Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Information Systems

Network Access Protection (NAP)

advertisement 
Customer Insight:
CSO's Perspective – What Edge?
Microsoft Research EdgeNet, June 2006
Mark Ashida
General Manager
Windows Enterprise Networking
The Evolution of Our Thinking
• Industry Trends
• Consolidation of functionality vs. appliances
• Mobility driving more devices, roaming users, policies
• Trust boundaries are vague - hard to define & control
• Network Access Protection (NAP)
• Defined initial requirements with customers
• Early & consistent review with Microsoft IT dept
• Refined functionality with feedback from pilot programs
•
Technology Adoption Program (TAP), Vista Beta Customers
What Edge?
• VLAN’s, IPsec,
internal
firewalls, NAC
appliances
• Jericho Forum
• Logical L3+ vs.
L2
Internet
Restricted Zone
New PC
Provisioning
Servers
Internet
Logical CorpNet
DHCP, DNS, AAA
Employee, Partner, Guest PC
X
IPSec Security
Seamless Network Gateways
Non-domain joined, NonIPSec Devices
Thinking Evolution
• Network Access Protection Abstraction
Health
State
Quarantine
Agent
Enforcement
802.1x, IPsec
Network
Infrastructure
RADIUS
Policy store
Thinking Evolution
• Network Access Protection Abstraction
Health
State
Quarantine
Agent
Enforcement
802.1x, IPsec
Policy store
RADIUS
Control Plane
Enforcement/
Network
Network
Infrastructure
Assets
Thinking Evolution
Single
Dashboard
Reporting
Health
State
Quarantine
Agent
Enforcement
802.1x, IPsec
MOM
Pak
MOM
UI
Diag
MOM
Pak
MOM
Pak
Policy store
RADIUS
Control Plane
Enforcement/
Network
Network
Infrastructure
Assets
Thinking Evolution
NAP
Configuration
Help
Desk
Security
Provisioning
Performance
Network State
Database (in MOM)
Clients
DHCP
WINS
VM/TPM
DNS
Network
Infrastructure
RADIUS
Policy store
What CSO’s want.
•
•
•
Want it soon – they want PAC not NAC
Fined grained admission per resource based upon
Fined grained based upon rich information such as:
•
•
•
•
•
•
Interoperability with current infrastructure/desktops
•
•
•
Identity (permanent and temporary)
Machine state (health)
Application
Entry point
Time of day, etc.
Multi-vendor solution
Federated trust would be nice
Manageability
What CSO’s don’t want
• Don’t make it uneconomical for us to deploy
•
•
•
Help desk
Management
Multiple solutions
• Don’t break Provisioning/Logon/SSO
• Is 802.1x the right enforcement method?
• Practical deployment issues – beaconing, provisioning,
multimac on single port, VM’s,
Unashamed Vista/LHS Plug
•
•
•
•
•
•
•
Network Diagnostics – why can’t you connect and repair
NAP Agent – why you can’t connect/Help desk
MOM Desktop NAP Agent – events/alarms from desktop,
expanding to all networking elements on desktop (QoS, etc.)
IPsec – giving you virtual logical groups anywhere in the world
(240k desktops at MS) with much reduced deployment costs
Adaptive NEW IP Stack – much better throughput, up to 80+Mbs
on a 100Mbs port vs. 20 previously
IP Offload – 10Ge announced now
IPv6 – on by default
Related documents
June B. Jones and some sneaky peeky spying
June B. Jones and some sneaky peeky spying
BLACK AND WHITE LEE MILLER, WILLIAM MICHAEL, DEAN
BLACK AND WHITE LEE MILLER, WILLIAM MICHAEL, DEAN
Internet and I 802 吳仲雨
Internet and I 802 吳仲雨
here - Brooklyn School
here - Brooklyn School
Clinic Security and Policy Enforcement in Windows Server 2008
Clinic Security and Policy Enforcement in Windows Server 2008
My strengths are:
My strengths are:
The Glass Castle Reader Response Journal When we studied
The Glass Castle Reader Response Journal When we studied
Security Issues in Mobile Ad
Security Issues in Mobile Ad
IPsec: Policy
IPsec: Policy
Download
advertisement