pass4sure 70-640 windows server 2008
DESCRIPTION
Real questions for Microsoft 70-640 Windows Server 2008 Active Directory, Configuring Exam from pass4sure with unlimited access of 2500+ Exams for Life time. http://www.testbells.com/70-640.htmlTRANSCRIPT
http://www.testbells.com/70-640.html
Senior Program Manager Microsoft Corporation
Agenda
Information Leakage Problem
AD RMS History
What’s New in CY09 AD RMS Server Role in Windows Server 2008 R2
Exchange 2010 integration
AD RMS Bulk Protection Tool
RSA DLP 6.5+ integration
Q&A
With Demos
http://www.testbells.com/70-640.html
Business Ready Security Help securely enable business by managing risk and empowering people
Highly Secure & Interoperable Platform
Identity
Block
from:
Enable
Cost Value
Siloed Seamless
to:
The Information Workplace
http://www.testbells.com/70-640.html
The Information Workplace
Independent Consultant
Partner Organization
Home
Mobile Devices
USB Drive
Companies face growing risks of data leaks
Legal, Regulatory, and Financial impacts Cost of digital leakage per year is measured in $Billions
Increasing number and complexity of regulations, e.g. GLBA, SOX, CA SB 1386
Non-compliance with regulations or loss of data can lead to significant legal fees
Damage to Image and Credibility Damage to public image and credibility with customers
Financial impact on company
Leaked e-mails or memos can be embarrassing
Loss of Competitive Advantage Disclosure of strategic plans, M&A info potentially lead to loss of revenue, market capitalization
Loss of research, analytical data, and other intellectual capital
Data must be protected, but must remain accessible
Information Leakage Is Costly On Multiple Fronts
Authorized
Users
Firewall Perimeter
Access Control
List Perimeter
Authorized
Users
Location Based Solutions Protect Initial Access
Authorized
Users
Firewall Perimeter
Unauthorized
Users
Access Control
List Perimeter
Authorized
Users
Unauthorized
Users
Location Based Solutions Protect Initial Access… But Do Not Protect Usage
Policy Policy
Policy
Policy
AD RMS Is A Content-Based Solution Protects the Information Itself – No Matter How It Is Shared And Where It Goes
Active Directory Rights Management Services
Persistent
+ Policy Encryption • Access Permissions (Who) • Use Right Permissions (What)
2
1. Assume author and recipient are already bootstrapped with a RAC and CLC
2. Author creates mail
3. Author protects mail using RAC and CLC
4. Author sends mail to recipient
5. Recipient gets use license from RMS
6. Recipient can access content
AD RMS Workflow Publishing and Consumption
1
RAC CLC RAC CLC 6
UL
4
5
PL
3
AD DS SQL AD RMS
Author Recipient
Windows Server 2008 AD RMS server role (v2)
AD RMS Trust
AD FS federation support
Improved installation and mgmt
AD RMS template distribution (Vista SP1 and above)
Admin reports
Different admin roles
Client AD RMS client integrated in Windows Vista and WS2008
Windows Server 2003 Out-of-band installer for RMS Server (v1, v1 SP1, v1 SP2)
AD RMS Trust
TUD, WLID
Client Out-of-band installer for RMS Client (v1, v1 SP1, v1 SP2) on Windows XP and WS2003
Microsoft Solutions Office 2003 (Outlook, Word, Excel, PowerPoint)
Internet Explorer Add-On (RMA)
Microsoft Solutions Windows Mobile 6 integration
Office 2007 (+InfoPath)
XPS Viewer
SharePoint 2007 (Doc libraries)
Exchange 2007 SP1 (Prelicensing)
Windows Server 2008 R2 AD RMS server role (v3)
AD RMS Trust
Publishing org (internal) group support for federated users
Improved installation and mgmt through PowerShell
Additional admin reports
Client AD RMS client integrated in Windows 7 and WS2008 R2
Microsoft Solutions Exchange 2010
AD RMS Bulk Protection Tool
WS2008 R2 FCI integration
Partner Solutions PDF and other file formats & Blackberry support – Gigatrust, Liquid Machines
CAD file format - Dassault Systems
Classification - Titus Labs
Secure Content Mgmt - Workshare
Partner Solutions RSA DLP
PDF solution - Foxit
Secure Content Mgmt – OpenText
* Each consecutive release on this slide includes features from the prior release
AD RMS Server Role in WS2008 R2 Customer Ask #1
• Ensure identical deployments
• Automate common tasks Consistency
• For managing the server
• Local and remote access Flexibility
Deployment and Administration
PowerShell support for deployment and admin Deployment cmdlets available out-of-the box
Admin cmdlets available after the AD RMS server role has been deployed
