Professional Documents
Culture Documents
Migration to a
de-perimeterised
environment
Paul Dorey
BP &
Jericho Forum Board
Current Architecture
Flat Architecture
Heterogeneous
Barriers &
Chokepoints
Us and
Them
Internet
FIREWALL
Outsiders
BP
Partners
Extranet
Solutions?
Wireless
VPNs
IDS/IPS
Discovery
Push Patch/Cfg.
NAC/NAP
Technology Drivers
Exploding connectivity and complexity
Security Drivers
Insiders
Outsiders inside
1.
Net
3.
Net
4.
Net
Net
Net
Internet
accessible
Apps
Bus Apps
Apps
Apps
MDC
x450
consolidated
450
Virtual
Bus Apps
Apps
Data Centres
Beyond PassPort
PassPort
2006 Delivery
expose app
not network
choice of
Device
Connectivity
Support
Auto-maintaining
User provided
Support choice
DCT
<< $
BP
Net
seamless,
secure access
good
apps access
full network
access
wired &
wireless access
Applications &
Access Strategy
Simplify client, apps
and access
Explorer
Apps
internet based
simplify client
wireless access
User maintained
BP provided
Self supported
<$
BP maintained
BP provided
BP supported
=$
Global Infrastructure
Internet
accessible
Apps
Bus Apps
seamless,
secure access
Net
expose app
not network
servers
Data Centres
Delivery of Vision
BP
Single, consumer-style
client environment
Seamless, secure connectivity
Strategic
Tactical
Living on
the web
Device &
Network
Security
Device
Connectivity
Support
Apps
Auto-maintaining
User provided
Support choice
DCT
MDC
x450
no local
consolidated
Virtual
Bus Apps
Apps
Access
Security
Beyond PassPort
choice of
Apps
Apps
BP
<< $
Apps
Enhanced
functionality,
freedom and
choice
BP maintained
BP provided
BP supported
=$
Global Infrastructure
Strategic
SSL
~2008
(SRA)
Tactical
SSL
VPN
no client software
device and location
agnostic
Outlook
2003
firewall friendly(RPC/HTTP)
connects at the application layer
only requires access
security
SharePoint
no direct contribution to single sign-on
(RDP/HTTP)
Current
IPSec
VPN
New business
application
Legacy business
Legacy business
application
Shrink-wrap
application
(offlineapplication
use)
Remote (offline use)
Virtual AppLocal
~ Local
Virtual App
Virtual App
DCT
Global Infrastructure
Browser
Strategic
Remote
Client
Tactical
virtualisation
technology
Thick
Client
Current
virtualisation
technology
Thick
Client
DCT
Smart
Client
SharePoint
direct SSL
access to web app
New business
application
Legacy business
application
= < $ Remote
Virtual App
Shrink-wrap
application
(offline use)
= <~ $Local
Virtual App
Legacy business
application
(offline use)
Local
Virtual App
Global Infrastructure
BP PassPort
Internet connectivity
BP PassPort
Explorer
Vendor updates
Backup to file server
or no backup solution
BP network & Internet
connectivity
Controlled updates
and policies
Business Apps
Local (scripted/tested)
Shrink-wrapped Apps
Local (scripted/tested)
BP provided device
BP proviided support
Perimeter / Device
Security
DCT
BusinessSecurity
Apps Services
In the Cloud
Virtual (scripted/tested)
Shrink-wrapped Apps
LocalBP(not
scripted/tested)
Expose
Services
to the Internet
Virtualise
Businessdevice
Applications
User provided
Vendor updates
Business Apps
Remote (scripted/tested)
Shrink-wrapped Apps
Local (not scripted/tested)
Choice of Support
Device/Network/Access
Security
Beyond
PassPort
Activity
BP provided
deviceset prioritised
in terms of
Self Support
ITStrategy
Device / Network
Business Strategy
Security
Global Infrastructure