customer insight: cso's perspective – what edge? microsoft research edgenet, june 2006 mark...
TRANSCRIPT
![Page 1: Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking](https://reader035.vdocuments.us/reader035/viewer/2022070305/551475be550346414e8b6309/html5/thumbnails/1.jpg)
Customer Insight: CSO's Perspective – What Edge?Microsoft Research EdgeNet, June 2006
Mark AshidaGeneral ManagerWindows Enterprise Networking
![Page 2: Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking](https://reader035.vdocuments.us/reader035/viewer/2022070305/551475be550346414e8b6309/html5/thumbnails/2.jpg)
The Evolution of Our Thinking• Industry Trends
• Consolidation of functionality vs. appliances• Mobility driving more devices, roaming users,
policies • Trust boundaries are vague - hard to define &
control
• Network Access Protection (NAP)• Defined initial requirements with customers• Early & consistent review with Microsoft IT dept• Refined functionality with feedback from pilot
programs • Technology Adoption Program (TAP), Vista Beta
Customers
![Page 3: Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking](https://reader035.vdocuments.us/reader035/viewer/2022070305/551475be550346414e8b6309/html5/thumbnails/3.jpg)
What Edge?
• VLAN’s, IPsec, internal firewalls, NAC appliances
• Jericho Forum• Logical L3+
vs. L2Internet
Logical CorpNet
Restricted Zone
Non-domain joined, Non-IPSec Devices
Seamless Network Gateways
ProvisioningServers
New PC
XEmployee, Partner, Guest PC IPSec Security
Internet
DHCP, DNS, AAA
![Page 4: Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking](https://reader035.vdocuments.us/reader035/viewer/2022070305/551475be550346414e8b6309/html5/thumbnails/4.jpg)
Thinking Evolution• Network Access Protection Abstraction
HealthHealthStateState
QuarantineQuarantineAgentAgent
EnforcementEnforcement802.1x, IPsec802.1x, IPsec
NetworkNetworkInfrastructureInfrastructure RADIUSRADIUS Policy storePolicy store
![Page 5: Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking](https://reader035.vdocuments.us/reader035/viewer/2022070305/551475be550346414e8b6309/html5/thumbnails/5.jpg)
Thinking Evolution• Network Access Protection Abstraction
HealthHealthStateState
QuarantineQuarantineAgentAgent
EnforcementEnforcement802.1x, IPsec802.1x, IPsec
NetworkNetworkInfrastructureInfrastructure
RADIUSRADIUS Policy storePolicy store
AssetsAssets
Control PlaneControl Plane
Enforcement/Enforcement/NetworkNetwork
![Page 6: Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking](https://reader035.vdocuments.us/reader035/viewer/2022070305/551475be550346414e8b6309/html5/thumbnails/6.jpg)
Thinking Evolution
HealthHealthStateState
QuarantineQuarantineAgentAgent
EnforcementEnforcement802.1x, IPsec802.1x, IPsec
RADIUSRADIUS Policy storePolicy store
Control PlaneControl Plane
MOMMOMPakPak
MOMMOMPakPak
MOMMOMPakPak
UIUIDiagDiag
MOMMOM
NetworkNetworkInfrastructureInfrastructure
AssetsAssets
Enforcement/Enforcement/NetworkNetwork
Reporting
SingleSingleDashboardDashboard
![Page 7: Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking](https://reader035.vdocuments.us/reader035/viewer/2022070305/551475be550346414e8b6309/html5/thumbnails/7.jpg)
Thinking Evolution
ClientsClients
NetworkNetworkInfrastructureInfrastructure
RADIUSRADIUS Policy storePolicy store
Network StateNetwork StateDatabase (in MOM)Database (in MOM)
NAPNAP ConfigurationConfiguration HelpHelpDeskDesk SecuritySecurity PerformancePerformanceProvisioningProvisioning
DHCPDHCP
WINSWINS
DNSDNS
VM/TPMVM/TPM
![Page 8: Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking](https://reader035.vdocuments.us/reader035/viewer/2022070305/551475be550346414e8b6309/html5/thumbnails/8.jpg)
What CSO’s want.• Want it soon – they want PAC not NAC• Fined grained admission per resource based upon• Fined grained based upon rich information such
as:• Identity (permanent and temporary)• Machine state (health)• Application• Entry point• Time of day, etc.
• Interoperability with current infrastructure/desktops• Multi-vendor solution• Federated trust would be nice
• Manageability
![Page 9: Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking](https://reader035.vdocuments.us/reader035/viewer/2022070305/551475be550346414e8b6309/html5/thumbnails/9.jpg)
What CSO’s don’t want
• Don’t make it uneconomical for us to deploy
• Help desk• Management• Multiple solutions
• Don’t break Provisioning/Logon/SSO• Is 802.1x the right enforcement method?
• Practical deployment issues – beaconing, provisioning, multimac on single port, VM’s,
![Page 10: Customer Insight: CSO's Perspective – What Edge? Microsoft Research EdgeNet, June 2006 Mark Ashida General Manager Windows Enterprise Networking](https://reader035.vdocuments.us/reader035/viewer/2022070305/551475be550346414e8b6309/html5/thumbnails/10.jpg)
Unashamed Vista/LHS Plug
• Network Diagnostics – why can’t you connect and repair• NAP Agent – why you can’t connect/Help desk• MOM Desktop NAP Agent – events/alarms from desktop,
expanding to all networking elements on desktop (QoS, etc.)
• IPsec – giving you virtual logical groups anywhere in the world (240k desktops at MS) with much reduced deployment costs
• Adaptive NEW IP Stack – much better throughput, up to 80+Mbs on a 100Mbs port vs. 20 previously
• IP Offload – 10Ge announced now• IPv6 – on by default