微軟防禦陣線 forefront 史百誠 joseph shih 伺服器平台事業處 台灣微軟. security...
TRANSCRIPT
微軟防禦陣線Forefront
史百誠 Joseph Shih
伺服器平台事業處台灣微軟
Security OfferingsA comprehensive line of business security products that helps you gain greater protection and secure access through deep integration and simplified management
Network EdgeNetwork EdgeServer ApplicationsServer ApplicationsClient And Server OSClient And Server OS
Comprehensive Security & AccessEnd-point devices
End-point devicesProtocols
ProtocolsPolicy Definitions
Policy DefinitionsApplications
Applications
EdgeEdge
Email(MessagingServers)
Unmanaged PC(Home PC, Kiosk,
etc)
Intranet Apps(Internal Web Servers)
Work PCs(Remote Desktop)
Internet
Managed PC(corporate owned,
domain-joined)
Files/Documents(Portal orFile Servers)
Exchange ActiveSyncHandhelds
SSL-VPN
IPSec VPN
HTTP/HTTPS
RPC over HTTP
RDP over HTTP
SSL Tunneling
SSL Socket Forwarding
遠端安全存取遠端安全存取提供員工與合作夥伴安全妥善地從任何遠端的 PC 與裝置存取應用程式、文件與資料
分公司閘道分公司閘道從分公司提供增強安全性的網際網路存取、並且更有效率地運用有限的頻寬。
網路存取保護網路存取保護透過可掃描與封鎖有害內容、檔案和網站的完善工具,去除惡意程式碼和攻擊者所造成的損害效果。
IPSec VPN SSL VPN
微軟網路安全存取解決方案
Integrated Security
Exchange Mailbox Server
Internet
Client Machines
Exchange Mailbox Server
Exchange Front End
Microsoft AV
Multi-engineManager
Server ApplicationsServer Applications
多層次防禦
Live Communications Server
SharePoint Server
Exchange Servers
Security for SharePoint
Security for Exchange Server
Intelligent ApplicationGataway 2007
Microsoft
Internet Security &Acceleration Server 2006
Client Security
•InternetInternet
•AA
•BB
•CC
•DD
•EE
•Exchange Server/ Exchange Server/ Windows-based Windows-based SMTP ServerSMTP Server
• 多重次防禦多重次防禦• 伺服器最佳化伺服器最佳化• 集中式管理集中式管理• 不當資料過濾不當資料過濾
•Gartner Magic Quadrant forGartner Magic Quadrant for•E-Mail Security Boundary 2006 * E-Mail Security Boundary 2006 *
•http://www.mediaproducts.gartner.com/reprints/microsoft/vol4/article1and2/article1and2.html•* * Magic Quadrant for E-Mail Security Boundary, 2006. Peter Firstbrook, Arabella Hallawell Magic Quadrant for E-Mail Security Boundary, 2006. Peter Firstbrook, Arabella Hallawell Publication Date: 25 September 2006/ID Number: G00142431Publication Date: 25 September 2006/ID Number: G00142431
Security SummarySecurity SummarySecurity SummarySecurity Summary
Simplified AdministrationClient And Server OSClient And Server OS
FCS Client Supported Platforms Matrix
9
Operating System Client Security Agent
Windows 2000 SP4 + Security Rollup and GDI+ hotfix
Supported
Windows XP SP2 (with Filter Manager hotfix)
Supported
Windows XP “Media Center” edition Not supported
Windows Server 2003/R2 x64 SP1 + Supported
Windows XP “Tablet” editions Supported
Windows Server 2003 X86 SP1 + Supported
Windows Server 2003 R2 + Supported
Windows Vista Business, Enterprise, and Ultimate
Supported
FCS 系統架構
Server(s) hosting Server(s) hosting FCS Collection and FCS Collection and
Reporting RolesReporting Roles
FCS Central FCS Central Management Management
ConsoleConsole
What can FCS do for me?
