DOCSLIB.ORG

Securing Network Connections

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Securing Network Connections BlackBerry UEM Securing network connections Administration 12.12 2020-03-23Z | | 2 Contents Managing Wi-Fi, VPN, BlackBerry Secure Connect Plus, and other work connections................................................................................................... 5 Managing work connections using profiles....................................................... 6 Best practice: Creating work connection profiles.............................................. 7 Setting up work Wi-Fi networks for devices...................................................... 8 Create a Wi-Fi profile............................................................................................................................................. 8 Wi-Fi profile settings.............................................................................................................................................. 8 Common: Wi-Fi profile settings................................................................................................................. 9 iOS and macOS: Wi-Fi profile settings...................................................................................................... 9 Android: Wi-Fi profile settings................................................................................................................. 14 Windows: Wi-Fi profile settings............................................................................................................... 18 BlackBerry 10: Wi-Fi profile settings....................................................................................................... 23 Setting up work VPNs for devices...................................................................29 Create a VPN profile............................................................................................................................................ 29 VPN profile settings.............................................................................................................................................30 iOS and macOS: VPN profile settings.....................................................................................................30 Android: VPN profile settings.................................................................................................................. 39 Windows 10: VPN profile settings ......................................................................................................... 44 BlackBerry 10: VPN profile settings........................................................................................................ 50 Enabling per-app VPN..........................................................................................................................................64 How BlackBerry UEM chooses which per-app VPN settings to assign to iOS devices........................64 Setting up proxy profiles for devices.............................................................. 65 Create a proxy profile.......................................................................................................................................... 66 Using BlackBerry Secure Connect Plus for connections to work resources.... 68 Steps to enable BlackBerry Secure Connect Plus.............................................................................................68 Server and device requirements for BlackBerry Secure Connect Plus............................................................ 69 Installing additional BlackBerry Secure Connect Plus components in an on-premises environment............ 70 Installing or upgrading the BlackBerry Secure Connect Plus component in a cloud environment.................71 Enable BlackBerry Secure Connect Plus............................................................................................................ 71 Enterprise connectivity profile settings...................................................................................................72 Specify the DNS settings for the BlackBerry Connectivity app........................................................................ 75 Optimize secure tunnel connections for Android devices that use BlackBerry Dynamics apps.....................76 Direct BlackBerry 10 work space traffic through BlackBerry Secure Connect Plus when a Wi-Fi network is available.......................................................................................................................................................76 | | iii Troubleshooting BlackBerry Secure Connect Plus............................................................................................76 The BlackBerry Secure Connect Plus Adapter goes into an “Unidentified network” state and stops working................................................................................................................................................. 77 BlackBerry Secure Connect Plus does not start.................................................................................... 77 BlackBerry Secure Connect Plus stops working after a BlackBerry UEM installation or upgrade......78 View the log files for BlackBerry Secure Connect Plus......................................................................... 78 Using enterprise connectivity for BlackBerry 10 devices................................. 80 Managing enterprise connectivity for BlackBerry 10 devices...........................................................................80 Using BlackBerry 2FA for secure connections to critical resources................. 81 Setting up single sign-on authentication for devices.......................................82 Prerequisites: Using Kerberos authentication for devices................................................................................82 Certificate-based authentication for iOS devices.............................................................................................. 83 Create a single sign-on profile............................................................................................................................83 Create a single sign-on extension profile...........................................................................................................84 Managing email and web domains for iOS devices..........................................86 Create a managed domains profile....................................................................................................................86 Controlling network usage for apps on iOS devices........................................ 