We suggest the following:
Its easy to open ports on internet, but security is primal concern. Are you using optimal pre authentication at border ISA/TMG servers along with reverse proxy of resources inside. Are you using TMG URL filtering to block categories of URLs from access for employees. Are you using ISP redundancy to truly achieve failover of ISP links for agreegation of bandwidth as well as failover or high availability. Either you develop floor wise VLANs on network switches or rooms wise. With Microsoft Network Access Protection it is possible to design your network to segment based on membership of AD groups or attributes like departements which is more logical break down. 802.1x capable switches allows that. MetalSoft is first organization to enable such functionality in Pakistan, check our corporate profile below. Also with NAP you can block access to your network switches (wired as well as wireless) so that AD-domain joined machines land into a different network VLAN from guests besides auto remediation of missing OS patches. Are you worried about document security and information leakage?. Let us help you with Microsoft AD-RMS 128 bit encryption along with Federation outside to other organizations as well as MSN identities. It can be made to work even on blackberry and Apples devices. Centralize you authentication using Active Directory as source of identity for all applications using IdMfamily of products from Microsoft. Replication based solution from Microsoft allows to sync all identity stores from Oracle, IBM, Lotus, HR Modules and other platforms and applications with Active Directory. This allows automatic provisioning and deprovisioning of users accross multiple applications in organization and makes overall identity management automatically managed. Centralize your authorization using AzMan component of Microsoft for Active Directory. It is natural and easy to provide rights and permissions across the enterprise various applications like Oracle, IBM, SAP using Active Directory groups and users and AD-Snap Ins like of AzMan. Microsoft provides Authorization Management Solution built right into windows server Operating System to help achive that. Implement enterprise Single Sign On (SSO) between various applications like SAP, Oracle, IBM and windows active directory. Using Microsoft Active Directory Federation Services, it is possible to program this functionality. If your antivirus is being updated but not your windows desktop Operating systems, then you are only half way to be secured. With MS Forefront End Point protection deployed on top of MS SCCM, patching for both is performed and handled under same framework. You are worred about centralization of audit logs of all the critical servers and services but servers often run of limited log space. Consider MS System Center Audit Collection Services so that temper resistant, consolidation audit database can be developed with no worry for lossing crucial audit data.
With Microsoft Unified Access Gateway it is possible to publish resources to internet for employees or external audience for VPN or other purposes. And it's done in much more secured way with UAG. It is possible to develop a single portal containing web access for exchange, web access for OCS/Lync and published sharepoint site all on a single portal address.
Direct Access, Proxy access.
Sharepoint STS for external users
With Exchange ActiveSync
helpdesk and service catalog
Visio Services based monitoring
Exchange upgrade/migration: first 2010 of region.
DPM backup onsite cross site
HyperV Farm or SQL Farm with active active clustering
Network OS Deployment
Deployment of these teachnologies is our experise and we cover almost all of the infrastructure products of Microsoft, Contact us for that for further information.
We host and hone best of breed Microsoft Infrastructure consultants at architect level capable of designing complex infrastructure solution. Contact us for further inforamtion.
Your servers are down, for exmaple MS Exchange is not operational and require help with timely bringing the services up, contact us.