統一的保護• 防護電腦病毒與間諜軟體• 建構在全世界成千上萬用戶所使用的防護技術之上• 可針對各式威脅進行有效的回應• 可做為微軟其他安全性產品的補充支援
簡化的系統管理• 利用單一的主控台提供簡化的安全性管理• 僅需定義單一原則便可以達成用戶端防護的管理• 快速的部署用戶端防護軟體及病毒定義更新• 可與現有的 IT 基礎建設進行整合
提供視覺化管理與控制介面• 經由單一儀表版提升威脅及弱點的可見度• 觀看具有洞察力的報告• 保持在接收狀態評估掃瞄與安全警示結果的情況
FCS 用戶端的防護功能
移除目前大量流行之電腦病毒
移除所有已知電腦病毒
即時電腦病毒防護
移除所有已知間諜軟體
即時間諜軟體防護
集中式報表及警示功能
自訂化
MicrosoftForefront
™
ClientSecurity
MSRT Windows®
Defender
Windows Live
™ Safety
Center
Windows Live OneCare
™
整合現有 IT 基礎建設
針對個人用戶 針對企業
Forefront Licensing OverviewForefront Licensing Overview
Microsoft
Forefront
Perpetual Licensing
Model
Online Services Licensing
ModelFPPFPP
OpenOpen
Open ValueOpen Value
Open Value Open Value SubscriptionSubscription
SelectSelect
EAEA
EA SubscriptionEA Subscription
OEMOEM
GovernmentGovernment
AcademicAcademic
SPLA/HVSSPLA/HVS
FPPFPP
OpenOpen
Open ValueOpen Value
Open Value Open Value SubscriptionSubscription
SelectSelect
EAEA
EA SubscriptionEA Subscription
OEMOEM
GovernmentGovernment
AcademicAcademic
SPLA/HVSSPLA/HVS
Open ValueOpen Value
Open Value Open Value SubscriptionSubscription
SelectSelect
EAEA
EA SubscriptionEA Subscription
GovernmentGovernment
AcademicAcademic
SPLA/HVSSPLA/HVS
Open ValueOpen Value
Open Value Open Value SubscriptionSubscription
SelectSelect
EAEA
EA SubscriptionEA Subscription
GovernmentGovernment
AcademicAcademic
SPLA/HVSSPLA/HVS
For example: For example:
ISAISA
For example: For example:
ISAISA
For For example: example:
Forefront Forefront Security for Security for
Exchange Exchange ServerServer
For For example: example:
Forefront Forefront Security for Security for
Exchange Exchange ServerServer
Online Services Online Services –– Overview Overview
Online Services has its own unique terminology for licenses:Online Services has its own unique terminology for licenses:
Most Security offerings will require a User/device Subscription Most Security offerings will require a User/device Subscription License (USL)License (USL)
Management consoles and external connector scenarios will Management consoles and external connector scenarios will require a Server Subscription License (SSL)require a Server Subscription License (SSL)
Each USL for Antigen/Forefront subscription products count as one Each USL for Antigen/Forefront subscription products count as one point towards Select agreements.point towards Select agreements.
Do not quote monthly ERP from pricelist. It rounds to Do not quote monthly ERP from pricelist. It rounds to nearest $1.nearest $1.
SSL
Services Subscription License (SSL)Services Subscription License (SSL)An SSL is generally required to An SSL is generally required to enableenable the functionality of an online the functionality of an online service across your entire service across your entire organizationorganization..
USL
User or Device Subscription License (USL/DSL)User or Device Subscription License (USL/DSL)A USL or DSL is generally required to enable the functionality of an online A USL or DSL is generally required to enable the functionality of an online service for a particular service for a particular user or deviceuser or device, respectively., respectively.
Online Services Online Services –– Payment Payment
1.1. Payment can be made prepaid upfront or billed annually.Payment can be made prepaid upfront or billed annually.
2.2. Service can be added to match the remaining term of original Service can be added to match the remaining term of original agreement.agreement.
