Presentation is loading. Please wait.

Presentation is loading. Please wait.

Objavljanje aplikacij preko UAG portala Varnost oddaljenih dostopov in Windows Security Gorazd Šemrov Microsoft Corporation.

Published byMitchell Hopkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Objavljanje aplikacij preko UAG portala Varnost oddaljenih dostopov in Windows Security Gorazd Šemrov Microsoft Corporation."— Presentation transcript:

1 Objavljanje aplikacij preko UAG portala Varnost oddaljenih dostopov in Windows Security Gorazd Šemrov Microsoft Corporation

2  What is UAG  Access challenges and primary security concerns  Solution overview  UAG product demonstration  How to publish OWA/CRM/SharePoint via UAG  How to publish applications via RDS via UAG  Questions and Answers Agenda - Why are we here?

3  What are the common applications customers want to publish?  How do customer publish applications?  To whom do they want to publish these applications?  What are the solutions from Microsoft in this space? Few Questions?

4 More Important Question: What are the different Microsoft Remote Access Solutions? Answer: Threat Management Gateway (TMG) Direct Access Remote Desktop Services Windows RAS (SSTP) Unified Access Gateway (UAG)

5 What is UAG? Unified Access Gateway (UAG) is next version of Intelligent Application Gateway (IAG) with a vision and mission to provide managed, unmanaged & mobile devices with unified secure anywhere access to on-premise and in-the-cloud applications. Also Simplify all Microsoft Access gateways solution platform What (Data) Who (Identity) Where (Device)

6 DirectAccess Server + Always On IPv6 IPv4 IPv6 or IPv4 IPv6 or IPv4 UAG and DirectAccess better together: Extends access to servers with IPv4 support Access for down level and non Windows clients Enhances scalability and management Simplifies deployment and administration Hardened Edge Solution

7 To UAG Connectivity Approach Financial Partner or Field Agent Project Manager Employee Logistics Partner Remote Technician Employee Corporate Managed Laptop Home PC Unmanaged Partner PC Kiosk Financial Partner or Field Agent Project Manager Employee Logistics Partner Corporate Laptop Home PC Kiosk Remote Technician Employee Unmanaged Partner PC Each session is tailored according to its user and the device in use, maximizing security and productivity for that session.

8 Demo

9 UAG Product "Stack" Application Access Management Wizard driven configuration for core scenarios allowing easy implementation and enforcement of granular policies. Web based monitoring and control across arrays. Reverse Proxy Intelligent URL rewriting and manipulation engine to simplify publishing SSL VPN Tunneling Multiple tunnels providing access for non web applications Policy and Security Application Intelligence Optimizers for core, common, scenarios enabling security and functionality End Point Detection Client and deep policies for security health assessment

10 Direct Access Solution Architecture Data Center / Corporate Network Business Partners / Sub - Contractors Internet AD, ADFS, RADIUS, LDAP…. HTTPS (443) Home / Friend / Kiosk Employees Managed Machines Internet / home / hotel / other company Mobile Exchange Exchange CRM CRM SharePoint SharePoint IIS based IIS based IBM, SAP, IBM, SAP, Oracle Oracle TS Non web HTTPS / HTTP Authentication End-point health detection Enterprise Readiness Edge Ready Information Leakage Prevention Non-Windows

11 Encryption of all Internet bound data Overlay SSL encryption on all communication; single certificate Session integrity and data traces Ensure sessions are terminated and no data remains on client Lets talk: Session and Security

12  Active Directory  LDAP  TACACS  RADIUS  RSA  Smart Card  Certificates  KCD  ADFS  Etc … using UAG Hooks

13 Demo

14  Multi Factor Authentication  N-Factor Authentication  Logical Authentication  Etc … using UAG Hooks

15 Advanced Authentication Customization Hooks Called by Login.asp:  Login.inc  LoginForm.inc Called by Validate.asp:  PreValidate.inc  ValidateSuccess.inc  ValidateFailed.inc  PostValidate.inc Called by PostValidate.asp:  PrePostValidate.inc  PostPostValidate.inc

16 Topic 10 Flow of the validation process

17  Group authorization can be tied to each individual application  Simple-to-use search feature allows the administrator to select individual users or groups from multiple repositories for authorization  Users or groups can be authorized for "Allow," "View," or "Deny" to any individual application

18  No need for directory replication or repetition  Alternative approaches require local repository  Transparent Web authentication  HTTP 401 request  Static Web form  Dynamic browser-sensitive Web form  Kerberos Constraint Delegation  Integrates with:  Password change management  User repositories

19 Demo

20  Out-of-the-box support for detection of  Antivirus  Antimalware  Personal firewall  Desktop Search/Index Utilities  And much more…  Easy to configure GUI that allows simple management of policies  Extended GUI for manual editing and modification of policies  Leverage Windows Shell Scripting to create any policy and inspect for any client side variable

21  Provide controlled access to application areas, operations through policy definitions  Can allow or block application functions, including  Works at both the client and server

22 Demo

23

24  Out-of-the-box configuration  Wizard-driven customization  Fully customizable configuration  Integrated application firewall

25 Demo

26  User is trying to access the most secure site but user is coming from untrusted machine?  Customer wants to provide full application access no matter where user is coming from but does not want to change the security requirements? Can we be innovative… What if ?

