Connect Remotely Using Windows® 7 Direct Access

Click to edit Master title style

TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.

CLI-307

Welcome



TechNet goes virtual

Connect Remotely Using Windows® 7 DirectAccessLevel 300



What Will We Cover?

• The Value and Benefits of DirectAccess

• Configuring DirectAccess• Using Network Access Protection

(NAP) and DirectAccess



Agenda

• DirectAccess Capabilities • Configuring DirectAccess on Windows

Server 2008 R2• Configuring and Connecting Clients to

DirectAccess Server• Configuring NAP on Windows Server 2008

R2• Connecting Windows 7 Clients to NAP

Servers through DirectAccess



DirectAccess: Benefits

Simplified remote management of mobile resources as if they were on the LANLower total cost of ownership (TCO) with an “always managed” infrastructure Unified secure access across all scenarios and networksIntegrated administration of all connectivity mechanisms

More manageable and cost effective

Always-on access to corporate network while roamingNo explicit user action required – it just worksSame user experience on premises and off

More productivity More secure

Healthy, trustable host regardless of networkFine grain per app/server policy controlRicher policy control near assetsAbility to extend regulatory compliance to roaming assetsIncremental deployment path toward IPv6



DirectAccess: Advantages

• DirectAccess overcomes the limitations of VPNs by automatically establishing a bi-directional connection from client computers to the corporate network.

• DirectAccess is built on a foundation of proven, standards-based technologies: Internet Protocol security (IPSec) and Internet Protocol version 6 (IPv6).

DirectAccessserver

DirectAccessclient

Application servers

Domain controller /DNS server

Intranet

Internet



Agenda








Deploying DirectAccess

Client

Server

– Receives configuration while directly connectedto corporate network (provisioning) via Group Policy

– NAP used to check configuration and healthwhen remotely connected (not required)

– DirectAccess wizard to set up DirectAccess server(s)

– Policies controlled via Group Policy



DirectAccess on Windows Server 2008 R2

Authentication

Encryption

Access Control

Integration with NAP

Split-Tunnel Routing



DirectAccess Deployment Requirements

• Client/Server– Windows 7 clients– Windows Server 2008 R2

• Application Servers – Windows Server 2008 (for native IPv6 support)– Exception: When Windows Firewall Authentication policy

is used, application servers must be Windows Server 2008 R2

• DC/DNS Servers– Windows Server 2008 SP2 or Windows Server 2008 R2

• NAT-PT Server if IPv4 Access Is Desired



Deployment Scenario : End-to-Edge Authentication

Trusted, compliant,healthy machine

Windows 7 client

Corporate Network

Application Servers

DC & DNS(Win 2008)

Internet

Optional NATPT

DirectAccess server

IPSec ESP tunnel using machine cert (DC/DNS access)

IPSec ESP tunnel using machine cert and user credentials (App server access)

Domain clients



Deployment Scenario: End-to-End Authentication

Trusted, compliant,healthy machine

Windows 7 client

Corporate Network

Application Servers

DC & DNS(Win 2008)

Internet

Optional NATPT

DirectAccess server

IPSec ESP tunnel using machine cert and user credentials (App server access)

Domain clients



Demonstration Environment



• Configure DirectAccess Server

• Connect a Windows 7 Client Using DirectAccess

• Manage a Windows 7 Remote Client Using DirectAccess

Demonstration: Introducing DirectAccess



Agenda








DirectAccess in Windows 7

Network connection

The client detects the network connection

Is client on intranet?

If client is on intranet, DirectAccess connection stops

If not on intranet, use DirectAccess

The client attempts to use various methods to connect to DirectAccess server



Verify name resolution and IPv6

access to the domain controller

Configuring Windows 7 for DirectAccess

Set client as an ISATAP Host

Verify certificateAdd Client to

DirectAccess Security Group



Agenda








Configuring NAP

Factors in configuring NAP

• Reporting mode• Deferred enforcement• Full enforcement

Staging strategy

A NAP server infrastructure includes NAP health policy servers and NAP enforcement points

Server placement

You must define which client configuration will be considered compliant and which will be considered noncompliant with health requirements

System health and compliance



• Create Connection Request Policy

• Configure the Windows Security Health Validators

• Create Health Policies

Demonstration: Configuring Network Policy and Access Services



Agenda








Windows 7, DirectAccess, and NAP

NAP on the Client

WindowsClient

NAP Policy Servers

DirectAccess server

Corporate Network



• Configure DirectAccess IPSec Rules

• Configure DirectAccess Client for NAP

• Enforce NAP Protection through DirectAccess

Demonstration: Integrating NAP with DirectAccess



Session Summary

• Configuring DirectAccess on Windows Server 2008 R2

• Configuring Windows 7 to Use DirectAccess

• Adding a NAP Server to Your DirectAccess Topology



Where to Find More Information?

Visit TechNet at technet.microsoft.com

Also check out TechNet Edge

edge.technet.com

Or just visit http://go.microsoft.com/?

linkid=9662639

for additional information on this

session.



Course ID Title

6289A First Look: Windows 7 Beta for IT

Professionals

6290A First Look: Windows 7 Beta for IT

Professionals Hands-on Lab

For more training information http://go.microsoft.com/?linkid=9662636http://www.microsoft.com/directaccess

Training Resources

©2009 Microsoft Corporation. All Rights Reserved.



Become a Microsoft Certified Professional

• What Are MCP Certifications?– Validation in performing critical IT functions.

• Why Certify?– Worldwide recognition of skills gained via

experience.– More effective deployments with reduced costs

• What Certifications Are There for IT Pros?– MCTS, MCITP.

www.microsoft.com/certification



Microsoft TechNet Plus

TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning.

Evaluate & Learn Plan & DeploySupport & Maintain

Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training

Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager

2 complimentary Professional Support incidents for use 24/7 (20% discount on additional incidents)

Access over 100 managed newsgroups and get next business day response--guaranteed

Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities

Get all these resources and more with a TechNet Plus subscription.For more information visit: technet.microsoft.com/subscriptions

Evaluate full versions of all Microsoft commercial software for evaluation—without time limits. This includes all client, server and Office applications.

Try out all the latest betas before public release

Keep your skills current with quarterly training resources including select Microsoft E-Learning courses

Connect Remotely Using Windows® 7 Direct Access

Technology

Transcript of Connect Remotely Using Windows® 7 Direct Access