enterprise, and also digs into the underlying technologies that help organiza-
tions turn security policies into IT-managed technology services. Tools like the Network
Policy Server in Windows Server 2008 R2 allow policies to be defined, and the Network
Policy Server enforces those policies, specifically around remote logon access, access over
wireless network connections, or the integration of Network Access Protection (NAP) in
querying a device and making sure the device (desktop, laptop, or mobile device) has the
latest patches, updates, and antivirus software dictated by management to ensure a
device is secure.
28
CHAPTER 1
Windows Server 2008 R2 Technology Primer
Improvements in Mobile Computing in Windows
Server 2008 R2
As organizations find their workforce becoming more and more mobile, Microsoft has
made significant improvements to mobility in Windows Server 2008 R2. New technologies
provide a more seamless experience for users with laptops to move from office, to home,
to Internet Wi-Fi hot spots and maintain connectivity to network resources. These
improvements do require mobile users to run the latest Windows 7 client operating
system on their laptop system to gain access to these new services; however, once imple-
mented, users find the functionality to greatly support easier access to network resources
no matter where the user resides.
Windows Server 2008 R2 DirectAccess
One of the significant remote access enhancements in Windows Server 2008 R2 is the
DirectAccess technology. DirectAccess provides a remote user the ability to access network
resources such as file shares, SharePoint shares, and the like without having to launch a
virtual private network (VPN) to gain access into the network.
DirectAccess is an amazing technology that combines sophisticated security technology
ptg
and policy-based access technology to provide remote access to a network; however, orga-
nizations do find it challenging to get up to speed with all the technology components
necessary to make DirectAccess work. So, although many organizations will seek to
achieve DirectAccess capabilities, it might be months or a couple of years before all the
technologies are in place for the organization to easily enable DirectAccess in their enter-
prise environment.
Some of the technologies required to make DirectAccess work include the following:
. PKI certificates— DirectAccess leverages PKI certificates as a method of identifica-
tion of the remote device as well as the basis for encrypted communications from
the remote device and the network. Thus, an organization needs to have a good
certificate infrastructure in place for server and client certificate-based encrypted
communications.
. Windows 7 clients— DirectAccess only works with clients that are running
Windows 7. The client component for encryption, encapsulation, and policy control
depend on Windows 7 to make all the components work together.
. IPSec— The policy control used in DirectAccess leverages IPSec to identify the desti-
nation resources that a remote user should have access to. IPSec can be endpoint to
endpoint (that is, from the client system all the way to the application server) or
IPSec can be simplified from the client system to a DirectAccess proxy server where
the actual endpoint application servers do not need to be IPSec enabled. In any case,
IPSec is a part of the security and policy structure that ensures the remote client
system is only accessing server resources that by policy the remote client should
have access to as part of the DirectAccess session connection.
Improvements in Mobile Computing in Windows Server 2008 R2
29
. IPv6— Lastly, DirectAccess uses IPv6 as the IP session identifier. Although most orga-
nizations have not implemented IPv6 yet and most on-ramps to the Internet are still
1
IPv6, tunneling of IPv6 is fully supported in Windows 7 and Windows Server 2008
R2 and can be used in the
tions turn security policies into IT-managed technology services. Tools like the Network
Policy Server in Windows Server 2008 R2 allow policies to be defined, and the Network
Policy Server enforces those policies, specifically around remote logon access, access over
wireless network connections, or the integration of Network Access Protection (NAP) in
querying a device and making sure the device (desktop, laptop, or mobile device) has the
latest patches, updates, and antivirus software dictated by management to ensure a
device is secure.
28
CHAPTER 1
Windows Server 2008 R2 Technology Primer
Improvements in Mobile Computing in Windows
Server 2008 R2
As organizations find their workforce becoming more and more mobile, Microsoft has
made significant improvements to mobility in Windows Server 2008 R2. New technologies
provide a more seamless experience for users with laptops to move from office, to home,
to Internet Wi-Fi hot spots and maintain connectivity to network resources. These
improvements do require mobile users to run the latest Windows 7 client operating
system on their laptop system to gain access to these new services; however, once imple-
mented, users find the functionality to greatly support easier access to network resources
no matter where the user resides.
Windows Server 2008 R2 DirectAccess
One of the significant remote access enhancements in Windows Server 2008 R2 is the
DirectAccess technology. DirectAccess provides a remote user the ability to access network
resources such as file shares, SharePoint shares, and the like without having to launch a
virtual private network (VPN) to gain access into the network.
DirectAccess is an amazing technology that combines sophisticated security technology
ptg
and policy-based access technology to provide remote access to a network; however, orga-
nizations do find it challenging to get up to speed with all the technology components
necessary to make DirectAccess work. So, although many organizations will seek to
achieve DirectAccess capabilities, it might be months or a couple of years before all the
technologies are in place for the organization to easily enable DirectAccess in their enter-
prise environment.
Some of the technologies required to make DirectAccess work include the following:
. PKI certificates— DirectAccess leverages PKI certificates as a method of identifica-
tion of the remote device as well as the basis for encrypted communications from
the remote device and the network. Thus, an organization needs to have a good
certificate infrastructure in place for server and client certificate-based encrypted
communications.
. Windows 7 clients— DirectAccess only works with clients that are running
Windows 7. The client component for encryption, encapsulation, and policy control
depend on Windows 7 to make all the components work together.
. IPSec— The policy control used in DirectAccess leverages IPSec to identify the desti-
nation resources that a remote user should have access to. IPSec can be endpoint to
endpoint (that is, from the client system all the way to the application server) or
IPSec can be simplified from the client system to a DirectAccess proxy server where
the actual endpoint application servers do not need to be IPSec enabled. In any case,
IPSec is a part of the security and policy structure that ensures the remote client
system is only accessing server resources that by policy the remote client should
have access to as part of the DirectAccess session connection.
Improvements in Mobile Computing in Windows Server 2008 R2
29
. IPv6— Lastly, DirectAccess uses IPv6 as the IP session identifier. Although most orga-
nizations have not implemented IPv6 yet and most on-ramps to the Internet are still
1
IPv6, tunneling of IPv6 is fully supported in Windows 7 and Windows Server 2008
R2 and can be used in the
Similar Books
