Enabling Secure Always-On Connectivity [Name] Microsoft Corporation

Microsoft Confidential Implications Traditional network security no longer sufficient Complex security and access management driving up IT costs Security and connectivity limitations inhibit productivity and collaboration De-perimeterization of the network Evolutionary shift of protection to host and data level Implications Traditional network security no longer sufficient Complex security and access management driving up IT costs Security and connectivity limitations inhibit productivity and collaboration De-perimeterization of the network Evolutionary shift of protection to host and data level Mobile Technology Trends Data is walking out the front door Laptops, USB drives, cellular network cards, Smart Phones/PDAs Malware and spyware can spread to all Pressure to extend regulatory compliance beyond corpnet boundaries Mobile Technology Trends Data is walking out the front door Laptops, USB drives, cellular network cards, Smart Phones/PDAs Malware and spyware can spread to all Pressure to extend regulatory compliance beyond corpnet boundaries Mobile Workforce Trends Always-remote employees Flexible definition of “office” Corpnet access from customer sites Mobile Workforce Trends Always-remote employees Flexible definition of “office” Corpnet access from customer sites Globalization and Outsourcing Others managing your network and data centers Growing complexity of Software as a Service (SaaS) and cloud computing Globalization and Outsourcing Others managing your network and data centers Growing complexity of Software as a Service (SaaS) and cloud computing

Microsoft Confidential “I+4A” Trusted Hardware SecureFoundation Core Security Components Identity Claims Authentication Authorization Access Control Mechanisms Audit Trusted People TrustedStack Trusted Data Trusted Software Integrated Protection SDL and SD3 SD3 SDL and SD3 SD3 Defense in Depth ThreatMitigationThreatMitigation

Microsoft Confidential Comprehensive anywhere access solution available in Windows 7 Provides seamless, always-on, secure connectivity to on-premise and remote users alike Eliminates the need to connect explicitly to corpnet while remote Facilitates secure, end-to-end communication and collaboration Leverages a policy-based network access approach Simplifies IT management and lowers total cost of ownership Enables IT to easily service/secure/update/provision mobile machines whether they are inside or outside the network

Microsoft Confidential Always-on connectivity across different networks A focus on driving access decisions based on “policy and a trusted identity,” rather than the limitations of network topology. Always on Always healthy Always secure X Lab, Client ISA FW, TSG 802.1x Non-compliant Client Device Compliant Windows 7 Client RODC Secure Boundary Dedicated Resources Compliant Client Healthy Resources NPS/NAP Servers Business Partner Downlevel or Mobile Client Cust FW VPN Gateway Customer Site Internet Corporate Network Compliant Windows 7 Client Requires users to connect (lost productivity) Client must be made healthy prior to network access (Lost productivity plus IT time and expense) Non-compliant Client Device

Microsoft Confidential More Productivity Always-on access to corpnet while roaming No explicit user action required – it just works Same user experience on premise and off More secure Healthy, trustable host regardless of network Richer policy control near assets Ability to extend regulatory compliance to roaming assets More manageable and cost effective Simplified remote management of mobile resources as if they were on the LAN Lower total cost of ownership (TCO) with an “always managed” infrastructure Unified secure access across all scenarios and networks Integrated administration of all connectivity mechanisms

Microsoft Confidential Microsoft Windows 7 clients Microsoft Windows 7 DirectAccess server Application servers Windows Server 2008 Exception: When Windows Firewall Authentication policy is used, application servers must be Windows Server 2008 R2 DC/DNS servers Windows Server 2008 Exception: When two-factor authentication is required for end-to-end authentication a Windows 7 DC-based Active Directory NAT-PT server if IPv4 access is desired

Microsoft Confidential Trusted, compliant, healthy machine Windows 7 client Corporate Network Applications & Data DC & DNS (Win 2008) NAP (includes Server & Domain Isolation [SDI]) Forefront Client Security Windows Firewall BitLocker + Trusted Platform Module (TPM)

Microsoft Confidential With DirectAccess, remote computers are Always connected Always secure Always managed and healthy Unique Benefits Uses policy-based approach Is network agnostic Makes it easy for IT to work with mobile machines inside or outside the network Lowers total cost of ownership Use corporate network imagery.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.