87 Create a network usage profile...........................................................................................................................87 Filtering web content on iOS devices.............................................................. 88 Create a web content filter profile......................................................................................................................88 Configuring AirPrint and AirPlay profiles for iOS devices................................ 90 Create an AirPrint profile.....................................................................................................................................90 Create an AirPlay profile......................................................................................................................................91 Configuring Access Point Names for Android devices.....................................92 Create an Access Point Name profile................................................................................................................92 Legal notice.................................................................................................... 93 | | iv Managing Wi-Fi, VPN, BlackBerry Secure Connect Plus, and other work connections You can use profiles to set up and manage work connections for devices in your organization. Work connections define how devices connect to work resources in your organization's environment, such as mail servers, proxy servers, Wi-Fi networks, and VPNs. You can specify settings for iOS, macOS, Android, Windows, and BlackBerry 10 devices in the same profile and then assign the profile to user accounts, user groups, or device groups. | Managing Wi-Fi, VPN, BlackBerry Secure Connect Plus, and other work connections | 5 Managing work connections using profiles You can configure how devices connect to work resources using the following profiles available in the Policies and Profiles library: Profile Description Wi-Fi A Wi-Fi profile specifies how devices connect to a work Wi-Fi network. VPN A VPN profile specifies how devices connect to a work VPN. Proxy A proxy profile specifies how devices use a proxy server to access web services on the Internet or a work network. Enterprise connectivity The enterprise connectivity profile specifies how devices can connect to your organization’s resources using enterprise connectivity and BlackBerry Secure Connect Plus. iOS, Android Enterprise, Samsung Knox Workspace, and BlackBerry 10 devices can use BlackBerry Secure Connect Plus for secure connections to work resources behind the firewall. BlackBerry 2FA A BlackBerry 2FA profile enables two-factor authentication for users and specifies the configuration of the preauthentication and self-rescue features. Single sign-on A single sign-on profile specifies how devices authenticate with secure domains automatically after users type their username and password for the first time. BlackBerry
Load more

Recommended publications
  • Usporedba Linux I Microsoft Poslužiteljske Infrastrukture Kao Potpore Poslovanju Malih Tvrtki
    USPOREDBA LINUX I MICROSOFT POSLUŽITELJSKE INFRASTRUKTURE KAO POTPORE POSLOVANJU MALIH TVRTKI Stanešić, Josip Undergraduate thesis / Završni rad 2020 Degree Grantor / Ustanova koja je dodijelila akademski / stručni stupanj: Algebra University College / Visoko učilište Algebra Permanent link / Trajna poveznica: https://urn.nsk.hr/urn:nbn:hr:225:716198 Rights / Prava: In copyright Download date / Datum preuzimanja: 2021-10-02 Repository / Repozitorij: Algebra Univerity College - Repository of Algebra Univerity College VISOKO UČILIŠTE ALGEBRA ZAVRŠNI RAD Usporedba Linux i Microsoft poslužiteljske infrastrukture kao potpore poslovanju malih tvrtki Josip Stanešić Zagreb, veljača 2020. Pod punom odgovornošću pismeno potvrđujem da je ovo moj autorski rad čiji niti jedan dio nije nastao kopiranjem ili plagiranjem tuđeg sadržaja. Prilikom izrade rada koristio sam tuđe materijale navedene u popisu literature, ali nisam kopirao niti jedan njihov dio, osim citata za koje sam naveo autora i izvor, te ih jasno označio znakovima navodnika. U slučaju da se u bilo kojem trenutku dokaže suprotno, spreman sam snositi sve posljedice, uključivo i poništenje javne isprave stečene dijelom i na temelju ovoga rada. U Zagrebu 1. veljače 2020. Josip Stanešić Predgovor Želio bih se zahvaliti svom mentoru i profesoru Vedranu Dakiću, profesorima Silviju Papiću i Jasminu Redžepagiću kao i svim ostalim profesorima na uloženom trudu, prenesenom znanju i odličnom preddiplomskom studiju. Također se želim zahvaliti obitelji na svoj podršci pruženoj tijekom studija. Prilikom uvezivanja rada umjesto ove stranice ne zaboravite umetnuti original potvrde o prihvaćanju teme završnog rada kojeg ste preuzeli u studentskoj referadi Sažetak Male tvrtke osnova su ekonomije Europe. U suvremenom poslovanju IT tehnologija i samim time IT infrastruktura nužni su za poslovanje čak i u tvrtkama kojima osnovna djelatnost nije u području informacijsko-komunikacijskih tehnologija.
    [Show full text]
  • How Ios 7 Stacks Up:Smartphone OS User Experience Shootout
    How iOS 7 Stacks Up: Smartphone OS User Experience Shootout a Pfeiffer Report Benchmark Project www.pfeifferreport.com @pfeifferreport Introduction Why is it that the arrival of iOS 7 Whether we like it or not, We do not look at features, we do not smartphones have become a compare cutting-edge options and is necessarily a momentous software game. Take any recent gadgets, we only look at aspects event for the smartphone top-of-the-line smartphone, and you that have a direct impact on the are likely to get a well-designed, fast, day-to-day user experience of an market? Simple: Unlike any other pleasant to use bit of hardware: fluid average, non-technical user. operating system out there, it will operation, responsive interaction, fast The aspects we have surveyed and be in the hands of millions or tens graphics. The difference of user rated are the following: experience, therefore, stems of millions of users within a few cognitive load, efficiency, almost exclusively from the customization, as well as user days after its launch. operating system, the user interface experience friction. Based on And that will make it a force to be design, the application integration, the the results from these benchmarks overall coherence. we have then established an overall reckoned with. This report compares the five Mobile Operating System User major mobile operating systems Experience Index presented at the * The question is, of course: in use today: iOS 7, iOS 6, Android , end of this document. Windows Phone 8, and Blackberry 10, The benchmarks are based on the How good is it really? and rates them in terms of user Pfeiffer Consulting Methodology experience.
