Embed Size (px)
Citation preview
Technical OverviewTechnical Overview
Nguyen An QueNguyen An QueTechnology SpecialistTechnology SpecialistMicrosoft VietnamMicrosoft [email protected]@microsoft.com
SecurityWeb Virtualization
Solid Foundation for Your Business Workloads
Windows Server 2008 pillarsWindows Server 2008 pillars
Reduces costs, increases hardware utilization, optimizes your infrastructure,
and improves server availability
Delivers rich web-based experiences
efficiently and effectively
Provides unprecedented levels of protection for your network, your data, and your business
Most flexible and robust Windows Server operating system to dateProvides the most versatile and reliable Windows platform for all of your workload and application requirements
Management Reliability
SolidSolidFoundationFoundation
Server ManagerPowerShell
Windows Deployment Services
Server CoreNext Generation NetworkingHigh Availability Clustering
Most Flexible and Robust Windows Most Flexible and Robust Windows Server Operating System to DateServer Operating System to Date
TechNet ScriptCenterExchange Server 2007
Terminal Server
WMI, Registry, Hardware, etc.
Community-Submitted scripts
MyITForum.com
Windows PowerShellWindows PowerShell
New Command-line shell & Scripting Language
Futures
Improves productivity & control
Accelerates automation of system admin
Easy-to-use
Works with existing scripts
Will ship in Windows
Admin GUIs layered over PowerShell
One-to-many remote management using WS-MGMT
Solid Foundation
PowerShellPowerShell
Solid Foundation
Server Server ManagerManager
Product Product InstallationInstallation
Initial Initial ConfigurationConfiguration
Managing Windows Server 2008Managing Windows Server 2008 Solid Foundation
Windows Server CoreWindows Server Core
Only a subset of the executable files and DLLs installedNo GUI interface & .NET managed code installedLess disk space and management requiredCan be managed with remote tools (MMC, RDP)
Solid Foundation
Server CoreServer Core
Solid Foundation
Complete Redesign of TCP/IPComplete Redesign of TCP/IP
Insp
ection
AP
I
WSK
WSK Clients TDI Clients
NDIS
AFD
TDX
TDI
Winsock User Mode
Kernel Mode
Dual-IP layer architecture for native IPv4 and IPv6 support
Improved Network Performance Troubleshooting
Improved performance via hardware acceleration and auto-tuning
Greater extensibility and reliability through rich Windows Filtering Platform APIs
Completely manageable through Group Policy
Next Generation TCP/IP Stack (tcpip.sys)
IPv4
802.3 WLAN Loop-back
IPv4 Tunnel
IPv6 Tunnel
IPv6
RAWUDPTCP
Solid Foundation
Solid FoundationWindows Firewall w/ Advanced SecurityWindows Firewall w/ Advanced Security
Combined firewall and IPsec management
Windows Firewall Windows Firewall with Advanced Securitywith Advanced Security
Solid Foundation
Failover ClusteringFailover Clustering
Heartbeat
New Validation Wizard for server, storage & network testingSupport for GUID partition table (GPT) disks in cluster storageImproved cluster setup interfaceQuorum resource: no longer single-point-of-failureIPv6 supportGeographically dispersed clusters: accross subnets, no VLAN needed
Active NodeActive Node Passive NodePassive Node
Solid Foundation
Windows Deployment ServicesWindows Deployment Services
Rapidly deploy Windows operating systems
Updated and redesigned version of Remote Installation Services (RIS)
Server components
Client components: WinPE
Management components
Windows Vista
Windows Server 2008
Solid Foundation
Reliability and Performance MonitorReliability and Performance Monitor Solid Foundation
Reliability and Performance MonitorReliability and Performance Monitor Solid Foundation
Deliver Rich Web-based Experiences Deliver Rich Web-based Experiences Efficiently and EffectivelyEfficiently and Effectively
Internet Information Services 7.0
Windows SharePoint Services
WebWeb
Windows Media
Services
WebIIS 7.0: a robust Web & Application ServerIIS 7.0: a robust Web & Application Server
Enhanced security and reduced attack surface
Administration: UI & APPCMD & shared configuration
Delegation & true application XCOPY deployment
Highly customizable
Advanced troubleshooting
Windows Communication Foundation (WFC) Windows Activation Service
New features in IIS 7.0New features in IIS 7.0
Web
Optimize Your Infrastructure and Optimize Your Infrastructure and Improve Server AvailabilityImprove Server Availability
Terminal Services
RemoteApp
Terminal Services Gateway
Windows Server
Virtualization
VirtualizatioVirtualizationn
Virtualization TechnologiesVirtualization Technologies
Windows Server Virtualization
Server VirtualizationPresentation
Virtualization
Application Virtualization
Desktop Virtualization
Management
Virtualization
Windows Server VirtualizationWindows Server Virtualization
Greater Scalability and improved performance
x64 bit host and guest support
SMP support
Increased reliability and security
Minimal Trusted Code base
Windows running a foundation role
Better flexibility and manageability
New UI/Integration with SCVMM
VM 1VM 1“Host”“Host”VM 1VM 1“Host”“Host”
VM 2VM 2“Child”“Child”VM 2VM 2
“Child”“Child”VM 3VM 3
“Child”“Child”VM 3VM 3
“Child”“Child”
HardwareHardwareHardwareHardware
Windows Server 2003Windows Server 2003Windows Server 2003Windows Server 2003
Virtual Server 2005 R2Virtual Server 2005 R2Virtual Server 2005 R2Virtual Server 2005 R2
VM 2VM 2VM 2VM 2 VM 3VM 3VM 3VM 3
Virtualization
Application VirtualizationApplication Virtualization
Application Isolation
Dynamic Streaming
System Center Integration
Software as a Centrally-managed Service
Available through…
Virtualization
Virtualization InvestmentsVirtualization Investments
ManagementManagementInfrastructureInfrastructure Applications Applications InteroperabilityInteroperabilityLicensingLicensing
Create agility
Better utilizeserver resources
Partner with AMD and Intel
Create agility
Better utilizeserver resources
Partner with AMD and Intel
Ease consolidationonto virtual infrastructure
Better utilizemanagementresources
Ease consolidationonto virtual infrastructure
Better utilizemanagementresources
Supportheterogeneityacross thedatacenter
OSP (Open Specification Promise) VHD
Supportheterogeneityacross thedatacenter
OSP (Open Specification Promise) VHD
Acceleratedeployment
Reduce the cost of supportingapplications
Acceleratedeployment
Reduce the cost of supportingapplications
Deliver cost-effective, flexible and simplified licensing
Royalty Free VHD format
Deliver cost-effective, flexible and simplified licensing
Royalty Free VHD format
A Multi-level Approach
Terminal Services
Virtualization
Terminal Services GatewayTerminal Services Gateway
InternetPerimeter Network
Corporate Network
Remote/ Mobile User
Terminal Services Gateway
Network Policy Server
Active Directory DC
Tunnels RDP over HTTPs
Strips off RDP / HTTPs
Terminal Servers and other
RDP Hosts
RDP traffic passed to TS
Internet
Virtualization
Terminal Services RemoteAppTerminal Services RemoteApp
Remote Desktop client
required
Virtualization
Terminal ServicesTerminal Services
Virtualization
Hardens Operating System and Hardens Operating System and Increases Environment ProtectionIncreases Environment Protection
Read-Only Domain
ControllerNetwork Access
Protection
Federated Rights
Management
SecuritySecurity
Network Access ProtectionNetwork Access ProtectionHow it works
Not policy Not policy compliantcompliant
11
RestrictedRestrictedNetworkNetwork
Client requests access to network and presents current health state
1
4If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4)
2 DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
5 If policy compliant, client is granted full access to corporate network
NPS
33
Policy ServersPolicy Serverse.g. Patch, AVe.g. Patch, AV
Policy Policy compliantcompliant
DHCP, VPNSwitch/Router
3 Network Policy Server (NPS) validates against IT-defined health policy
22
WindowsClient
Fix UpFix UpServersServerse.g. Patche.g. Patch
Corporate Network5
44
33
Security
Active Directory Federation ServicesActive Directory Federation Services
AD FS provides an identity access solution
Deploy federation servers in multiple organizations to facilitate business-to-business (B2B) transactions
AD FS provides a Web-based, SSO solution
WebServer
AccountFederation
Server
ResourceFederation
Server
Company BCompany A
Federation Trust
Security
Federated Identity support inFederated Identity support inRights Management Service (RMS)Rights Management Service (RMS)
Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities
AccountFederation
Server
ResourceFederation
Server
Company BCompany A
Federation Trust
WebSSO
Security
Read-Only Domain ControllerRead-Only Domain Controller
Head Quarter Branch Office
FeaturesRead Only Active Directory DatabaseOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation
BenefitsIncreases security for remote Domain Controllers where physical security cannot be guaranteed
RODC
Security
BranchHead Quarter
Read Only DC
How RODC WorksHow RODC Works
Windows Server 2008 DC
11
22
33
44
5566
66
Security
What if a DC is stolen?What if a DC is stolen? Security
Head Quarter
Branch Office
Branch Office BenefitsBranch Office Benefits
OptimizationDFS Replication
SecurityBitLocker
Full Volume EncryptionServer CoreRead-Only Domain Controller
AdministrationSOAP-based remote management (WinRM)Restartable Active Directory
Solid Foundation
PKI SupportPKI Support Security
Built-in Certificate Service
Usage
Data Encryption
Digital Signature
Smart Card authentication
Windows Server 2008: Windows Server 2008: A Robust Application PlatformA Robust Application Platform
Application PlatformApplication Platform
.NET Framework 3.0.NET Framework 3.0
IIS 7.0IIS 7.0
Windows Activation ServiceWindows Activation Service
MSMQ 4.0MSMQ 4.0
Windows Server 2008 SummaryWindows Server 2008 Summary
Security
NAPNAPRead-Only DCRead-Only DCAD RMSAD RMSAD Federation SvcAD Federation SvcPKI supportPKI supportBitLockerBitLocker
Virtualization
Windows Windows VirtualizationVirtualizationTS GatewayTS GatewayTS RemoteAppsTS RemoteApps
Web
Modular designModular designLess attack surfaceLess attack surfaceAdmin delegationAdmin delegationAPPCMDAPPCMDWin Activation SvcWin Activation SvcTracing & Tracing & TroubleshootingTroubleshooting
Solid Foundation for Your Business WorkloadsWindows PowerShellWindows PowerShell
Server CoreServer Core
Server ManagerServer Manager
Windows Firewall with Windows Firewall with Advanced Security & IPSecAdvanced Security & IPSec
IPv6IPv6
Failover ClusteringFailover Clustering
Reliability & Performance Reliability & Performance MonitorMonitor
Windows Deployment SvcWindows Deployment Svc
ww
w.m
icro
soft
.com
/Win
dow
sServ
er2
008
ww
w.m
icro
soft
.com
/Win
dow
sServ
er2
008
ww
w.m
icro
soft
.com
/Win
dow
sServ
er2
008
ww
w.m
icro
soft
.com
/Win
dow
sServ
er2
008
More information
www.microsoft.com/WindowsServer2008 www.iis.net
