1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

56
1 Special Fall 2007 Issue: "Livin' the Longhorn Life"
  • date post

    19-Dec-2015
  • Category

    Documents

  • view

    225
  • download

    4

Transcript of 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Page 1: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

1

Special Fall 2007 Issue:

"Livin' the Longhorn Life"

Page 2: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

What it is

Latest version of Windows NT Server, NT Server 6.0Available in Standard, Enterprise, Data Center, even Web EditionAlso offers a reduced-function version called "Server Core" in Standard, Enterprise, Data Center and even Web EditionUltimately named "Windows Server 2008”Shipping 27 February…

2

Page 3: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

3

You remember this, of course?

It's where a goodly piece of Server 2008 comes from; more specifically….

Page 4: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

First-In-Vista Server 2008 Technologies

New setup engineDeployment toolsslmgr, KMS server and other licensing toolsFolder renames (“Users”)Heavy XML useNew search engineMore metadata

“Previous versions”Transaction-based NTFSUser Account ControlWindows Integrity LevelsBitLocker drive encryption

4

Page 5: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

First-In-Vista Server 2008 Technologies

More secure services architecturePatchGuard anti-rootkit technologyTighter security defaultsIPv6 included and installed by defaultWindows Meeting Space

Remote desktop changes700+ new group policy settingsRevised file shareHardware installation policiesNew Windows Event Viewer

5

Page 6: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

First-In-Vista Server 2008 Technologies

New WinRM protocol (eventual RPC replacement)Improved task schedulerNew boot manager controlled by bcdedit, not boot.ini

Reliability Monitor

6

Page 7: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

64 Bit is the Default

As you may know, Exchange 2007 only shipped in a 64-bit versionThe current point of view at MS is that "32 bit server hardware is legacy hardware"Keep that in mind when buying hardwareAnd don't worry about the "there are no 64 bit drivers" stuff -- server hardware's got drivers

7

Page 8: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Management ToolsTools to herd them dogies

8

Page 9: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Server Manager

Folds togetherAdd/remove Windows componentsManage Your ServerServer Configuration Manager… and a bunch of other stuff

Intended to be "one stop shopping" for server management

9

Page 10: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Server Manager

Comes up automatically, or run Administrative Tools / Server ManagerFormat is to show current state, and offer changes in the upper-right-hand side Differentiates "features" and "roles"Think of it as the old Manage Your Server wizard combined with the Security Configuration WizardAlso ties together other MMCs

10

Page 11: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

11

Page 12: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

12

Page 13: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

What's New In Monitoring

Data Collector Sets (find them in Server Manager) Monitor a suite of related itemsBut it's more than Perfmon -- it's got rules for warning you about things needing attentionHelp includes proscriptive advice and links to KB articlesSort of a "MOM lite"

13

Page 14: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

14

Page 15: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Group Policiesall the Vista stuff, and…

GPMC built inGP effect on Sysvol greatly reduced"Find" finally comes to GPMCYou can amalgamate numbers of like GP settings to get a single task done with a “Starter GPO“You can add comments to GP objects and starter GPOsWe even get PolicyMaker, yay!

15

Page 16: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Rollouts

Still Windows Deployment ServicesBut… this'll make Ghost fans happyYou'll be able to multicast Windows Image (.wim) filesImage multicasting does not require IPv6

16

Page 17: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Virtual Machine Technology

17

Page 18: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

The Hypervisorit's virtually impossible to ignore virtual machines

An option for Longhorn & Server CoreSimilar notion to VMWare's ESXLighter-weight hypervisor, howeverBuilt to exploit AMD Pacifica/V and Intel Vanderpool/VT's new opcodes(Separate AMD support is in it)Theory: a smaller base "hypervisor" means faster virtual machinesArrives about six months post-LonghornEnds up without Live Migration, the VMotion competitor (bummer!)

18

Page 19: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Hypervisor Structure

Hypervisor is sort of the base OS, although it doesn't do muchFirst VM acts very much like the "host" OS

19

Hardware

Hypervisor

VM 2(“Child”)

VM 3(“Child”)

Virtual-ization Stack

VM 1(“Parent”)

DriversDriversDriversDriversDriversDrivers

DriversDriversDrivers

Page 20: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Virtual Tech and Licenses

Buy a copy of Standard server and you can create one VMBuy a copy of Enterprise server and you can create four VMsBuy a copy of Datacenter server and you can create as many VMs as you like

20

Page 21: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Networking

21

Page 22: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Network Access Protection

