windows server 2008 - the top 10 things you need to know
TRANSCRIPT
Server Role Management
IIS 7.0 Features
Windows Powershell
Server Core
Virtualization
New Security features
Windows Deployment Services
Terminal Services
Group Policy
Read Only Domain Controller
Scalable Networking
• Windows Server 2003 setupWindows Server 2003 setup
• Post-Setup security updatesPost-Setup security updates
• Manage your serverManage your server
• Configure your server wizardConfigure your server wizard
• Add/Remove Add/Remove Windows components components
• Computer ManagementComputer Management
• Security Configuration WizardSecurity Configuration Wizard
• Operating system setupOperating system setup
• Initial Configuration Initial Configuration Tasks
• Server ManagerServer Manager
Windows Server 2008Windows Server 2008Windows Server 2003Windows Server 2003
Server roles streamline management
• Administrator password
• Network IP address
• Domain membership
• Computer name
• Windows Updates
• Windows Firewall
More than a Web server, Internet Information Services 7.0
provides an accessible, extensible platform for developing and
reliably hosting Web applications and services.
Modular Modular ArchitectureArchitecture
ManageableManageable
Built in Built in Request TracingRequest Tracing
Extensible Extensible DesignDesign
Integrated Integrated with .NETwith .NET
IIS 7.0 IIS 7.0 EnhancementsEnhancements
CreateStreamlined
ServersReduced Attack Surface
Extend/Modify IIS Features
Rapid Application Deployment
FastDiagnostics
New interactive New interactive shell and scripting language and scripting language
Based on and takes advantage of .NET features
Current tools will still work
Current automation will still work
Hundreds of Hundreds of Scripts Scripts
Books & Books & Training Training MaterialsMaterials
Community Community SupportSupport
MS MVPsMS MVPs
PowerShell Team BlogPowerShell Team Blog
Active NewsgroupActive Newsgroup
Channel 9: DFO ShowChannel 9: DFO Show
IIS.netIIS.net
Manning PublicationsManning Publications
O’Reilly MediaO’Reilly Media
Sapien Press & others…Sapien Press & others…
TechNet ScriptCenterTechNet ScriptCenterExchange Server 2007Exchange Server 2007
Terminal ServerTerminal Server
WMI, Registry, Hardware, etc.WMI, Registry, Hardware, etc.
Community-Submitted scriptsCommunity-Submitted scripts
MyITForum.comMyITForum.com
Only a subset of the executable files and DLLs installedNo GUI interface installed, no .NET, no PowerShell (for now)Nine available Server RolesCan be managed with remote tools
Dual-IP layer architecture for native IPv4 and IPv6 supportImproved Network Performance TroubleshootingImproved performance via hardware acceleration and autotuningGreater extensibility and reliability through rich APIsCompletely manageable through Group Policy
Insp
ectio
n
Insp
ectio
n
AP
IA
PI
•WSKWSK
WSK Clients TDI Clients
NDIS
AFD
•TDXTDX
TDI
WinsockUser User
ModeModeKernel ModeKernel Mode
•Next Generation TCP/IP Stack (tcpip.sys)Next Generation TCP/IP Stack (tcpip.sys)
•IPv4IPv4
•802.3802.3 •WLANWLAN •Loop-Loop-backback
•IPv4 IPv4 TunnelTunnel
•IPv6 IPv6 TunnelTunnel
•IPv6IPv6
•RAWRAW•UDPUDP•TCPTCP
Receive Window AutotuningReceive Window Autotuning Windows Filtering PlatformWindows Filtering Platform
Receive Side ScalingReceive Side Scaling Policy-based Quality of ServicePolicy-based Quality of Service
Automatically senses network Automatically senses network environment and adjusts key environment and adjusts key performance settingsperformance settings
Allows increase of the size of Allows increase of the size of the TCP/IP send / receive the TCP/IP send / receive windowwindow
Provides filtering capability at Provides filtering capability at all layers of the TCP/IP protocol all layers of the TCP/IP protocol stack stack
Integrates and provides support Integrates and provides support for next-generation firewall for next-generation firewall featuresfeatures
Previous Windows operating Previous Windows operating systems limits receive protocol systems limits receive protocol processing to single CPUprocessing to single CPU
RSS resolves this issue by RSS resolves this issue by allowing network load from a allowing network load from a network adapter to be balanced network adapter to be balanced across multiple CPUsacross multiple CPUs
Prioritize or manage the Prioritize or manage the sending rate for outgoing sending rate for outgoing network trafficnetwork traffic
Both DSCP marking and Both DSCP marking and throttling can be used together throttling can be used together to manage traffic effectivelyto manage traffic effectively
VirtualizationPlatform andManagement
Management toolsManagement tools
VM 2VM 2
“Child”“Child”
VM 1VM 1
“Parent”“Parent”
VM 2VM 2
“Child”“Child”
VM 1
“Parent”
VM 1
“Parent”
VM 2
“Child”
VM 2
“Child”VM 2VM 2
“Child”“Child”
VM 2VM 2
“Child”“Child”
