1 / 33

Mr. Robert Bachert, ESTA

Track 4, Session 8: Exchange 2007

sumitra
Télécharger la présentation

Mr. Robert Bachert, ESTA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Rule: Follow the exact same format in this slide template. Indicate your rank/title, first, last name, office symbol, AKO email address, office phone number.Rule: Follow the exact same format in this slide template. Indicate your rank/title, first, last name, office symbol, AKO email address, office phone number.

    3. Background (Problem) The Army has two different messaging environments spread across multiple Active Directory environments. Exchange 5.5 (30%) Exchange 2003 (70% migrated) Exchange 2003 is 4 years old Exchange 5.5 is no longer supported Standardized operating system (OS) environment by 2008 Standardized naming convention and User Attribute environment “Lessons Learned” from Exchange 2003 migration need to be applied for migration to Exchange 2007.

    5. Exchange Environment Transition

    6. Approved AD Forest Deployed and completed EDS-Lite implementation Directory is IAW with Naming Standards Contacts imported Exchange 2003 deployed throughout the Forest or approved waiver from CIO/G-6 Release of Exchange 2007 SP1 S/MIME support in OWA Mobile remote wipe confirmation

    7. Solution Utilizing the current CONUS Active Directory forest and the Exchange 2003 environment, “Move” all mailboxes to Exchange 2007 utilizing the Area Processing Center concept.

    8. Why Exchange 2007?

    9. Operational Efficiency

    11. Microsoft IT Legacy Exchange Server 2003 Pre-Consolidation Environment

    12. Microsoft IT Legacy Exchange Server 2007 Post-Consolidation Environment

    13. How?

    16. Process to Upgrade to Exchange 2007 Deploy the Client Access Server Role (CAS) Deploy the Hub Transport Server Role Deploy the Mailbox Server Role Move resources to Exchange 2007 servers Uninstall previous versions of Exchange Server and delete administrative and routing Groups Deploy the Unified Messaging Server role and the Edge Transport Server role

    18. Process to Upgrade to Exchange 2007 Deploy the Client Access Server Role (CAS) Deploy the Hub Transport Server Role Deploy the Mailbox Server Role Move resources to Exchange 2007 servers Uninstall previous versions of Exchange Server and delete administrative and routing Groups Deploy the Unified Messaging Server role and the Edge Transport Server role

    20. Process to Upgrade to Exchange 2007 Deploy the Client Access Server Role (CAS) Deploy the Hub Transport Server Role Deploy the Mailbox Server Role Move resources to Exchange 2007 servers Uninstall previous versions of Exchange Server and delete administrative and routing Groups Deploy the Unified Messaging Server role and the Edge Transport Server role

    22. Active Directory (AD) W2K3 Update NIPRNET 15 approved forests Deployed SIPRNET One Forest per theater (6) Deployed CONUS SIPRNET expansion (on-going) AD Next Phase

