Atjaunināt sīkdatņu piekrišanu

E-grāmata: Implementing Always On VPN: Modern Mobility with Microsoft Windows 10 and Windows Server 2022

  • Formāts: PDF+DRM
  • Izdošanas datums: 25-Nov-2021
  • Izdevniecība: APress
  • Valoda: eng
  • ISBN-13: 9781484277416
Citas grāmatas par šo tēmu:
  • Formāts - PDF+DRM
  • Cena: 65,42 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
Implementing Always On VPN: Modern Mobility with Microsoft Windows 10 and Windows Server 2022Palielināt
  • Formāts: PDF+DRM
  • Izdošanas datums: 25-Nov-2021
  • Izdevniecība: APress
  • Valoda: eng
  • ISBN-13: 9781484277416
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

Implement and support Windows 10 Always On VPN, the successor to Microsoft's popular DirectAccess. This book teaches you everything you need to know to test and adopt the technology at your organization that is widely deployed around the world.

The book starts with an introduction to Always On VPN and discusses fundamental concepts and use cases to compare and contrast it with DirectAccess. You will learn the prerequisites required for implementation and deployment scenarios. The book presents the details of recommended VPN protocols, client IP address assignment, and firewall requirements. Also covered is how to configure Routing and Remote Access Service (RRAS) along with security and performance optimizations. The Configuration Service Provider (CSP) is discussed, and you will go through provisioning Always On VPN to Windows 10 clients using PowerShell and XML as well as Microsoft Intune. Details about advanced client configuration and integration with Azure security services are included. You will know how to implement Always On VPN infrastructure in a redundant and highly available (HA) configuration, and guidance for ongoing system maintenance and operational support for the VPN and NPS infrastructure is provided. And you will know how to diagnose and troubleshoot common issues with Always On VPN.

After reading this book, you will be able to plan, design, and implement a Windows 10 Always On VPN solution to meet your specific requirements.


What Will You Learn
  • Prepare your infrastructure to support Windows 10 Always On VPN on premises or in the cloud
  • Provision and manage Always On VPN clients using modern management methods such as Intune
  • Understand advanced integration concepts for extending functionality with Microsoft Azure
  • Troubleshoot and resolve common configuration and operational errors for your VPN

