2007.11 Que - Win 2008 Tech Overview - Present
Transcript of 2007.11 Que - Win 2008 Tech Overview - Present
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
1/40
Technical OverviewTechnical Overview
Nguyen An QueNguyen An Que
Technology SpecialistTechnology SpecialistMicrosoft VietnamMicrosoft Vietnam
[email protected]@microsoft.com
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
2/40
Security
Web Virtualization
Solid Foundation for Your Business Workloads
Windows Server 2008 pillarsWindows Server 2008 pillars
Reduces costs,
increases hardwareutilization, optimizesyour infrastructure,
and improves serveravailability
Delivers rich web-
based experiencesefficiently andeffectively
Provides highest
levels of protectionfor your network, your
data, and yourbusiness
Most flexible and robust Windows Server operatingsystem to date
Provides the most versatile and reliable Windowsplatform for all of your workload and application
requirements
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
3/40
Management Reliability
SolidSolid
FoundationFoundation
Windows Server ManagerPowerShell
Windows DeploymentServices
Server CoreNext Generation NetworkingHigh Availability Clustering
Most Flexible and Robust WindowsMost Flexible and Robust WindowsServer Operating System to DateServer Operating System to Date
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
4/40
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
5/40
7
DemoDemo
PowerShell
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
6/40
Server ManagerServer Manager
Product InstallationProduct Installation
Initial ConfigurationInitial Configuration
Managing Windows Server 2008Managing Windows Server 2008
SolidFoundation
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
7/40
Server Core
Security, TCP/IP, FileSystems, RPC,plus other Core ServerSub-Systems
Windows Server CoreWindows Server Core
GUI, CLR,Shell, IE, OE,
etc.
Web
DHCP
DNS
File Print
Only a subset of the executable files and DLLs installedNo GUI interface & .NET managed code installedLess disk space and management requiredCan be managed with remote tools (MMC, RDP)
ADDS
ADLDS
Media
SolidFoundation
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
8/40
8
DemoDemo
Server Core
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
9/40
Complete Redesign of TCP/IPComplete Redesign of TCP/IP
Inspection
API
WSK
WSK ClientsTDI Clients
NDIS
AFD
TDX
TDI
Winsock User Mode
Kernel Mode
Dual-IP layer architecture for native IPv4 and IPv6 support
Improved Network Performance Troubleshooting
Improved performance via hardware acceleration and auto-tuning
Greater extensibility and reliability through rich Windows Filtering
Platform APIs
Next Generation TCP/IP Stack (tcpip.sys)
IPv4
802.3 WLANLoop-back
IPv4Tunnel
IPv6Tunnel
IPv6
RAWUDPTCP
Next Generation TCP/IP Stack (tcpip.sys)
IPv4
802.3 WLAN Loop-back IPv4 Tunnel IPv6 Tunnel
IPv6
RAWUDPTCP
SolidFoundation
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
10/40
SolidFoundationWindows Firewall w/ Advanced SecurityWindows Firewall w/ Advanced Security
Combined firewall and IPsec management
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
11/40
8
DemoDemoWindows Firewall & IPSec
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
12/40
Failover ClusteringFailover Clustering
Heartbeat
New Validation Wizard for server, storage & network testingSupport for GUID partition table (GPT) disks in cluster storage
Improved cluster setup interface
Quorum resource: no longer single-point-of-failure
IPv6 support
Geographically dispersed clusters: accross subnets, no VLAN needed
Node
A
ctive Nodective NodeNode
B
assive Nodeassive Node
SolidFoundation
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
13/40
Windows Deployment ServicesWindows Deployment Services
Rapidly deploy Windowsoperating systems
Updated and redesignedversion of Remote InstallationServices (RIS)
Server components
Client components: WinPE
Management components
WDS
WindowsVista
WindowsServer 2008
SolidFoundation
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
14/40
Reliability and Performance MonitorReliability and Performance Monitor
Combines functionality of previous stand-alone tools
Tracks system changes
Provides new functionality
SolidFoundation
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
15/40
Deliver Rich Web-based ExperiencesDeliver Rich Web-based ExperiencesEfficiently and EffectivelyEfficiently and Effectively
InternetInformationServices 7.0