Problem: people bring computers into your intranet, computers that may carry malwareSolution: some kind of quarantine systemCovers DHCP, VPN, IPsec and wirelessTwo modes: "monitoring" and "isolating"This is not NAQ, the 2003 thing that required a PhD to make work

22

Page 23: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

NAP Ingredients

Network policy: "no XP box gets on the network unless it's got SP2 and patches X, Y, and Z"NAP-smart network componentsA "quarantine" networkA certificate infrastructureA policy serverClients with System Health Agents (none for 2000, Mac or Linux yet)

23

Page 24: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

NAP Approach (VPN example)

Remote user contacts VPN serverGets directed to the policy serverPolicy server interrogates the System Health Agents on the remote userCompares it to the network policy, sees if pass or failIf "isolate," leave remote user on quarantine network; if "monitor," let 'em on the network

24

Page 25: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

What if you fail?

Isolated system can be sent to a "remediation server" that supplies patches, service packs, etcIt's not just VPN; replace "VPN" with

DHCP server802.1x network devicesRadius serverTS Gateway (later)

All work in the same way

25

Page 26: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

SMB Gets Cooler

SMB 2.0 offersLarger dynamic block sizing -- significantly better file transfer speedSupport on Vista and LonghornTransfers encrypted files encryptedlyless chatty, quicker setupmore robust, handles short network glitches bettermutual authenticationrequires SMB signing

26

Page 27: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

How much faster?

A white paper on Microsoft’s site says that moving from XP/2003 to Vista/2008 can produce start-to-finish changes in speed in file transfers of 2.5x to 3.3xI was not, however, able to duplicate those results, so I guess your mileage may vary

27

Page 28: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

IIS 7.0

No more metabase; sites are configured with an ASCII text XML file called ApplicationHost.configVery nice and much simpler to pare a site down to its basics, which makes for faster code and more securityModularity is amazing – they’re trying for the best of Apache

28

Page 29: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Terminal Services Gets Better

SSL connections, runs on RPC over HTTPTerminal Services Gateway lets you get past firewallsWinFX apps will “remote” graphical callsWill let you deploy an app so that the app by itself is a TS session… but it looks to the user like a standard window ("remote applications")Can redirect many PnP devices

29

Page 30: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Command-Line Remote Management

Wouldn't it be great to have ssh?We've got WinRS, "Windows remote shell" (which is always encrypted)Built atop WinRM, "Windows Remote Management" which is an implementation of the WS-Management standardRuns on port 80Harder to do outside a domain but simple inside a domainex: winrs -r:otherpc ipconfig

30

Page 31: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

A SQL Server In Every Box

Longhorn has an optional feature called "Windows Internal Database"It's basically SQL Server 2005 ExpressDownload the SQL 2005 command line clientsqlcmd -S \\.\pipe\mssql$microsoft##ssee\sql\query -EStart it with NET START MSSQL$MICROSOFT##SSEE

31

Page 32: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Name Resolution Changes(or lack of changes)

32

Page 33: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

What's up with WINS?

Well, it's like this:WINS, your days are numbered.Unfortunately that number appears to be pretty large.Supposedly NetBT was going to be disabled by default on LH, but it isn't yet

33

Page 34: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

DNS Changes

Several new RR types and featuresHere are just the top two(Join me tomorrow to see more on these and other name resolution changes!)

34

Page 35: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

DNS Changesdnames

Migrating domain names?It can be a pain to find all of the things referring to somename.old.com and change them to somename.new.comNew DNAME record tells DNS, "whenever someone asks for somename.old.com, just return the record for somename.new.com"

35

Page 36: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

DNS Changesnext nearest site

Right now, computers try to find a local DC and if that fails they just look at the global list of DCsWith Vista and Longhorn clients, you can enable a feature whereby the client will try the "next nearest site" if the nearest failsLots more on DNS, but those are the biggiesJoin me for the "Changes in Name Resolution in Server 2008 Talk" for more!

36

Page 37: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Server Core

37

Page 38: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

What it is

Reduced-function version of ServerCan be a DC, RODC, DNS, DHCP server, Web or file serverNo .NET, no MMC, no IEAdminister locally with command promptMost GUI stuff will not runRemote: TS, MMC, WinRSWill host a hypervisor when Veridian arrives

38

Page 39: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Why Run Server Core?

The answer to a prayer!Runs a limited set of roles/features, so all kinds of services are offInstalls to a VM in 11 minutes flatNeeds far less RAM and CPU; I run one in 183 MB RAMMake it an RODC/DNS/file server and you've got one interesting appliance serverOkay, so the user interface isn't glitzy…

39

Page 40: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Here's Server Core…

40

Page 41: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Tools That Work on SC

NotepadTask ManagerTM's new Services tabRegeditvbscriptDriver VerifierPnputil (installs drivers)Chewable cud

Plus the usual command line stuff, and some new stuffdnscmdwevtutilocsetup installs rolesHeck, it's even got edlin

41

Page 42: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Active Directory

42

Page 43: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

What's NOT Fixed

MS discovered a while back that any domain admin in any domain in a forest can elevate him/herself to enterprise adminNew advice: "the forest is the security boundary"In other words, there's not that much point to multi-domain forestsResult: many firms need quite a number of forestsNot addressed in Longhorn. Bummer. 43

Page 44: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Fine-Grained Password Policies

Want to have people in the Sales group change their passwords every three months, but the folks in the Administrators group every six months?Roll out Longhorn DCsYou can then apply different password policies to different groups

44

Page 45: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Read-Only DCs

In the old days, we had one read/write DC (the PDC), and a bunch of read-only DCs (BDCs)That was bad.So then we had only read/write DCsThat was bad also.With Longhorn, you can make any DC an "RODC," read-only domain controller

45

Page 46: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

RODC authentication

Default: RODCs contain no user account infoAll authentication requests go to the nearest RWDC*You can choose to download any subset of user accounts to a RODC, perhaps the local onesThink of them as the "arms length" DCs

* RWDC = "read/write DC." Official MR&D acronym, copyright 2007

46

Page 47: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

RODC Updates

Like the old BDC modelFind a RWDCRefer account changes thereAccept updates from the RWDCsSysvol is read-only on a RODC as wellAs RODCs are lower-power, it's possible to create "subdomain admins" who can do local administration of an RODC without being a herd domain admin

47

Page 48: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Hardening RODCs

Design assumes that an RODC may be stolenWhen decommissioning a stolen RODC, ADUC offers a list of the accounts on that RODC to make for quick disabling/password changingBitLocker and RODC are an obvious pairing

48

Page 49: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

New Sysvol

Sysvol holds default profiles, logon scripts and the bulk of each group policyIt has turned out to be the weak link on DCsR2 introduced a better file replication system, DFS-RSysvol on Longhorn will shift from the old FRS replication system to DFS-RActivated in "2008 domain functional level" with a wizard

49

Page 50: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

AD Snapshots

Neat new backupBacks up to network share or DVDSnapshot Viewer lets you examine older backups… but not copy/recover themMeanwhile, normal AD backups go away and are replaced with a "disaster recovery-friendly" backup tool, CompletePC Backup

50

Page 51: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Miscellaneous

Kerberos can now use AES instead of RC4, when in Longhorn FLFreshly-created Longhorn forests shift to Longhorn FL automaticallyActive Directory can now be restarted without having to reboot to directory services restore modeRestores still need DSRM, though

51

Page 52: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Remember…this thing ain't shipped yet!

Don't believe me…Get on the beta programThe technical people at MS are listening very hard

52

Page 53: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Thanks!

I’m at [email protected] FILL OUT AN EVAL!Tech newsletter, forum at www.minasi.comOther sessions, all tomorrow (Tuesday):

10:45 AM: SVR318 Name Resolution 2008 Style: DNS, WINS and NetBIOS in 2008 (Auditorium)3:15: This talk repeated (Rm 116)5:00: Chalk Talk on Name Resolution (RM 131)

53

Page 54: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Resources

TechNet Library

Knowledge Base

Forums TechNet Magazine

Security bulletins User

Groups

Newsgroups

E-learning Product Evaluations

Videos Webcasts V-labs

Blogs MVPs

Certification Chats

Visit TechNet in the ATE Pavilion and get a FREE 60-day subscription to TechNet Plus!

learn

support

connect

subscribe

Technical Communities, Webcasts, Blogs, Chats & User Groups

http://www.microsoft.com/communities/default.mspx

Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx

Microsoft Developer Network (MSDN) & TechNet http://microsoft.com/msdn

http://microsoft.com/technet

Trial Software and Virtual Labshttp://www.microsoft.com/technet/downloads/trials/default.mspx

New, as a pilot for 2007, the Breakout sessions will be available post event, in the TechEd Video

Library, via the My Event page of the website

Page 55: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

Complete your evaluation on the My Event pages of the website at the CommNet or the Feedback Terminals to win!

All attendees who submit a session feedback form within 12 hours after the session ends will have the chance to win the very latest HTC 'Touch' smartphone complete with Windows Mobile® 6 Professional

Page 56: 1 Special Fall 2007 Issue: "Livin' the Longhorn Life"

© 2007 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only.

MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.