Technical Overview
description
Transcript of Technical Overview
Technical Overview
SecurityWeb Virtualization
Solid Foundation for Your Business Workloads
Windows Server 2008 pillars
Reduces costs, increases hardware utilization, optimizes your infrastructure,
and improves server availability
Delivers rich web-based experiences
efficiently and effectively
Provides highest levels of protection for your network,
your data, and your business
Most flexible and robust Windows Server operating system to dateProvides the most versatile and reliable Windows platform for all of your workload and application requirements
Management Reliability
SolidFoundation
Windows Server ManagerPowerShell
Windows Deployment Services
Server CoreNext Generation NetworkingHigh Availability Clustering
Most Flexible and Robust Windows Server Operating System to Date
TechNet ScriptCenterExchange Server 2007Terminal ServerWMI, Registry, Hardware, etc.Community-Submitted scripts
MyITForum.com
Windows PowerShell
New Command-line shell & Scripting Language
Futures
Improves productivity & controlAccelerates automation of system adminEasy-to-use Works with existing scripts
Will ship in WindowsAdmin GUIs layered over PowerShellOne-to-many remote management using WS-MGMT
Solid Foundation
SolidFoundation
7
DemoPowerShell
Server Manager
Product Installation
Initial Configuration
Managing Windows Server 2008 Solid Foundation
Server Core
Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems
Windows Server Core
GUI, CLR, Shell, IE, OE,
etc.
Web
DHCP
DNS
File Print
Only a subset of the executable files and DLLs installedNo GUI interface & .NET managed code installedLess disk space and management requiredCan be managed with remote tools (MMC, RDP)
AD DS
AD LDS
Media
Solid Foundation
8
DemoServer Core
Complete Redesign of TCP/IP
Inspection API
WSK
WSK Clients TDI Clients
NDIS
AFDTDXTDI
Winsock User ModeKernel Mode
Dual-IP layer architecture for native IPv4 and IPv6 supportImproved Network Performance TroubleshootingImproved performance via hardware acceleration and auto-tuningGreater extensibility and reliability through rich Windows Filtering Platform APIsCompletely manageable through Group Policy
Next Generation TCP/IP Stack (tcpip.sys)
IPv4
802.3 WLAN Loop-back
IPv4 Tunnel
IPv6 Tunnel
IPv6
RAWUDPTCP
Next Generation TCP/IP Stack (tcpip.sys)
IPv4
802.3 WLAN Loop-back IPv4 Tunnel IPv6 Tunnel
IPv6
RAWUDPTCP
Solid Foundation
Solid FoundationWindows Firewall w/ Advanced Security
Combined firewall and IPsec management
8
DemoWindows Firewall & IPSec
Failover Clustering
Heartbeat
New Validation Wizard for server, storage & network testingSupport for GUID partition table (GPT) disks in cluster storageImproved cluster setup interfaceQuorum resource: no longer single-point-of-failureIPv6 supportGeographically dispersed clusters: accross subnets, no VLAN needed
NodeA
Active Node
NodeB
Passive Node
Solid Foundation
Windows Deployment Services
Rapidly deploy Windows operating systemsUpdated and redesigned version of Remote Installation Services (RIS)Server componentsClient components: WinPEManagement components
WDS
Windows Vista
Windows Server 2008
Solid Foundation
Reliability and Performance Monitor
Combines functionality of previous stand-alone toolsTracks system changesProvides new functionality
Solid Foundation
Deliver Rich Web-based Experiences Efficiently and Effectively
Internet Information Services 7.0
Windows SharePoint Services
Web
Windows Media Services
WebIIS 7.0: a robust Web & Application Server
IIS 7
Enhanced security and reduced attack surface
Administration: UI & APPCMD & shared configuration
Delegation & true application XCOPY deployment
Highly customizable
Advanced troubleshooting
Windows Communication Foundation (WFC) Windows Activation Service
Web
13
IIS 7
DemoIIS 7.0 new features
Optimize Your Infrastructure and Improve Server Availability
Terminal Services
RemoteApp
Terminal Services Gateway
Windows Server Virtualization
Virtualization
Virtualization Technologies
Windows Server Virtualization
Server VirtualizationPresentation
Virtualization
Application Virtualization
Desktop Virtualization
Management
Virtualization
Virtualization
Windows Server Virtualization
Greater Scalability and improved performance
x64 bit host and guest supportSMP support
Increased reliability and securityMinimal Trusted Code base Windows running a foundation role
Better flexibility and manageability
New UI/Integration with SCVMM
AMD-V / Intel VT
Windows Hypervisor
VM 1“Parent”
VM 2“Child”
VM 3“Child”
VirtualHard Disks
(VHD)
Hardware
Windows Server 2003
Virtual Server 2005 R2
VM 2 VM 3
Virtualization
Application Virtualization
Application IsolationDynamic StreamingSystem Center IntegrationSoftware as a Centrally-managed ServiceAvailable through…
Virtualization
Virtualization Investments
ManagementInfrastructure Applications InteroperabilityLicensing
Create agilityBetter utilizeserver resourcesPartner with AMD and Intel
Ease consolidationonto virtual infrastructureBetter utilizemanagementresources
Supportheterogeneityacross thedatacenterOSP (Open Specification Promise) VHD
AcceleratedeploymentReduce the cost of supportingapplications
Deliver cost-effective, flexible and simplified licensingRoyalty Free VHD format
A Multi-level Approach
Terminal Services
Virtualization
Terminal Services Gateway
Exte
rnal
Fire
wal
l
Inte
rnal
Fire
wal
lInternet Perimeter Network
Corporate Network
Remote/ Mobile User
Terminal Services Gateway
Network Policy Server
Active Directory DC
Tunnels RDP over HTTPs
Strips off RDP / HTTPs
Terminal Servers and other
RDP Hosts
RDP traffic passed to TS
Internet
Virtualization
Terminal Services RemoteApp
Terminal ServicesGateway Server
Remote Desktop client
required
Virtualization
6
DemoTerminal Service
RemoteApps
Hardens Operating System and Increases Environment Protection
Read-Only Domain
ControllerNetwork Access
Protection
Federated Rights
Management
Security
1
RemediationServers
Example: Patch
Using Network Access Protection
RestrictedNetwork
1
WindowsClient
2
2 DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
3
3 Network Policy Server (NPS) validates against IT-defined health policy
4
If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4)
Not policy compliant
5 If policy compliant, client is granted full access to corporate network
Policy compliant
NPSDHCP, VPN
Switch/Router
4
Policy Serverssuch as: Patch, AV
Corporate Network5
Client requests access to network and presents current health state
Security
Security
5+9
DemoNetwork Access Protection
Auto-Remediation
Active Directory Federation Services
WebServer
AD AD
AccountFederation
Server
ResourceFederation
Server
Company BCompany A
Federation Trust
Security
AD FS provides an identity access solution
Deploy federation servers in multiple organizations to facilitate business-to-business (B2B) transactions
AD FS provides a Web-based, SSO solution
Federated Identity support inAD Rights Management Services
AD AD
AccountFederation
Server
ResourceFederation
Server
Company BCompany A
Federation Trust
RMS
WebSSO
Security
Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities
Read-Only Domain Controller
Head Quarter Branch Office
FeaturesRead Only Active Directory DatabaseOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation
BenefitsIncreases security for remote Domain Controllers where physical security cannot be guaranteed
RODC
Security
BranchHead Quarter
Read Only DC
How RODC Works
Windows Server 2008 DC
1
2
3
4
56
6
123456 User logs on and authenticatesRODC: Looks in DB: "I don't have the users secrets"Forwards Request to Windows Server 2008 DCWindows Server 2008 DC authenticates requestReturns authentication response and TGT back to the RODCRODC gives TGT to User and RODC will cache credentials
RODC
Security
SecurityWhat if a DC is stolen?
Head Quarter
Branch Office
Branch Office Benefits
OptimizationDFS Replication
SecurityBitLocker
Full Volume EncryptionServer CoreRead-Only Domain Controller
AdministrationSOAP-based remote management (WinRM)Restartable Active Directory
Solid Foundation
PKI Support Security
Built-in Certificate ServiceUsage
Data EncryptionDigital SignatureSmart Card authentication
Windows Server 2008: A Robust Application Platform
Application Platform
.NET Framework 3.0
IIS 7.0
Windows Activation ServiceMSMQ 4.0
Windows Server 2008 SummarySecurity
NAPRead-Only DCAD RMSAD Federation SvcPKI supportBitLocker
Virtualization
Windows VirtualizationTS GatewayTS RemoteApps
Web
Modular designLess attack surfaceAdmin delegationAPPCMDWin Activation SvcTracing & Troubleshooting
Solid Foundation for Your Business WorkloadsWindows PowerShellServer CoreServer ManagerWindows Firewall with Advanced Security & IPSec
IPv6Failover ClusteringReliability & Performance MonitorWindows Deployment Svc
www.micr
osoft.c
om/W
indo
wsSe
rver20
08
More information www.microsoft.com/WindowsServer2008 www.iis.net
Thank You!