New feature : Adjust the level of protection provided by Security Server in Windows Essential Business Server 2008

Security is of paramount importance in organization any size; it is no surprise that strong security solutions are deployed to protect various assets that provide the competitive advantage in the ever so challenging medium-sized business (up to 300 users/devices) segment. In many such organizations, it is common to find one security solution that is used to secure the perimeter; another security solution to protect the client computers; another completely different solution to protect the web portals; and, yet another security solution to check the hygiene of key traffic like mail and web data. Many organizations are only now starting to come to grips with the hidden costs that are associated with the proliferation of multiple security technologies : uncoordinated protection from multiple silos of security, complexity with the heterogeneity of the solutions, lack of interoperability between vendors, increased security risks with inherent delays in adjusting one system for changes to another, higher cost of ownership, lack of business process integration or network operating system integration.

Windows Essential Business Server 2008 (Windows EBS 2008) represents a breakthrough in security services technology that overcomes the previously mentioned obstacles, maintains flexibility, and helps organizations avoid increased infrastructure costs. Windows EBS 2008 provides a Security Server as a part of the integrated solution suite that provides integrated security, coordinated protection across different technologies, best practice deployment of all security technologies installed, the ability to restore the entire server or solution configuration across multiple servers, better visibility of security issues across technologies, integrated management console and faster response to any security threats. In essence, Security Server in Windows EBS 2008 enables access anywhere while providing protection everywhere. The technologies that make this possible include Forefront Threat Management Gateway (Forefront TMG) and the Edge transport role of Microsoft Exchange Server 2007 that are installed on the Security Server.

While Windows EBS 2008 Security Server is intended to handle the security challenges from the perimeter of the organization all the way to the data flow of key traffic like mail or web access, it is sometimes necessary to coexist with existing security solutions like hardware firewall on the perimeter or existing email anti-spam solution that may have had a significant investment in it. To facilitate such cases, the Security Server is designed to also be deployed in a configuration behind an existing firewall, rather than be the perimeter firewall. With such a configuration, IT administrators need to put in appropriate rules in Forefront TMG to allow for traffic to flow from internal network to the existing firewall and vice versa. Feature Pack 1 for Windows Essential Business Server 2008 makes this simpler by providing a simple user interface to allow administrators to select the security level enforced by the Security Server, thereby eliminating the need to reconfigure Forefront TMG. The feature pack adds a task to Network Firewall component in the Security tab of the integrated management console. The task is also available during the setup process as a part of the Configuration and Migration tasks for those installing Windows EBS 2008 here on forward. The task launches a simple dialog that allows you to adjust the security level using a sliding scale of progressively increasing security as you go from the lower levels to the “high” level:

The levels are based on end user security concepts that map to different functionality in the multiple products across multiple servers. This provides a simplified user interface that allows administrators to :

- Automatically detect the current state to map it to the grouping based on common security concepts

- Offload the basic packet filtering to the front end firewall while optimizing the Security Server for handling higher layer protocol filtering and deep packet inspection

- Turn on or off advanced features like web publishing and intrusion detection

- Select progressively increasing levels of security that helps them identify the most secure level that works with existing solutions

- Manage the groupings the same way all the way from pre-deployment stage through setup to post-deployment management phase

Commonly used, highly valuable features like web caching are left enabled even in the lowest setting to provide these benefits to the organizations.

Organizations, partners, and administrators who want to integrate their Security Server in Windows EBS 2008 into a network with an existing firewall now have a capability that enables a single-click reconfiguration of their Security Server to the desired level.

For more information about the different configuration changes made at each level, see Change the Security Level in the Windows Essential Business Server Technical Library.

For more information about ways that Windows EBS 2008 helps secure a company's IT infrastructure, see Security and Protection in the Windows Essential Business Server Technical Library.

As always, your comments and questions are welcome!

Kannan C Iyer

Program Manager, Windows EBS

Microsoft Corporation