Presentation is loading. Please wait.

Presentation is loading. Please wait.

WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,

Published byBarry Walker Modified over 8 years ago

Similar presentations

Presentation on theme: "WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,"— Presentation transcript:

1

2 WSV404

3

4

5 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS, etc. Encrypted IPsec+ESP

6

7

8

9 For end-to-edge protection, DirectAccess clients establish an IPsec session to an IPsec gateway server (which by default is the same computer as the DirectAccess server). The IPsec gateway server then forwards unprotected traffic, shown in red, to application servers on the intranet. This architecture works with any IPv6-capable application server but does not require that server to run IPsec, simplifying the configuration and setup

10 For end-to-edge with End to End IPSec protection, DirectAccess clients establish an IPsec session to an IPsec gateway server, and that IPSec traffic continues all the way to the Intranet server for end to end IPSec protection. This architecture provides better security than just the End to Edge model.

11 With end-to-end IPSec protection, DirectAccess clients establish an IPsec session through the DirectAccess server to each application server to which they connect. This provides the highest level of security because you can configure access control on the DirectAccess server and extend IPSec all the way to the internal server. This architecture requires that application servers run Windows Server 2008 SP2 or Windows Server 2008 R2 and use both IPv6 and IPsec.

12 DirectAccess Server (Server 2008 R2) Line of Business Applications IPv6 IPv4 IPv6 Using ISATAP

13 DirectAccess Server (Server 2008 R2) Line of Business Applications IPv6 IPv4 NAT64DNS-ALG Windows Server 2003 Non-Windows

14

15

16

17

18

19

20

21 Teredo ISATAP Native IPv6 Also 6to4 and IP-HTTPS

22 IPv4 Internet 6to4-A 6to4-B Relay Native IPv6 Relay C B A 1.2.3.4 5.6.7.8 192.88.99.1 3001:2:3:4:c… 2002:506:708::b… 2002:102:304::b…

23

24 Firewalled IPv4 network IPv4 FW A Local “native” IPv6 network IPv6 FW ISATAP B IPv6 Internet C D IPv4 Internet ISATAP is a tunneling protocol, so it in itself doesn’t create a client/server relationship ISATAP merely allows IPv6 communications to tunnel thru an IPv4 network ISATAP is great for site to site communications, or client to server initiated communications

25 Tunnel IPv6 in HTTPS IPv6 Intranet IPHTTPS Host IPv4 Internet IPv6 Host NAT Device IPHTTPS server Certificate X X X Web server with CRL

26

27 IPv6 IPv6 Always On Windows7 IPv4 IPv4 IPv4 DirectAccess Server Extend support to IPv4 servers UAG improves adoption and extends access to existing infrastructure UAG and DirectAccess better together: 1.Extends access to line of business servers with IPv4 support 2.Access for down level and non Windows clients 3.Enhances scalability and management 4.Simplifies deployment and administration 5.Hardened Edge Solution MANAGED Vista XP UNMANAGED Non Windows PDA DirectAccess SSL VPN UAG provides access for down level and non Windows clients UAG enhances scale and management with integrated LB and array capabilities. UAG uses wizards and tools to simplify deployments and ongoing management. UAG is a hardened edge appliance available in HW and virtual options +Windows7 +

28

29

30

31

32

33

34

35 www.microsoft.com/teched Sessions On-Demand & CommunityMicrosoft Certification & Training Resources Resources for IT ProfessionalsResources for Developers www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn http://northamerica.msteched.com Connect. Share. Discuss.

36

37 Scan the Tag to evaluate this session now on myTechEd Mobile

38

Download ppt "WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,"

Similar presentations

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
WMS02: Direct Access Always Connected: Death of the VPN

WMS02: Direct Access Always Connected: Death of the VPN
Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333.

Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333.
DirectAccess Infrastructure Planning and Design Published: October 2009 Updated: November 2011.

DirectAccess Infrastructure Planning and Design Published: October 2009 Updated: November 2011.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
WSV405. IPv6 Ready Logo Program www.ipv6ready.org.

WSV405. IPv6 Ready Logo Program
Scott Roberts Lead Program Manager Microsoft Session Code: WSV320.

Scott Roberts Lead Program Manager Microsoft Session Code: WSV320.
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.

Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
WSV304 Manual Deployment High cost Fully Automated Low cost.

WSV304 Manual Deployment High cost Fully Automated Low cost.
SIM344. 2 Separate solution install paths can be taken, stand alone and SCOM integrated. Both require core AVIcode web apps and DB’s.

SIM Separate solution install paths can be taken, stand alone and SCOM integrated. Both require core AVIcode web apps and DB’s.
Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.

Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.
Microsoft Windows 7 Security Ronen Gottlib, CISSP Information Security Lead Microsoft.

Microsoft Windows 7 Security Ronen Gottlib, CISSP Information Security Lead Microsoft.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
DBI405. Agenda Reporting Services Scale Out Architecture Report Catalog Best Practices Scale Out Deployment Best Practices Performance Optimization.

DBI405. Agenda Reporting Services Scale Out Architecture Report Catalog Best Practices Scale Out Deployment Best Practices Performance Optimization.
DEV314. Entity Data Model demo Entity Data Model.

DEV314. Entity Data Model demo Entity Data Model.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
DEV202 Before I get started... …is too expensive. …is too complex. …requires a server.

DEV202 Before I get started... …is too expensive. …is too complex. …requires a server.

Similar presentations

Ads by Google