enabling enterprise mobility

27
Enabling Enterprise Mobility Kieran Jacobsen HP Enterprise Services @kjacobsen Aperturescience.su 2013

Upload: kieranjacobsen

Post on 31-Oct-2014

200 views

Category:

Technology


0 download

DESCRIPTION

Learn about the advances in Windows 8.1 and Windows Server 2012R2 that allow your users to work from anywhere in the world. Kieran Jacobsen will cover topics client seamless corporate connectivity with DirectAccess, managing BitLocker with MBAM, user document synchronization with Work Folders, addressing the needs of enterprise security and any performance requirements you might have.

TRANSCRIPT

Page 1: Enabling Enterprise Mobility

Enabling Enterprise Mobility

Kieran JacobsenHP Enterprise Services

@kjacobsenAperturescience.su

2013

Page 2: Enabling Enterprise Mobility

What is enterprise mobility?

Page 3: Enabling Enterprise Mobility

What is enterprise mobility?

Page 4: Enabling Enterprise Mobility

Enterprise mobility != BYODEnterprise mobility is not BYOD, but can be a stepping stone.Company still owns end user devices.Enterprise mobility is not just hardware and software, but policy and procedures.

Page 5: Enabling Enterprise Mobility

Core solution conceptsConnectivity,Data,Security,Self service,Policy.

Page 6: Enabling Enterprise Mobility

Connectivity RequirementsConfirm you have enough bandwidth.Confirm usage billing.Confirm network device capacity and licencing.

Page 7: Enabling Enterprise Mobility

Virtual Private NetworksVPN required for:Legacy applications,Windows file sharing.

User experience:Demand dial,Automatically triggered connections,Always on connections.

Page 8: Enabling Enterprise Mobility

Automatically triggered connectionsWindows 8.1 introduces:Automatically connect to a VPN connection.Trigger based upon DNS names or applications.Support for PPTP, L2TP and 3rd Party VPN (F5, CheckPoint, SonicWall).

Requirements:Split tunnel VPN.User can forcibly disable automatic triggering.

Not supported on domain joined devices

Page 9: Enabling Enterprise Mobility

Demo

Triggering VPN based up DNS names

Page 10: Enabling Enterprise Mobility

DirectAccessSeamless corporate connectivity.No changes from 8 to 8.1.Significant improvements from 7 to 8:More deployment options,No IPv6 requirements,Plenty of authentication options.

Must be Enterprise Edition on clients.

Page 11: Enabling Enterprise Mobility

Demo

DirectAccess

Page 12: Enabling Enterprise Mobility

VPN: SummaryEnterprise licence – DirectAccessNon domain joined – VPN TriggeringRest?

Page 13: Enabling Enterprise Mobility

De-centralization of user dataMainframe era:Processing and storage is centralised on mainframes.User devices were “dumb” thin clients.

Personal PC era:Processing moved to user devices.Storage still centralised – Central SMB clusters, NAS, SharePoint.

Mobile device era:Processing and storage moved to user devices.

Page 14: Enabling Enterprise Mobility

Storage technologiesPreviously:User home drives.Network shares.Roaming profiles.

Now:File and folder synchronization,Public or private cloud,Cloud – SkyDrive, SkyDrive Pro, DropBox, Box, Google Drive,Host your own – Work Folders, SharePoint, OwnCloud.

Page 15: Enabling Enterprise Mobility

Evaluating storage technologiesIntegration:Web UI,Microsoft Office Suite,Client applications.

Sharing capabilities:Between different usersBetween 3rd Parties

Data retention.Trust!

Page 16: Enabling Enterprise Mobility

Work FoldersBrand new in Windows 8.1Generation 1 technologyFile synchronization,No web interface,One folder structure per user,Integrates well with existing user home drives.

Page 17: Enabling Enterprise Mobility

OwnCloudCloud storage like user experience.Designed, deployed and managed by YOU!Free!!!!!Features:File, folder, contact, calendar and bookmark synchronization,Multiple operating systems,Lots of out-of-box features,Rich plugin landscape offering even more features.

Page 18: Enabling Enterprise Mobility

Demo

Deploying OwnCloud with Windows Azure, VM Depot and BitNami

Page 19: Enabling Enterprise Mobility

AntivirusWe need to know:Clients a protected,Definitions are being updated,When threats occur.

Consider cloud based solutions:Windows Intune,Symantec,Sophos,McAfee.

Page 20: Enabling Enterprise Mobility

Client BackupsTraditionally:Backup central data stores/shares/servers.

Enterprise World:Decentralised data requires decentralised backups.

Consider:Storage costs,Data transfer costs,Backup frequencies,User self service restoration.

Page 21: Enabling Enterprise Mobility

Demo

Revisiting OwnCloud

Page 22: Enabling Enterprise Mobility

EncryptionProtect data at transport:VPN,HTTPS/SSL.

Protect data at rest:File Encryption,Full Disk Encryption (FDE) – BitLocker, TrueCrypt, GPGDisk

FDE recovery key management:USB keys and file shares,Active Directory,MBAM.

Page 23: Enabling Enterprise Mobility

MBAMMicrosoft BitLocker Administration and Monitoring.Part of Microsoft Desktop Optimisation Pack.Simplification of BitLocker management:Secure storage of recovery information,User self service portal,Helpdesk focused recovery portal,Reporting of encryption compliance,Auditing of access to recovery key information.

Improves security by resetting recovery key upon access

Page 24: Enabling Enterprise Mobility

Demo

Self service recovery in MBAM

Page 25: Enabling Enterprise Mobility

Device LossCorporate policy:Do you have a policy defining an employees responsibility when a device containing corporate data is lost?What is the IT process for these incidents?

Credentials:When devices are lost, consider disabling computer accounts, resetting user’s passwords, revoking certificates.

Device recovery products:Track devices using geolocation services,Allow for devices to be recovered by LAW ENFORCEMENT,Some can be highly persistent even after Windows reinstallation.Recommended – Prey, CompuTrace

Page 26: Enabling Enterprise Mobility

Things I wish I could mention…EmailInstant MessagingAudio/Video conferencingRemote DesktopGroup PolicyHelp Desk ticketingAuthenticationDisaster RecoveryAdmin rightsWindows To GoBitLocker To GoBranchCacheWeb filteringClient firewalls…

Page 27: Enabling Enterprise Mobility

Sponsors

2013