    [Show full text]
  • Windows Server 2012 R2 Directaccess
    Windows Server 2012 R2 DirectAccess Deployment Guide UPDATED: 25 March 2021 Windows Server 2012 R2 DirectAccess Copyright Notices Copyright © 2002-2021 Kemp Technologies, Inc. All rights reserved. Kemp Technologies and the Kemp Technologies logo are registered trademarks of Kemp Technologies, Inc. Kemp Technologies, Inc. reserves all ownership rights for the LoadMaster and Kemp 360 product line including software and documentation. Used, under license, U.S. Patent Nos. 6,473,802, 6,374,300, 8,392,563, 8,103,770, 7,831,712, 7,606,912, 7,346,695, 7,287,084 and 6,970,933 kemp.ax 2 Copyright 2002-2021, Kemp Technologies, All Rights Reserved Windows Server 2012 R2 DirectAccess Table of Contents 1 Introduction 5 1.1 Document Purpose 5 1.2 Intended Audience 5 1.3 Related Firmware Version 5 1.4 About the Author 6 1.5 Assumptions 6 2 Load Balancing DirectAccess 7 2.1 Example Environment Setup 8 2.2 Prerequisites 9 3 Virtual Service Configuration 10 3.1 Enable Subnet Originating Requests Globally 10 3.2 Configure DirectAccess for Load Balancing 11 3.3 Configure the Servers Virtual Services 11 3.3.1 Configure a DirectAccess Server Virtual Service 12 3.3.2 Configure an Additional Virtual Service for the DirectAccess Server 13 3.3.3 Configure a Network Location Server (NLS) Virtual Service 14 3.3.4 Configure an NLS (Offloaded) Virtual Service 15 3.4 Configure DirectAccess to use a Load-Balanced NLS 17 3.5 Configure Geographic Load Balancing for NLS 18 4 Multisite Configuration and Load Balancing 22 4.1 Configure DirectAccess for Multisite 22 kemp.ax
    [Show full text]
  • WINDOWS® 8.1 in DEPTH Copyright © 2014 by Pearson Education, Inc
    Windows® 8.1 Brian Knittel Paul McFedries 800 East 96th Street Indianapolis, Indiana 46240 WINDOWS ® 8.1 IN DEPTH Copyright © 2014 by Pearson Education, Inc. All rights reserved. No part of this book shall be reproduced, stored in a Editor-in-Chief retrieval system, or transmitted by any means, electronic, mechanical, photo- Greg Wiegand copying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information con- Executive Editor tained herein. Although every precaution has been taken in the preparation of Rick Kughen this book, the publisher and author assume no responsibility for errors or omis- sions. Nor is any liability assumed for damages resulting from the use of the Development Editor information contained herein. Todd Brakke ISBN-13: 978-0-7897-5281-9 Managing Editor ISBN-10: 0-7897-5281-6 Sandra Schroeder Library of Congress Control Number: 2014930138 Printed in the United States of America Senior Project Editor Tonya Simpson First Printing: March 2014 Trademarks Copy Editor All terms mentioned in this book that are known to be trademarks or service Cheri Clark marks have been appropriately capitalized. Que Publishing cannot attest to the Senior Indexer accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Cheryl Lenser Windows is a registered trademark of Microsoft Corporation. Technical Editor Warning and Disclaimer Karen Weinstein Every effort has been made to make this book as complete and as accurate as Editorial Assistant possible, but no warranty or fitness is implied.