Who This Book Is For

IT professionals and technology administrators for organizations of all sizes


Intermediate user level
About the Author xix
About the Technical Reviewer xxi
Acknowledgments xxiii
Introduction xxv
Chapter 1 Always On VPN Overview 1(6)
VPN
1(1)
DirectAccess
2(1)
Demise of DirectAccess
2(1)
DirectAccess Replacement
3(1)
Always On VPN
3(1)
Always On VPN Infrastructure
3(1)
Routing and Remote Access Service
4(1)
Network Policy Server
4(1)
Infrastructure Independent
4(1)
Modern Management
5(1)
Cloud Integration
5(1)
Summary
5(2)
Chapter 2 Plan for Always On VPN 7(14)
VPN Server
7(2)
Windows Server
7(1)
Domain Join
8(1)
Server Core
8(1)
Network Interfaces
9(1)
Network Placement
9(1)
IPv6
9(1)
Non-Microsoft VPN Devices
9(2)
IKEv2
10(1)
Windows Store Client
10(1)
Authentication Server
11(1)
Windows Server
11(1)
PKI
11(1)
VPN Protocols
12(1)
IKEv2
12(1)
SSTP
13(1)
L2TP
13(1)
PPTP
13(1)
Certificates
13(2)
SSTP
14(1)
IKEv2
14(1)
NPS
14(1)
User Authentication
15(1)
Device Authentication
15(1)
TPM
15(1)
VPN Client IP Addressing
15(1)
DHCP
15(1)
Static Pool
16(1)
Address Range
16(1)
IPv4 Subnet
16(1)
IPv6 Prefix
17(1)
Split vs. Force Tunneling
17(1)
Split Tunnel
17(1)
Force Tunnel
17(1)
Firewall Configuration
18(1)
IKEv2
18(1)
SSTP
18(1)
NAT Configuration
18(1)
Client Provisioning
19(1)
Microsoft Endpoint Manager
19(1)
PowerShell
19(1)
MECM
19(1)
Co-management
20(1)
Summary
20(1)
Chapter 3 Prepare the Infrastructure 21(38)
Security Groups
21(1)
Certificates
21(1)
Certificate Templates
22(31)
VPN Server
22(7)
NPS Server
29(6)
User Authentication
35(8)
Device Authentication
43(5)
Kerberos Authentication
48(5)
Issue Certificate Templates
53(1)
Issuing CA Servers
53(1)
Certificate Autoenrollment
54(3)
Autoenrollment GPO
55(2)
Summary
57(2)
Chapter 4 Configure Windows Server for Always On VPN 59(56)
Network Policy Server
59(1)
Preparation
60(1)
Install NPS
60(1)
Configure NPS
61(9)
RADIUS Client
61(2)
Network Policy
63(7)
Routing and Remote Access Service Server
70(1)
Preparation
70(1)
Network Configuration
70(1)
Single NIC
70(1)
Dual NIC
70(9)
External Interface
71(5)
Internal Interlace
76(3)
Static Routes
79(1)
Certificates
79(1)
IKEv2 IPsec Certificate
80(1)
Server GUI Domain-Joined
80(3)
Server GUI Non-Domain Joined
83(7)
Export CA Certificates
84(1)
Import CA Certificates
85(1)
Generate CSR
85(3)
Request Certificate
88(2)
Server Core Domain-Joined
90(2)
Create INF File
90(1)
Create CSR
91(1)
Server Core Non-Domain Joined
92(1)
SSTP Certificate
92(3)
Install RRAS
95(1)
Install RSAT
96(1)
Windows Server
96(1)
Windows 10
96(1)
Configure RSAT
96(1)
Configure RRAS
97(10)
Optimize RRAS
107(1)
IKEv2 Settings
108(5)
IPsec Parameters
108(1)
IKEv2 Fragmentation
109(1)
IKEv2 Root Certificate
110(2)
IKEv2 CRL Check
112(1)
TLS Configuration
112(1)
Summary
113(2)
Chapter 5 Provision Always On VPN Clients 115(42)
Validation Testing
115(2)
Verify Certificates
115(2)
Test Profile
117(10)
VPN Settings
117(2)
Authentication Settings
119(5)
Network Settings
124(2)
Routing
126(1)
IPsec Policy
127(1)
Test Connection
127(5)
SSTP
128(1)
IKEv2
129(1)
Device Authentication
130(2)
Profile Deployment
132(1)
Microsoft Endpoint Manager
132(1)
Profile Configuration
133(12)
User Tunnel
133(6)
Device Tunnel
139(6)
Additional Configuration
145(1)
Custom XML
145(6)
XML Configuration
146(2)
Endpoint Manager
148(3)
PowerShell Script
151(2)
User Tunnel
152(1)
Device Tunnel
152(1)
SCCM
153(1)
Group Policy
153(3)
Group Policy Object
153(1)
Policy Settings
153(3)
Summary
156(1)
Chapter 6 Advanced Configuration 157(18)
Name Resolution Policy Table
157(5)
Configure NRPT
158(4)
Proxy Server
162(4)
Global Explicit Proxy
162(1)
Global Proxy Autoconfiguration
163(2)
Namespace Proxy
165(1)
Caveat
166(1)
Traffic Filtering
166(3)
Direction
169(1)
Application Filtering
169(3)
Desktop Application Filter
170(1)
Windows Store Application Filter
171(1)
SYSTEM Application Filter
171(1)
LockDown VPN
172(1)
LockDown Limitations
172(1)
Configure LockDown VPN
173(1)
Deleting LockDown VPN
173(1)
Summary
174(1)
Chapter 7 Cloud Deployments 175(40)
Azure VPN Gateway
175(2)
Advantages
175(1)
Disadvantages
176(1)
Requirements
176(1)
Gateway SKUs
176(1)
Site-to-Site Compatibility
177(1)
Azure VPN Gateway Configuration
177(3)
User Tunnel
180(7)
NPS Configuration
180(2)
Gateway Configuration
182(3)
Client Configuration
185(2)
Device Tunnel
187(4)
Root Certificate
187(2)
Gateway Configuration
189(1)
Client Configuration
190(1)
IKEv2 Cryptography
191(2)
Update Azure VPN IPsec Policy
191(1)
Update Client Policy
192(1)
Azure Virtual WAN
193(1)
Advantages
194(1)
Disadvantages
194(1)
Requirements
194(1)
Azure Virtual WAN Configuration
194(12)
Virtual WAN Hub
196(2)
Certificate Authentication
