Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Server 2008 Technical Decision Maker Presentation.

Published byErik Blankenship Modified over 8 years ago

Similar presentations

Presentation on theme: "Windows Server 2008 Technical Decision Maker Presentation."— Presentation transcript:

1 Windows Server 2008 Technical Decision Maker Presentation

2 Business Results & New Value End User Productivity Customer Connection Keep Business Up & Running Security Competition Technology Change Regulatory Compliance Cost Reduction More Pressure than Ever on IT

3 SecurityWebVirtualization Solid Foundation for Your Business Workloads Windows Server 2008 Reduces costs, increases hardware utilization, optimizes your infrastructure, and improves server availability Delivers rich web- based experiences efficiently and effectively Provides unprecedented levels of protection for your network, your data, and your business Most flexible and robust Windows Server operating system to date Provides the most versatile and reliable Windows platform for all of your workload and application requirements

4 Management Reliability Solid Foundation Windows Server Manager PowerShell Windows Deployment Services Server Core Next Generation Networking High Availability Clustering Most Flexible and Robust Windows Server Operating System to Date

5 Windows PowerShell New Command-line shell & Scripting Language Futures Improves productivity & control Accelerates automation of system admin Easy-to-use Works with existing scripts Will ship in Windows Admin GUIs layered over PowerShell One-to-many remote management using WS-MGMT Partners Solid Foundation

6 Windows PowerShell Resources Hundreds of Scripts Books & Training Materials Community Support MS MVPs PowerShell Team Blog Active Newsgroup Channel 9: DFO Show IIS.net Manning Publications O’Reilly Media Sapien Press & others… TechNet ScriptCenter Exchange Server 2007 Terminal Server WMI, Registry, Hardware, etc. Community-Submitted scripts MyITForum.com Solid Foundation

7 PowerShell

8 Server Manager Product Installation Initial Configuration Managing Windows Server 2008 Solid Foundation

9 Server Manager Solid Foundation

10 Windows Server Core Only a subset of the executable files and DLLs installed No GUI interface installed Five available Server Roles Can be managed with remote tools Solid Foundation

11 Server Core Solid Foundation

12 Complete Redesign of TCP/IP Inspection API WSK WSK Clients TDI Clients NDIS AFD TDX TDI Winsock User Mode Kernel Mode Dual-IP layer architecture for native IPv4 and IPv6 support Improved Network Performance Troubleshooting Improved performance via hardware acceleration and autotuning Greater extensibility and reliability through rich APIs Completely manageable through Group Policy Next Generation TCP/IP Stack (tcpip.sys) IPv4 802.3 WLAN Loop- back IPv4 Tunnel IPv6 Tunnel IPv6 RAW UDP TCP Solid Foundation

13 Key New Networking Features Receive Window Autotuning Windows Filtering Platform Receive Side Scaling Policy-based Quality of Service Automatically senses network environment and adjusts key performance settings Allows increase of the size of the TCP/IP send / receive window Provides filtering capability at all layers of the TCP/IP protocol stack Integrates and provides support for next-generation firewall features Previous Windows operating systems limits receive protocol processing to single CPU RSS resolves this issue by allowing network load from a network adapter to be balanced across multiple CPUs Prioritize or manage the sending rate for outgoing network traffic Both DSCP marking and throttling can be used together to manage traffic effectively Solid Foundation

14 Windows Firewall w/ Advanced Security Combined firewall and IPsec management Firewall rules become more intelligent Policy-based networking

15 Hub Site Branch Office Branch Office Benefits Optimization SysVol Replication DFS Replication Protocols Security BitLocker Server Core Read-Only Domain Controller Role Separation Administration Print Management Console PowerShell, WinRS, WinRM Virtualization Restartable Active Directory Solid Foundation

16 Failover Clustering Heartbeat New Validation Wizard Support for GUID partition table (GPT) disks in cluster storage Improved cluster setup and migration Improvements to stability and security – no single point of failure IPv6 support Geographically dispersed clusters Active Node Passive Node Solid Foundation

17 Windows Deployment Services Rapidly deploy Windows operating systems Updated and redesigned version of Remote Installation Services (RIS) Server components Client components Management components Windows Deployment Services provides several enhancements to RIS Windows Vista Windows Server 2008 Solid Foundation

18 Reliability and Performance Monitor Combines functionality of previous stand-alone tools Tracks system changes Provides new functionality Solid Foundation

19 Deliver Rich Web-based Experiences Efficiently and Effectively Internet Information Services 7.0 Windows SharePoint Services Web Windows Media Services

20 Web IIS 7.0 Overview Customization Troubleshooting Administration Enhanced security and reduced attack surface True application xcopy deployment Application and health management for WFC services

