optimize your infrastructure rich, web based experiences hardens the os and protects your...
TRANSCRIPT
Overview of Windows Server 2008
Ian Watson, CISSPTechnology SpecialistMicrosoft Canada
Windows Server 2008
Optimize your Infrastructure
Rich, Web based experiences
Hardens the OSand Protects Your
Environment
Better Securityand Compliance ToolsNetwork Access Protection
Enhanced Scripting and Task AutomationModular and Extensible Platform
Integrated HypervisorServer ConsolidationPower Savings
Solid Foundation for Your Business Workloads
IIS7IIS7
IIS7
Technology InvestmentsWeb
Solid Foundation for Enterprise Workloads
Virtualization
Internet Information Services 7.0
Efficient management and deployment tools
Customizable platform with .NET extensibility
Windows Media ServicesAdvanced streaming and caching
Windows SharePoint ServicesPowerful document and team
collaboration
Windows Server Virtualization
Hypervisor-based virtualization platformHigh availability through Failover
Clustering
Terminal Services GatewayAccess internal resources through the
firewall
Terminal Services RemoteAppAccess and run remote applications
locally
Server CoreMinimal installation option for better security and
reliability
Next Generation NetworkingNew TCP/IP stack for improved scalability and
performance
Failover ClusteringEasy to implement and flexible high availability
Server ManagerRole-based configuration, management and reporting
Windows PowerShellCommand shell and scripting language for task
automation
Windows Deployment ServicesFast and efficient imaging of clients and servers
Security
Read-Only Domain ControllerIncreased security and delegated management for branch offices
Network Access ProtectionHealth validation and compliance
checking
Federated Rights Management
Protected document collaboration
Manageability Reliability
Server Manager
Product Installation
Initial Configuration
Server Manager
New Command-line shell & Scripting Language
Resources
Improves productivity & controlAccelerates automation of system adminWorks with existing scriptsShips with Windows Server 2008Easy for non-programmersRole management in future versions
TechNet Script CenterMyITForum.comNewsgroup and Web ForumTeam Blog and Channel 9Books from Manning, O’Reilly,Microsoft Press, Sapien
Partners
Windows PowerShell
demoServer Management
andWindows Powershell
Next Generation Networking
Optimized performance without loss
Intelligent, automated tuning of TCP receive window size
Better packet loss resiliency (e.g. wireless connectivity)
Advanced congestion control for better throughput
Automatically adjusts for maximum efficiency
Faster network transfers, especially across WAN links
Optimized use of available network bandwidth
Reduced packet loss resulting in fewer retransmits
Heartbeat
New Validation WizardSupport for GUID partition table (GPT) disks in cluster storageImproved cluster setup and migrationImprovements to stability and security – no single point of failureGeographically dispersed clusters
NodeA
Active Node
NodeB
Passive Node
Failover Clustering
IIS 7.0 Overview
IIS 7
Streamlined installation means reduced attack surfaceSimplified administration through variety of tools
Customization and extensibility through .NET
Xcopy deployment and shared configuration
Event logging and tracing for faster troubleshootingApplication and health management for Web services
Read-Only Domain ControllerImpact of stolen DC to the Active Directory reduced
By default, no users/computers passwords stored on RODCRead-only Partial Attribute Set can prevent application credentials from replicating to RODC
Reduced attack surface to the Active Directory for a compromised DC
Read-only state with unidirectional replication for AD and FRS/DFSREach RODC has its own KDC KrbTGT account to provide cryptographic key separationDelegated DCPROMO reduces need for DA to TS into RODCWindows Server 2008 writeable DCs register SRV records on behalf of RODCs to prevent name squattingRODCs are workstation accounts
Not members of Enterprise-DC or Domain-DC groupsVery limited rights to write in Directory
BranchHub
Read Only DC
How RODC Works
Windows Server 2008 DC
1
2
3
4
56
6
1
2
3
4
5
6
User logs on and authenticates
RODC: Looks in DB: "I don't have the users secrets"
Forwards Request to Windows Server 2008 DC
Windows Server 2008 DC authenticates request
Returns authentication response and TGT back to the RODCRODC gives TGT to User and RODC will cache credentials
RODC
Network Access Protection
Policy Validation
• Determines whether the computers are compliant with the company’s security policy. Compliant computers are deemed “healthy”
Network Restriction
• Restricts network access to computers based on their health
Remediation
• Provides necessary updates to allow the computer to “get healthy.” Once healthy, the network restrictions are removed
Ongoing Compliance
• Changes to the company’s security policy or to the computers’ health may dynamically result in network restrictions
1
RestrictedNetworkMSFT
NetworkPolicy
Server
3
Policy Serverse.g. MSFT Security
Center, SMS, Antigenor 3rd party
Policy complia
ntDHCP, VPN
Switch/Router
2
WindowsVista Client
Fix UpServerse.g. MSFT
WSUS, SMS & 3rd party
Corporate Network
5
Not policy
compliant
4
Enhanced SecurityAll communications are authenticated, authorized & healthyDefense-in-depth on your terms with DHCP, VPN, IPsec, 802.1XPolicy-based access that IT Pros can set and control
CustomerBenefits
Network Access Protection
Information Author
The Recipient
AD RMS protects access to an organization’s digital filesAD RMS in Windows Server 2008 includes several new features
Improved installation and administration experienceSelf-enrollment of the AD RMS clusterIntegration with AD Federation ServicesNew administrative roles
RMS Server
SQL AD
AD Rights Management Services
BitLocker™ Drive Encryption
Group Policy allows central encryption policy and provides Branch Office protectionProvides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating SystemUses a v1.2 TPM or USB flash drive for key storage
Full Volume Encryption Key (FVEK)Encryptio
n Policy
Server Core
Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems
Windows Server Core
GUI, CLR, Shell, IE, OE,
etc.
WSv
DHCP
DNS
File Print
New minimal installation option with only “core” componentsNo GUI interface or graphical applications installedSubset of server roles and features availableManage remotely as you would any server
AD DS
AD LDS
Media
IIS 7.0
demo
Windows Server Core
A Comprehensive Set of Virtualization Products, from the Data Center to the Desktop
Server Virtualizatio
n
Application Virtualizati
on
Desktop Virtualizati
on
Presentation
Virtualization
Assets – Both Virtual and Physical – Managed from a Single Platform
Microsoft Virtualization
Windows Server 2008 Virtualization
Windows Server Virtualization
Greater scalability and improved performance
x64 bit host and guest supportSMP support
Increased reliability and security
Minimal trusted code base Runs as a Server Core role
Better flexibility and manageability
New UI/Integration with SCVMM
AMD-V / Intel VT
Windows Hypervisor
VM 1“Parent”
VM 2“Child”
VM 3“Child”
VirtualHard Disks
(VHD)
Hardware
Windows Server 2003
Virtual Server 2005 R2
VM 2 VM 3
Ext
ern
al F
irew
all
Inte
rnal
Fir
ewal
lInternetPerimeter Network
Corporate Network
Remote/ Mobile User
Terminal Services Gateway
Network Policy Server
Active Directory
DC
Tunnels RDP over HTTPs
Strips off RDP / HTTPs
Terminal Servers
and other RDP Hosts
RDP traffic passed to TS
Internet
Terminal Services Gateway
Terminal Services RemoteApp™
Terminal Server
• Run server-based applications locally
• Centrally manage applications
• Zero footprint client installation
RDP 6.0client
required
Windows Server 2008 Partner Business Opportunities
Infrastructure Optimization
Application Re-Platforming
Extending Core Systems
Training and Support
Sustain & Enhance
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,
it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.