markus erlacher technical solution professional microsoft switzerland
TRANSCRIPT
Introduction to Windows 7 Beta
Markus ErlacherTechnical Solution ProfessionalMicrosoft Switzerland
Windows 7 Development ProcessNew approach for Windows development and disclosure
Vision Development & Test Pre-Beta Beta Release
PlanningSpend more time on planning & vision phase analyzing trends and needs before building features. Focus on end-to-end business scenarios – not just new features and technologies.
PredictabilityGive our customer and partners a timeframe for the release and stick to our plan – 3 years for Windows 7.Disclose with higher degree of certainty and minimize changes
EcosystemEngaging with partners earlier and more closely to enable seamless experiences and compatibility across hardware, software and services
We are here
What Customers Told Us
Everyday Tasks are Faster and
Easier
Safeguard Your BusinessJust Works
“Time is money. I can’t have a slow
or unreliable computer.
I just can’t have it.”
“I need to know that I’m safe when
I go online.”
What does the small business need from a PC?
“If I get a virus I could lose
everything.”
“Just because I bought a new
computer doesn’t mean I want to buy a
new printer, too.”
Windows 7 Goals
“If it doesn’t work with the software I
have then it doesn’t work for me.”
Similar Compatibility: Most software that runs on Windows Vista will run on Windows 7. Exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware that runs Windows Vista well will run Windows 7 well.
Few Changes: Focus on quality and reliability improvements
Windows 7 Builds on Windows VistaDeployment, Testing, and Pilots Today Will Continue to Pay Off
Deep Changes: New models for security, drivers, deployment, and networking
Windows 7 for Small Business
Fast and ReliableCompatibleMobile
Everyday Tasks are Faster and
EasierSimplify TasksEasier NetworkingDevice Experience
Safeguard Your Business
Improved Data SecurityBetter Protect Your PCSolve Problems QuicklySafer Online
Just Works
Just WorksFast and Reliable
PerformanceReliability
Windows 7 In Action
Choice in hardware and software
MobileMobile and highly secureBetter battery life
Compatible
Everyday Tasks are Faster and Easier
Simplify Routine Tasks
Even better searchRefined interface
Windows 7 In Action
Network easily and more securely, with or without a server
Device ExperienceEasier to manage devices
Improved Bluetooth
Easier Networking
demo First Look
Windows 7 for the Enterprise
At their deskIn a branchOn the road
Enhance Security &
Control
Protect data & PCsBuilt on Windows Vista foundation
Streamline PC Management
Easy migration Keep PCs runningVirtualization
Make Users Productive Anywhere
Remote Access for Mobile Workers Make Users Productive Anywhere
Situation Today Windows 7 Solution
New network paradigm enables same experience inside & outside the officeSeamless access to network resources increases productivity of mobile usersInfrastructure investments also make it easy to service mobile PCs and distribute updates and polices
Difficult for users to access corporate resources from outside the officeChallenging for IT to manage, update, patch mobile PCs while disconnected from company network
HomeOffice Home
DirectAccess
Office
Branch Office Network Performance Make Users Productive Anywhere Windows 7 Solution
Caches content downloaded from file and Web serversUsers in the branch can quickly open files stored in the cacheFrees up network bandwidth for other uses
BranchCache™
Application and data access over WAN is slow in branch officesSlow connections hurt user productivity Improving network performance is expensive and difficult to implement
Situation Today
Search in the EnterpriseMake Users Productive Anywhere
Situation Today Windows 7 Solution
Consistent experience to find data from multiple locations, including SharePoint sitesUsers and IT can pre-populate Favorites in Windows Explorer to remote search sites that support OpenSearch protocol IT can point users to select search sites w/Enterprise Search Scopes
Search Federation
Current desktop and Enterprise search solutions are good, but not integratedUsers need to take different steps to find data on PC and data on serversData sources are hard to discover
Fundamentally Secure Platform
Protect Users &
Infrastructure
Windows Vista Foundation
User Account Control
Enhanced Auditing
Securing Anywhere
Access
Windows 7 Enterprise SecurityBuilding upon the security foundations of Windows Vista, Windows 7 provides
IT Professionals security features that are simple to use, manageable, and valuable.
Protect Data from
Unauthorized Viewing
Network Security
Network Access Protection
DirectAccessTM
AppLockerTM
Internet Explorer 8
Data Recovery
RMS
EFS
BitLockerTM
Windows PowerShell 2.0
Integrated Scripting Environment
Windows Troubleshooting
PlatformRemoteable
Reliability DataProblem Steps
Recorder
Enhanced Group Policy Scenarios
Group Policy Scripting
Group Policy Preferences
Windows 7 Manageability
Increased Automation
to Reduce Costs
Reduce Help Desk Calls and Keep Users
Productive
Flexible Administrative
Control
Windows 7 SolutionSituation Today
Virtual Desktop InfrastructureStreamline PC Management
Deploying desktops in virtual machines on server hardwareCentralized management & securityUsers can access their desktop and applications wherever they are
Richer Remote Experience
Richer graphics with improved multi-monitor supportUse voice for telephony & applications with microphone supportImproved printing
Using Windows for VDI scenarios requires additional VECD license *
What is Virtual Desktop Infrastructure? Maintain VHD: Offline
servicing of VHD images with same tools used for WIMBoot from VHD: Reuse VHD files for deployment to managed desktop PCs
Do More With VHDs
Windows Fundamental
Most of the conversation today will be focused on this, but we will talk about how investments affect other aspects as well
OS engineering processes must be designed to ensure rigorous testing & evaluation throughout development cycle and comprehensive defect detection and resolution
Fundamental Quality in Context
OEM and Ecosystem Components
OS Quality
Windows Experiences
Windows Features
3rd Party Applications
Fundamental quality starts with great HW and drivers, and integration and design choices focused on a quality end-user experience
Broad use Windows experiences must be designed for efficiency & resiliency to ensure that the end-user experience incurs minimal disruptions
OS, HW, & Drivers must be well integrated to provide a stable & efficient platform for interactive Windows features and applications to execute upon
Windows Dimensions of Quality
1. Device Compatibility2. Application
Compatibility3. Performance4. Reliability5. Power Efficiency6. Security
18
SP1 & Win7 Reliability Improvements
SP1 addresses a significant portion of crashes caused by Microsoft codeVista operating system crash rates are down by about 60% over the past 18 monthsVista application crash rates are down by about 40% over the past 18 monthsThis is the combination of Vista SP1 plus improvements in many OEM, IHV and ISV components
Windows 7: A few examples of InvestmentsNew reliability data points tracked
Restart Manager InstrumentationImproved Boot Diagnostics and Repair
Exposing reliability data via WMI Updates to Restart Manager
Shutdown and restart process in Multiple User sessions
Great partnerships with software and hardware vendors have led to updates to devices and programs that were causing some of the most commonly occurring failures
Performance – where we are improving
SP1 performance improvements: Significantly improves the speed of moving a directory with many files underneath
SP1 Improves the performance of browsing network file shares by consuming less bandwidth
Win7 Performance Focus:Improvements to reduce the time to boot, shutdown, resume from standbyand hibernate,Improving responsiveness ofcommon Tasks,
UI ResponsivenessBrowsingOutlookMany, many more
PerfTrack – performance telemetry for hundreds of scenarios
Decompressing con-tents of a large
folder
File copy from an older PC to an SP1
PC (via SMB1)
File copy from an SP1/Server 2008 to
an SP1 PC (via SMB2)
Local File Copy (disk to disk)
0% 20% 40% 60% 80%
% Improvement measured in Windows Vista SP1 compared to Windows Vista
RTM
44%
50%
45%
71%
Based on Microsoft internal testing
Telemetry: What's new in Win7?
Reliability Access ComponentCore infrastructure upgradesReliability Monitor data now available via WMI interface
Battery life instrumentation sleep, dirty sleep, resume, shutdown, startup, etc
Services instrumentation usage, startup, shutdown
PerfTrack – Scenario Perf TrackingHundreds of scenarios instrumented
Windows 7 Quality TenetsIf an app or device runs on Vista, it
should run on Windows 7
If a system runs Windows Vista, it should run Windows 7 – faster
If a notebook runs Vista, it should run Windows 7 – longer
Windows 7 should more reliable than Vista SP1 from day one
It should be the most secure OS we’ve ever released
Power Efficiency Diagnostics
PowerCfg utility detects energy efficiency problems:USB device selective suspendProcessor Power Management (PPM) Inefficient power policy settingsPlatform timer resolutionPlatform firmware problems… and others
Helps detect major problems at time of system integrationHTML Output can be viewed by End Users“PowerCfg /ENERGY” at the command line to start tracingWindows 7 only—leverages new inbox ETW instrumentationInstrumented into Customer Experience ImprovementProgram (CEIP)
Tools (PowerCfg/Energy)
Demo
Platform InvestmentsReady Boost ImprovementsCaching ImprovementsNew Infrastructure for triggering tasks and services
Infrastructure in place for coalescing background activityAdaptive Display BrightnessImprovements in resource utilization for DVD playback
Switch BackProblem Steps RecorderWindows Compatibility Troubleshooter (user initiated)Automatic Install Failure Detection and Solution
Process ReflectionNetwork Hang RecoveryFault Tolerant Heap
Performance
Power Management
Reliability
Compatibility
Before Windows 7
Easier to UseBuilt-in graphical editor/debuggerEasier to Extend
Develop CMDLETs via PowerShellAble To Manage Across The Enterprise
Remotable 1:1 (interactive) and 1:manyPowerShell can respond when specific system events occur
Windows 7 Enhancements
Automate tasks easily with PowerShellLearn scripting easier with graphical interfaceQuickly configure settings or run tasks in real-time
Customer Value
Increase AutomationPowerShell In-Box
Windows Eventing integrated with Task Scheduler to provide automation based on eventsNo built-in scripted automationAdministrators needed to deploy PowerShell or use other complex scripting languages to automate common tasks
Windows PowerShellMake windows the easiest platform for IT pros to implement unpredicted scenarios with the right level of quality
State Of The SoftwarePhenomenal rate of adoption
Over 2.6 million downloadsWindows XP, Windows Vista, Windows Server 2003, and Windows Server 2008Adopted by Exchange, SQL, SCOM, SCVMM, and SCDPMCEC 2009 requirementDozens of 3rd party tools, ISVs, and partnersStrong community engagement, 27 PowerShell MVPs
0
500000
1000000
1500000
2000000
2500000
3000000PowerShell Downloads
Shipped withWindows Server 2008
Mailbox Statistics
Database Management
Recipient Management
An Example of Increased IT Productivity
Set listExchange_Mailboxs = GetObject("winmgmts:{impersonationLevel=impersonate}!\\COMPUTERNAME\ROOT\MicrosoftExchangeV2").InstancesOf("Exchange_Mailbox")
For Each objExchange_Mailbox in listExchange_MailboxsWScript.echo "AssocContentCount =” + objExchange_Mailbox.AssocContentCountWScript.echo " DateDiscoveredAbsentInDS =” + objExchange_Mailbox.DateDiscoveredAbsentInDSWScript.echo " DeletedMessageSizeExtended =” + objExchange_Mailbox. DeletedMessageSizeExtendedWScript.echo " LastLoggedOnUserAccount =” + objExchange_Mailbox. LastLoggedOnUserAccountWScript.echo " LastLogoffTime =” + objExchange_Mailbox. LastLogoffTimeWScript.echo " LastLogonTime =” + objExchange_Mailbox. LastLogonTime WScript.echo " LegacyDN =” + objExchange_Mailbox. LegacyDNWScript.echo " MailboxDisplayName =” + objExchange_Mailbox. MailboxDisplayNameWScript.echo " MailboxGUID =” + objExchange_Mailbox. MailboxGUID WScript.echo " ServerName =” + objExchange_Mailbox. ServerName WScript.echo " Size =” + objExchange_Mailbox. SizeWScript.echo " StorageGroupName =” + objExchange_Mailbox. StorageGroupName WScript.echo " StorageLimitInfo =” + objExchange_Mailbox. StorageLimitInfo WScript.echo " StoreName =” + objExchange_Mailbox. StoreName WScript.echo " TotalItems =” + objExchange_Mailbox. TotalItems Next
Dim objMailbox As CDOEXM.IMailboxStore
Set objMailbox = GetObject("LDAP://" + DCServer + "CN=FOO,CN=users," + DomainName)
objMailbox.CreateMailbox "LDAP://" + DCServer + "/CN=Private MDB,CN=First Storage Group,CN=InformationStore,CN=" + Server + ",CN=Servers,CN=First Administrative Group, CN=Administrative Groups,CN=First Organization, CN=Microsoft Exchange,CN=Services, CN=Configuration," + DomainName
Dim StorGroup as New CDOEXM.StorageGroup
StorGroup.DataSource.Open "LDAP://" + DCServer + "/ CN=First Storage Group,CN=InformationStore,CN=" + Server + ",CN=Servers,CN=First Administrative Group, CN=Administrative Groups,CN=First Organization, CN=Microsoft Exchange,CN=Services, CN=Configuration," + DomainName
StorGroup.MoveLogFiles("C:\newlogPath", 0)
Get-MailboxStatistics –Server $servername
Move-StorageGroupPath -Identity “First Storage Group“ –Log "C:\newlogPath”
Enable-Mailbox -Identity domain\FOO –Database “First Storage Group\Private MDB”
Exchange 2003 (VBScript) E12 (PowerShell)
29
PowerShell V2 ThemesGUI over PowerShell
Command Line and GUIGUI teaches command lineStandardizes access to managed elements
Production ScriptingEasy to useSafe to operateEasy to share and support
Universal Code Execution ModelIn the foreground or background On one or more machinesIn restricted or unrestricted environments, using impersonation or supplied credentialsInitiated by user input or by events
Community FeedbackEnhance the languageTweak the engineAdd and enhance Cmdlets
PowerShell on the Desktop
demo
Before Windows 7
Automate Group Policy Object ManagementExecute Logon, Logoff, Startup, Shutdown scriptsConfiguration of registry-based Group Policy settings
PowerShell Scripting of Group Policy
Frequent request for richer GP managementReduces time and risk of errorEnables quicker and more efficient logon/startup scripting
Customer Value
Increase Automation Scripting Group Policy
GPMC had API to automate management of Group Policy Objects, but difficult for non-developers to use
Windows 7 Builds On Windows Vista Tools To Resolve Issues Quicker
Keep Users Productive Richer support tools
Reliability MonitorReliability data is exposed via APIs for remote collectionIntegration of Reliability Monitor and Problem Reports and Solutions to better correlate system changes and events
Resource MonitorSysInternals Process Explorer features integrated into Resource Monitor for clearer identification of process issues
Windows Recovery EnvironmentWindows Recovery Environment (WinRE) easily deployed via normal setup on all PCs Restore to OEM or IT image without data loss or reimage with recent system backup
System Restore Users will now be able to view the list of software changes before rolling their PC back Restore points will be available from system backups allowing users to roll-back to a point further back in time
Problem Steps RecorderUsers can record steps taken when an issue occurs, giving help desk screen shots and comments to help resolve issues
Windows Vista Introduced Troubleshooting To Address Common Issues
In-box diagnostics based on PowerShell scripts for low-overhead,flexible developmentAuthoring tools to create and package troubleshooting packagesAdditional troubleshooting packages available on-demand from MS for users to browse and search, managed by Group Policy, delivered via web servicesRun troubleshooting remotely
Windows 7 Delivers a Comprehensive and Extensible Troubleshooting Platform
Automatically run maintenance tasks Enable end-user to execute common troubleshooting tasks before calling Help DeskProvide Help Desk with tools to quickly resolve issuesDiagnostics can grow in complexity as IT requires
Customer Value
Keep Users Productive Customized troubleshooting
Network ConnectivityProactive Disk ProtectionMemory Analysis
How Troubleshooting Works
Set computer and software configuration to the user desired stateDetermine what the user wants through the description(e.g., cannot hear sound)Compare each current configuration with a list of known good configurations for sound (e.g., not muted, audible volume settings, …)If there is a mismatch, set the current configuration to the good configurationVerify existing state has been set to good state
User Or Application InitiatedUsers or application determines that a problem existsUser or application initiates troubleshooting
Troubleshooting verifies that components and component versionssupport user desired state
Determine the components of interest through the description(e.g., cannot see glass)Detect hardware is present (e.g., right video card for desired visual effects)Detect drivers are presentIf a component is missing troubleshooting can Inform the user to get theright componentProceed to configuration if right components are present
Windows 7 Troubleshooting Implementation
Windows Troubleshooting is done via Troubleshooting PacksTroubleshooting Packs are programs that
Determine if the right components are available to get to the user desired state Set configuration to the user desired stateVerify the configuration is in the desired state
Built-in Windows Troubleshooting Packs are discoverable
User detects a problem and initiates troubleshooting to fix the problemScheduled Troubleshooting detects a problem and informs the user to initiate troubleshootingAn application detects a problem and prompts the user toinitiate troubleshootingUser browsing Help sees a troubleshooter link relevant to his problem and clicks on it
Windows Troubleshooting is user or application initiated
Windows 7 TroubleshootingUser Features
From Action Center – Categories, Sorted list view, SearchFrom Help – Help topics link to troubleshooting packsA standard and consistent GUI wizard with pre-defined set of interactions
Manageable
Run interactively through command lineExecute silently, through an answer fileLocal or Remote
Multiple Execution Methods
Can be published on a web site and downloaded to runCan be stored on a share and run
Easily Deployed
Windows 7 TroubleshootingAdmin Features
Signed by certificate that chains up to trusted rootGP can limit which packs to run based on publisher
Windows Troubleshooting Platform
demo
Data Protection Scenarios
Configure OS, application options not “GP-enabled”Provides flexibility for IT and end-usersReduces costs of logon scriptsNew scenariosPower ManagementScheduled tasks
Group Policy Preferences
Baseline user/PC scenarios for immediate deploymentEncapsulate best practices/scenariosContain recommended policy settings and valuesAvailable for download from http://microsoft.com/grouppolicy
Starter GPOs
Simplify Desktop Configuration M’mentGroup Policy Enhancements
Application ManagementAuditingEncryption of Removable Storage Devices
Policy Versus Preference
POLICIES
Restrict users from changing
Highest precedence
Specific registry locations
PREFERENCES
User may change
No need to be policy-aware
No tattooing!
Easy experience out-of-the-box
User and Computer caseAvailable as a download from MS.COMCan create your own based on corporate/industry standards
8 existing:
Starter GPO’s
Starting off point to speed up the creation of GPOsEmbody best practices that map to Microsoft security guide
Security
Fundamentally Secure Platform
Protect Users &
Infrastructure
Windows Vista FoundationUser Account ControlEnhanced Auditing
Securing Anywhere
Access
Windows 7 Enterprise SecurityBuilding upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.
Protect Data from
Unauthorized Viewing
Network SecurityNetwork Access ProtectionDirectAccessTM
AppLockerTMInternet Explorer 8Data Recovery
RMSEFSBitLockerTM
Windows Vista Foundation
Enhanced Auditing
Make the system work well for standard usersAdministrators use full privilege only for administrative tasksFile and registry virtualization helps applications that are not UAC compliant
User Account Control
XML basedGranular audit categoriesDetailed collection of audit resultsSimplified compliance management
Fundamentally Secure Platform
Security DevelopmentLifecycle processKernel Patch ProtectionWindows Service HardeningDEP & ASLR
IE 8 inclusiveMandatory Integrity Controls
User Account ControlWindows Vista
Streamlined UAC
User provides explicit consent before using elevated privilegeDisabling UAC removes protections, not just consent prompt
Challenges
Users can do even more as astandard userAdministrators will see fewer UAC Elevation Prompts
Customer Value
Reduce the number of OSapplications and tasks thatrequire elevationRefactor applications into elevated/non-elevated piecesFlexible prompt behavior for administrators
System Works for Standard UserAll users, including administrators, run as Standard User by defaultAdministrators use full privilege only for administrative tasks or applications
Windows 7
Desktop Auditing
Simplified configuration results in lower TCODemonstrate why a person has access to specific informationUnderstand why a person has been denied access to specific informationTrack all changes made by specific people or groups
Enhanced Auditing
Granular auditing complex to configureAuditing access and privilege use for a group of users
Challenges
New XML based eventsFine grained support for audit of administrative privilegeSimplified filtering of “noise” to find the event you’re looking forTasks tied to events
Windows Vista Windows 7
UAC & Enhanced Audit
demo
Network Security
DirectAccessTM
Ensure that only “healthy” machines can access corporate dataEnable “unhealthy” machines to get clean before they gain access
Network Access Protection
Security protected,seamless, always on connection to corporate networkImproved managementof remote users Consistent security for all access scenarios
Securing Anywhere Access
Windows Firewall can coexist with 3rd party productsMulti-Home ProfilesDNSSec
Network Access ProtectionWindows 7
Health policy validation and remediationHelps keep mobile, desktop and server devices in complianceReduces risk from unauthorizedsystems on the network
Remediation
ServersExample: Patch
RestrictedNetwork
WindowsClient
Policy complia
ntNPS
DHCP, VPNSwitch/Router
Policy Servers
such as: Patch, AV
Corporate Network
Not policy
compliant
Remote Access for Mobile Workers Access Information AnywhereSituation Today
Same experience accessingcorporate resources inside and outside the officeSeamless connection increases productivity of mobile usersEasy to service mobile PCs and distribute updates and polices
DirectAccessTM
Difficult for users to access corporate resources from outside the officeChallenging for IT to manage, update,patch mobile PCs while disconnected from company network
Windows 7 Solution
AppLockerTM Data Recovery
Protect users against social engineering and privacy exploitsProtect users against browser based exploitsProtect users against web server exploits
Internet Explorer 8
File back up and restoreCompletePC™ image-based backup System RestoreVolume Shadow CopiesVolume Revert
Protect Users & Infrastructure
Enables application standardization within an organization without increasing TCOIncrease security to safeguard against data and privacy lossSupport compliance enforcement
Windows 7 Solution
Application Control
Situation Today
Eliminate unwanted/unknown applications in your networkEnforce application standardization within your organizationEasily create and manage flexible rules using Group Policy
AppLockerTM
Users can install and run non-standard applicationsEven standard users can install some types of softwareUnauthorized applications may:
Introduce malwareIncrease helpdesk callsReduce user productivityUndermine compliance efforts
AppLockerTM
Simple Rule Structure: Allow, Exception & DenyPublisher Rules
Product Publisher, Name, Filename & Version
Multiple PoliciesExecutables, installers, scripts & DLLs
Rule creation tools & wizardAudit only mode
Technical Details
AppLockerTM
demo
Social Engineering & ExploitsReduce unwanted communications
Freedom from intrusionInternational Domain NamesPop-up Blocker in IE7Increased usability
Choice and controlClear notice of information useProvide only what is needed
User-friendly, discoverable noticesP3P-enabled cookie controlsDelete Browsing HistoryInPrivate™ Browsing & Blocking
Browser & Web Server ExploitsProtection from deceptive websites, malicious code, online fraud, identity theft
Secure Development LifecycleExtended Validation (EV) SSL certsSmartScreen® FilterDomain HighlightingXSS Filter/ DEP/NXActiveX Controls
Internet Explorer 8 SecurityBuilding on IE7 and addressing the evolving threat landscape
Protection from harm
Control of information
RMS BitLockerTM
User-based file and folder encryption Ability to store EFS keys on a smart card
EFS
Easier to configureand deployRoam protected data between work and homeShare protected data with co-workers, clients,partners, etc.Improve compliance and data security
Protect Data from Unauthorized Viewing
Policy definitionand enforcementProtects information wherever it travelsIntegrated RMS Client Policy-based protection of document libraries in SharePoint
Windows 7 SolutionSituation Today
BitLockerTM
Extend BitLocker™ Drive Encryption to removable devicesCreate group policies to mandate the use of encryption and block unencrypted drives Simplify BitLockerTM setup and configuration of primary hard drive
BitLocker To GoTM
+
• Gartner “Forecast: USB Flash Drives, Worldwide, 2001-2011” 24 September 2007, Joseph Unsworth
• Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa, George Shiffler III
2007 2008 2009 2010 20110
200400600800
10001200 Removable
Solid-State Storage Shipments
PCShip-ments
Worldwide Shipments (000s)
Technical Details
Core EnhancementsAutomatic 200 Mb hidden boot partitionNew Key Protectors
Domain Recovery Agent (DRA)Smart card – data volumes only
BitLocker To GoTMSupport for FAT*Protectors: DRA, passphrase, smart cardand/or auto-unlockManagement: protector configuration,encryption enforcement
BitLockerTM
BitLockerTM
demo
Data Protection ScenariosScenario RMS EFS BitLockerTM
Remote document policy enforcement
Protect content in transit
Protect content during collaboration
Local multi-user file & folder protection on a shared machine
Remote file & folder protection
Untrusted network administrator
Laptop protection
Branch office server
Local single-user file & folder protection
Fundamentally Secure Platform
Protect Users &
Infrastructure
Windows Vista FoundationUser Account ControlEnhanced Auditing
Securing Anywhere
Access
SummaryBuilding upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.
Protect Data from
Unauthorized Viewing
Network SecurityNetwork Access ProtectionDirectAccessTM
AppLockerTMInternet Explorer 8Data Recovery
RMSEFSBitLockerTM
Windows Networking
Windows Vista Networking
Windows Vista has been the most significant investment in networking since Windows 95
Easier ConnectivityWireless Reliability
Rich End-to-End SecurityServer & Domain Isolation - IPSec
Greater ManageabilityPolicy-based Quality of Service (eQoS)
Scalable Architecture Network Auto-tuning & IPv6
Focus on Return On Investment, Greater Productivity
Windows Vista Networking - Results
“Just upgrading client PCs to Microsoft’s Windows Vista can yield throughput and time-to-completion improvements of up to 3X over Windows XP. Complete migration of servers to Windows Server 2008 can yield throughput and time-to-completion improvements of up to 4X over Windows XP/Windows Server 2003.”
Enhanced Network Performance with Microsoft Windows Vista and Windows Server 2008By Tolly Group
Information Worker’s World Has Been Changing
BRANCH OFFICES
MOBILE & DISTRIBUTED WORKFORCE
CENTRAL OFFICE
REMOTE WORK
The Evolving Needs
Mobile & Remote Work-Force needs:
Work anywhereFast access
IT Professional needs:Secure and flexible infrastructure for“work anywhere”Reduce costs
Supporting IT Professionals Addressing User Needs
Windows 7 Addressing Enterprise Needs
Secure & Flexible InfrastructureDirectAccessVPN Reconnect & Mobile BroadbandDNS Security
Reduce CostsBranchCache™ &SMB EnhancementsURL based QoSSupport for Green IT
Work Anywhere InfrastructureDirectAccessVPN ReconnectMobile Broadband
Fast AccessBranchCache™ SMB Enhancements
Situation Today
Remote Access for Mobile Workers
Corporate network boundary includes managed assets no matter where they are on the InternetEasy to service mobile PCs and distribute updates and policesNew network paradigm increases mobile user productivity by providing same experience inside & outsidethe office
Challenging for IT to manage, update, patch mobile PCs while disconnected from company networkDifficult for users to access corporate resources from outside the office
HomeOffice Home Office
DirectAccess
Windows 7 Solution
DirectAccess Server
Compliant Client
Compliant Client
IPsec/IPv6
Data Center and Business Critical Resources
Internet
Intranet User
Enterprise NetworkCompliant Network
Intranet User
IPsec/
IPv6
IPsec/
IPv6
Assume the underlying network is always insecure
Redefine enterprise network edge to insulate the datacenter and business critical resources
Tunnel over IPv4 UDP, TLS, etc.
DirectAccessTechnical Details
NAP / NPS Servers
DirectAccess Deployment
Determine your strategyBe ready to monitor IPv6 trafficChoose an Access Model: Full Intranet Access vs. Selected Server Access?Assess deployment scale
Get your infrastructure readyWindows 7 clientsWindows Server 2008 R2 DirectAccess ServerDC, DNS Server, Active Directory, PKI, Application Servers, etc.
During deploymentUse DirectAccess configuration wizard to setup DirectAccess Server and generate policies for clients, application servers, and DC/DNSCustomize policies as needed
Get ready step by step
IT Pro Benefits
DirectAccess Benefits
Improved manageability of remote users IT simplification and cost reductionConsistent security for all access scenarios
Seamless & secure access to corporate resourcesConsistent connectivity experience in / out officeCombined with other Windows 7 features enhances the end to end IW experience
End User Benefits
Situation Today Windows 7 Solution
VPN Reconnect
Better end user experience: seamless and consistent VPN connectivityReduced support costs
VPN used frequently for remote access to corporate resourcesMobile workers reconnect to VPN on every network outage
VPN SERVER
VPN SERVER
The client maintains persistent VPN connection across network outagesVPN Client can connect to any VPN Server of choice
Benefits
Situation Today Windows 7 Solution
Benefits
Mobile Broadband
IHVs can integrate devices using Windows 7 platformNo need for users to install3rd party software End users have same connectivity experience across WiFi and WWAN
Internet connectivity via mobile broadband cards is expanding:
Inconsistent user experienceAdditional software required
Integrated solution that is consistent and easy to discover
Plug & play experience for 3G cards (built-in or external)
Situation Today
Windows 7 Solution
Branch Office Enhancements
Application and data access over WAN is slow in branch officesSlow connections hurt user productivity Improving network performance is expensive and difficult to implement
BranchCache™
SMB Enhancements
Improve user productivityReduce network bandwidth
utilization
1.Transparent Caching2.Improved Office Experience3.Offline Files Enhancements
Windows 7 Solution
BranchCache™
Authenticates current state of data and access rights of the user against the serverSupports commonly used protocols: HTTP(S), SMBSupport network security protocols (SSL, IPsec)Requires Windows Server 2008 R2 in the data center and hosted cache
Caches content downloaded from file and Web serversUsers in the branch can quickly open files stored in the cacheFrees up network bandwidth for other uses
Technical Details
BranchCache
demo
Get
GetID
Get
Data
BranchCache Distributed Cache
Get
IDData
Data
Get
GetID
Put
Data
BranchCache Hosted Cache
Get
DataID
Search
Get
Sear
ch
Request
Advertize
ID
ID
ID
Data
ID
Data
BranchCache
Enterprise
Distributed CacheData cached in cache pool
Hosted CacheData cached at the host server
Cache stored centrally: existing Windows Server 2008 R2 in the branchCache availability is highEnables branch-wide cachingIncreased reliability
Recommended for branches without a branch serverEasy to deploy: Enabled on clients through Group PolicyCache availability decreases with laptops that go offline
BranchCache Framework
3rd Party Applications
IE
HTTP (WebIO/http.sys)
BranchCache
WMP
SMB(CSC/SRV)
SharePointExplorer Office BITSOffice CopyFile
IISFile Server
Group PolicyManagement
Install the optional “Windows BranchCache” component on a Windows 2008 R2 web or file server
Use Group Policy to enable Windows BranchCache on Windows 7 clients
HostedCache
Optionally, install a hosted cache in your branch. Configure clients to use it with Group Policy
BranchCache Deployment
BranchCache BenefitsIT Pro Benefits
Optimize network utilization:HTTP and HTTPS-based intranet trafficSMB (and signed SMB) shares on the read path
Support network security protocols (SSL, IPsec)Reduce the cost of managing WAN
Improve application responsiveness and reduce file transferwait timeCombined with other SMB offerings enhance the userexperience on remote shares
End User Benefits
Branch Office EnhancementsWindows 7 Solution
BranchCache™
Improve user productivityReduce network bandwidth
utilization
SMB Enhancements1.Transparent Caching2.Improved Office Experience3.Offline Files Enhancements
Situation Today Windows 7 Solution
Benefits
Transparent Caching
Read response times for files that were just open takes too long
Opening a file that was just recently read takes just as long as opening a file for the first timeBandwidth consumption is high regardless of how recent a file was opened
Files accessed on SMB shares are automatically cached to diskSubsequent reads to the file are satisfied from the local cacheCaching policy configurable through group policyTransparent to the end user
Optimize bandwidth consumption on WAN linksProvide near local read response times for end-users working over WAN links
Branch Office File Copy
Windows Server 2008 R2
Slow WAN Link
Client 1 Client 2
Windows 7 Clients
Windows Server 2008
Slow WAN Link
Client 1 Client 2
Vista SP1 Clients
Subsequent access from the same
client is satisfied from the
transparent cache (local machine
access)
Situation Today Windows 7 Solution
Situation Today Windows 7 Solution
Benefits
Improved Office Experience Over a WAN
Working with Office applications over a WAN is slow
Opening an Office document over WAN Opening a file that was just recently readSaving a file over WAN
Slow connections hurt user productivity
Eliminate multiple, redundant network operations when opening or saving files by aggressive file caching on the client.
User experience with Office applications over a WAN will approach the experience foundon a LANOptimizes network usage for remote workers & branch offices
Situation Today Windows 7 Solution
Benefits
Offline Files – "Usually Offline" Support
Folder redirection is a success with online & offline modes inWindows VistaNot transparent to users who are on a high latency network with low throughput
Full 2-way background synchronization at fixed intervalsSynchronization transparent to the end userIT admin can configure synchronization intervals
Seamless experience for end-usersCorporate data is in syncOptimizes the network usage for remote workers & branch offices
Deployment
Deployment Investments For Windows Vista Carry Forward
Application and device compatibility core tenets are unchanged between Windows Vista and Windows 7
System image management tools and processes are consistent for both operating systems
Deployment tools developed for Windows Vista will carry forward to Windows 7 with incremental updates
Post-deployment desktop management leverages the same tools and processes for both operating systems
Application Compatibility Toolkit
demoWindows Vista to Windows 7
IMAGING
Deployment Image Servicing and Management
Add/Remove Drivers and Packages
WIM and VHD Image Management
MIGRATION
User State Migration Tool
Hardlink Migration
Offline File Gather
Improved user file detection
SOLUTIONS
Microsoft Deployment
Toolkit
Application Compatibility
Toolkit
Microsoft Assessment and
Planning
DELIVERY
Windows Deployment
Services
Multicast
Multiple Stream Transfer
Dynamic Driver Provisioning
Windows 7 Deployment Enhancements
Microsoft Deployment Toolkit
demoWindows XP to Windows 7 Migration
Deployment Image Servicing and Management
Enable and disable, enumerate, add, remove packages and updatesAdd, remove, enumerate driversWIM and VHD supportOEMs can select OS editions offline
Image Servicing with DISM
demoWIM and VHD
DISM New and Consolidated Options
DISM/add-package/add-package/remove-package/remove-package/get-packages/add-drivers/remove-drivers/get-drivers/mount-wim/unmount-wim/commit-wim
Package Manager
/ip/iu/up/uu
/mount/unmount/commit
CommandsAdd PackageAdd updateRemove PackageRemove UpdateEnumerate PackagesAdd DriversRemove DriversEnumerate DriversMount WIMUnmount WIMCommit Changes (WIM)
ImageX
+Intlconfig
Windows Deployment Services Multicast Enhancements
Multiple Stream TransferMultiple bands to broadcast images to clientsOptimized rates per client connection
Client Auto RemovalSlower clients can be dropped to unicast or entirely
Boot Image MulticastWindows PE boot images can use multicast (clients with EFI)
Fast
Medium
Slow
Clients
Multicast
WDS Server
Multicast Transmission
First client joins “transmission”
Clients
WDS Server
Multicast Transmission
Waiting for other clients to join…
Multicast
Clients with multiple transfer speeds
WDS Server
Multicast Transmission
Transmission begins…
Multicast
Fastest
Medium
Clients with multiple transfer speeds
WDS Server
Multicast Transmission
Additional clients join stream
Multicast
Fastest
Medium
Slowest
Medium
Clients with multiple transfer speeds
WDS Server
Multicast Transmission
More clients to join
Multicast
Fastest
Medium
Slowest
Medium
Fastest
Medium
Medium
Clients with multiple transfer speeds
WDS Server
Multicast
First clients complete. Second broad-
cast begins. One client removed.
Multicast
Medium
Medium
Medium
Medium
Slowest
Clients with multiple transfer speeds
WDS Server
Multicast
Last clients complete…
Multicast
Medium
Medium
Slowest
Clients
WDS Server
Multicast
All clients complete. Transmission ends.
Multicast
Client
WDS Server
Images Drivers
Windows Deployment Services Dynamic Driver Provisioning
Driver targeting to match drivers to hardwareReduces image size and centralizes deployment driver management
User State Migration ToolHardlink Migration
Enables local file migration without copying or moving filesProcesses migration jobs in third of the time or less
Offline User State Capture Capture during Windows PE phase to improve speed
Volume Shadow CopyCapture files even while they are in use
Improved File DiscoveryReduces XML customization need
Windows 7 USMT CommandsWin7 USMT
/hardlink/offlinewindir(PE or windows.old)/vsc/auto
USMT 3CommandsHard Link MigrationOffline Windows DirectoryVolume Shadow CopyAuto Gather /migdocs /miguser
Windows Vista Windows 7Windows XPScanstate.exeLoadstate.exe
Scanstate.exe Scanstate.exeLoadstate.exe
Windows 7 USMT Supported OS
Volume Activation in Windows 7
Based on Volume Activation 2.0 for Windows Vista and Windows Server 2008
Activation is required for all editions of Windows 7 clientEmploys the same key hierarchy (KMS, MAK)Online validation experience unchanged
Volume Activation 2.0 for Windows 7
PerformanceModified hardware tolerance values to
reduce # of reactivations
Count virtual systems towards KMS
activation thresholdImproved KMS
discovery through DNS Suffix List
ReliabilityImproved notifications, clarified error messages and
troubleshooting instructionsMultiple
improvements in WMI for SLSVC
CompatibilityUpdated tools to support Windows 7
Single KMS for multiple operating
systems
Microsoft Assessment and
Planning
Application Compatibility Toolkit
Microsoft Deployment Toolkit
Inventory, Compatibility And Deployment Tools
IMAGING
Deployment Image Servicing and Management
Add/Remove Drivers and Packages
WIM and VHD Image Management
MIGRATION
User State Migration Tool
Hardlink Migration
Offline File Gather
Improved user file detection
SOLUTIONS
Microsoft Deployment
Toolkit
Application Compatibility
Toolkit
Microsoft Assessment and
Planning
DELIVERY
Windows Deployment
Services
Multicast
Multiple Stream Transfer
Dynamic Driver Provisioning
Conclusion
Search
Using Information In The Enterprise
Information workers (IWs) routinely look for information
Search performed within a task or goalTargets a known, familiar set of sourcesData is increasingly becoming distributed on the network
Data found through browse and search activities
Solution required: An intuitive reliable way to organize, browse and search for dataGoal of finding data is not of finding, but using it
Finding Data In The EnterpriseComplex world of data acted on from the clientRemote PCs and Servers
Depa
rtmen
t and
Team
Site
s
Local Docs and Mail
C
orp
ora
te
In
de
x
Internet
MyDoc
Mail indexEnterprise Portals
People SearchTeam Sites
indexes
SAN
Situation Today
Hard to find and use data
Hard to provide and manage access to information
IT
Hard to get most of available resources
IWEn
terp
rise
Windows 7 Search For Enterprise
Information is easy to find and use
Ease of management for data access scenarios
IT
Utilize data and IT resources to their fullest
IWEn
terp
rise
Access corporate data in an easy to use, familiar UX Reduce productivity losses associated with data discoveryAllow users to do more with search results: more information provided, more actions supported
Provide consistent access to corporate data Solve the discovery problem: data is visible and easy to useClient UI is separated from the back-end allowing better infrastructure management
IT Pros easily deliver critical data to IWs, allowing faster and more informed decisionsGovernance and compliance options improvedData is easier to access, manage, and secure
Helping You to Find Data
Windows Explorer Optimized for Finding
Browsing or Searching for DataTwo ways to look for an answerBrowse: navigate to the data
Search: rely on a search engine
Finding often requires browsing of search results
Rich Browsing Experience In Search UX
UX For Easy FindingHelp users be productive when looking for data
Relevance indicators in the UI
Search Input Suggestions: Input suggestions quickly refine the search
Browse search results easily with arrangements
Libraries - Organize Stuff… So You Can Find It
Super “My” folders letting users find files more intuitivelyAn aggregated view of one or more data locationsBrowse all files through arranging viewsAllows discovery across a contained set
of data locationsIndexed automatically
Selecting The Right Search Scope
Easy to pick initial search scope
Start menu = control panel + Programs
+ Libraries + protocol handlers + DesktopNavigate to individual LocationsRedirect to Search Connector links
Quick way of re-scoping a failed search
Built-in search scopes send search to predefined locationsEnterprise Search scopes deployed by ITDirecting users to most authoritative and relevant locations
Search In Windows Explorer
demo
Library Locations
Local NTFS volumes (fixed or removable)Shares that are indexed (departmental servers, Win 7 home PCs, Vista home PCs)Shares that are available offline (Eg. Redirected My Documents)
FAT Drives (USB flash drives)Removable media (eg. DVD)Network shares that are neither available offline or remotely indexedNAS Drives
Supported Not supported
Search Federation
Search Federation With OpenSearch Seamless discovery of information wherever it is
Search for data, regardless of location
Respects security of the remote source
Familiar client UX for acting on the user’s important data
Preview pane ensures you open the correct file
An OpenSearch connector to the corporate index of enterprise data, deployed by IT
Search Federation
Details pane allows you to see metadata
Search Federation
demoReaching Corporate Data from the Desktop
Federation – How it works
Open Search Standard Open Search Description DocDeploying and Consuming Feeds
Federated Search
Rich client experiencePreviews, metadata, drag-and-drop, thumbnails, hit highlightingFamiliar Explorer paradigms
Windows AuthenticationWindows Integrated
Standards-basedOpenSearch 1.1RSS and ATOM
Simple & lightweight integration
No client codeAny server platformLightweight network traffic
1. Search Connector (.osdx) Installed
2. Windows sends search terms as HTTP request
3. RSS results returned from server
Enabling Federated Search
Federated search providers should:Accept URL queries as defined by the OSDXExample: http://www.contoso.com/q={searchTerms}
Return rich RSS results
Windows 7 consumes this:XML based feed resultsProperty mappingThumbnail and preview URLsCustom view descriptions
134
XML Results Returned By Server
Sample RSS results
<item><title>Big Fish Kettle</title><link>http://example.com/library/
docpreview.aspx?docid=12</link><description>Requirement spec for Big Fish corporation
Kettle Mark II design.</description>
<author>alwinv</author> <pubdate>Wed, 21 May 2008 22:08:45 -0800</pubdate> <category>spec</category> <enclosure url="http://example.com/library/doc.aspx?docid=12" length=“32007" type="application/msword"></enclosure></item>
OpenSearch Description Document
Used to place a new Search Connector on the clientDefines how to query server and what format to expect results in
HTTP request, XML replyLightweight, simple standard to implement
Sample URL template used to format the http request:<Url type="application/rss" template="http://example.com/results?q={searchTerms} &pw={startPage?}"/>
Federation – How Do I Deploy It?
For pinning to the Favorites: create your search connector file - .searchconnector-ms
Copy it to: %userprofiles%\searchesCreate a short cut in %userprofiles%\links
OR Create an OSDX file and execute it
Federation – How Do I Deploy It?
You can pin Search scopes with these group policies:
For explorer based searches‘ User Configuration \ Administrative Templates \ Windows Components \ Windows Explorer \ Pin Libraries or Search Connectors to the “Search again” links and the start menu’
For internet search points – launches a browser view
‘ User Configuration \ Administrative Templates \ Windows Components \ Windows Explorer \ Pin Internet search sites to the “Search Again” links and the start menu ’
Federation – Consuming a Feed
Federation – Consuming a Feed
Federation – Consuming a Feed
Local Client Nuts and Bolts
Security/AuthenticationIndexer improvementsApplication Integration
Built on WS4.0 Answering Basic Desktop Search Needs Of The Enterprise
Per user Group PoliciesFlexible GPO supportSupports EFS
Index/Registry Stability work80 % of WER hits fixedComprehensive indexing
Improved query performance Reduced Exchange impact
Based on Windows AuthenticationComplies with Windows Vista Security Practices
Secure Manageable Reliable Efficient
Finding ‘My’ Local Data
Security: Fitting Existing Structures and Policies
Authentication for Federation built on the Windows Authentication stack
Search is as secure as WindowsNo new standard to manageSupporting NTLM, Basic over HTTPS, Kerberos
+ Any future SSPI added to Windows
Users find only the data they can access
Local Citizenship for Better Desktop ExperienceWe’ve concentrated on the time to fetch enough information to fill the user’s window with query performance
Query path improvements in Windows Search 4.0:First row cold queries are 50 – 99% fasterAll rows results are up to 38% fasterCPU time is reduced by 80%Memory requirements are reduced by 20%
In Windows 7 all row results are 50% faster over WS4.0
Average time to shutdown the search service in Windows 7 improves from an average of 30 seconds to 2 seconds
Local Citizenship for Better Desktop Experience
Indexing writes substantially reduced for a corpus of 29K items
Disc writes dropped by 53%For 1K items the writes are reduced by 72% over WS4.0For larger corpuses the write count is due to caching and may
improve furtherQueries are less likely to do disk I/O and are faster, due to using file system cache and superfetch
Plus we carry forward the WS4.0 Exchange improvements via MAPI Protocol Handler
Reduce footprint on Exchange by 60% to 95%
Initial indexing improvements over the WS4.0 baseline
Windows Vista SP1
Windows 7 M3
0 2000 4000 6000 800010000
Write Reductions
NTFS MetadataNTFS Metadata - Low PriESE FilesCl FilesCl Files - Low PriGather FilesGather Files - Low Pri
Local Citizenship For Better Desktop Experience
Writes to index 1000 items in Windows Vista SP1 and Windows 7 build 6902
Time to Index Improvements
Corpus* VistaSP1+WS4 Win 7 pre-Beta % Change
Information Worker 9:52 6:05 38%
International (mixed corpus) 7:07 4:25 38%
* Corpora are roughly 24K and 12K items respectively with 2300 folders
Impact on Applications in The EnterpriseYour applications should:
Support librariesSupport federated searchDeliver rich views
Windows 7 makes this easyCommon File DialogFile Format Ecosystem
Query index and file systemGet metadata and thumbnails
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED
OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.