Referred to as direct access to Direct Access, which is Windows 7 and Windows Server 2008 R2 in a new feature. With this feature, users outside the network without the need to establish VPN connection can be the case, high-speed, secure access from the Internet directly to the company's resources behind a firewall. Direct Access function to overcome the many limitations of VPN, it can automatically outside the network client and network server, the connection between the company a two-way connection. Direct Access through the use of some features of IPv6 technology to do so. Direct Access to use IPSec for authentication between computers, which also allows the IT department before the user logs on the computer management. Direct Access work, the client server to establish a leading DirectAccess IPv6 tunneling. The IPv6 tunnel connection, you can work on a normal IPv4 network, as shown. DirectAccess server assumed the role of the gateway, the connection between the internal network and external network. DirectAccess benefits Improve the productivity of mobile workers inside and outside the office by providing the same connected experience, DirectAccess can improve the productivity of mobile workers. Provides the user with an Internet connection as long as they can access internal network resources capacity, both in his travel, in the cafe or at home. Easier to manage remote users without DirectAccess, only when the user connects to VPN into the office or can be managed on the mobile computer. By DirectAccess, as long as the mobile computer has an Internet connection can be managed, even if the user is not logged. This allows the regular management of mobile computers, mobile users up to date helps ensure the security and system health policies. DirectAccess help business-to-roam the property outside the corporate network security monitoring and data protection.
Direct access to improved security for authentication and encryption using IPSec. You can choose to use a smart card (Smart Card) for user authentication. DirectAccess integrated NAP, the client must comply with the provisions of DirectAccess system health requirements in order to allow the connection to DirectAccess server. DirectAccess IT administrators can configure the server to restrict users and applications can access the server. After the connection is established within the network resource access methods From a security point of view to consider, DirectAccess access to resources within the network can be controlled. There are two resources for access: Selective Service server access (Selected Server Access) As the name suggests, is to allow selective access to specific servers within the network. The advantage is you can configure access rules DirectAccess server for security control, but this model needs to be access to the server version must be Windows Server 2008 or 2008 R2, and that these servers need to support both IPv6 and IPsec protocols. Full corporate network access (Full enterprise network access) In this mode, DirectAccess server to the request from the user's way of inward non-IPSec server forwarding network. This model not ask for much internal network servers, and networks within the context of network security can be effectively controlled. This is similar to Exchange's RPC over Http way. The connection establishment process DirectAccess 1. Running Windows 7 client computer detects that it is connected to the first network; 2. DirectAccess services specified by the administrator attempting to connect an internal network resources, if the connection is successful, the DirectAccess default already in the computer within the network environment, the computer will shut down to save DirectAccess services, system resources; If access can not, DirectAccess services continue to work; 3. Then the client computer to connect using IPv6 and IPSec pre-specified DirectAccess server. If the computer which is not IPv6 network, the computer to create a IPv6-over-IPv4 tunnel (using 6to4 or Intra-Site Automatic Tunnel AddressingProtocol, ISATAP). These are the Windows 7 in the background, and does not require user login and intervention; 4. If the firewall does not allow connections IPv6 6to4 tunnel, the computer server using the HTTPS protocol to communicate with the DirectAccess (performance would be affected); 5. Windows 7 client and DirectAccess server to complete the mutual authentication (using a computer certificate to achieve); 6. DirectAccess Server in AD according to the client's identity and the currently logged on user to decide whether to allow access. In order to avoid possible DDOS attack, where Microsoft used DSCPs technology (Differentiated Services Code Points); 7. If the computer is enabled, NAP test, DirectAcces servers to complete the NAP client server security testing. This can effectively prevent the client connection from external network security risks and viruses brought; 8. After all, DirectAccess server begins to play the role of information transfer within and outside the network. These processes are done automatically, without user intervention.
Direct access to improved security for authentication and encryption using IPSec. You can choose to use a smart card (Smart Card) for user authentication. DirectAccess integrated NAP, the client must comply with the provisions of DirectAccess system health requirements in order to allow the connection to DirectAccess server. DirectAccess IT administrators can configure the server to restrict users and applications can access the server. After the connection is established within the network resource access methods From a security point of view to consider, DirectAccess access to resources within the network can be controlled. There are two resources for access: Selective Service server access (Selected Server Access) As the name suggests, is to allow selective access to specific servers within the network. The advantage is you can configure access rules DirectAccess server for security control, but this model needs to be access to the server version must be Windows Server 2008 or 2008 R2, and that these servers need to support both IPv6 and IPsec protocols. Full corporate network access (Full enterprise network access) In this mode, DirectAccess server to the request from the user's way of inward non-IPSec server forwarding network. This model not ask for much internal network servers, and networks within the context of network security can be effectively controlled. This is similar to Exchange's RPC over Http way. The connection establishment process DirectAccess 1. Running Windows 7 client computer detects that it is connected to the first network; 2. DirectAccess services specified by the administrator attempting to connect an internal network resources, if the connection is successful, the DirectAccess default already in the computer within the network environment, the computer will shut down to save DirectAccess services, system resources; If access can not, DirectAccess services continue to work; 3. Then the client computer to connect using IPv6 and IPSec pre-specified DirectAccess server. If the computer which is not IPv6 network, the computer to create a IPv6-over-IPv4 tunnel (using 6to4 or Intra-Site Automatic Tunnel AddressingProtocol, ISATAP). These are the Windows 7 in the background, and does not require user login and intervention; 4. If the firewall does not allow connections IPv6 6to4 tunnel, the computer server using the HTTPS protocol to communicate with the DirectAccess (performance would be affected); 5. Windows 7 client and DirectAccess server to complete the mutual authentication (using a computer certificate to achieve); 6. DirectAccess Server in AD according to the client's identity and the currently logged on user to decide whether to allow access. In order to avoid possible DDOS attack, where Microsoft used DSCPs technology (Differentiated Services Code Points); 7. If the computer is enabled, NAP test, DirectAcces servers to complete the NAP client server security testing. This can effectively prevent the client connection from external network security risks and viruses brought; 8. After all, DirectAccess server begins to play the role of information transfer within and outside the network. These processes are done automatically, without user intervention.
No comments:
Post a Comment