Month 0
Month 12
Month 24
Month 36
Start of Agreement
End of Agreement
1. Place order for service2. Pay for entire
subscription term
Subscription term = 36 months
36 month agreement, immediate order, prepay for 36-months
36 month agreement, immediate order, annual billing and payment
Month 0
Month 12
Month 24
Month 36
Start of Agreement
End of Agreement
Subscription term = 36 months
1. Place order for service2. Pay for 12 months
1. Pay for 12 months 1. Pay for 12 months
Forefront SKU OverviewForefront SKU Overview
SU
ITES
SU
ITES
Enterprise CAL Suite
Forefront Security Suite
Exchange Enterprise CAL
ForefrontSecurity Suite
EDGEEDGESERVERSERVERCLIENTCLIENT
Forefront Security SuitesForefront Security Suites
EXCHANGE EXCHANGE ENTERPRISE CAL**ENTERPRISE CAL**
FOREFRONT FOREFRONT SECURITY SECURITY
SUITESUITE
ENTERPRISEENTERPRISE
CAL SUITE*CAL SUITE*
Pricelist Availability:Pricelist Availability: December 2006December 2006 End of FY07End of FY07 November 2006November 2006
Forefront Client SecurityForefront Client Security
Forefront Security for Exchange ServerForefront Security for Exchange Server
Forefront Security for SharePointForefront Security for SharePoint
Forefront Security for Office Forefront Security for Office CommunicationsCommunications
ISA ServerISA Server
Intelligent Application Gateway (Whale)Intelligent Application Gateway (Whale)
Exchange Hosted Mail FilteringExchange Hosted Mail Filtering
Other Server CALs and technologiesOther Server CALs and technologies * Enterprise CAL also includes the Core CAL components, Windows Rights Management Services, Management Operations Manager Client OML, Office Communications Server 2007 Standard and Enterprise CAL, Office SharePoint Server Enterprise CAL 2007, and the Exchange Enterprise CAL 2007.
** Exchange Enterprise CAL also includes the Exchange CAL, Unified Messaging and Compliance functionality.
Suite Suite OptionsOptions
Significant additional value through suite discounts:• Enterprise CAL: 50% packaging discount + 15% EA discount + 15% Platform discount• Exchange Enterprise CAL: ~35% discount• Forefront Security Suite: ~35% discount
Enterprise CALEnterprise CAL
Secure Communication, Collaboration, and Compliance
Information rights managementUnified Messaging & complianceWeb based forms solutionsSpreadsheet publishingBusiness data connector web partsPresence and synchronous communications (IM)On premise multi-party audio, video and web conferencingClient monitoring and updatesClient, server and edge security
Foundation for IT InfrastructurePlatform, group policy, identity, securityEmail, calendaring, contactsContent managementEnterprise portal and searchTeam collaboration sitesSystems management
Core CAL SuiteWindows Server CAL
Exchange Server Standard CAL
Office SharePoint Server Standard CAL
System Center Configuration Manager CML
Enterprise CAL SuiteEnterprise CAL SuiteCore CAL Suite
Windows Rights Management Services CAL
Exchange Server Enterprise CAL
Office SharePoint Server Enterprise CAL
Office Communications Server Standard CAL
Office Communications Server Enterprise CAL
System Center Operations Manager Client OML
Forefront Security Suite
What products are included in the CAL What products are included in the CAL Suites?Suites?
500 windows XP
Exchange 2003SPS 2003LCS
Windows 2003 serverWindows 2003 server Windows 2003 server
Internet
案例• 有一個客戶 500 台 windows XP • 30 台 windows 2003server 各自安裝 Exchange 2003
server 、 SPS 、 LCS 及其他 server• 如果要安裝 Forefront 系列產品要如何報價• Per user ? Per Device?