    25. How RODC Works

    26. Network Access Protection How it works

    27. BitLocker™ Drive Encryption Designed specifically to help prevent a thief who boots another Operating System or runs a hacking tool from breaking Windows file and system protections Secure Startup - Helps provides data protection on your Windows systems, even when the system is in unauthorized hands Uses a v1.2 TPM or USB flash drive for key storage BitLocker Drive Encryption is a hardware-based data protection feature that helps to address the growing concern over corporate and customer data on lost or stolen machines. The feature uses full volume encryption to help ensure that a thief or hacker who obtains a system is not able to access the data that resides on it. Data is protected by helping to prevent unauthorized users from breaking Windows file and system protection on lost or stolen computers. This protection is achieved by encrypting the entire Windows volume. This improves data security and reduces equipment repurposing concerns. The feature is simple to deploy, use and enables easy recovery. Secure Startup is a new feature in Microsoft® Windows Server™ Code Name “Longhorn.” Secure Startup leverages the Trusted Platform Module to deny access to the system volume when Windows is not running. By accessing the system volume when Windows is shut down it is possible to circumvent Windows security controls and gain unrestricted access to the computer. How Secure Startup Works Secure Startup prevents access to files on the system volume when the operating system is shut down by encrypting the system volume and storing the key required for decryption inside the Trusted Platform Module. During the startup process the Trusted Platform Module verifies the integrity of the Windows operating system before allowing it to access the key required to decrypt the system volume. Secure Startup and Encrypting File System Secure Startup can only be used to encrypt the system volume before Windows is started. Data stored on other volumes is not encrypted by Secure Startup. To encrypt data on volumes other than the system volume, use the Encrypting File System (EFS). Data encrypted by using EFS can be accessed only by using keys stored on the system volume. As a result, files encrypted with EFS are more secure on a system with Secure Startup enabled even when those files are not located on the system volume. EFS can also be used to encrypt data on the system volume after the operating system is running. EFS is designed to prevent unauthorized access to data both before and after Windows is running. Secure Startup is designed to prevent unauthorized access to the system volume before Windows is running. Secure Startup prevents attackers from circumventing Windows security including EFS by accessing the system volume when Windows is shut down. BitLocker Drive Encryption is a hardware-based data protection feature that helps to address the growing concern over corporate and customer data on lost or stolen machines. The feature uses full volume encryption to help ensure that a thief or hacker who obtains a system is not able to access the data that resides on it. Data is protected by helping to prevent unauthorized users from breaking Windows file and system protection on lost or stolen computers. This protection is achieved by encrypting the entire Windows volume. This improves data security and reduces equipment repurposing concerns. The feature is simple to deploy, use and enables easy recovery. Secure Startup is a new feature in Microsoft® Windows Server™ Code Name “Longhorn.” Secure Startup leverages the Trusted Platform Module to deny access to the system volume when Windows is not running. By accessing the system volume when Windows is shut down it is possible to circumvent Windows security controls and gain unrestricted access to the computer. How Secure Startup Works Secure Startup prevents access to files on the system volume when the operating system is shut down by encrypting the system volume and storing the key required for decryption inside the Trusted Platform Module. During the startup process the Trusted Platform Module verifies the integrity of the Windows operating system before allowing it to access the key required to decrypt the system volume. Secure Startup and Encrypting File System Secure Startup can only be used to encrypt the system volume before Windows is started. Data stored on other volumes is not encrypted by Secure Startup. To encrypt data on volumes other than the system volume, use the Encrypting File System (EFS). Data encrypted by using EFS can be accessed only by using keys stored on the system volume. As a result, files encrypted with EFS are more secure on a system with Secure Startup enabled even when those files are not located on the system volume. EFS can also be used to encrypt data on the system volume after the operating system is running. EFS is designed to prevent unauthorized access to data both before and after Windows is running. Secure Startup is designed to prevent unauthorized access to the system volume before Windows is running. Secure Startup prevents attackers from circumventing Windows security including EFS by accessing the system volume when Windows is shut down.

    28. Minimal installation option Low surface area Command line interface Limited set of server roles Adding Optional Features Server Core supports the following optional features: Microsoft Cluster Server Network Load Balancing Subsystem for UNIX-based applications Backup Multipath IO Removable Storage Management BitLocker Drive Encryption SNMP Installed from the command line with Ocsetup Managing Server Core CMD for local command execution Terminal Server using CMD WS-Management remote shell execute for remote command execution WMI Task Scheduler for scheduling jobs and tasks Event Logging and Event Forwarding RPC and DCOM for remote MMC support SNMP MMC tools Longhorn or down-level clients with MMC No automation Adding Optional Features Server Core supports the following optional features: Microsoft Cluster Server Network Load Balancing Subsystem for UNIX-based applications Backup Multipath IO Removable Storage Management BitLocker Drive Encryption SNMP Installed from the command line with Ocsetup Managing Server Core CMD for local command execution Terminal Server using CMD WS-Management remote shell execute for remote command execution WMI Task Scheduler for scheduling jobs and tasks Event Logging and Event Forwarding RPC and DCOM for remote MMC support SNMP MMC tools Longhorn or down-level clients with MMC No automation

    29. “Restartable” Active Directory Introduction: Restart Active Directory without rebooting Can be done through command line and MMC Can’t boot the DC to stopped mode of Active Directory No effect on non-related services while restarting Active Directory Several ways to process login under stopped mode Benefits: Reduces time for offline operations Improves availability for other services on DC when Active Directory is stopped Reduces overall DC servicing requirements with Server Core

    30. Terminal Services Enhancements Centralized Application Access App Deployment (“app virtualization”) Branch Office Secure Anywhere Access New features TS Gateway TS Remote Programs SSO for managed clients

    31. Terminal Services Gateway Remote access to internal server resources

    32. Terminal Services Gateway Security (compared to VPN) Authentication with passwords, smartcards Uses industry standard encryption and firewall traversal (SSL, HTTPS) RDP traffic still encrypted end-to-end – client to terminal server Client machine health can be validated (using NAP) SSL termination devices can terminate SSL traffic on separate device. (for intrusion detection or filtering in DMZ) User can access Army applications and Army desktops via Web Browser Friendly with home machines Crosses firewalls and NATs (w/ HTTPS:443) Granular access control at the perimeter Connection Authorization Policy (CAP) Resource Authorization Policy (RAP)

More Related