WindowsSharePointServices
WebWeb
Windows MediaServices
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
16/40
WebIIS 7.0: a robust Web & Application ServerIIS 7.0: a robust Web & Application Server
IIS7
Enhanced security and reduced attack surface
Administration: UI & APPCMD& shared configuration
Delegation & true application XCOPY deployment
Highly customizable
Advanced troubleshooting
Windows Communication Foundation ( Windows Activation Service
WebWeb
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
17/40
13
IIS7
DemoDemo
IIS 7.0 new features
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
18/40
Optimize Your Infrastructure andOptimize Your Infrastructure andImprove Server AvailabilityImprove Server Availability
TerminalServicesRemoteApp
Terminal ServicesGateway
Windows ServerVirtualization VirtualizationVirtualization
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
19/40
Virtualization TechnologiesVirtualization Technologies
Windows ServerVirtualization
Server Virtualizationresentation Virtualization
Application Virtualizatioesktop Virtualization
ManagementManagement
Virtualization
VirtualizationVirtualization
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
20/40
Windows Server VirtualizationWindows Server Virtualization
Greater Scalability and improvedperformance
x64 bit host and guestsupport
SMP support
Increased reliability and securityMinimal Trusted Code baseWindows running a
foundation roleBetter flexibility and manageability
New UI/Integration withSCVMM
AMD-V / Intel VTAMD-V / Intel VTWindows HypervisorWindows Hypervisor
VM 1VM 1ParentParent
VMVM22
ChilChildd
VMVM33
ChilChildd
VirtualVirtualHard DisksHard Disks
(VHD)(VHD)
HardwareHardwareWindows Server 2003Windows Server 2003
Virtual Server 2005 R2Virtual Server 2005 R2
VM 2VM 2 VM 3VM 3
Virtualization
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
21/40
Application VirtualizationApplication Virtualization
Application Isolation
Dynamic Streaming
System Center Integration
Software as a Centrally-managed Service
Available through
Virtualization
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
22/40
Virtualization InvestmentsVirtualization Investments
ManagementManagementInfrastructureInfrastructure ApplicationsApplicationsInteroperabilityInteroperabilityLicensingLicensing
Create agility
Better utilizeserver resources
Partner with AMD and Intel
Ease consolidationonto virtual infrastructure
Better utilize
managementresources
Supportheterogeneityacross the
datacenterOSP (Open Specification Promise) VHD
Acceleratedeployment
Reduce the cost of supporti
applications
tive, flexible and simplified licensing
ree VHD format
A Multi-level Approach
Terminal Services
Virtualization
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
23/40
Terminal Services GatewayTerminal Services Gateway
E
xterna
lFirewa
ll
InternalFirew a
ll
Internet
Perimeter
Network
Corporate
Network
Remote/
Mobile User
Terminal
ServicesGateway
NetworkPolicy Server
ActiveDirectory DC
Tunnels RDPover HTTPs
Strips offRDP / HTTPs
Terminal
Serversand other
RDP Hosts
RDP trafficpassed to TS
Internet
Virtualization
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
24/40
Terminal Services RemoteAppTerminal Services RemoteApp
Terminal Services
Gateway Server
mote Desktop client required
Virtualization
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
25/40
6
DemoDemo
Terminal ServiceRemoteApps
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
26/40
Hardens Operating System andHardens Operating System andIncreases Environment ProtectionIncreases Environment Protection
Read-OnlyDomainController
Network AccessProtection
FederatedRights
Management
SecuritySecurity
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
27/40
11
RemediationServers
Example: Patch
Using Network Access ProtectionUsing Network Access Protection
RestrictedNetwork
11
WindowsClient
22
22DHCP, VPN or Switch/Router relays health statusto Microsoft Network Policy Server (RADIUS)
33
33Network Policy Server (NPS) validates against IT-defined health policy
44
If not policy compliant, client is put in a restrictedVLAN and given access to fix up resources todownload patches, configurations, signatures(Repeat 1 - 4)
Not policyNot policycompliantcompliant
55If policy compliant, client is granted full access tocorporate network
PolicyPolicycompliantcompliant
NPSDHCP, VPN
Switch/Router
44
Policy Serverssuch as: Patch, AV
Corporate Network
55