    [Show full text]
  • F5 and Windows Server 2012 Directaccess/Remote Access Services
    White Paper F5 and Windows Server 2012 DirectAccess/Remote Access Services The F5 BIG-IP platform provides high availability, performance, and scalability when used to deliver traffic management and load balancing for the Microsoft Windows Server 2012 Remote Access Solutions: DirectAccess and Remote Access Services. by Ryan Korock Technical Director, Microsoft Solutions White Paper F5 and Windows Server 2012 Direct Access/Remote Access Services Contents Introduction 3 Benefits of Using F5 Products with DirectAccess and VPN 3 Architecture 4 A DirectAccess/VPN Server Front End 5 A Layered Approach with DirectAccess/VPN Servers 5 Dual Interface Vs. Single Interface DirectAccess/VPN Deployments 6 Single Site Vs. Multisite Deployment 8 Conclusion 9 2 White Paper F5 and Windows Server 2012 Direct Access/Remote Access Services Introduction For Windows 8 and Windows Server 2012, Microsoft has taken two remote access technologies found in previous versions of Windows Server, DirectAccess and VPN Server, and pulled them under the same management umbrella called simply Remote Access. F5 technologies can be deployed to manage traffic and balance loads on these services. Originally introduced in Windows Server 2008 R2 and Windows 7, DirectAccess shifted previous remote access technology. Unlike traditional VPNs, in which connections have been manually initiated at the user level, DirectAccess makes use of a seamless, system-level connection. This means that remote, domain-joined systems will automatically and securely build a corporate network presence upon boot. VPN, formerly known as Remote Access Services (RAS), was introduced in Windows NT and includes the traditional Windows VPN technologies, including IKEv2, SSTP, PPTP, and L2TP. Windows Server 2012 customers can deploy DirectAccess, VPN, or both, and it is often beneficial to deploy both.
    [Show full text]
  • AWS Site-To-Site VPN User Guide AWS Site-To-Site VPN User Guide
    AWS Site-to-Site VPN User Guide AWS Site-to-Site VPN User Guide AWS Site-to-Site VPN: User Guide Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. AWS Site-to-Site VPN User Guide Table of Contents What is Site-to-Site VPN ..................................................................................................................... 1 Concepts ................................................................................................................................... 1 Working with Site-to-Site VPN ..................................................................................................... 1 Site-to-Site VPN limitations ......................................................................................................... 2 Pricing ...................................................................................................................................... 2 How AWS Site-to-Site VPN works ........................................................................................................ 3 Site-to-Site VPN Components .....................................................................................................
    [Show full text]
  • Konyproducts Supported Devices OS Browsers
    Kony Visualizer Supported Devices, OS, and Browsers Release 7.3 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the document version stated on the Revision History page. Remember to always view and download the latest document version relevant to the software release you are using. © 2016 by Kony, Inc. All rights reserved 1 of 47 Kony Visualizer Version 1.3 Copyright © 2014 Kony, Inc. All rights reserved. April, 2017 This document contains information proprietary to Kony, Inc., is bound by the Kony license agreements and may not be used except in the context of understanding the use and methods of Kony Inc, software without prior, express, written permission. Kony, Empowering Everywhere, Kony, Kony Nitro, and Kony Visualizer are trademarks of Kony, Inc. MobileFabric is a registered trademark of Kony, Inc. Microsoft, the Microsoft logo, Internet Explorer, Windows, and Windows Vista are registered trademarks of Microsoft Corporation. Apple, the Apple logo, iTunes, iPhone, iPad, OS X, Objective-C, Safari, Apple Pay, Apple Watch and Xcode are trademarks or registered trademarks of Apple, Inc. Google, the Google logo, Android, and the Android logo are registered trademarks of Google, Inc. Chrome is a trademark of Google, Inc. BlackBerry, PlayBook, Research in Motion, and RIM are registered trademarks of BlackBerry. All other terms, trademarks, or service marks mentioned in this document have been capitalized and are to be considered the property of their respective owners. © 2016 by Kony, Inc. All rights reserved 2 of 47 Kony Visualizer Version 1.3 Revision History Date Document Version Description of Modifications/Release 04/10/2017 1.4 Document updated for 7.3 10/24/2016 1.3 Document updated for 7.2 07/18/2016 1.2 Document updated for 7.1 02/29/2016 1.0 Document updated for 7.0 © 2016 by Kony, Inc.
