Scott Roberts Senior Program Manager Lead Network Security Microsoft Corporation Ashwin Palekar Principal Group Program Manager Microsoft Corporation Session Code: WSV208
Download ReportTranscript Scott Roberts Senior Program Manager Lead Network Security Microsoft Corporation Ashwin Palekar Principal Group Program Manager Microsoft Corporation Session Code: WSV208
Scott Roberts Senior Program Manager Lead Network Security Microsoft Corporation Ashwin Palekar Principal Group Program Manager Microsoft Corporation Session Code: WSV208 Mobile Workforce Increasingly Porous Perimeter “Re-Perimeterization” “My network is where my buildings are” How to manage, monitor, and support remote users/machines all the time? How to simplify remote workers’ access “My network is where my users and assets are” Industry Trends Assume the underlying network is always unsecure Redefine the corporate edge to protect the datacenter Enterprise Network Security policies based on identity, not location DirectAccess Server Internet Data Center and Business Critical Resources Local User Remote User Windows Server 2008 R2 Addressing Enterprise Needs Addressing User Needs Supporting IT Professionals Work Anywhere Infrastructure using Direct Access Secure & Flexible Application access using Terminal Services DirectAccess Providing seamless, secure access to enterprise resources from anywhere DirectAccess in Action Benefits Of Direct Access Bringing the corporate network to the user More productive Always-on access to corpnet while roaming No explicit user action required – it just works Same user experience on premise and off More secure Healthy, trustable host regardless of network Fine grain per app/server policy control Richer policy control near assets Ability to extend regulatory compliance to roaming assets Incremental deployment path toward IPv6 More manageable and cost effective Simplified remote management of mobile resources as if they were on the LAN Lower total cost of ownership (TCO) with an “always managed” infrastructure Unified secure access across all scenarios and networks Integrated administration of all connectivity mechanisms VPN vs. DirectAccess - Value VPN DirectAccess DirectAccess Client (Windows 7) Internet DirectAccess Server (Server 2008 R2) Tunnel over IPv4 UDP, HTTPS, etc. Encrypted IPsec+ESP Native IPv6 6to4 Teredo IP-HTTPS IPsec Gateway DirectAccess Server (Server 2008 R2) Enterprise Network Line of Business Applications No IPsec IPsec Integrity Only (Auth) IPsec Gateway IPsec Integrity + Encryption Windows Server 2008 Non-Windows Server DirectAccess Components Server Client Runs on Windows Server 2008 R2 Runs on Windows 7 Sits on network edge Initial configuration done on Corpnet or over VPN Single box by default Services can be split up for scalability Domain-joined Direct Access Supporting Technologies Corporate Network Trusted, compliant, healthy machine DC & DNS (Server 2008 R2) Applications & Data Windows 7 client NAP (includes Server & Domain Isolation [SDI]) Forefront Client Security Windows Firewall BitLocker + Trusted Platform Module (TPM) IAG SP2 Forefront UAG Direct Access Supporting Technologies Forefront Client Security Internet Non- Compliant Client NAP / NPS Servers Compliant Client Compliant Client Unmanaged Client DA Server CORPNET User Data Center and Business Critical Resources CORPNET Compliant Network IAG SP2 CORPNET User Mobile Broadband Situation Today Internet connectivity via mobile broadband cards is expanding: Inconsistent user experience Additional software required Windows 7 Solution Standard driver model (plug & play experience for built-in and external 3G cards) Mobile Broadband connection experience integrated into standard Windows UI Standard APIs for building customized connection management experience Compatible with DirectAccess and VPN Reconnect VPN Reconnect Situation Today VPN used frequently for remote access to corporate resources Mobile workers reconnect to VPN on every network outage Windows 7 Solution The client maintains persistent VPN connection across network outages VPN Client can connect to any VPN Server of choice Benefits Better end user experience: seamless and consistent VPN connectivity Reduced support costs BranchCache Windows 7 Solution Situation Today Windows Server 2008 R2 Windows Server 2008 Slow WAN Link Slow WAN Link Subsequent access from the same client is satisfied from the transparent cache (local machine