8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

1/40

Technical OverviewTechnical Overview

Nguyen An QueNguyen An Que

Technology SpecialistTechnology SpecialistMicrosoft VietnamMicrosoft Vietnam

Que.Nguyen@microsoft.comQue.Nguyen@microsoft.com

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

2/40

Security

Web Virtualization

Solid Foundation for Your Business Workloads

Windows Server 2008 pillarsWindows Server 2008 pillars

Reduces costs,

increases hardwareutilization, optimizesyour infrastructure,

and improves serveravailability

Delivers rich web-

based experiencesefficiently andeffectively

Provides highest

levels of protectionfor your network, your

data, and yourbusiness

Most flexible and robust Windows Server operatingsystem to date

Provides the most versatile and reliable Windowsplatform for all of your workload and application

requirements

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

3/40

Management Reliability

SolidSolid

FoundationFoundation

Windows Server ManagerPowerShell

Windows DeploymentServices

Server CoreNext Generation NetworkingHigh Availability Clustering

Most Flexible and Robust WindowsMost Flexible and Robust WindowsServer Operating System to DateServer Operating System to Date

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

4/40

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

5/40

7

DemoDemo

PowerShell

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

6/40

Server ManagerServer Manager

Product InstallationProduct Installation

Initial ConfigurationInitial Configuration

Managing Windows Server 2008Managing Windows Server 2008

SolidFoundation

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

7/40

Server Core

Security, TCP/IP, FileSystems, RPC,plus other Core ServerSub-Systems

Windows Server CoreWindows Server Core

GUI, CLR,Shell, IE, OE,

etc.

Web

DHCP

DNS

File Print

Only a subset of the executable files and DLLs installedNo GUI interface & .NET managed code installedLess disk space and management requiredCan be managed with remote tools (MMC, RDP)

ADDS

ADLDS

Media

SolidFoundation

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

8/40

8

DemoDemo

Server Core

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

9/40

Complete Redesign of TCP/IPComplete Redesign of TCP/IP

Inspection

API

WSK

WSK ClientsTDI Clients

NDIS

AFD

TDX

TDI

Winsock User Mode

Kernel Mode

Dual-IP layer architecture for native IPv4 and IPv6 support

Improved Network Performance Troubleshooting

Improved performance via hardware acceleration and auto-tuning

Greater extensibility and reliability through rich Windows Filtering

Platform APIs

Next Generation TCP/IP Stack (tcpip.sys)

IPv4

802.3 WLANLoop-back

IPv4Tunnel

IPv6Tunnel

IPv6

RAWUDPTCP

Next Generation TCP/IP Stack (tcpip.sys)

IPv4

802.3 WLAN Loop-back IPv4 Tunnel IPv6 Tunnel

IPv6

RAWUDPTCP

SolidFoundation

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

10/40

SolidFoundationWindows Firewall w/ Advanced SecurityWindows Firewall w/ Advanced Security

Combined firewall and IPsec management

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

11/40

8

DemoDemoWindows Firewall & IPSec

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

12/40

Failover ClusteringFailover Clustering

Heartbeat

New Validation Wizard for server, storage & network testingSupport for GUID partition table (GPT) disks in cluster storage

Improved cluster setup interface

Quorum resource: no longer single-point-of-failure

IPv6 support

Geographically dispersed clusters: accross subnets, no VLAN needed

Node

A

ctive Nodective NodeNode

B

assive Nodeassive Node

SolidFoundation

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

13/40

Windows Deployment ServicesWindows Deployment Services

Rapidly deploy Windowsoperating systems

Updated and redesignedversion of Remote InstallationServices (RIS)

Server components

Client components: WinPE

Management components

WDS

WindowsVista

WindowsServer 2008

SolidFoundation

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

14/40

Reliability and Performance MonitorReliability and Performance Monitor

Combines functionality of previous stand-alone tools

Tracks system changes

Provides new functionality

SolidFoundation

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

15/40

Deliver Rich Web-based ExperiencesDeliver Rich Web-based ExperiencesEfficiently and EffectivelyEfficiently and Effectively

InternetInformationServices 7.0

WindowsSharePointServices

WebWeb

Windows MediaServices

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

16/40

WebIIS 7.0: a robust Web & Application ServerIIS 7.0: a robust Web & Application Server