198(1)
RADIUS Authentication
199(1)
Point-to-Site Connection
200(2)
VNet Connection
202(1)
Client Configuration
203(3)
Windows Server RRAS
206(1)
Supportability
206(1)
Azure RRAS Configuration
207(7)
Public IP Address
207(3)
Inbound Traffic
210(1)
Client IP Subnet
210(1)
IP Forwarding
210(1)
Routing
211(3)
Third-Party VPN in Azure
214(1)
Summary
214(1)
Chapter 8 Deploy Certificates with Intune 215(54)
Deployment Options
215(1)
PKCS
215(1)
SCEP
216(1)
PKCS Certificates
216(10)
CA Permissions
217(1)
Certificate Template
218(8)
Install Certificate Connector for Intune
226(9)
PKCS Intune Configuration
235(4)
Export CA Certificates
235(1)
Deploy CA Certificates
236(3)
PKCS User Certificate
239(5)
PKCS Device Certificate
244(2)
SCEP Certificates
246(9)
Service Account
246(1)
CA Permissions
246(2)
Certificate Template
248(7)
Install NDES
255(3)
Configure NDES
256(2)
Publish NDES
258(1)
NDES TLS Certificate
258(1)
Install Intune Certificate Connector
259(1)
SCEP User Certificate
260(5)
SCEP Device Certificate
265(2)
Summary
267(2)
Chapter 9 Azure MFA Integration 269(20)
Azure MFA
269(1)
Is MFA Necessary?
270(1)
Risk Mitigation
270(1)
Certificate Authentication
270(1)
Additional Considerations
271(1)
Recommendation
271(1)
Azure MFA with NPS
271(1)
Requirements
272(1)
Install NPS Extension
272(4)
Update RRAS Authentication
274(1)
Certificate Management
275(1)
Troubleshooting Script
275(1)
Azure Conditional Access
276(1)
Requirements
276(1)
Configure Azure Conditional Access
276(4)
VPN Root Certificate
276(1)
Publish Certificate
277(1)
Verify Certificates
278(2)
NPS Configuration
280(2)
Update NPS Policy
280(2)
Conditional Access Policy
282(2)
Create Policy
282(2)
Client Configuration
284(2)
Endpoint Manager UI
284(1)
EAP Configuration
285(1)
Custom XML
286(1)
Third-Party MFA
286(1)
Summary
287(2)
Chapter 10 High Availability 289(22)
VPN High Availability
289(1)
Prerequisites
289(1)
Windows NLB
290(1)
Limitations
290(1)
Configure NLB
291(2)
Create NLB Cluster
291(1)
Add Cluster Nodes
292(1)
Server Core
293(1)
External Load Balancer
293(1)
External Load Balancer Configuration
294(1)
NPS High Availability
295(4)
Prerequisites
295(1)
Update Client Configuration
296(2)
Update VPN Configuration
298(1)
NPS Load Balancing
299(1)
DNS Alias
299(1)
External Load Balancer
300(1)
Certificate Configuration
300(2)
Geographic Load Balancing
302(1)
Azure Traffic Manager
303(1)
Azure Traffic Manager and IKEv2
303(1)
Azure Traffic Manager Profile
303(6)
Validation Testing
307(1)
DNS Alias
308(1)
Summary
309(2)
Chapter 11 Monitor and Report 311(18)
RRAS Management Console
311(4)
Adding Servers
311(1)
Firewall Requirements
312(1)
System Health
313(1)
User Activity
314(1)
Remote Access Management Console
315(7)
Overview
315(1)
System Health
316(1)
User Activity
317(2)
Customize Headings
319(1)
Reporting
320(2)
PowerShell
322(1)
System Health
322(1)
User Activity
322(1)
Log Files
322(1)
Disconnecting Sessions
323(1)
Management Consoles
323(1)
PowerShell
324(1)
Permanent Disconnects
324(3)
User Connections
325(1)
Device Connections
325(2)
Summary
327(2)
Chapter 12 Troubleshooting 329(20)
Common Error Codes
329(1)
809
330(3)
Common Causes
330(1)
Testing
331(1)
Port Probe
332(1)
Network Trace
332(1)
812
333(3)
Group Membership
333(1)
Authentication Type
334(1)
NPS Communication
334(1)
Azure Conditional Access
335(1)
Event Logs
335(1)
Other Causes
336(1)
13801
336(1)
Testing
336(1)
13806
337(1)
Missing Client Certificate
338(1)
Missing Server Certificate
338(1)
13868
338(3)
VPN Server
338(1)
VPN Client
339(1)
Registry Setting
340(1)
NPS Configuration
340(1)
853
341(1)
Missing Certificate
341(1)
858
342(1)
864
343(2)
Certificate Assignment
343(2)
Root Certificate
345(1)
798
345(1)
Permissions
345(1)
TPM
345(1)
Other Known Issues
345(3)
Clients Prompted for Authentication
346(1)
RRAS Service Won't Start
346(1)
Load Balancing and NAT
346(1)
SSTP Connect/Disconnect
347(1)
Custom Cryptography Settings Ignored
347(1)
Summary
348(1)
Index 349
Richard Hicks is the founder and principal consultant at Richard M. Hicks Consulting, Inc. He is a widely recognized enterprise mobility and security infrastructure expert with more than 25 years of experience implementing secure remote access and Public Key Infrastructure (PKI) solutions for organizations around the world. Richard is a former Microsoft Most Valuable Professional (MVP 2009-2019) and is active in the online community, sharing his knowledge and experience with IT professionals on his blog and through various social media channels. Visit his web site https://www.richardhicks.com/ or connect with him on Twitter @richardhicks.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97814842774162e.html
Keywords: