{ technical overview} v.hilbert microsoft student partner...
TRANSCRIPT
{ Technical Overview}
V.HilbertMicrosoft Student Partner
V-Hilbert-MSP.Spaces.live.comHilbertV.blogspot.com
Business Results& New Value
End User Productivity
CustomerConnection
Keep BusinessUp & Running
SecurityCompetition
TechnologyChange
RegulatoryCompliance
CostReduction
More Pressure than Ever on IT
SecurityWeb Virtualization
Solid Foundation for Your Business Workloads
Windows Server 2008
Reduces costs, increases hardware utilization, optimizes your infrastructure,
and improves server availability
Delivers rich web-based experiences
efficiently and effectively
Provides unprecedented levels of protection for your network, your data, and your business
Most flexible and robust Windows Server operating system to dateProvides the most versatile and reliable Windows platform for all of your workload and application requirements
Management Reliability
SolidFoundation
Windows Server ManagerWindows PowerShellWindows Deployment
Services
Server CoreNext Generation NetworkingHigh Availability Clustering
Most Flexible and Robust Windows Server Operating System to Date
Windows PowerShell
New Command-line shell & Scripting Language
Futures
Improves productivity & control
Accelerates automation of system admin
Easy-to-use
Works with existing scripts
Remote server management via WMI
Will ship in WindowsAdmin GUIs layered over PowerShellOne-to-many remote management using WS-MGMT
Partners
Solid Foundation
SolidFoundation
Windows PowerShell Resources
Hundreds of Scripts
Books & Training Materials
Community Support
MS MVPs
PowerShell Team Blog
Active Newsgroup
Channel 9: DFO Show
IIS.net
Manning Publications
O’Reilly Media
Sapien Press & others…
TechNet ScriptCenterExchange Server 2007Terminal ServerWMI, Registry, Hardware, etc.Community-Submitted scripts
MyITForum.com
Solid Foundation
demoPowerShell
Solid Foundation
Server Manager
Product Installation
Initial Configuration
Managing Windows Server 2008 Solid Foundation
Server Manager
demoSolid
Foundation
Server Core
Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems
Windows Server Core
GUI, CLR, Shell, IE, OE,
etc.
WSv
DHCP
DNS
File Print
Only a subset of the executable files and DLLs installedNo GUI interface installedFive available Server RolesCan be managed with remote tools
AD DS
AD LDS
Media
Solid Foundation
Server Core
demoSolid
Foundation
Complete Redesign of TCP/IP
Insp
ection
AP
I
WSK
WSK Clients TDI Clients
NDIS
AFD
TDX
TDI
Winsock User Mode
Kernel Mode
Dual-IP layer architecture for native IPv4 and IPv6 supportImproved Network Performance TroubleshootingImproved performance via hardware acceleration and autotuningGreater extensibility and reliability through rich APIsCompletely manageable through Group Policy
Next Generation TCP/IP Stack (tcpip.sys)
IPv4
802.3 WLAN Loop-back
IPv4 Tunnel
IPv6 Tunnel
IPv6
RAWUDPTCP
Next Generation TCP/IP Stack (tcpip.sys)
IPv4
802.3 WLAN Loop-back
IPv4 Tunnel
IPv6 Tunnel
IPv6
RAWUDPTCP
Solid Foundation
Key New Networking FeaturesReceive Window Autotuning Windows Filtering Platform
Receive Side Scaling Policy-based Quality of Service
Automatically senses network environment and adjusts key performance settings
Allows increase of the size of the TCP/IP send / receive window
Provides filtering capability at all layers of the TCP/IP protocol stack
Integrates and provides support for next-generation firewall features
Previous Windows operating systems limits receive protocol processing to single CPU
RSS resolves this issue by allowing network load from a network adapter to be balanced across multiple CPUs
Prioritize or manage the sending rate for outgoing network traffic
Both DSCP marking and throttling can be used together to manage traffic effectively
Solid Foundation
Solid FoundationWindows Firewall w/ Advanced Security
Combined firewall and IPsec managementFirewall rules become more intelligentPolicy-based networking
Hub Site
Branch Office
Branch Office Benefits
OptimizationSysVol ReplicationDFS ReplicationProtocols
SecurityBitLockerServer CoreRead-Only Domain ControllerRole Separation
AdministrationPrint Management ConsolePowerShell, WinRS, WinRMVirtualizationRestartable Active Directory
Solid Foundation
Failover Clustering
Heartbeat
New Validation WizardSupport for GUID partition table (GPT) disks in cluster storageImproved cluster setup and migrationImprovements to stability and security – no single point of failureIPv6 supportGeographically dispersed clusters
NodeA
Active Node
NodeB
Passive Node
Solid Foundation
Windows Deployment Services
Rapidly deploy Windows operating systems
Updated and redesigned version of Remote Installation Services (RIS)
Server components
Client components
Management components
Windows Deployment Services provides several enhancements to RIS
WDS
Windows Vista
Windows Server 2008
Solid Foundation
Reliability and Performance Monitor
Combines functionality of previous stand-alone tools
Tracks system changes
Provides new functionality
Solid Foundation
Deliver Rich Web-based Experiences Efficiently and Effectively
Internet Information Services 7.0
Windows SharePoint Services
Web
Windows Media Services
WebIIS 7.0 Overview
IIS 7
Customization
Troubleshooting
Administration
Enhanced security and reduced attack surface
True application xcopy deployment
Application and health management for WFC services
Web
IIS 7.0 Web Administration
Enhanced Web Administration atEvery Stage in the Application Lifecycle
Deploy
Host
Manage
Troubleshoot
Simpler Application Deployment to Web
Farms & UNC Shares
More Secure, Reliable Application Hosting
Greater Productivity Via Delegated Management
& Better Tools
Reduced Downtime From Faster
Troubleshooting
Web
Managing Your Web with IIS 7.0
• Arsenal of Admin Tools
• Delegated Management
• Secure Remote Management
• Shared Config for Web Farms
IIS7
Better ToolsIntuitive, Task Oriented GUI.NET Management APIUnified WMI Provider for IIS/ASP.NETPowerful Command Line SupportRich Runtime State InformationAutomatic Failure Tracing & Logging
IIS7
IIS7
Site Owner Web.config
XML
Delega
tion
XCopy
Deplo
y
Administrator
Internet
Manage Remotely
Secure HTTPS
AppHost.config
XML
SharedConfig
Shared App Hosting
UNC
Web FarmApp
Web
Windows SharePoint Services
WSS
Administration model enhancements
New and improved compliance features and capabilities
New and improved operational tools and capabilities
Improved support for network configuration
Extensibility enhancements
Web
Windows Media Services
Ultimate StreamingExperience
Fast Streaming delivers instant-on/always-on
Intelligent Streaming optimizes the experience
WMS
Dynamic ContentProgramming
Manage channels on-the-fly
Generate revenue with Lead-In and Interstitial Ads
Industrial-StrengthPlatform
Increases industry-leading scalability
Rich administration with broad range of tools
Web
Optimize Your Infrastructure and Improve Server Availability
Terminal Services
RemoteApp
Terminal Services Gateway
Windows Server Virtualization
Virtualization
Virtualization Technologies
Windows Server Virtualization
Server VirtualizationPresentation
Virtualization
Application Virtualization
Desktop Virtualization
Management
Virtualization
Virtualization
Windows Server Virtualization
Greater Scalability and improved performance
x64 bit host and guest support
SMP support
Increased reliability and security
Minimal Trusted Code base
Windows running a foundation role
Better flexibility and manageability
New UI/Integration with SCVMM
AMD-V / Intel VT
Windows Hypervisor
VM 1“Parent”
VM 2“Child”
VM 3“Child”
VirtualHard Disks
(VHD)
Hardware
Windows Server 2003
Virtual Server 2005 R2
VM 2 VM 3
Virtualization
Application Virtualization
Application Isolation
Dynamic Streaming
System Center Integration
Software as a Centrally-managed Service
Available through…
Virtualization
Terminal Services Gateway
Ext
ern
al F
irew
all
Inte
rnal
Fir
ewal
l
InternetPerimeter Network
Corporate Network
Remote/ Mobile User
Terminal Services Gateway
Network Policy Server
Active Directory DC
Tunnels RDP over HTTPs