27 Demo

28  UAG supports Rich Clients an MSOFBA  MSOFBA supported only  Microsoft Office 2010  Microsoft Office 2007 with Service Pack 2.  Operating systems:  Windows 7.  Windows Vista.  Windows XP with Service Pack 3 or Windows XP with Service Pack 2. Rich Clients and MSOFBA

29 Mobile Access Scenarios? https://uagteam.com https://uagteam.com

30 SharePoint Mobile Browsing  UAG 2010 fully support publishing of SharePoint 2010 mobile browsing interface including the Office Web Apps for mobile.

31 Mobile Login (1)  Corporate passwords are long and complicated  Mobile devices are has limited inputs  Mobile devices tend to get lost so passwords cannot be stored on them Customer will not browse to applications if they have to type their username and password each time

32 Mobile Login (2)  UAG implements innovative simplified login for mobile devices:  User first login with his corporate credentials  Then he can convert them with a PIN  Next time, she logs using the PIN  Every several days the user has to reenter her corporate password

33 Mobile Login (3)  PIN login is implemented without leaving the corporate password on the mobile device or store it on the server: UAGUAG Username + Password + PIN Set-Cookie with encrypted: Username + password + PIN + Server Secret + Salt UAGUAG Cookie + PIN Server Secret Cookie

34  Web proxy  Port forwarding  Socket forwarding  Direct Access  Network connector & SSTP Breadth of Locations "Anywhere" Level Web Proxy Port/Socket Forwarder Corporate Laptop Home PC Customer/ Partner PC Internet Kiosk Network Connection

35 Recap (until now) Unified Application Gateway™ External Firewall Port 443 Active Directory ISA Server SQL Server File Shares IIS Exchange Server SharePoint Server Laptops Single sign-on to multiple and custom directories Portal defined by user identity Native AD integration w/strong and two-factor authentication Control Policy-driven intranet access with ACL-level controls Web application firewall w/app-specific content, command, and URL filtering ‘Restricted zones’ definitions for URLs File upload / download control;.EXE identification Positive and negative- logic filtering rules Protect Comprehensive monitoring and logging Session termination & inactivity timeouts Endpoint compliance check and clean-up Endpoint policy-defined micro-portal Safeguard Custom Applications Intranet

36 Quick Summary until now Field Sales Rep Financial Partner Project Manager Employee Corporate Laptop Home PCKiosk AD Related Apps Remote Technician Unmanaged Partner PC Instead of the application handling the “checklist” individually, UAG features are overlaid for each resource MOSS File Access Authentication EncryptionEndpoint Scan Access Control SSL VPN Cache Cleaning URL Translation

37

Download ppt "Objavljanje aplikacij preko UAG portala Varnost oddaljenih dostopov in Windows Security Gorazd Šemrov Microsoft Corporation."

Similar presentations

Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
The Natural way for Secure Mobile Email v.1.4 www.AGATSolutions.com.

The Natural way for Secure Mobile v.1.4
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.

Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Ronald Beekelaar Beekelaar Consultancy Intelligent Application Gateway (IAG) 2007.

Ronald Beekelaar Beekelaar Consultancy Intelligent Application Gateway (IAG) 2007.
Secure Access using IAG 2007 Presented by: Brian Dunleavy - Healthcare Business Manager - Eurodata Susanna Watson – Pre Sales Technical Consultant - Eurodata.

Secure Access using IAG 2007 Presented by: Brian Dunleavy - Healthcare Business Manager - Eurodata Susanna Watson – Pre Sales Technical Consultant - Eurodata.
1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.

1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Server 2008 Terminal Services and Remote Desktop Services Basic application access is possible without Citrix, and Server 2008 R2 adds on some key features.

Server 2008 Terminal Services and Remote Desktop Services Basic application access is possible without Citrix, and Server 2008 R2 adds on some key features.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Working remote: what to consider, technology evolution.

Working remote: what to consider, technology evolution.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Similar presentations

Ads by Google