Additional admin reports (system health)
AD RMS Server Role in WS2008 R2 Deployment and Administration
http://www.testbells.com/70-640.html
AD RMS Administration
http://www.testbells.com/70-640.html
AD RMS Server Role in WS2008 R2 Customer Ask #2
• Enable secure external collaboration
• Consistent end user experience when working with internal and external users
Simplify collaboration
• Publishing organization maintains full control of content
• Groups defined by publishing organization
Control access
http://www.testbells.com/70-640.html
WS2008 introduced federation support via AD FS – Need to individually identify external users when protecting information
WS2008 R2 supports protecting to publishing org (internal) groups that include external users – No need to individually identify external users
AD RMS Server Role in WS2008 R2 Secure External Collaboration
http://www.testbells.com/70-640.html
External Collaboration via ADFS 1. Assume author is already bootstrapped
2. Alice sends protected mail to [email protected] of which Bob at Fabrikam is a member
3. Recipient contacts RMS Server to get bootstrapped
4. WebSSO agent intercepts request
5. RMS Client is redirected to FS-R for home realm discovery
6. RMS Client is redirected to FS-A for authentication
7. RMS Client is redirected back to FS-R for authentication
8. RMS Client makes request to RMS Server for bootstrapping
9. RMS Server returns certificates to recipient
10. RMS Client makes request to RMS Server for use license
11. RMS Server retrieves Bob’s group membership from AD and compares to PL
12. RMS Server returns use license to recipient
13. Recipient accesses protected content
Contoso Fabrikam AD
RMS
AD
ADFS FS-A
ADFS FS-R
1
RAC CLC
PL
2
WebSSO
4
3
5
6
7
8
11
RAC CLC
9
UL
12
13
Alice Bob
10
projectX
Bob
Streamline end-user experience
Enable automatic protection
Integrate seamlessly with IT infrastructure
Exchange 2010 RMS Integration Themes
Exchange 2010 RMS Integration Customer Ask #1
• Ensure identical end user experience for unprotected and RMS-protected e-mails
Seamless protection
• View and reply to RMS-protected e-mails in OWA without an additional add-on
OWA support
http://www.testbells.com/70-640.html
Exchange 2010 RMS Integration Streamline End-user Experience
Prelicensing support enables offline and mobile access to RMS-protected e-mails – introduced in Exchange 2007 SP1
Consume and publish RMS-protected e-mails in OWA – Internet Explorer, Firefox, Safari
Conduct full-text search on RMS-protected e-mails in OWA
RMS-Protected E-mails in OWA
http://www.testbells.com/70-640.html
Client Access Server (CAS) uses
Superuser privileges to decrypt
Prelicensed use license (UL) used to determine rights to enforce
Rights enforcement concerns in the browser mitigated by enabling the feature for a specific set of users (at mailbox policy level)
Exchange 2010 RMS Integration Streamline End-user Experience: RMS Integration In OWA: Details
Exchange 2010 RMS Integration Customer Ask #2
• Based on content and context analysis
Enable automatic protection
http://www.testbells.com/70-640.html
Exchange 2010 RMS Integration Automatic Protection
Automatically protect e-mails in transit via Exchange transport rules
Automatically protect e-mails in Outlook 2010 (through an add-in)
Automatically protect private voicemails through Exchange Unified Messaging (UM)
http://www.testbells.com/70-640.html
• Transport Rule action to apply AD RMS template to e-mail message
• Based on content and context analysis • Content analysis: Keywords and RegEx
scanning of e-mails and attachments • Context examples: From, To
Exchange 2010 RMS Integration Automatic Protection: Through Transport Rules
Exchange Transport Rules Based Automatic RMS-Protection
http://www.testbells.com/70-640.html
Rules agent stamps x-org header in e-mail with RMS template GUID
Encryption agent applies RMS template to e-mail and attachments on onRouted Transport Agent event
Office 2003 and above file formats (Word, Excel, PowerPoint) and XPS attachments also get automatically protected
Extensible to other file formats through the IRM Protector implementation
Exchange 2010 RMS Integration Automatic Protection: Through Transport Rules: Details
Outlook 2010 add-in (small-scale rules engine)
Mitigates concerns of Exchange admin or host accessing sensitive mail
Rules
