Server and Domain Isolation

Server and Domain Isolation

With the explosive growth and adoption of pervasive, highly-connected networks, administrators are faced with a potentially paradoxical situation: to provide greater accessibility while maintaining security. Even though more ubiquitous connectivity can yield numerous business benefits—like productivity gains and operational cost savings—it has the potential to introduce new risks to the organization’s networked infrastructure. This can include costly virus attacks, rogue users and devices, and unauthorized access to sensitive information.

A Server and Domain Isolation solution based on Microsoft Windows Internet Protocol security (IPsec) and the Active Directory directory service enables administrators to dynamically segment their Windows environment into more secure and isolated logical networks based on policy and without costly changes to their network infrastructure or applications. This creates an additional layer of policy-driven protection, and helps better protect against costly network attacks, helps prevent unauthorized access to trusted networked resources, achieve regulatory compliance, and reduce operational costs.

Server and Domain Isolation

Figure 1: Server and Domain Isolation
View full-size image
Overview Resources

* Introduction to Server and Domain Isolation
This document describes how using Server and Domain Isolation can provide additional security for network traffic and resources; decrease your exposure to network attacks based on viruses, worms, and malicious users; and adhere to requirements to secure and encrypt data traffic.
* Server and Domain Isolation Datasheet
Learn more about how Server and Domain Isolation can help you reduce the risk of network-based threats and safeguard sensitive data, all while maximizing your existing information technology (IT) investments.
* Server Isolation with Microsoft Windows Explained
This white paper provides a detailed overview of server isolation. It explains how server isolation protects isolated servers and the benefits of deploying server isolation. It also provides a brief overview of how to deploy server isolation .
* Domain Isolation with Microsoft Windows Explained
This white paper provides a detailed overview of domain isolation. It explains how domain isolation protects domain member computers and the benefits of deploying domain isolation. It also provides a brief overview of how to deploy domain isolation.
* TechNet Webcast: Protecting Critical Systems and Data with Server and Domain Isolation
This webcast details how Server and Domain Isolation can be leveraged by customers using Windows XP, Windows Server 2003, or Windows 2000. This webcast also explains the roadmap for future uses of IPsec, including its use as an enforcement method for Network Access Protection.

Demos and Solution Evaluation Resources

* Server and Domain Isolation Demo
Get hands-on experience with Server and Domain Isolation for Windows XP and Windows Server 2003, and learn how this cost-effective end-point authentication solution can help you reduce the risk of network-based threats and safeguard sensitive data.

Case Studies

* Major Japanese Municipal Principal Government Achieves Security Compliance at Nil Cost
Learn more about how the City of Sapporo, Japan, with 12,000 users working in almost 870 departments, implemented Server and Domain Isolation for cost-effective end-point authentication. The solution has improved information security and reduced the risk of unauthorized access to confidential data on the organization’s Intranet.
* Improving Security with Domain Isolation: Microsoft IT Implements IPsec
This article describes how Microsoft IT is using IPsec to deploy Domain Isolation on the Microsoft global enterprise network.

Deployment Resources

* Step-by-Step Guide to Deploying Policies for Windows Firewall with Advanced Security
This step-by-step guide illustrates how to deploy Active Directory Group Policy objects (GPOs) to configure Windows Firewall with Advanced Security in Windows Vista and Windows Server 2008. You get hands-on experience in a lab environment using Group Policy Management tools to create and edit GPOs that implement typical firewall settings. You also configure GPOs to implement common server and domain isolation scenarios.
* Server and Domain Isolation Using IPsec and Group Policy
This Microsoft Solutions guide describes how to deploy server isolation to ensure that a server accepts network connections only from trusted domain members or a specific group of domain members, and domain isolation to isolate domain members from untrusted connections.
* Simple Policy Update for Windows Server 2003 and Windows XP
This update for Windows Server 2003 and Windows XP helps simplify the creation and maintenance of IP filters in IPsec policy, reducing the number of filters that are required for a Server and Domain Isolation deployment. The Simple Policy update removes the requirement for explicit network infrastructure permit filters and introduces enhanced fallback to clear behavior.
* Simplifying IPsec Policy with the Simple Policy Update
This article describes how the Simple Policy Update for Windows Server 2003 and Windows XP helps simplify policy creation and maintenance for Server and Domain Isolation deployments.
* Domain Isolation Planning Guide for IT Managers
This white paper includes an overview of the deployment process, a step-by-step guide to the planning process, and links to resources that you can use to plan and design your deployment. It does not explain how to deploy domain isolation.
* A Guide to Domain Isolation for Security Architects
This white paper describes the implications of deploying domain isolation in an enterprise environment and explains how to assess the enterprise environment and plan domain isolation.
* Setting up IPsec Server and Domain Isolation in a Test Lab
This white paper demonstrates how to set up IPsec Server and Domain Isolation in a limited test environment. It provides procedures for setting up a basic deployment, which you can use as the basis for your own deployment.
* Interoperability Considerations for IPsec Server and Domain Isolation
This white paper describes interoperability between IPsec-protected hosts running Windows Server 2003, Windows XP with Service Pack 2 (SP2), and Windows 2000 Server with Service Pack 4 (SP4) in a Server or Domain Isolation scenario and hosts that cannot use IPsec, including computers running earlier versions of Windows or non-Microsoft operating systems.
* Managing Intra-Windows Compatibility for IPsec
This white paper includes information about managing IPsec compatibility among the IPsec-capable Windows operating systems.
* How to Isolate Servers using Internet Protocol Security
This TechNet Support webcast describes how to use IPsec to isolate and help protect Microsoft Windows servers in an Active Directory environment.