access) Vista SP1 Clients Windows 7 Clients Client 1 Client 1 Client 2 Client 2 Remote Desktop Services Introducing New Names in R2 WS03 WS 2008 WS 2008 R2 Terminal Services Terminal Services Remote Desktop Services Terminal Server Terminal Server RD Session Host TS Session Directory TS Session Broker RD Connection Broker TS Licensing Server TS Licensing Server RD Licensing Server TS Gateway RD Gateway TS Web Access RD Web Access RD Virtualization Host WS08 R2 – New and Improved NEW! Improved Improved TS & VDI – an integrated solution Remote Application Access Hyper-V support for virtual desktops RemoteApp & Desktop Connections Single discovery, connection broker & publishing infrastructure RD Web Access SCVMM Support RD Gateway Security Improvements Full Fidelity RemoteApp & Desktops True multiple monitor support Multimedia Support & Bi direction audio Platform & Management Improvements New API, Connection Broker Extensibility,, Powershell Support, Best Practices Analyze, Full MSI support TS & VDI – An Integrated Solution Virtual Machine Management (SCVMM) TS-based Remote Desktop (RD Session Host) Hyper-V-based Remote Desktop (RD Virtualization Host) RD Connection Broker Full Fidelity RemoteApp & Desktops RemoteApp & Desktop Connections RemoteApp & Desktops icons integrated into start menu etc Icons refreshed & updated automatically Multimedia Support & Audio Input Experience rich multimedia redirection Use VoIP applications and speech recognition. True multiple monitor support Use upto 10 monitors of any size or layout with RemoteApp and Desktops All applications behave like users expect – e.g. PowerPoint Aero Glass for RD Session Host Uses have the same new Windows 7 look and feel when using Remote Desktop Server RemoteApp™ Language Bar Support Configure applications that use alternate language settings (e.g. right to left languages) from the local language bar Remote Application Access TS and VDI – An Integrated Solution Single broker to connect users to sessions or virtual machines, out of the box solution for VDI scenarios with Hyper-V RemoteApp & Desktop Connections Centrally managed list of applications and desktops (TS & VDI) Automatically published, refreshed & integrated with Windows 7 Remote Desktop Web Access Integrated with RemoteApp & Desktop Connection management tools Provides access to RemoteApps & Remote Desktops from Windows 7, Vista & XP Integrated Single Sign On A Single Logon for RemoteApp & Desktop connections Forms based logon for Remote Desktop Web Access Remote Desktop Gateway Session & Idle timeouts to enforce policy and authorization refresh Pluggable authentication and consent signing Platform & Management Improvements Improved Application Compatibility Improved Microsoft Installer (MSI) compatibility Powershell Support Easily automate and script administrative tasks for remote desktop scenarios Use Profile Cache Quota Removes need to delete profiles at logoff – speeds up logon. Ensures profiles never overrun disk space; least used profiles deleted RemoteApp & Desktop Connections Extensibility Can support discovery of any custom application type Ensure common UI and location for discovering connections Connection Broker Extensibility Orchestration plug-ins – e.g. VM preparation, VM placement Policy plug-ins – e.g. load balancing, security etc Summary Call-to-action Windows Server 2008 R2 offers great innovation for your Anywhere Access infrastructure Learn more about Direct Access and Remote Desktop Services Get ready deploying Windows Server 2008 Related Content VIR307 Windows 2008 R2: Remote Desktop Services: VDI Drilldown - Drilldown into RD Connection Broker and VDI features VIR305 - Microsoft Remote Desktop Protocol (RDP) Architecture and Improvements. - Drilldown into RDP features Windows Server Resources Make sure you pick up your copy of Windows Server 2008 R2 RC from the Materials Distribution Counter Learn More about Windows Server 2008 R2: www.microsoft.com/WindowsServer2008R2 Technical Learning Center (Orange Section): Highlighting Windows Server 2008 and R2 technologies • Over 15 booths and experts from Microsoft and our partners Resources for IT Professionals www.microsoft.com/teched Tech·Talks Live Simulcasts Tech·Ed Bloggers Virtual Labs http://microsoft.com/technet Evaluation licenses, pre-released products, and MORE! Complete an evaluation on CommNet and enter to win! © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.