    [Show full text]
  • A Comparative Analysis of Mobile Operating Systems Rina
    International Journal of Computer Sciences and Engineering Open Access Research Paper Vol.-6, Issue-12, Dec 2018 E-ISSN: 2347-2693 A Comparative Analysis of mobile Operating Systems Rina Dept of IT, GGDSD College, Chandigarh ,India *Corresponding Author: [email protected] Available online at: www.ijcseonline.org Accepted: 09/Dec/2018, Published: 31/Dec/2018 Abstract: The paper is based on the review of several research studies carried out on different mobile operating systems. A mobile operating system (or mobile OS) is an operating system for phones, tablets, smart watches, or other mobile devices which acts as an interface between users and mobiles. The use of mobile devices in our life is ever increasing. Nowadays everyone is using mobile phones from a lay man to businessmen to fulfill their basic requirements of life. We cannot even imagine our life without mobile phones. Therefore, it becomes very difficult for the mobile industries to provide best features and easy to use interface to its customer. Due to rapid advancement of the technology, the mobile industry is also continuously growing. The paper attempts to give a comparative study of operating systems used in mobile phones on the basis of their features, user interface and many more factors. Keywords: Mobile Operating system, iOS, Android, Smartphone, Windows. I. INTRUDUCTION concludes research work with future use of mobile technology. Mobile operating system is the interface between user and mobile phones to communicate and it provides many more II. HISTORY features which is essential to run mobile devices. It manages all the resources to be used in an efficient way and provides The term smart phone was first described by the company a user friendly interface to the users.
    [Show full text]
  • Blackberry UEM Architecture and Data Flows
    BlackBerry UEM Architecture and Data Flow Reference 12.10 2018-11-28Z | | 2 Contents BlackBerry UEM Architecture and data flows.................................................... 5 Architecture: BlackBerry UEM solution.................................................................................................................5 BlackBerry UEM components............................................................................ 7 BlackBerry UEM distributed installation.......................................................... 10 BlackBerry UEM regional deployment............................................................. 13 Components used to manage BlackBerry OS devices......................................17 Activating devices...........................................................................................20 Data flow: Activating a BlackBerry 10 device....................................................................................................20 Data flow: Activating an Android device for MDM............................................................................................22 Data flow: Activating an Android Enterprise device in a Google domain........................................................ 24 Data flow: Activating an Android Enterprise device using a managed Google Play account......................... 25 Data flow: Activating an Android device to have only a work profile in a Google domain..............................27 Data flow: Activating an Android device to have only a work profile using
    [Show full text]
  • Catalogue-2020.Pdf
    2020 "#$$%&'(! 5%$>- 5 7289-&!:';!<'*=%>'$ 189 *+ ! ! ! "*->8.' CCNA CCNP CCIE ... !"#$%&' ! 66 (%&#)*+"',&)-)!./. ( 195 ( 82 56-#.'*8 ! 227 54'>@A-%&, 231 ! 156 ( +'$,%-&!.'!/*-0',$!1!23,4-.'$ !233 - 5%,*%B ! 176 !!!"elianistech"com 2 +,-./0. !"#$%&'()*+&,#$-"$,+.")/$-01/*),*$+,-+2/",*$2/"$3"/'$4&,*",/$()'2/"$35+,*'&-/4*+&,$ 6$/,$*78("$&/$/,"$*"47,&3&9+":$;,$35&44/''",4"<$"33"#$,"$,04"##+*",*$=)#<$&/$*'8#$ ="/<$ -"$ 4&,,)+##),4"#$ ='0)3)13"#$ -"$ 3)$ =)'*$ -/$ =)'*+4+=),*:$ ;,$ &/*'"<$ 4"#$ #*)9"#$ !"$ ='&9')(("$ -"$ 3)$ %&'()*+&, $ )$ 0.&3/0$ -),#$ /,"$ ."'#+&,$ =3/#$ '04",*": -0."3&=="'$-"$,&/."33"#$4&(=0*",4"#$6$=)'*+'$-5)42/+#$#&3+-"#: >"**"$%&'()*+&,$+,43/* ) $3"$=)##)9"$ >&,4"',",*$3"#$='&9')(("#$,04"##+*),*$/,$,+.")/$='0)3)13"$-"$4&,,)+##),4"#$"*$ !"#$%&%'213%)*+662 97 15 85%1%23456elianistech$com 3 ELIANIS TECH ELIANIS TECH e . !"#$ %&#'()*'+)(#$ ,-('-.+&'$ /+)($ '+0,#$ +&'(+$ /1-&%0-'%"&$ 2+$ #9*)(%'9>$ /-$ '9/9,7"&%+>$ /+$ 296+/",,+0+&'$ 21-,,/%*-'%"&#>$ /+#$ ,")($ +&*-2(+($ /-$ .+#'%"&$ 2+#$ ,("@+'#$ +'$ 0+''(+$ +&$ G)6(+$ )&+$ 4"(0-'%"&#$)'%/%#-'+)(#$-)'")($2+#$-,,/%*-'%"&#$3)(+-)'%8)+#$+'$2+$ *"//-3"(-'+)(#$+&$4"(0-'%"&5 '(-6-%/$*"//-3"(-'%4 $ 21)&$+&6%("&&+0+&'$'+*7&"/".%8)+5 ,("*+##)#$09'%+(#>$")$+&*"(+$/-$'(-&#4"(0-'%"&$2+#$"(.-&%#-'%"&#>$ &"'(+$*-'-/".)+$#1+#'$296+/",,9$-6+*$2+#$0"2)/+#$+'$,-(*")(#$2+$ 4"(0-'%"&$"(%+&'9#$0-&-.+0+&'>$-&-/A#+$+'$09'7"2"/".%+5
