
• Prevents information leakage
from within the documents while
moving to the external user
• Enterprise policy enforcement for
external partners and vendors to
protect from unauthorized access
• Dashboard and risk-centered
prioritized view throughout the
enterprise
• Centralized reporting and alerting
with Unified Access Gateway
management console
• Access to SharePoint sites and
ability to edit documents from
virtually anywhere: managed
laptops, home computers, kiosks,
and mobile devices
• Includes multiple scanning
engines from industry-leading
security partners integrated in a
single solution to help businesses
protect against single point of
failure
• Content filters to help keep users
from posting or retrieving
ethically questionable material
and confidential company
information
• Configurable file-filtering rules to
help block file types known for
carrying viruses or opening
organizations to legal exposure
Learn more about our solutions:
http://www.microsoft.com/forefront
Try our products:
http://www.microsoft.com/forefront/trial
www.microsoft.com/teched
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn
Sign up for Tech·Ed 2011 and save $500
starting June 8 – June 31st
http://northamerica.msteched.com/registration
You can also register at the
North America 2011 kiosk located at registration
Join us in Atlanta next year