A few months ago, I wrote about the release of the Simple Policy Update for Windows Server 2003 and Windows XP. This enhancement for Windows IPsec helps radically reduce the complexity of Server and Domain Isolation deployments.
I can speak from first hand experience, having recently built a new demo that included Server and Domain Isolation and Forefront Client Security (currently in a limited beta). Having the features in the Simple Policy Update made the creation of even this fairly straight forward Server and Domain Isolation policy that much easier.
The secret sauce of this update comes from learnings included in the AuthIP functionality now in Windows Vista and Windows Server "Longhorn". The Simple Policy Update includes small subset of the AuthIP feature set, but it is enough to make a big difference in policy creation and (more importantly) maintenance.
Although it has created a great deal of interest, we've been hearing from customers, partners and 'softies that they would like some more information on how it works and when to use it. Thanks to my awesome program management team, we now have a brand new TechNet article with some great insights:
Simplifying IPsec Policy with the Simple Policy Update
Check the article out and give the Simple Policy Update a test drive today. Also, this update will be included in the upcoming Service Pack 2 for Windows Server 2003.