Post on 18-Nov-2014
description
Windows 8 Client Part 1 "The OS internals for IT-Pro's"
Tom DecaluwéInfrastructure Manager
Macintosh Retail GroupContact me:
tom@decaluwe.euhttp://trycatch.be/blogs/decaluwet
Windows 8 slow adoption- Touch UI- Different- Disruptive leap- Bad economical times- We just migrated to
Windows 7- Apple is better- Lack of “devices”- Lack of “time” for IT pro’s
Keala group
Enthusiasm
My Promise
“I’ll show every one of you at least 1 feature
to be enthusiastic about”
The ecosystem
Lab for the Day
www
192.168.1.50
DEMONET192.168.1.1
What we will CoverWindows 8 Internals Windows 8 Application
What we will CoverWindows 8 Internals Windows 8 Application
The History
The evolution
The editions
27 years of evolution
V1.0198516 Bit
V 72009
V 82012?64 Bit mobile
V1.0198516 Bit
V3.11992
V2000 XP2001
V 72009 V 8
2012
V 62007
Windows 8 Editions
X86 PC
• Windows 8 • Windows 8 Pro• Windows 8 Enterprise
ARM/
WOA
• Windows RT
Setup Experience
FASTER
More Secure
Upgrade speedWin7 vs Win8• Win 7 => 4 wizards +/-
60 screens• Win 8 => one wizard
+/- 11 clicks
Upgrade Performance• Win 7 => moved file by
file,…• Win 8 => moves the
whole folder in one go,…
Source and Destinations
Hard disk Virtual Machine
USB (Win To GO) VHD
ISO VHD USB
The simple and detailed upgrade UI
Windows To Go
Portable
Flexible
You have limited hard disk space, like SSD but worse ;-)
How it differs from a normal pc
• Internal disks disabled• TPM not used => replaced with pre-operating
system boot password• No hibernation• No Recovery Environment• No Push button reset• Disabled windows Store• No MAK activation
Some usage scenarios
-Contractors that bring their own PC-Shared PC’s-Quick DR-Home computing / BYOD-…
Computer roamingWindows uniquely identifies computers based on constant characteristics of the machine firmware -SMBIOS UUID if present or certain SMBIOS strings
This ID is used to ensure when Windows returns to a computer, only the necessary set of drivers are loaded
When roaming to a new computer drivers are installed on the first boot, similar to the first time you boot a generalized Windows image
MBR Disk
System Partition - Boot Files• FAT32 File System• 300MB• Legacy Boot Manager
(Bootmgr)• UEFI Boot Manager
(Bootmgfw.efi)
Operating System Partition - Apps, Data, Settings• NTFS File System
Boot Disk RemovalBoot disk removal is detected by the USB stackThe kernel freezes the systemThe stack will wait 60 seconds for the boot disk to return
and then power down the systemIf the boot disk is returned, the system will resume
Put it back in the same USB port
DEMO
Quick DR
RefreshKeep all personal data, Metro style apps, and important settings from the PC, and reinstall Windows.
ResetRemove all personal data, apps, and settings from the PC, and reinstall Windows
RERecovery Environment
Reset you PC
1. Win RE - Boots into the Windows Recovery Environment
2. Win RE - Erases and formats3. Win RE - Installs a fresh copy4. PC restarts into the newly
installed OS
Remove everything and start from scratch
Refresh your PC
1.Boots into Windows RE2.Win RE scans the hard drive for your data, settings, and apps,
and puts them aside (on the same drive).3.Win RE installs a fresh copy of Windows.4.Win RE restores the data, settings, and apps,5.The PC clean boots
Fix a problem with your computerIt’s a reinstall without losing your data,
settings, and Metro style apps
Kept or removed?Kept• Wireless network connections• Mobile broadband connections• BitLocker and BitLocker To Go
settings• Drive letter assignments• Personalization settings such
as lock screen background and desktop wallpaper
• Metro apps (not the classic apps)
Removed• File type associations• Display settings• Windows Firewall settings• Classic apps
Include the appsRefresh from a previous state
mkdir C:\RefreshImagerecimg -CreateImage C:\RefreshImage
DEMO
Windows 8 Boot
FASTER
More Secure
Pre-OS environmentWin7 Win8
Bios vs UEFI boot speed
POST
POST
OS Initialization Service & App Initialization
Service & App Init
Hiberfile Read (Session0)
Device Initialization
Explorer Ready
Explorer ReadyWindows 7
Windows 8
End-users judge their pc performance according to boot speed
Power -> logon
POST Explorer Init.Device Init.Hiber Resume
2s 4s 6s 7s
OEM Logo
OEM Logo
Seconds
Boot Phase
User View
Clean, high-resolution branding elements persist through OS boot
Post with highest supported native resolution
Seamless single graphics transition from firmware to native OS driver
How to shutdown
shutdown /s /full /t 0 => force full shutdown without hibernate file
Shutdown => system kernel hibernateRestart => full restart null boot
3 Security Components for boot
Secure Boot
Measured boot
Remote attestation
UEFI secure boot“Protects against bootkits by verifying the boot loader before
loading”Step1:MS creates a signature of the boot loader and pre-stages it onto PC’s
Boot loader Hash sig
SHA256 Encrypt
MSRSA2048 key
pairPriv Pub
UEFI secure bootStep2:UEFI firmware database are pre-staged on Windows 8 logo devices
• db: sig database, keys you trust• dbx: forbidden signature database,
blacklist a loader or key• KEK: key exchange keys, to update
db or dbx• PK: platform key => to update
KEK
For windows 8 certified devices they must adhere to the hardware certification requirements => KEK and DB must contain a Microsoft key, secure boot must be enabled out of the box.
Measured boot
BIOS
Boot loader
Kernel
Early DriversEarly DriversEarly Drivers
Boot log database
Hash of next item(s)
Creates a log with hash of everything that was loaded
ELAM
TPM
Kernel initializes ELAM can look at the hashes of the drivers and decide to load yes/no before loading early drivers into memory
Remote AttestationAllow a boot log to be evaluated and enforce a policy
Client
TPM
AttestationServer
Measured boot log
TOKEN
All 3 components
UEFIPOST
Win8 Boot
loader
WindowsKernel ELAM
3rd party software
Windows logon
Anti-Malwaresoftware
Attestation server
Measured boot log
TOKEN
TPM
Connected state
Lower power => ultra low idle power time
Content always up to date
Connected Standby
New Windows power stateThe PC’s screen is off, but the device remains in a very low idle stateThe network adapter maintains a connection to the network Metro style apps continue to receive live tile updates and toast notificationsBackground Tasks and Push Notifications enable customers to receive real-time communication via apps such as email, IM and VoIP
Screen On(Active)
User present
and using device
Screen Off
(Connected
Standby)User not
present, still connected
Shutdown
User not present,
no context saved
Power consumption
Consistent plow power
Less than 5% battery drain over 16 hour period in Connected Standby
App model for connected standby
App model is right by design for powerApps are suspended when the computer enters Connected StandbyApps may register background activity in Background TasksNotifications API allows suspended apps to handle incoming events from the cloud
Pattern matching and wake used for push notifications and real-time apps
Win File system
Storage Spaces
BitLocker
Checkdisk
Storage Optimizer
Storage SpacesThin provisioning
Logical vs physical size10GB vs 4 GB
Resilience
- mirror - Parity
DEMO
CheckdiskWin7
Only two states- Volume is healthy- Volume is not healthy => volume goes
offline
Fix time was directly related to #files on the volume
A disk has 2 health states
Win8Fix corruption with a minimum of downtime
ReFS => no longer requires fixing offline
A disk has 4 health states
4 Point Health State
Check phase
BitLocker- Support Encrypted Hard Drive to offload cryptography to disk
processor- BitLocker Pre-provisioning in WinPE environment- Used space encryption- Standard user PIN change- Network Unlock
Storage Optimizer
- Trim Support for SSD
Virtualisation
Client Hyper-V
Remote desktop, VDI, …
Client Hyper-V- Same technology as Windows Server 2012- Requirements
- 64-bit system - SLAT (second level address translation)- 4 GB RAM
* We are missing seamless apps
Overview
Cheat sheet
1. After this session2. On the booth floor3. This evening during the ask the experts 4. By email: tom@decaluwe.eu
I want to hear your questions
Windows 8 is great!
Share your enthusiasm
END“Part 1”