The Microsoft IT group helps protect the corporate network using domain isolation with IPsec. You can read about it here.
The Microsoft Solutions for Security (MSS) team has recently released a Server and Domain Isolation Using IPsec and Group Policy paper. This solution demonstrates how IPsec transport mode can be leveraged as one of the best means currently available to protect corporate networks and minimize losses due to information theft, compromise of credentials, and administrative costs. This solution also clearly contrasts IPsec transport mode with the more widely known IPsec tunnel mode, one of the prevalent VPN technologies today.
Full article at <http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx>
Improving Security with Domain Isolation: Microsoft IT implements IP Security (IPsec)
Detailed discussion on how Microsoft IT introduced Domain Isolation to the Microsoft global enterprise network, to prevent unauthorized access to trusted assets. The technology chosen for isolation is Internet Protocol Security (IPsec), a standards-based approach to authenticating network traffic, which can be deployed and managed centrally through the use of Group Policy. The result of these efforts is a secure, segmented network of trusted computers. Downloads (Technical White Paper, Technical White Paper Presentation)
Full article at <http://www.microsoft.com/technet/itsolutions/msit/default.mspx>
Using IPsec for Network Protection: Part 1 of 2 :http://www.microsoft.com/technet/community/columns/secmgmt/sm121504.mspx
TechNet Support WebCast: How to use IPSec to help secure network traffic http://support.microsoft.com/default.aspx?scid=kb;en-us;888266
TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 1 of 3): Overview of Internet Protocol Security (Level 300)
This is pretty exciting stuff.
The use of IPSec, PKI Security Certificates and Group Policy for authentication and enabling authorization models have received a lot of attention this year. This is great news. As large enterprises expand their scope and scale of user resource needs
(example: mobile PoS Self Service environments, Cell Phone personal PoS, RFID, channel partner services, etc...), It will be interesting to see how this might affect AD and ADAM enterprise architecture designs in the future.
Furthermore, as these security systems become more standard in the enterprise, it could potentially decrease the amount of authentication and authorization complexity in each siloed applcation introduced into the data center. Thus it could decrease TCO of a multitude of solutions (Unix as well as Microsoft). A predictable and consistent model
So this guy goes into the doctor's office and says " Doctor, IPSec..." &lt;sound of phonograph needle...