Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking.

Slides:

Advertisements

Similar presentations

October 10-13, 2006 San Diego Convention Center, San Diego California VoIP/SOA Integration Impact on IT Apps, Processes, & Overall Business.

Advertisements

Defense Communications as a Scarce Resource

Encrypting Wireless Data with VPN Techniques

And many others…. Deliver networking as part of pooled, automated infrastructure Ensure multitenant isolation, scale and performance Expand.

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Ljubomir Ivaniš CPU d.o.o.

Tech·Ed North America /6/2017 9:33 AM

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

IP ADDRESS MANAGEMENT [IPAM]

Enabling IPv6 in Corporate Intranet Networks

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

Red Corp Blue Subnet1 Blue Subnet3Blue Subnet2 Blue Subnet5 Blue Subnet4 Red Subnet2 Red Subnet1 Blue Sales Net Red HR Net Multitenant.

Scott Roberts Lead Program Manager Microsoft Session Code: WSV320.

Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft

Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Module 3 Windows Server 2008 Branch Office Scenario.

Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.

Security and Policy Enforcement Mark Gibson Dave Northey

Information Security in Real Business

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

Blue CorpRed Corp Blue Subnet1 Blue Subnet3Blue Subnet2 Blue Subnet5 Blue Subnet4 Red Subnet2 Red Subnet1 Blue R&D Net Blue Sales Net.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.

Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Gavin Carius Architect Microsoft Services SVR311.

Clinic Security and Policy Enforcement in Windows Server 2008.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

Selecting the Right Network Access Protection Architecture

70-411: Administering Windows Server 2012

Implementing Network Access Protection

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

Module 8: Configuring Network Access Protection

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Microsoft Smarter Retailing Architecture Willem Haring Industry Technical Strategist EMEA Retail Industry Unit

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Configuring Network Access Protection

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.

May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Securing Your Network – End to End Connectivity Pat Fetty Senior Program Manager Windows Customer Advisory.

NAC-NAP Interoperability

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

Microsoft Windows Server 2012 R2. What’s NEW in Windows Server 2012 R2.

Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.

Dawie Human Infrastructure Architect Inobits Consulting Session Code: WSV320.

Network Access Control

Virtualization Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

Module 5: Network Policies and Access Protection

Enabling Secure Always-On Connectivity Gustav Kaleta Partner Technology Advisor Microsoft Corporation.

COMP1321 Digital Infrastructure Richard Henson March 2016.

MED-V - Managing virtual PCs for IT Pros

Enterprise Security in Practice

Cloud-First, Modern Windows Management and Security

Implementing Network Access Protection

Microsoft Ignite /31/ :08 AM

Forefront Security ISA

Network+ Guide to Networks 6th Edition

{ Security Technologies}

NAP / PWG Discussion August 17, 2009.

Presentation transcript:

Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking

The Evolution of Our Thinking Industry Trends Consolidation of functionality vs. appliances Mobility driving more devices, roaming users, policies Trust boundaries are vague - hard to define & control Network Access Protection (NAP) Defined initial requirements with customers Early & consistent review with Microsoft IT dept Refined functionality with feedback from pilot programs Technology Adoption Program (TAP), Vista Beta Customers

What Edge? VLANs, IPsec, internal firewalls, NAC appliances Jericho Forum Logical L3+ vs. L2 Internet Logical CorpNet Restricted Zone Non-domain joined, Non- IPSec Devices Seamless Network Gateways Provisioning Servers New PC X Employee, Partner, Guest PC IPSec Security Internet DHCP, DNS, AAA

Thinking Evolution Network Access Protection Abstraction HealthState QuarantineAgent Enforcement 802.1x, IPsec NetworkInfrastructure RADIUS Policy store

Thinking Evolution Network Access Protection Abstraction HealthState QuarantineAgent Enforcement 802.1x, IPsec NetworkInfrastructure RADIUS Policy store Assets Control Plane Enforcement/Network

Thinking Evolution HealthState QuarantineAgent Enforcement 802.1x, IPsec RADIUS Policy store Control Plane MOMPakMOMPakMOMPak UIDiag MOM NetworkInfrastructure Assets Enforcement/Network Reporting SingleDashboard

Thinking Evolution Clients NetworkInfrastructure RADIUS Policy store Network State Database (in MOM) NAPConfigurationHelpDeskSecurityPerformanceProvisioning DHCP WINS DNS VM/TPM

What CSOs want. Want it soon – they want PAC not NAC Fined grained admission per resource based upon Fined grained based upon rich information such as: Identity (permanent and temporary) Machine state (health) Application Entry point Time of day, etc. Interoperability with current infrastructure/desktops Multi-vendor solution Federated trust would be nice Manageability

What CSOs dont want Dont make it uneconomical for us to deploy Help desk Management Multiple solutions Dont break Provisioning/Logon/SSO Is 802.1x the right enforcement method? Practical deployment issues – beaconing, provisioning, multimac on single port, VMs,

Unashamed Vista/LHS Plug Network Diagnostics – why cant you connect and repair NAP Agent – why you cant connect/Help desk MOM Desktop NAP Agent – events/alarms from desktop, expanding to all networking elements on desktop (QoS, etc.) IPsec – giving you virtual logical groups anywhere in the world (240k desktops at MS) with much reduced deployment costs Adaptive NEW IP Stack – much better throughput, up to 80+Mbs on a 100Mbs port vs. 20 previously IP Offload – 10Ge announced now IPv6 – on by default