Windows Server 2016 Secure IaaS Microsoft Build 2016 6/1/2018 4:00 AM How to make money using Secure IaaS. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Hosting Challenges Security Cost Efficient Infrastructure PRISM FY16 6/1/2018 4:00 AM Hosting Challenges Security Cost Efficient Infrastructure Next Generation Application Platform Increasing breaches incidents Identity is target of attacks Not easy to secure virtual environments Looking for cost savings Need to reduce datacenter footprint Lack of integration between solutions Integration with Dev and Ops Fast and lightweight OS How to plan for public cloud In modern hosting environments, providing a safer, inexpensive and agile platform for your customers is more important than ever to be competitive in today’s marketplace consisting of both public and private cloud solutions. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Presenting Windows Server 2016 PRISM FY16 6/1/2018 4:00 AM Presenting Windows Server 2016 Advanced Multi-Layer Security Azure Inspired, Software Defined Infrastructure Next Generation Application Platform Privileged identity protection Secure virtualization platform Breach resistance Built-in compute, storage and network virtualization Hyper-Converged Hyper-Scale Traditional & cloud-native apps Containers & microservices Azure Hybrid Use Benefit Windows Server 2016 provides you with the tools necessary to provide services and solutions to your clients while lowering your operational costs, increasing the security posture of your hosting environment, and ensuring that your client’s data stays within their purview. The operating system that powers Azure and Your Business © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Hosting Opportunities Using Windows Server 2016 Platform for Modern Apps Secure IaaS Cost Efficient Reliable Storage Software Defined Datacenter. Provide higher density and performance for container-based apps and microservices. Compatible with existing server applications. Prevent and block attacks against virtual machines, applications, and data with layers of protection built into the OS. Use industry-standard hardware to build lower- cost, high density, highly available and scalable storage. Achieve cost-savings and flexibility with software-defined compute, storage and network virtualization technologies inspired by Microsoft Azure. Talk to each of the four Offerings described above and how they can help create new revenue streams with value add services and solutions. Establishes new revenue streams with value added services every step of the way
Secure IaaS (Virtual Machines) Microsoft Build 2016 6/1/2018 4:00 AM Secure IaaS (Virtual Machines) Shielded VM Use BitLocker to encrypt the disk and state of virtual machines protecting secrets from compromised admins & malware Host Guardian Service Attests to host health releasing the keys required to boot or migrate a Shielded VM only to healthy hosts Generation 2 VM Supports virtualized equivalents of hardware security technologies (e.g. TPMs) enabling BitLocker encryption for Shielded VMs BUILDING PERIMETER COMPUTER ROOM HYPER-V Virtual machine HYPER-V Shielded virtual machine Physical machine Server Administrator ü ü *Configuration dependent û * torage administrator S û ü û Secure IaaS ensures that Hosters have just enough access (JEA) to administer and manage the environment their client’s applications and data is stored on. Network administrator û ü û Backup operator û ü û Virtualization-host administrator û ü û Virtual machine administrator û ü ü © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Shielded Virtual Machines Works with Host Guardian Service Cloud/Datacenter Hyper-V Host 1 Host OS Guest VM Guest VM Guest VM Hypervisor Please sir, may I have some keys? Hyper-V Host 2 Host OS Guest VM Guest VM Fabric Controller Powering up a VM works – with WS2016 and SVM, host requests key from Host Guardian service, and releases key. Hypervisor Hyper-V Host 3 Host OS Guest VM Guest VM Key Protection Hypervisor Host Guardian Service
Shielded Virtual Machines Works with Host Guardian Service Cloud/Datacenter Key release criteria (TPM-mode) Known physical machines Trusted Hyper-V instance CI-compliant configuration Hyper-V Host 1 Host OS Guest VM Guest VM Guest VM Hypervisor Sure, I know you and you look healthy Hyper-V Host 2 Host OS Guest VM Guest VM Fabric Controller Hypervisor Hyper-V Host 3 Host OS Guest VM Guest VM Key Protection Hypervisor Host Guardian Service
Challenges in protecting the OS Microsoft Build 2016 6/1/2018 4:00 AM Challenges in protecting the OS New exploits can attack the OS boot-path all the way up through applications. Known and unknown threats need to be blocked without impacting legitimate workloads. ? Once a hacker gets in, we discussed how they can “lay in wait” for days or weeks, looking for an opportunity to get at the really valuable data. This is usually tied to your strategic applications or databases. This means we need many layers of protection, from the OS boot-path, all the way to the application. Example threat: Ransomware on university servers locks users away from critical student and research data—until a ransom is paid to the attacker. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Help protect the OS and applications On-premises or in any cloud Microsoft Build 2016 6/1/2018 4:00 AM Help protect the OS and applications On-premises or in any cloud Device Guard Ensure that only permitted binaries can be executed from the moment the OS is booted. Windows Defender Actively protects from known malware without impacting workloads. Control Flow Guard Protects against unknown vulnerabilities by helping prevent memory corruption attacks. Additional security features can be enabled as needed to help you: Prevent malware and ransomware from being injected into servers. Quickly identify behavior that indicates a server breach. How Windows Server 2016 helps: Ensure only permitted binaries are executed with Code Integrity. If someone tries to infect your OS with a new application (malware, etc.) they cannot run when the OS is protected by Code Integrity. Windows Defender is the same antimalware feature you get in Windows 10 …it also protects against known vulnerabilities without impacting server roles (such as Web Servers). Protect against unknown vulnerabilities (these are attacks that are not identified yet in our antimalware database) with Control Flow Guard. If application is acting strange or suspiciously, we can block it until we check it out. These features work no matter where you deploy it! Your datacenter, on Azure/AWS/Google or a VMware environment. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Setup a call with a Technology Solutions Professional or Architect.