價格假設 : Forefront Client security - $ 40 / per user /Monthly Forefront Client security Management Console - $ 200 / per service /Monthly Forefront Server security for Exchange - $ 50 / per user /Monthly Forefront Server security for SPS - $ 35 / per user /Monthly Forefront Server security for LCS - $ 35 / per user /Monthly Forefront Server security Management Console - $ 250 / per service /Monthly
500 windows XP
Exchange 2003 SPS 2007LCS
報價計算 (Per Device)
• Forefront Client security – $40*530( 台 )*12 個月 *3 年• Forefront Client security Management Console - $ 200 *12 個月 *3 年• Forefront Server security for Exchange - $ 50 *500( 人 )*12 個月 *3 年• Forefront Server security for SPS - $ 35 *500( 人 )*12 個月 *3 年• Forefront Server security for LCS - $ 35 *500( 人 )*12 個月 *3 年• Forefront Server security Management Console - $ 250 *12 個月 *3 年
報價計算 (Per User)
• Forefront Client security – $40*500( 台 )*12 個月 *3 年• Forefront Client security Management Console - $ 200 *12 個月 *3 年• Forefront Server security for Exchange - $ 50 *500( 人 )*12 個月 *3 年• Forefront Server security for SPS - $ 35 *500( 人 )*12 個月 *3 年• Forefront Server security for LCS - $ 35 *500( 人 )*12 個月 *3 年• Forefront Server security Management Console - $ 250 *12 個月 *3 年
Current Wave(next 12 months)
Longhorn Wave
Long-term Investments
Current Wave(next 12 months)
Longhorn Wave
Long-term Investments
Gaining a foothold
• Server ApplicationsServer Applications• Multi-engine Anti-virus, Anti-spam for Exchange 2007Multi-engine Anti-virus, Anti-spam for Exchange 2007• Multi-engine Anti-virus, Content filtering for SharePoint 2007Multi-engine Anti-virus, Content filtering for SharePoint 2007• Multi-engine Anti-virus for Instant MessagingMulti-engine Anti-virus for Instant Messaging• Single Server Management ConsoleSingle Server Management Console
• EdgeEdge• Application PublishingApplication Publishing• Branch Office GatewayBranch Office Gateway• Web Access ProtectionWeb Access Protection
Current Wave(next 12 months)
Longhorn Wave
Long-term Investments
Gaining a foothold
• Anti-virus, Anti-spyware based on Defender and MS AV engineAnti-virus, Anti-spyware based on Defender and MS AV engine
• Security State AssessmentSecurity State Assessment
• Central Mgmt and Reporting Central Mgmt and Reporting
• Deep integration with:Deep integration with:
• Active Directory and AD Group PolicyActive Directory and AD Group Policy
• SMS and/or WSUSSMS and/or WSUS
• Reporting through SQL Server 2005Reporting through SQL Server 2005
Current Wave(next 12 months)
Longhorn Wave
Long-term Investments
Gaining a foothold
• Secure SSL VPNs provide browser-based access to Secure SSL VPNs provide browser-based access to corporate applications and data corporate applications and data
• Integrated application protectionIntegrated application protection
• Comprehensive policy enforcement helps drive Comprehensive policy enforcement helps drive compliance with legal and business guidelinescompliance with legal and business guidelines
Gaining a footholdChanging the playing field
Current Wave(next 12 months)
Longhorn Wave
Long-term Investments
•ClientClient
•Unified host FW policy Unified host FW policy mgmtmgmt
•NAP integrationNAP integration
•Integrated Edge PlatformIntegrated Edge Platform
•Comprehensive App Comprehensive App Access (ISA/Whale)Access (ISA/Whale)
•Web protectionWeb protection
•Appliance experience Appliance experience and form factorand form factor
•Integrated Management Integrated Management and Reporting Consoleand Reporting Console
Current Wave(next 12 months)
Longhorn Wave
Long-term Investments
Gaining a footholdChanging the playing fieldSustaining momentum
•ClientClient
•Enhanced Zero-day Enhanced Zero-day ProtectionProtection
•IntegrationIntegration
•Unified Access PlatformUnified Access Platform
•Security Event Security Event ManagementManagement
•Support for 3rd party Support for 3rd party engine & servicesengine & services
•ClientClient
•Unified host FW policy Unified host FW policy mgmt mgmt
•NAP integrationNAP integration
•Integrated Edge PlatformIntegrated Edge Platform
•Comprehensive App Comprehensive App Access (ISA/Whale)Access (ISA/Whale)
•Web protectionWeb protection
•Appliance experience Appliance experience and form factorand form factor
•Integrated Management Integrated Management and Reporting Consoleand Reporting Console
「安特部隊」 技術菁英招募• 服務諮詢處
– 微軟專業代理商: 零壹科技股份有限公司
• Microsoft Forefront 安裝認證課程– 台北場