    [Show full text]
  • There's Good Security and Then There's National
    BROCHURE THERE’S GOOD SECURITY AND THEN THERE’S NATIONAL SECURITY BlackBerry 10 and BES10 The perfect balance of protection and productivity Back to the Contents THE PERFECT BALANCE OF PROTECTION AND PRODUCTIVITY Contents BlackBerry 10 & BES10 3 Corporate Networks Under Attack 4 BlackBerry Security 5 Protecting Data in Motion 7 BES10 Security Philosophy 8 BES10 Certification & Encryption 9 BES10 Layers of Protection 9 Tech Talk 1 & 2 10 Protecting Work Data on Personal-Use-Enabled Devices 11 BlackBerry Balance 12 Tech Talk 3 13 Enforcing Strong Access Controls 14 BlackBerry 10 Device OS Security Features 15 BES10’s Gold level Controls and Settings 16 Manging Devices 18 BlackBerry Mobile Device Management in Action 19 End-to-end Security 21 3 BlackBerry 10 & BES10 End-to-end mobile data security without compromising business productivity or user satisfaction Keeping corporate data secure is a top priority for The entryways for potential attacks, data loss and productivity any organization. After all, a data breach can cause compromises include: significant financial losses, expose executives to legal Employees maintaining a mix of corporate and third-party actions, damage your company's reputation and weaken applications on the same device and exchanging information or eliminate competitive business advantage. between the two domains As more employees access your corporate network The installation of threat-vulnerable containerization through mobile devices to communicate, collaborate on mobile devices and share data, your infrastructure becomes increasingly Employees visiting sites where they encounter malware or vulnerable to outside attacks and harder to secure and malicious threats protect. The mixing of personal and work email accounts, apps and data, as well as the proliferation of employee- The use of employee-owned devices to access enterprise owned devices, increases the chance of major data leaks.
    [Show full text]
  • Directaccess-Rmv6tf-26Apr11-Public
    1. Introduction to DirectAccess 2. Technical Introduction 3. Technical Details within Demo 4. Summary Section 2: Technical Introduction Solution Overview Compliant Compliant Client Client Internet NAP/NPS Health Servers IPv6 tunnel over IPv4 Then IPv6 IPsec tunnel inside DirectAccess Thin Edge, Low Cost Clients have transparent IPv6 corpnet connectivity from CORPNET User anywhere with IPsec security Data Center and Business Critical Traffic to corporate network is routed through a Direct Access Resources Server (Windows 2008 R2 Server role) CORPNET User CORPNET Integrates with NAP IPsec enforcement for policy-based Compliant Network perimeter (optional) Forefront UAG and DirectAccess: Better Together Supports many non-DA clients Enables DA client access to Windows Server Windows 2008 IPv4-only internal hosts with 7 DNS64/NAT64 Windows Server 2008 R2 Enhances DA scalability Windows Always On Windows Server Managed 7 and management 2008 R2 IPv4 or IPv6 High avail, load balancing IPv6 SSL-VPN Monitoring, Reports Windows Vista/ Windows Server 2003 Provides OTP user auth Windows XP Legacy Application Non- Server Simplifies deployment and Windows DirectAccess Server administration Non Windows Unmanaged PDA + Server Easy Setup Wizard IPv6 IPv4 or IPv4 Auto GPO, script gen DA Connectivity Assistant Delivers a hardened, edge- ready solution using Forefront Threat Management Gateway firewall core Remote Client Management Only Only the first IPsec infrastructure tunnel is established. Clients have access only to specific infrastructure servers Remote management includes: Active Directory Group Policy, login scripts Pull or push* software updates, AV updates – using same internal mgmt servers Client health checking, reporting and remediation Client monitoring, vulnerability scanning; software inventories Help desk connect out* via Remote Assistance, Remote Desktop * Internally initiated connections outbound to remote DA client requires IPv6 path (e.g.
    [Show full text]