Client requests access to network and presentscurrent health state
Security
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
28/40
Security
5+9
DemoDemoNetwork Access Protection
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
29/40
Auto-RemediationAuto-Remediation
A ti Di t F d ti S i
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
30/40
Active Directory FederationActive Directory Federation ServicesServices
WebServer
AD AD
AccountFederation
Server
ResourceFederation
Server
CompanyB
CompanyA
Federation Trust
Security
AD FS provides an identityaccess solution
Deploy federation servers inmultiple organizations tofacilitate business-to-business (B2B) transactions
AD FS provides a Web-based, SSO solution
Federated Identity support inFederated Identity support in
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
31/40
Federated Identity support inFederated Identity support inAD Rights Management ServicesAD Rights Management Services
AD AD
AccountFederation
Server
ResourceFederation
Server
CompanyB
CompanyA
Federation Trust
RMS
WebSSO
Security
Together AD FS andAD RMS enable users fromdifferent domains tosecurely share documentsbased on federated
identities
O CR d O l D i C t ll
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
32/40
Read-Only Domain ControllerRead-Only Domain Controller
Head Quarter Branch Office
FeaturesRead Only Active Directory DatabaseOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation
BenefitsIncreases security for remote Domain Controllers where physical
security cannot be guaranteed
RODC
Security
H RODC W kH RODC W k
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
33/40
BranchHeadQuarter
Read OnlyDC
How RODC WorksHow RODC Works
Windows Server 2008DC
11
22
33
44
5566
66
112233445566 User logs on and authenticatesRODC: Looks in DB: "I don't have the userssecrets"Forwards Request to Windows Server 2008DCWindows Server 2008 DC authenticatesrequestReturns authentication response and TGTback to the RODCRODC gives TGT to User and RODC willcache credentials
RODC
Security
Wh t if DC i t l ?Wh t if DC i t l ?
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
34/40
SecurityWhat if a DC is stolen?What if a DC is stolen?
B h Offi B fitB h Offi B fitSolid
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
35/40
Head Quarter
Branch Office
Branch Office BenefitsBranch Office Benefits
Optimization
DFS ReplicationSecurity
BitLocker
Full Volume Encryption
Server Core
Read-Only Domain Controller
AdministrationSOAP-based remote
management (WinRM)
Restartable Active Directory
SolidFoundation
PKI S tPKI S t
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
36/40
PKI SupportPKI Support Security
Built-in Certificate Service
UsageData Encryption
Digital Signature
Smart Card authentication
Wi d S 2008Wi d S 2008
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
37/40
Windows Server 2008:Windows Server 2008:A RobusA Robustt Application PlatformApplication Platform
Application PlatformApplication Platform
.NET Framework 3.0
IIS 7.0
Windows Activation Service
MSMQ 4.0
Wi d S 2008 SWi d S 2008 S
88
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
38/40
Windows Server 2008 SummaryWindows Server 2008 Summary
Security
NAPNAP
Read-Only DCRead-Only DC
AD RMSAD RMSAD Federation SvcAD Federation Svc
PKI supportPKI support
BitLockerBitLocker
Virtualization
WindowsWindowsVirtualizationVirtualization
TS GatewayTS GatewayTS RemoteAppsTS RemoteApps
Web
Modular designModular design
Less attack surfaceLess attack surface
Admin delegationAdmin delegationAPPCMDAPPCMD
Win Activation SvcWin Activation Svc
Tracing &Tracing &TroubleshootingTroubleshooting
Solid Foundation for Your Business WorkloadsWindows PowerShellWindows PowerShell
Server CoreServer Core
Server ManagerServer Manager
Windows Firewall withWindows Firewall with
Advanced Security & IPSecAdvanced Security & IPSec
IPv6IPv6
Failover ClusteringFailover Clustering
Reliability & PerformanceReliability & PerformanceMonitorMonitor
Windows Deployment SvcWindows Deployment Svc
www
.mi
cro
so
ft.c
om
/Win d
ows
Server2
008
www
.mic
roso
ft.c
om
/Wind
ows
Ser ver2
008
-
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
39/40
More information
www.microsoft.com/WindowsServer2008 www.iis.net
http://www.microsoft.com/WindowsServer2008http://www.iis.net/http://www.iis.net/http://www.microsoft.com/WindowsServer2008 -
8/8/2019 2007.11 Que - Win 2008 Tech Overview - Present
40/40
Thank [email protected]