IIS7

Enhanced security and reduced attack surface

Administration: UI & APPCMD& shared configuration

Delegation & true application XCOPY deployment

Highly customizable

Advanced troubleshooting

Windows Communication Foundation ( Windows Activation Service

WebWeb

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

17/40

13

IIS7

DemoDemo

IIS 7.0 new features

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

18/40

Optimize Your Infrastructure andOptimize Your Infrastructure andImprove Server AvailabilityImprove Server Availability

TerminalServicesRemoteApp

Terminal ServicesGateway

Windows ServerVirtualization VirtualizationVirtualization

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

19/40

Virtualization TechnologiesVirtualization Technologies

Windows ServerVirtualization

Server Virtualizationresentation Virtualization

Application Virtualizatioesktop Virtualization

ManagementManagement

Virtualization

VirtualizationVirtualization

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

20/40

Windows Server VirtualizationWindows Server Virtualization

Greater Scalability and improvedperformance

x64 bit host and guestsupport

SMP support

Increased reliability and securityMinimal Trusted Code baseWindows running a

foundation roleBetter flexibility and manageability

New UI/Integration withSCVMM

AMD-V / Intel VTAMD-V / Intel VTWindows HypervisorWindows Hypervisor

VM 1VM 1ParentParent

VMVM22

ChilChildd

VMVM33

ChilChildd

VirtualVirtualHard DisksHard Disks

(VHD)(VHD)

HardwareHardwareWindows Server 2003Windows Server 2003

Virtual Server 2005 R2Virtual Server 2005 R2

VM 2VM 2 VM 3VM 3

Virtualization

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

21/40

Application VirtualizationApplication Virtualization

Application Isolation

Dynamic Streaming

System Center Integration

Software as a Centrally-managed Service

Available through

Virtualization

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

22/40

Virtualization InvestmentsVirtualization Investments

ManagementManagementInfrastructureInfrastructure ApplicationsApplicationsInteroperabilityInteroperabilityLicensingLicensing

Create agility

Better utilizeserver resources

Partner with AMD and Intel

Ease consolidationonto virtual infrastructure

Better utilize

managementresources

Supportheterogeneityacross the

datacenterOSP (Open Specification Promise) VHD

Acceleratedeployment

Reduce the cost of supporti

applications

tive, flexible and simplified licensing

ree VHD format

A Multi-level Approach

Terminal Services

Virtualization

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

23/40

Terminal Services GatewayTerminal Services Gateway

E

xterna

lFirewa

ll

InternalFirew a

ll

Internet

Perimeter

Network

Corporate

Network

Remote/

Mobile User

Terminal

ServicesGateway

NetworkPolicy Server

ActiveDirectory DC

Tunnels RDPover HTTPs

Strips offRDP / HTTPs

Terminal

Serversand other

RDP Hosts

RDP trafficpassed to TS

Internet

Virtualization

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

24/40

Terminal Services RemoteAppTerminal Services RemoteApp

Terminal Services

Gateway Server

mote Desktop client required

Virtualization

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

25/40

6

DemoDemo

Terminal ServiceRemoteApps

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

26/40

Hardens Operating System andHardens Operating System andIncreases Environment ProtectionIncreases Environment Protection

Read-OnlyDomainController

Network AccessProtection

FederatedRights

Management

SecuritySecurity

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

27/40

11

RemediationServers

Example: Patch

Using Network Access ProtectionUsing Network Access Protection

RestrictedNetwork

11

WindowsClient

22

22DHCP, VPN or Switch/Router relays health statusto Microsoft Network Policy Server (RADIUS)

33

33Network Policy Server (NPS) validates against IT-defined health policy

44

If not policy compliant, client is put in a restrictedVLAN and given access to fix up resources todownload patches, configurations, signatures(Repeat 1 - 4)