•
VHDVHD
Greater scalability and improved performance
x64 bit host and guest supportSMP Support
Increased reliability and security
Minimal trusted code baseWindows running a foundation role
Better flexibility and manageability
Quick Migration New UIBroad management tool support including SCVMM
17
Functional AreaFunctional Area Key Supporting FeaturesKey Supporting Features
PerformancePerformance Microkernelized hypervisor architecture with a new VSP/VSC architectureMicrokernelized hypervisor architecture with a new VSP/VSC architecture
Support for large memory per virtual machine (64GB)Support for large memory per virtual machine (64GB)
SMP support for virtual machines (4 virtual processors)SMP support for virtual machines (4 virtual processors)
Automatable Host setup/configurationAutomatable Host setup/configuration
ScalabilityScalability Support for x86 and x64 virtual machinesSupport for x86 and x64 virtual machines
Broad OS support Broad OS support
Pass through disk access for VMsPass through disk access for VMs
Rapid creation and deployment of VMs using P2V, V2V, Media, TemplatesRapid creation and deployment of VMs using P2V, V2V, Media, Templates
AvailabilityAvailability Support for Quick Migration and unplanned downtimeSupport for Quick Migration and unplanned downtime
Support for Live Backups and VM checkpoints Support for Live Backups and VM checkpoints
Support for clustering and rapid recoverySupport for clustering and rapid recovery
Integration with management tools for continuous performance monitoring Integration with management tools for continuous performance monitoring
ManageabilityManageability Centralized view of all VMs in the environment and their statusCentralized view of all VMs in the environment and their status
Reports on consolidation candidates, utilization trending, optimization opportunitiesReports on consolidation candidates, utilization trending, optimization opportunities
Intelligent placement and Physical to Virtual (P2V) conversionsIntelligent placement and Physical to Virtual (P2V) conversions
Fully scriptable using PowerShellFully scriptable using PowerShell®®
Security Security Improved architecture with a minimal footprint hypervisor layerImproved architecture with a minimal footprint hypervisor layer
Hyper-V as a Server Core roleHyper-V as a Server Core role
Common security and driver model as Windows Server 2008Common security and driver model as Windows Server 2008
Robust networking features including support for VLANs and NATRobust networking features including support for VLANs and NAT
VirtualizationThe ability to virtualize workloads with few or no limitations as to what workloads can/may be virtualized.64-bit (x64) and hardware virtualization required
AMD AMD-V or Intel Virtualization Technology
32-bit (x86) & 64-bit (x64) child partitionsLarge memory support (>32GB) within VMsSMP supportPass-through disk access for VMsNew hardware sharing architecture (VSP/VSC)
Disk, networking, input, video
Robust networkingVLAN support, NAT, Quarantine
18
Provided by:Provided by:
OSOS
MS / MS / XenSource / XenSource / NovellNovellISV/IHV/OEMISV/IHV/OEM
Hyper-VHyper-V
Windows Hypervisor
“Designed for Windows” Server Hardware
Non hypervisor Non hypervisor aware OSaware OS
Windows Server 2003, Windows Server 2003, 20082008
Applications
WindowsWindowsKernelKernel VSCVSC
WindowsWindowsKernelKernel
Windows Server 2008Windows Server 2008
VSPVSP
VMBusVMBus EmulationEmulation
Parent Partition
Kernel ModeKernel Mode
User ModeUser Mode
Xen-enabledXen-enabledLinux KernelLinux Kernel Linux
VSCs
VMBus
Hypercall Adapter
ApplicationsApplications
Child Partitions
VMBusVMBus
Virtualization Stack
VMVMServiceService
WMI Provider VM WorkerProcess
ApplicationsApplications
19
Development Process
Secure Startup and shield up at install
Code integrity
Windows service hardening
Inbound and outbound firewall
Restart Manager
Improved auditing
Network Access Protection
Event Forwarding
Policy Based Networking
Server and Domain Isolation
Removable Device Installation Control
Active Directory Rights Management Services
Security Compliance
IntranetIntranet
Access requested
Health state sentto NPS (RADIUS)
NPS validates against health policy
If compliant, access granted
If not compliant,restricted network access and remediation
Microsoft Microsoft
NPSNPS
Corporate NetworkCorporate Network
Policy ServersPolicy Serverse.g.., Patch, AVe.g.., Patch, AV
DCHP, DCHP,
VPNVPN
Switch/Switch/
RouterRouter
RestrictedRestricted
NetworkNetwork
RemediatRemediat
ion ion
ServersServers
e.g., Patche.g., Patch
Not policy
compliant
Policy complian
t
11
33
55
44
11
33
44
55
22
22
Support for deploying Windows (all versions)Boots WinPE over PXE Use Windows Imaging (WIM) file formatExtensibleGranular Images ManagementLonghorn Server Specifics
MulticastTFTP download performance enhancementsEFI x64 network boot support
Perimeter Perimeter networknetwork
InternetInternet Corp LANCorp LAN
Exte
rnal
Fire
wal
lEx
tern
al F
irew
all
• Inte
rnal
Fire
wal
lIn
tern
al F
irew
all
HomeHome Terminal Terminal ServerServer
InternetInternet
TerminalTerminalServerServer
Terminal Services Terminal Services Gateway ServerGateway Server
E-mailE-mailServerServer
Business partner Business partner / client site/ client site
Roaming Roaming wirelesswireless
HotelHotel
Tunnels RDP Tunnels RDP over HTTPSover HTTPS
Tunnels RDP Tunnels RDP over HTTPSover HTTPS
Strips off Strips off RDP/HTTPSRDP/HTTPS
Strips off Strips off RDP/HTTPSRDP/HTTPS
RDP/SSL traffic RDP/SSL traffic passed to TSpassed to TS
RDP/SSL traffic RDP/SSL traffic passed to TSpassed to TS
Terminal Services Terminal Services Gateway ServerGateway Server
Remote Remote Desktop client Desktop client
requiredrequired
Remote Remote Desktop client Desktop client
requiredrequired
EasyPrint makes printing to a local printer, well, easy by exploiting XPSFour Registry entries let you dial up bandwidth allocation between the UI stuff (mouse, screen) and data transfer (printing, file transfer)WinFX means remoted graphics commands (which is way more exciting than it sounds)
Windows Vista set the stage…700+ new settings, ability to control things we never could before centrally (i.e. power save settings, device installation restrictions)Group policies no longer just a thread in Winlogon, but instead a separate serviceMeticulous step-by-step logging makes GP troubleshooting light-years easierPrinter/drive mapping via GPOPowerful new ADMX template format
Server 2008 rocks the house with…
Group Policy Preferences lets you create a do-it-yourself group policy setting out of, well, just about anything… with a few mouse clicksBuilt into Windows Server 2008 GPMCPart of the Desktop Standard acquisitionRemote Server Admin Tools (RSAT) delivered for Vista
Main Office Remote Site
FeaturesRead Only Active Directory DatabaseOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation
BenefitsIncreases security for remote Domain Controllers where physical security cannot be guaranteed
Support ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM
RODC
BranchBranchHubHub
Read Read
Only Only
DCDC
How RODC WorksHow RODC Works
Windows Windows
Server 2008 Server 2008
DCDC
11
22
33
44
5566
66
112233445566User logs on and authenticatesUser logs on and authenticatesRODC: Looks in DB: "I don't have the users RODC: Looks in DB: "I don't have the users
secretssecrets""
Forwards Request to Windows Server 2008 Forwards Request to Windows Server 2008
DCDC
Windows Server 2008 DC authenticates Windows Server 2008 DC authenticates
requestrequest
Returns authentication response and TGT Returns authentication response and TGT
back to the RODCback to the RODC
RODC gives TGT to User and RODC will RODC gives TGT to User and RODC will
cache credentialscache credentials
RODC
•Attacker PerspectiveAttacker PerspectiveHub Admin PerspectiveHub Admin Perspective
Efficient CommunicationsEfficient Communications Fast enterprise class search on clients and servers
Faster networking with new TCP/IP stack and native IPv6
Improved file-sharing performance over high-latency links
Integrated remote access to internal applications and resources
More Efficient ManagementMore Efficient ManagementSingle worldwide servicing model
Event forwarding between client and server
Faster and more reliable remote operating system deployments
Network Access Protection ensures health of connecting systems
Greater AvailabilityGreater AvailabilityScalable print servers with client-side rendering
Smooth offline experience with client-side caching
Transactional File System for file and registry operations
Policy-based Quality of Service to prioritize application bandwidth
For more information, please visit: www.microsoft.com/technet/subscriptionsFor more information, please visit: www.microsoft.com/technet/subscriptions
• All the benefits of TechNet Plus for 30% less, All the benefits of TechNet Plus for 30% less,
• TechNet Plus Direct subscribers receive…TechNet Plus Direct subscribers receive…
• Online Benefits Portal – New!Online Benefits Portal – New!
• Immediate download access: software and betas – New!Immediate download access: software and betas – New!
• 2 free Professional Support Incidents2 free Professional Support Incidents
• Managed Newsgroups and Online ConciergeManaged Newsgroups and Online Concierge
• The TechNet Library containing the KB, security updates, service The TechNet Library containing the KB, security updates, service
packs, resource kits, and morepacks, resource kits, and more
TechNet Plus Direct is available exclusively online without media shipmentsTechNet Plus Direct is available exclusively online without media shipments
Available Now!
Available Now!
