webcast windows server 2012 bitlocker 29-10-14

Upload: jhon-gamez

Post on 13-Oct-2015




0 download


PowerPoint Presentation

BITLOCKERWindows Server 2012Javier DominguezPremier Field Engineer /MicrosoftEntender cuales son las caractersticas nuevas incorporadas en Bitlocker para Windows 8 y Windows Server 2012Identificar los problemas que nuestros clientes expresaron sobre MBAM v1.0 Describir las caractersticas de MBAM v2.0 que reducirn el costo total de la solucin y mejoraran el cumplimiento con estndares

BitLocker en Windows 8 y Server 2012 es mas fcil de implantar y manejar MBAM 2.0 corrige los problemas principales reportados en BitLocker y MBAM 1.0Objetivos de la SesinMICROSOFT CONFIDENTIAL INTERNAL ONLY10/29/2012 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.2Tech Ready 15AgendaIntegracinMejoras en BitlockerReducir CostosSeguridad Mejorada Garantizar CumplimientoMBAM 1.0 vs. 2.0 3Mejoras en Bitlocker4Mejoras en AprovisionamientoEl aprovisionamiento es uno de los problemas principales:Ha sido un reto no importa el fabricanteEl aprovisionamiento de TPM es complejo para TI y los usuariosEl cifrado toma mucho tiempoEn Win 8 y Server 2012 Bitlocker ofrece:Auto Provisioning solventa la mayora de los problemas relacionados con el aprovisionamiento de TPMProteccin Instantnea con Encrypted Hard Drive Cifrado rpido va Used Disk Space Only EncryptionCifrado de dispositivos en paralelo con el proceso de creacin de imgenes y no despusTech Ready 15 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/20125Key Protectors para Disco Pre-AprovisionadosTipo de DiscoKey Protector Sistema OperativoTPMTPM+PINStartup Key (sistemas sin TPM)Contrasea (sistemas sin TPM)Disco de DatosDesbloqueo AutomticoContraseaSmart CardDisco ExtraibleContraseaSmart CardBitlocker Pre-Provision

Tech Ready 15 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/20127demoInstalar Bitlocker en Windows Server 2012.


Tech Ready 15 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/20129Mejoras en Experiencia del UsuarioEliminar la necesidad de la autenticacin pre-boot (Dispositivos Conectados)Menos problemas de soporte en dispositivos certificados para Win 8 o Win Server 2012El cifrado de dispositivos es automticamente aprovisionado (OOBE) para dispositivos Windows RT Los usuarios no se involucran en la complejidad del aprovisionamiento de TPMDesbloqueo Automtico de las particiones de sistema cuando hay conexin a la red corporativaTech Ready 15 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/201210Network UnlockPermite desbloquear automticamente los volmenes del sistema operativo durante el inicioFacilita el despliegue de parchesLa experiencia del usuario mejoraRequerimientos:TPM + PIN ProtectorBitlocker Network Unlock FeatureWindows Deployment ServicesDHCPGPOs de Network UnlockUEFI Firmware con EFI DHCP DriversCertificado 2048 bitsTech Ready 15 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/201211Network UnlockTech Ready 15 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/201212demoConfigurar Network Unlock.

13Mejoras del anti-hammering para el inicio de sesin Windows en dispositivos protegidos por BitlockerReinicio de Proteccin de forma automtica cuando un dispositivo pasa a modo suspendidoForzar BitLocker en dispositivos no incluidos en el dominioMejoras en Seguridad14Mejoras en la Preparacion para la Empresa

Soporte para Almacenamientos:Storage Area Networks (SAN) Windows Server ClusterAutenticacin multifactor funciona en escenarios desatendidosNetwork protector Habilita autenticacin de 2 factores en escenarios servidorSimplifica el proceso de parcheo en dispositivos desatendidos

Tech Ready 15 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/201215Bitlocker en Clustered VolumesLos volmenes pueden ser fsicos o unidad lgica como una LUN en una SAN o incluso un NASEl volumen puede ser un CSVPowerShell y mange-bde son la interfaz recomendada para administrar bitlocker en volmenes CSV

16Pasos para Habilitar Bitlocker en Cluster DisksPoner el disco en mantenimientoHabilitar Bitlocker usando un password protectorDeterminar el CONAgregar un AD SID al CSV usando en CONIniciar el disco nuevamente17Feedback sobre BitLocker

Cuando un dispositivo se pierde , es necesario poder contar con un reporte que indique si estaba cifrado

El proceso de cifrado puede ser complicado. Se necesita una forma mas eficiente de asegurar el cumplimiento

Determinar el cumplimiento es difcil. Se necesita de poder conocer el cumplimiento organizacional

Cuando los usuarios pierden su PIN, su productividad se pierde. Necesitamos un servicio recuperacin Selfservice

Una larga lista de polticas para Bitlocker. Necesitamos una forma mas simple de tomar la decisin correcta

Qu escuchamos de los clientes?

19MBAM 2.0MBAM 2.0 introduce mejoras :

MBAM 1.0 se enfocaba en:

Qu es Microsoft BitLocker Administration and Monitoring?

Mejoras en seguridad

Integracin con otras tecnologas (SCCM)Reducir costos(Riesgo Reducido)

Simplificar el aprovisionamiento y despliegue

Proveer reportes(eg: complimiento & auditoria)Simplificar la recuperacin

21Opciones de Despliegue (Arquitectura)Dos opciones estn disponibles: Standalone Mode; Integrated ModeModo integrado soporta SCCM 2007/2012

Stand Alone ModeIntegrated ModeMBAM



Compliance Status Database Compliance Reports Audit Database Audit Reports Recovery Database Admin and Monitoring Server Policy Template22Arquitectura StandaloneActive Directory Domain Services & Group Policy InfrastructureGPORecoveryWeb ServiceReporting Web ServiceWeb ServicesAudit & ComplianceSQL DatabaseReporting Web SiteSSRSCompliance ReportsHelpDesk PortalClient ComputerSelf-service PortalPortalsSelf-Srv Web ServiceRecoveryMBAM Clientand BitLockerAdmin Web ServicePortals

Web Services

SQL Database

Compliance Reports23Resumen de los Features NuevosMBAM 1.0MBAM 2.0Cumplimiento y Seguridad Single User Recovery Keys Compliance Reporting Audit Reporting Forced Encryption Complex PIN FIPS SupportIntegracion Windows 7 Support (Ultimate; Enterprise) Windows 8 Support (Professional; Enterprise) System Center Integration (2007; 2012)Reduccin de Costos Helpdesk Recovery Console Self-help Recovery Console Simplified Provisioning Fast Provisioning (Windows 8)24http://bit.ly/DescargaWS2012


http://bit.ly/ITCamps2012Serie de Webcasts Windows Server 2012http://bit.ly/Webcasts2012

Sigue a TechNet Espaa


BITLOCKERWindows Server 2012Javier DominguezPremier Field Engineer /Microsoft