Context only: Sender’s department, recipient’s identity, recipient’s scope (internal/external)
Retrieved by add-in from CAS through Exchange Web Services (EWS) API
Ability to allow/disallow user to override automatic protection
Exchange 2010 RMS Integration Automatic Protection: Through Outlook Protection Rules
Outlook 2010 Add-In Protection Rules
http://www.testbells.com/70-640.html
UM admin can allow incoming voicemails to be marked as “private”
Private voicemails can be protected using “Do Not Forward” RMS template preventing forwarding and copying of voicemail content
Private voicemails supported in OWA and Outlook 2010
Exchange 2010 RMS Integration Automatic Protection: Through Unified Messaging
Uses the Encryption/Decryption XSO API to RMS-protect
Exchange Unified Messaging Protected Voicemails
http://www.testbells.com/70-640.html
• RMS-protected based on sender marking voicemail as ‘private’ or through administrative policy
Exchange 2010 RMS Integration Customer Ask #3
• Support in-the-clear archival of RMS-protected e-mails
Enable e-discovery
• Ability to scan RMS-protected e-mails in transport
• Ability to modify RMS-protected e-mails in transport
Allow scanning of protected
e-mails
http://www.testbells.com/70-640.html
Exchange 2010 RMS Integration Seamless IT Infrastructure Integration
Enables e-discovery via journal decryption
Enables anti-malware and other scenarios (such as adding a disclaimer) at hub transport via transport decryption and re-encryption
http://www.testbells.com/70-640.html
Exchange 2010 RMS Integration Seamless IT Infrastructure Integration: Journal Decryption
Journal Report Decryption
Agent • Attaches clear-text copies of
RMS-protected e-mails and
attachments to journal mailbox
• Requires superuser privileges
•Feature is off by default
Archive/Journal
Exchange Journal Decryption
http://www.testbells.com/70-640.html
Enables Hub Transport Agents to scan/modify RMS-protected e-mails
Pipeline Decryption Agent Uses superuser privileges to decrypt e-mails
Decrypts e-mail and attachments
Encryption Agent re-encrypts messages
Option to NDR messages that cannot be decrypted
All AD RMS integration agents are implemented as internal agents
Exchange 2010 RMS Integration Seamless IT Infrastructure Integration: Transport Pipeline Decryption
Exchange Transport Decryption and Re-Encryption
http://www.testbells.com/70-640.html
• Consume and Publish RMS-protected e-mails in OWA
• Search RMS-protected e-mails in OWA
Streamline end-user experience
• Through Transport rules
• Through Outlook protection rules
• Through Unified messaging (voicemails)
Enable automatic protection
• In-the-clear archival of RMS-protected e-mails
• Ability to scan and modify RMS-protected e-mails in transport
Integrate seamlessly with IT
infrastructure
Exchange 2010 RMS Integration
Exchange RMS integration features require AD RMS Server Role in WS2008 R2 or WS2008 SP2 + KB973247 hotfix
AD RMS Bulk Protection Tool Customer Ask
• Recover RMS-protected
documents
• Help in e-discovery efforts
Bulk decryption
tool
http://www.testbells.com/70-640.html
AD RMS Bulk Protection Tool Details
Command line tool
Bulk decryption E-Discovery of content for litigation/audit purposes
Bulk encryption Safeguard existing sensitive information
Can be integrated with WS2008 R2 File Classification Infrastructure (FCI) to classify and automatically RMS-protect files on the file server
AD RMS Bulk Protection Tool Details
Supported file formats Office 2003 and above (Word, Excel, PowerPoint)
XPS
Extensible to other file formats via IRM protector implementation
Bulk decryption also available for items within Outlook PSTs (requires Outlook 2007)
Supported on XP/WS2003 and above Requires RMS Client v1 SP2 and .NET Framework 2.0 on XP and WS2003
4
5
User creates a file
“marketing.docx” on
Windows server 2008 R2
file server
File Classification
Infrastructure (FCI)
classifies file as sensitive
based on content analysis
(keyword/RegEx) and/or
folder location (e.g.,
Business Impact = High)
Automated File
Management Task invokes
AD RMS Bulk Protection
Tool to automatically RMS-
protect the file (restrict
access to Full-Time
Employees only)
Full Time Employee can
access “marketing.docx”
A malicious user getting
access to the file through
an un-intentional leak is not
able to access file content
FCI Classify
2
c
Mgmt Task:
AD RMS Protect
3
c
1
AD RMS Bulk Protection Tool With WS2008 R2 FCI