Not policyNot policycompliantcompliant

55If policy compliant, client is granted full access tocorporate network

PolicyPolicycompliantcompliant

NPSDHCP, VPN

Switch/Router

44

Policy Serverssuch as: Patch, AV

Corporate Network

55

Client requests access to network and presentscurrent health state

Security

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

28/40

Security

5+9

DemoDemoNetwork Access Protection

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

29/40

Auto-RemediationAuto-Remediation

A ti Di t F d ti S i

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

30/40

Active Directory FederationActive Directory Federation ServicesServices

WebServer

AD AD

AccountFederation

Server

ResourceFederation

Server

CompanyB

CompanyA

Federation Trust

Security

AD FS provides an identityaccess solution

Deploy federation servers inmultiple organizations tofacilitate business-to-business (B2B) transactions

AD FS provides a Web-based, SSO solution

Federated Identity support inFederated Identity support in

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

31/40

Federated Identity support inFederated Identity support inAD Rights Management ServicesAD Rights Management Services

AD AD

AccountFederation

Server

ResourceFederation

Server

CompanyB

CompanyA

Federation Trust

RMS

WebSSO

Security

Together AD FS andAD RMS enable users fromdifferent domains tosecurely share documentsbased on federated

identities

O CR d O l D i C t ll

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

32/40

Read-Only Domain ControllerRead-Only Domain Controller

Head Quarter Branch Office

FeaturesRead Only Active Directory DatabaseOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation

BenefitsIncreases security for remote Domain Controllers where physical

security cannot be guaranteed

RODC

Security

H RODC W kH RODC W k

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

33/40

BranchHeadQuarter

Read OnlyDC

How RODC WorksHow RODC Works

Windows Server 2008DC

11

22

33

44

5566

66

112233445566 User logs on and authenticatesRODC: Looks in DB: "I don't have the userssecrets"Forwards Request to Windows Server 2008DCWindows Server 2008 DC authenticatesrequestReturns authentication response and TGTback to the RODCRODC gives TGT to User and RODC willcache credentials

RODC

Security

Wh t if DC i t l ?Wh t if DC i t l ?

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

34/40

SecurityWhat if a DC is stolen?What if a DC is stolen?

B h Offi B fitB h Offi B fitSolid

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

35/40

Head Quarter

Branch Office

Branch Office BenefitsBranch Office Benefits

Optimization

DFS ReplicationSecurity

BitLocker

Full Volume Encryption

Server Core

Read-Only Domain Controller

AdministrationSOAP-based remote

management (WinRM)

Restartable Active Directory

SolidFoundation

PKI S tPKI S t

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

36/40

PKI SupportPKI Support Security

Built-in Certificate Service

UsageData Encryption

Digital Signature

Smart Card authentication

Wi d S 2008Wi d S 2008

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

37/40

Windows Server 2008:Windows Server 2008:A RobusA Robustt Application PlatformApplication Platform

Application PlatformApplication Platform

.NET Framework 3.0

IIS 7.0

Windows Activation Service

MSMQ 4.0

Wi d S 2008 SWi d S 2008 S

88

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

38/40

Windows Server 2008 SummaryWindows Server 2008 Summary

Security

NAPNAP

Read-Only DCRead-Only DC

AD RMSAD RMSAD Federation SvcAD Federation Svc

PKI supportPKI support

BitLockerBitLocker

Virtualization

WindowsWindowsVirtualizationVirtualization

TS GatewayTS GatewayTS RemoteAppsTS RemoteApps

Web

Modular designModular design

Less attack surfaceLess attack surface

Admin delegationAdmin delegationAPPCMDAPPCMD

Win Activation SvcWin Activation Svc

Tracing &Tracing &TroubleshootingTroubleshooting

Solid Foundation for Your Business WorkloadsWindows PowerShellWindows PowerShell

Server CoreServer Core

Server ManagerServer Manager

Windows Firewall withWindows Firewall with

Advanced Security & IPSecAdvanced Security & IPSec

IPv6IPv6

Failover ClusteringFailover Clustering

Reliability & PerformanceReliability & PerformanceMonitorMonitor

Windows Deployment SvcWindows Deployment Svc

www

.mi

cro

so

ft.c

om

/Win d

ows

Server2

008

www

.mic

roso

ft.c

om

/Wind

ows

Ser ver2

008

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

39/40

More information

www.microsoft.com/WindowsServer2008 www.iis.net

http://www.microsoft.com/WindowsServer2008http://www.iis.net/http://www.iis.net/http://www.microsoft.com/WindowsServer2008

8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present

40/40

Thank You!Que.Nguyen@microsoft.com