1 / 10

Customer Insight: CSO's Perspective – What Edge?

This article explores the evolution of network access protection technologies and discusses the requirements and preferences of CSOs in terms of network security. It covers topics such as industry trends, consolidation of functionality, mobility, trust boundaries, and more.

Download Presentation

Customer Insight: CSO's Perspective – What Edge?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking

  2. The Evolution of Our Thinking • Industry Trends • Consolidation of functionality vs. appliances • Mobility driving more devices, roaming users, policies • Trust boundaries are vague - hard to define & control • Network Access Protection (NAP) • Defined initial requirements with customers • Early & consistent review with Microsoft IT dept • Refined functionality with feedback from pilot programs • Technology Adoption Program (TAP), Vista Beta Customers

  3. Internet Restricted Zone New PC Logical CorpNet ProvisioningServers Internet DHCP, DNS, AAA X Employee, Partner, Guest PC IPSec Security Seamless Network Gateways Non-domain joined, Non-IPSec Devices What Edge? • VLAN’s, IPsec, internal firewalls, NAC appliances • Jericho Forum • Logical L3+ vs. L2

  4. Thinking Evolution • Network Access Protection Abstraction Health State Network Infrastructure Policy store RADIUS Quarantine Agent Enforcement 802.1x, IPsec

  5. Thinking Evolution • Network Access Protection Abstraction Health State Policy store RADIUS Quarantine Agent Enforcement 802.1x, IPsec Control Plane Enforcement/ Network Assets Network Infrastructure

  6. Enforcement/ Network Assets Network Infrastructure Thinking Evolution Single Dashboard Reporting MOM MOM Pak MOM Pak MOM Pak Health State UI Diag Policy store RADIUS Quarantine Agent Enforcement 802.1x, IPsec Control Plane

  7. Thinking Evolution NAP Configuration Help Desk Security Provisioning Performance Network State Database (in MOM) Policy store RADIUS DHCP Clients WINS VM/TPM DNS Network Infrastructure

  8. What CSO’s want. • Want it soon – they want PAC not NAC • Fined grained admission per resource based upon • Fined grained based upon rich information such as: • Identity (permanent and temporary) • Machine state (health) • Application • Entry point • Time of day, etc. • Interoperability with current infrastructure/desktops • Multi-vendor solution • Federated trust would be nice • Manageability

  9. What CSO’s don’t want • Don’t make it uneconomical for us to deploy • Help desk • Management • Multiple solutions • Don’t break Provisioning/Logon/SSO • Is 802.1x the right enforcement method? • Practical deployment issues – beaconing, provisioning, multimac on single port, VM’s,

  10. Unashamed Vista/LHS Plug • Network Diagnostics – why can’t you connect and repair • NAP Agent – why you can’t connect/Help desk • MOM Desktop NAP Agent – events/alarms from desktop, expanding to all networking elements on desktop (QoS, etc.) • IPsec – giving you virtual logical groups anywhere in the world (240k desktops at MS) with much reduced deployment costs • Adaptive NEW IP Stack – much better throughput, up to 80+Mbs on a 100Mbs port vs. 20 previously • IP Offload – 10Ge announced now • IPv6 – on by default

More Related