The Microsoft IT team publish case studies of how we've used our own products within our own infrastructure - sharing their real-life experiences.
This month there's a case study about the way that we've implemented the security features in Windows Server 2008 R2, along with Windows 7 on the desktop - and the benefits that we've seen so far. It covers a wide range of things, including:
- DirectAccess to replace a mixed bag of remote access VPN technologies *
- Network Access Protection (NAP) to manage the integrity and compliance of devices accessing the network
- BranchCache to increase network responsiveness for remote offices
- AppLocker to prevent unlicensed software, unsupported apps and malware from running
When you look through the detail, you'll see that there are big similarities between our IT infrastructure and a typical education IT system. I've taken the following statements from the case study - don't they look similar to a typical large university network?
- "Multiple remote access methods…led to end user confusion"
- "…the team could only manage mobile computers when users connected to a VPN or came to the office."
- "With about 71,000 highly mobile users [we] needed a new way to measure and improve the corporate security policy compliance…including desktop computers, roaming portable computers, visiting portable computers, and unmanaged home computers."
- "…the trend toward data centralisation places more content in data centers that are remote from branch offices. A very large (and increasing) number of remote sites are connected to these data centers. These remote sites range in size from very small (less than 10 users) to very large (greater than 5000 users)."
(And although the scale is different, it's also similar to colleges and many schools)
If you're looking for a good guide to help you think about your network security strategy, which not only makes your network more secure, but also helps improve the end-user experience, then can I recommend the case study to you?
* As an end-user of our IT systems, I can definitely say that using DirectAccess has been a vast improvement over a normal VPN solution. It has made the security virtually invisible to me, and hugely increased my remote experience, especially when I'm working from home or a wireless hotspot. The biggest reason is that it doesn't get in the way of normal internet traffic, and invisibly enables the intranet/corporate network access I need.