AD RMS Bulk Protection Tool with WS2008 R2 FCI
http://www.testbells.com/70-640.html
Partner Solution: RSA DLP Automatic Protection For Datacenters and Endpoints
Integrated solution to discover and automatically RMS-protection sensitive data on endpoints and the datacenter
Requirements RSA DLP 6.5 and above (RSA DLP Datacenter and RSA DLP Endpoint Discover products)
AD RMS Server Role in WS2008 and above
1. AD RMS admin creates AD RMS templates for data protection
2. RSA DLP admin selects/ creates policies to find sensitive data and protect it using AD RMS
3. RSA DLP discovers and classifies sensitive files, and applies AD RMS protection based on policy
Microsoft AD RMS
RSA DLP
4. Users request files. AD RMS provides identity-based access
R&D department
Marketing department
Others
Endpoints: Laptops/Desktops
File Shares SharePoint
R&D Department
Marketing Department
Others
View, Edit, Print View No Access
Intellectual Property (IP) template
Find ‘IP’ documents
Apply ‘IP’ AD RMS template
IP Policy
Partner Solution: RSA DLP How The Integration Works
Windows Server 2008 AD RMS server role (v2)
AD RMS Trust
AD FS federation support
Improved installation and mgmt
AD RMS template distribution (Vista SP1 and above)
Admin reports
Different admin roles
Client AD RMS client integrated in Windows Vista and WS2008
Windows Server 2003 Out-of-band installer for RMS Server (v1, v1 SP1, v1 SP2)
AD RMS Trust
TUD, WLID
Client Out-of-band installer for RMS Client (v1, v1 SP1, v1 SP2) on Windows XP and WS2003
Microsoft Solutions Office 2003 (Outlook, Word, Excel, PowerPoint)
Internet Explorer Add-On (RMA)
Microsoft Solutions Windows Mobile 6 integration
Office 2007 (+InfoPath)
XPS Viewer
SharePoint 2007 (Doc libraries)
Exchange 2007 SP1 (Prelicensing)
Windows Server 2008 R2 AD RMS server role (v3)
AD RMS Trust
Publishing org (internal) group support for federated users
Improved installation and mgmt through PowerShell
Additional admin reports
Client AD RMS client integrated in Windows 7 and WS2008 R2
Microsoft Solutions Exchange 2010
AD RMS Bulk Protection Tool
FCI integration
Partner Solutions PDF and other file formats & Blackberry support – Gigatrust, Liquid Machines
CAD file format - Dassault Systems
Classification - Titus Labs
Secure Content Mgmt - Workshare
Partner Solutions RSA DLP
PDF solution - Foxit
Secure Content Mgmt – OpenText
* Each consecutive release on this slide includes features from the prior release
More Information
AD RMS TechNet TechCenter [Link] and Documentation Roadmap [Link]
Exchange 2010 and AD RMS Integration [Link]
AD RMS Bulk Protection Tool Download [Link]
WS2008 R2 FCI Website [Link]
RSA DLP Website [Link]
MSIT Deployment AD RMS Deployment [Link]
FCI and AD RMS Bulk Protection Tool Deployment [Link]
RSA DLP and AD RMS Deployment [Link]
Blogs AD RMS Product Team Blog [Link]
Jason Tyler Blog [Link] (Jason is a Senior Support Escalation Engineer for AD RMS)
http://www.testbells.com/70-640.html
www.microsoft.com/teched Sessions On-Demand & Community
http://microsoft.com/technet Resources for IT Professionals
http://microsoft.com/msdn Resources for Developers
www.microsoft.com/learning Microsoft Certification & Training Resources
Resources Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online.
Complete an evaluation
on CommNet and enter to
win an Xbox 360 Elite!
http://www.testbells.com/70-640.html
You Are Only Successful With Testbells.comTesting Engine In Your IT Certification – Testbells the IT certification training provider offers Thousands of Certification
Exams, such as Microsoft, Cisco, CompTIA, Oracle, IBM, Sun, VMware, Google and other vendors.
Summary Testbells.com Exam Features:
50000+ Customer feedbacks involved in Product.
Average 100% Success Rate.
Over 170 Global Certification Vendors Covered.
Services of Professional & Certified Experts available via support.
Free 90 days updates to match real exam scenarios.
Instant Download Access! No Setup required.
Exam History and Progress reports.
Verified answers researched by industry experts.
Study Material updated on regular basis.
Questions / Answers are downloadable in PDF format.
Practice / Exam are downloadable in Practice Test Software format.
Customize your exam based on your objectives.
Self-Assessment features.
-Guaranteed Success.
http://www.testbells.com/70-640.html
http://www.testbells.com/70-640.html
Required Slide