Strips off RDP / HTTPs
Terminal Servers and other
RDP Hosts
RDP traffic passed to TS
Internet
Virtualization
Terminal Services RemoteApp
Terminal ServicesGateway Server
• Remote programs integrated with local computer
• Centrally configure a terminal server with the Terminal Server Configuration console
• RemoteApp console used to make application available
• Also used to make programs available via TS Web Access
• Programs look like they are running locally
• Only supported by Remote Desktop client 6.0, or newer
Remote Desktop client
required
Virtualization
Virtualization Investments
ManagementInfrastructure ApplicationsInteroperabilityLicensing
Create agilityBetter utilizeserver resourcesPartner with AMD and Intel
Ease consolidationonto virtual infrastructureBetter utilizemanagementresources
Supportheterogeneityacross thedatacenterOSP (Open Specification Promise) VHD
AcceleratedeploymentReduce the cost of supportingapplications
Deliver cost-effective, flexible and simplified licensingRoyalty Free VHD format
A Multi-level Approach
Terminal Services
Virtualization
Terminal Services
demoVirtualization
Hardens Operating System and Increases Environment Protection
Read-Only Domain
ControllerNetwork Access
Protection
Federated Rights
Management
Security
Server Protection Features Security
Development Process
Secure Startup and shield up at install
Code integrity
Windows service hardening
Inbound and outbound firewall
Restart Manager
Improved auditing
Network Access Protection
Event Forwarding
Policy Based Networking
Server and Domain Isolation
Removable Device Installation Control
Active Directory Rights Management Services
Security Compliance
Security
Windows Server 2008 Hardening
Windows® XP SP2/Server 2003 R2
LocalSystem
Windows Vista/Server 2008
Network Service
Local Service
LocalSystemFirewall Restricted
Network ServiceNetwork Restricted
Local ServiceNo Network Access
LocalSystem
Network ServiceFully Restricted
Local ServiceFully Restricted
Security
BitLocker™ Drive Encryption
Group Policy allows central encryption policy and provides Branch Office protection
Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System
Uses a v1.2 TPM or USB flash drive for key storage
Full Volume Encryption Key
(FVEK)Encryption
Policy
Security
Network Access Protection
RemediationServers
Example: PatchRestrictedNetwork
WindowsClient
Policy compliant
NPSDHCP, VPN
Switch/Router
Policy Serverssuch as: Patch, AV
Corporate Network
Not policy compliant
What is Network Access Protection?
Cisco and Microsoft Integration Story
Health Policy Validation Health Policy Compliance
Ability to Provide Limited Access Enhanced Security
Increased Business Value
Security
1
RemediationServers
Example: Patch
Using Network Access Protection
RestrictedNetwork
1
WindowsClient
2
2 DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
3
3 Network Policy Server (NPS) validates against IT-defined health policy
4
If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4)
Not policy compliant
5 If policy compliant, client is granted full access to corporate network
Policy compliant
NPSDHCP, VPN
Switch/Router
4
Policy Serverssuch as: Patch, AV
Corporate Network5
Client requests access to network and presents current health state
Security
Network Access Protection
demoSecurity
AD Rights Management Services
AD RMS protects access to an organization’s digital files
AD RMS in Windows Server 2008 includes several new features
Improved installation and administration experience
Self-enrollment of the AD RMS cluster
Integration with AD Federation Services
New AD RMS administrative rolesInformation Author The Recipient
RMS ServerSQL AD
Security
Active Directory Federation Services
AD FS provides an identity access solution
Deploy federation servers in multiple organizations to facilitate business-to-business (B2B) transactions
AD FS provides a Web-based, SSO solution
AD FS interoperates with other security products that support the Web Services Architecture
AD FS improved in Windows Server 2008
WebServer
AD AD
AccountFederation
Server
ResourceFederation
Server
AdatumContoso
Federation Trust
Security
Federated Rights Management
Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities
AD RMS is fully claims-aware and can interpret AD FS claims
Office SharePoint Server 2007 can be configured to accept federated identity claims
AD AD
AccountFederation
Server
ResourceFederation
Server
AdatumContoso
Federation Trust
RMS
WebSSO
Security
Read-Only Domain Controller
Main Office Branch Office
FeaturesRead Only Active Directory DatabaseOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation
BenefitsIncreases security for remote Domain Controllers where physical security cannot be guaranteed
Support ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM
RODC
Security
BranchHub
Read Only DC
How RODC Works
Windows Server 2008 DC
1
2
3
4
56
6
123456 User logs on and authenticatesRODC: Looks in DB: "I don't have the users secrets"Forwards Request to Windows Server 2008 DCWindows Server 2008 DC authenticates requestReturns authentication response and TGT back to the RODCRODC gives TGT to User and RODC will cache credentials
RODC
Security
Read-only DC Mitigates “Stolen DC”
Attacker PerspectiveHub Admin Perspective
Security
PKI Enhancements
Enterprise PKI (PKIView)Now a Microsoft Management Console snap-in
Support for Unicode characters
Online Certificate Status Protocol (OSCP)
Online Responders
Responder Arrays
Network Device Enrollment Service
Microsoft's implementation of the Simple Certificate Enrollment Protocol (SCEP)
Enhances security of communications by using IPsec
Web EnrollmentRemoved previous ActiveX® enrollment control - XEnroll.dll
Enhanced new COM enrollment control - CertEnroll.dll
Security
Cryptography Next Generation
Cryptography Next Generation (CNG)
Includes algorithms for encryption, digital signatures, key exchange, and hashing
Supports cryptography in kernel mode
Supports the current set of CryptoAPI 1.0 algorithms
Support for elliptic curve cryptography (ECC) algorithms
Perform basic cryptographic operations, such as creating hashes and encrypting and decrypting data
Security
Windows Server 2008 for Developers
Co
re
Integrated Hypervisor
The Fundamentals
App Platform Management
.NET 3.0
IIS 7 Task Scheduler 2.0
MMC 3.0
Transactions Recovery
Concurrency Networking
Ser
ver
Ro
les
Application Platform
Co
re
Integrated Hypervisor
The Fundamentals
Management
Task Scheduler 2.0
MMC 3.0
Transactions Recovery
Concurrency Networking
Ser
ver
Ro
les
App Platform
.NET 3.0
IIS 7
Application Platform
.NET Framework 3.0
IIS 7.0
Windows Activation Service
MSMQ 4.0
Management
Co
re
Integrated Hypervisor
The Fundamentals
Management
Task Scheduler 2.0
MMC 3.0
Transactions Recovery
Concurrency Networking
Ser
ver
Ro
les
App Platform
.NET 3.0
IIS 7
Management
MMC 3.0
PowerShell
Task Scheduler 2.0
The Fundamentals
Co
re
Integrated Hypervisor
The Fundamentals
Management
Task Scheduler 2.0
MMC 3.0
Transactions Recovery
Concurrency Networking
Ser
ver
Ro
les
App Platform
.NET 3.0
IIS 7
Transactions Recovery
Concurrency Networking
The Fundamentals
Efficient Communications Fast enterprise class search on clients and serversFaster networking with new TCP/IP stack and native IPv6Improved file-sharing performance over high-latency linksIntegrated remote access to internal applications and resources
More Efficient ManagementSingle worldwide servicing modelEvent forwarding between client and serverFaster and more reliable remote operating system deploymentsNetwork Access Protection ensures health of connecting systems
Greater AvailabilityScalable print servers with client-side renderingSmooth offline experience with client-side cachingTransactional File System for file and registry operationsPolicy-based Quality of Service to prioritize application bandwidth
Windows Vista and Windows Server 2008 Better Together
Windows Server Roadmap
2008 Beta 3
2008 RTM
2008
2008
2008 R2
2007
“Cougar”
2009
Web
StandardEnterpriseDatacenter IA64
© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.