Server and Domain Isolation Information on TechNet

I noticed today on Jesper's blog that Microsoft has a dedicated web site for the discussion of Server and Domain Isolation solutions.

As quotes on the website:

A Server and Domain Isolation solution based on Microsoft Windows IPsec (Internet Protocol security) and Active Directory enables administrators to dynamically segment their Windows environment into more secure and isolated logical networks based on policy and without costly changes to their network infrastructure or applications. This creates an additional layer of policy-driven protection, and helps better protect against costly network attacks, helps prevent unauthorized access to trusted networked resources, achieve regulatory compliance, and reduce operational costs.

I haven't looked much into this, but I like the premise. I really like the ability of segmenting the environment into more secure zones. You might remember that I talked about zone separation when discussing The "Higher Security Mindset" - Seven Best Practices to Keep you Safe.

There are some great whitepapers on the site discussing how to implement IPSec and Group Policy to do this. I highly recommend that you take some time to check it out.

Thanks for the pointer Jesper!