Our team focuses on cutting edge customer and partner experiences for existing and new Windows Server and Cloud releases.
In this blog post, we would like to highlight the work we have done with Independent Software Vendor partners who are adopting key new features we’re delivering in Windows Server 2012. Robert Paige is a program manager in the Windows Server Partner and Customer Ecosystem Team who worked extensively with Independent Software Vendor Partners during the development of Windows Server 2012. He helped to facilitate engagements with many software vendors throughout our development cycle; companies delivering on security, anti-malware, management, virtualization, backup and storage solutions, and everything in between. Their solutions showcased our new technologies and the flexibility to extend and enhance complete end-to-end solutions for our mutual customers. In his series of blogs, he will highlight one of the many new features in this release, Dynamic Access Control.
Principle Group Program Manager, STB Partner and Customer Ecosystem Team
TechEd North America 2012 had its 20th anniversary June 11-14 in Orlando, Florida – those who arrived the day before were treated to an impressive thunder storm to kick things off, estimated to have 4000 lightning strikes in a period of 30 minutes. It wasn’t hard to simply point a camera into the sky and capture the electricity in the air as over 11,000 customers, partners, speakers, and staff arrived. The days ahead proved to be a very successful display of all the hard work we’ve done over the past few years on Windows Server 2012, SQL Server, System Center, Windows Azure and SQL Azure.
This is the first of the Partner Ecosystem Team series of blogs that will be focused on a very exciting feature in Windows Server 2012, Dynamic Access Control. In it, we will be showcasing some partners who are doing innovative work in this scenario, adding to a robust ecosystem of products ready to support it. Dynamic Access Control is a set of Windows capabilities that enable data compliance in partner and Windows-based solutions.
In Day One of the conference, Gunjan Jain joined Nir Ben-Zvi to show attendees the Data Classification Toolkit, which is designed to help reduce the cost and complexity of data compliance, and help organizations consistently identify, classify, and protect data across multiple file servers. Nir Ben-Zvi gave an overview of Dynamic Access Control, and showed five demonstrations of partner solutions by Websense, STEALTHbits Technologies, NextLabs, GigaTrust and RSA Security. The capabilities in Windows Server 2012 in-box do not require these solutions, but the partners were able to extend our technology into their products, ensuring automatic RMS encryption of non-Microsoft document formats, applying central policy to SharePoint servers, and easing migration and assist in policy lifecycle management.
The first partner solution we demonstrated was Websense Data Loss Protection , a DLP solution built on the foundation of Websense data classification expertise, which allows organizations to accurately monitor, identify, classify, and ensure protection and proper use of sensitive information—as it is being authored, without the need for manual intervention. It has hundreds of built in classifiers, which extend FCI to also include proximity analysis and statistical analysis to anticipate the accuracy of the analysis it provides, all helping to tag and enforce the policies that are consistent with Dynamic Access control. Our technology can then use the tags in conjunction with Central Access Policy to control file access.
The next partner solution was from STEALTHbits Technologies, which showed how integrating Dynamic Access Control’s expression based conditional permissions into the StealthAudit Management Platform can help assess and plan a migration to the new capabilities showing the impact of reducing the number of security groups which solves a common problem in today’s enterprises. The solution provides simple analysis of a customer’s existing access permission model to help determine the most effective way to transform the access control to use Windows Server 2012’s new conditional based permissions.
The third partner demonstration was provided by NextLabs, which highlighted their management interface for Dynamic Access Control’s Central Access Policy lifecycle management, compliance policy accelerators, and most important – the ability to apply Dynamic Access Control to protect data on Microsoft SharePoint based on user classification of their documents utilizing Windows Server 2012 File Classification Infrastructure prior to putting them into SharePoint. On a Windows Server 2012 machine, the access is governed by Central Access Policy. When the data is uploaded to SharePoint, the classification properties can be automatically maintained to retain the Dynamic Access Control policy. In this scenario, the document will not even be visible to a user who doesn’t have the correct permissions as established by Windows Server 2012 central access policy. This is very frequent customer ask to be able to apply the same central access policy on the Windows server and extend it automatically and consistently into Microsoft SharePoint; NextLabs makes the lifecycle management to do this easily using the NextLabs Control Center Policy Manager as they showed in their demonstration video.
Another demo by Gigatrust followed, which demonstrated extending Windows Server 2012’s ability to automatically encrypt sensitive information with Windows Rights Management based on document classification -- They enhanced this technology in Gigatrust Protector for SharePoint by extending the ability to encrypt the information and apply central access policies to RMS. The encryption can be applied to a variety of additional document formats beyond Microsoft formats. The protection is persistent; both on the file server and in transit beyond the secure environment, ensuring compliance policy established in Windows Server 2012 can be retained throughout the document lifecycle.
The last demonstration in the session was provided by RSA, The Security Division of EMC, which integrated Windows Server 2012 expression-based auditing event enhancements into their RSA NetWitness product. This demonstration showed how RSA leveraged the improved audit events to give customers even more flexibility in forensic analysis of Windows Server 2012’s improved metadata content and contextual information in audit logs. Analysis of a very large set of events by NetWitness helps administrators to more easily extract only data that is relevant to an investigation, speeding up the process of consuming a large amount of events that are now more easily isolated by the improvements in Windows Server 2012.
As you can see, Windows Server 2012 has made tremendous advancements in file classification, policy management, compliance enforcement, and simplicity for both the user and the administration for customers in both small business environments and the largest of companies. Our Partner and Customer Ecosystem team ensured that the needs of the customers were met by facilitating the Independent Software Vendors in developing ISVs solutions that showcase and augment the exciting new capabilities of Windows Server 2012 Dynamic Access Control. In the coming weeks, we will go into deeper detail about Dynamic Access Control improvements, and highlight even more partners who provided demonstrations for day 2 of TechEd 2012 (SIA341), including Titus, JiJi Technologies, CA, Axiomatics; additionally we will are highlighting Dataglobal TechEd Europe 2012, June 26-29 in Amsterdam.
· An Overview of Dynamic Access Control (Nir Ben-Zvi, Gunjan Jain)
· Dynamic Access Control Deep Dive (Siddharth Bhai, Matthias Wollnik)
· Dynamic Access control Best Practices and Microsoft IT Case Studies
· Keeping your Data Safe, and Introduction to Information Protection Technology
· TechNet manual (Beta): http://technet.microsoft.com/en-us/library/hh831717.aspx
· Data Classification Toolkit (Beta): https://connect.microsoft.com/site715
· Hands on lab: http://technet.microsoft.com/en-us/windowsserver/hh968267.aspx (Using Dynamic Access Control to automatically and centrally secure data)
· Dynamic Access Control at MMS 2012: http://channel9.msdn.com/posts/Dynamic-Access-Control-Demo-and-Interview
· Nir Ben-Zvi’s Introduction to Windows Server 2012 Dynamic Access Control blog
Senior Program Manager, Partner and Customer Ecosystem Team
Windows Server and Cloud Division