21 IIS 7.0 Web Administration Enhanced Web Administration at Every Stage in the Application Lifecycle Simpler Application Deployment to Web Farms & UNC Shares More Secure, Reliable Application Hosting Greater Productivity Via Delegated Management & Better Tools Reduced Downtime From Faster Troubleshooting Web

22 Managing Your Web with IIS 7.0 Arsenal of Admin Tools Delegated Management Secure Remote Management Shared Config for Web Farms Better Tools Intuitive, Task Oriented GUI.NET Management API Unified WMI Provider for IIS/ASP.NET Powerful Command Line Support Rich Runtime State Information Automatic Failure Tracing & Logging Site Owner Web.config XML DelegationDelegation XCopy Deploy Administrator Internet Manage Remotely Secure HTTPS AppHost.config XML Shared Config Shared App Hosting Web Farm App Web

23 Windows SharePoint Services Administration model enhancements New and improved compliance features and capabilities New and improved operational tools and capabilities Improved support for network configuration Extensibility enhancements Web

24 Windows Media Services Ultimate Streaming Experience Fast Streaming delivers instant- on/always-on Intelligent Streaming optimizes the experience Dynamic Content Programming Manage channels on-the-fly Generate revenue with Lead-In and Interstitial AdsIndustrial-StrengthPlatform Increases industry- leading scalability Rich administration with broad range of tools Web

25 Optimize Your Infrastructure and Improve Server Availability Terminal Services RemoteApp Terminal Services Gateway Windows Server Virtualization Virtualization

26 Virtualization Technologies Windows Server Virtualization Server Virtualization Presentation Virtualization Application Virtualization Desktop Virtualization Management Virtualization

27 Windows Server Virtualization Greater Scalability and improved performance x64 bit host and guest support SMP support Increased reliability and security Minimal Trusted Code base Windows running a foundation role Better flexibility and manageability New UI/Integration with SCVMM VM 1 “Parent” VM 2 “Child” VM 3 “Child” HardwareHardware Windows Server 2003 Virtual Server 2005 R2 VM 2 VM 3 Virtualization

28 Windows Server Virtualization Application Virtualization Application Isolation Dynamic Streaming System Center Integration Software as a Centrally- managed Service Available through… Virtualization

29 Virtualization Investments ManagementInfrastructureApplicationsInteroperabilityLicensing Create agility Better utilize server resources Partner with AMD and Intel Ease consolidation onto virtual infrastructure Better utilize management resources Support heterogeneity across the datacenter OSP (Open Specification Promise) VHD Accelerate deployment Reduce the cost of supporting applications Deliver cost-effective, flexible and simplified licensing Royalty Free VHD format A Multi-level Approach Terminal Services Virtualization

30 Terminal Services Gateway Internet Perimeter Network Corporate Network Remote/ Mobile User Terminal Services Gateway Network Policy Server Active Directory DC Tunnels RDP over HTTPs Strips off RDP / HTTPs Terminal Servers and other RDP Hosts RDP traffic passed to TS Internet Virtualization

31 Terminal Services RemoteApp Terminal Services Gateway Server Remote programs integrated with local computer Centrally configure a terminal server with the Terminal Server Configuration console Remote programs integrated with local computer Centrally configure a terminal server with the Terminal Server Configuration console RemoteApp console used to make application available Also used to make programs available via TS Web Access Programs look like they are running locally Only supported by Remote Desktop client 6.0, or newer Remote Desktop client required Virtualization

32 Terminal Services Virtualization

33 Hardens Operating System and Increases Environment Protection Read-Only Domain Controller Network Access Protection Federated Rights Management Security

34 Server Protection Features Security Development Process Secure Startup and shield up at install Code integrity Windows service hardening Inbound and outbound firewall Restart Manager Improved auditing Network Access Protection Event Forwarding Policy Based Networking Server and Domain Isolation Removable Device Installation Control Active Directory Rights Management Services Security Compliance

35 Windows Server 2008 Hardening Windows ® XP SP2/Server 2003 R2 LocalSystem Windows Vista/Server 2008 Network Service Local Service LocalSystem Firewall Restricted LocalSystem Firewall Restricted Network Service Network Restricted Network Service Network Restricted Local Service No Network Access Local Service No Network Access LocalSystem Network Service Fully Restricted Network Service Fully Restricted Local Service Fully Restricted Local Service Fully Restricted Security

36 BitLocker™ Drive Encryption Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage Full Volume Encryption Key (FVEK) Encryption Policy Security

37 Network Access Protection Remediation Servers Example: Patch Restricted Network Windows Client Policy compliant NPS DHCP, VPN Switch/Router Policy Servers such as: Patch, AV Corporate Network Not policy compliant What is Network Access Protection? Cisco and Microsoft Integration Story Health Policy Validation Health Policy Compliance Ability to Provide Limited Access Enhanced Security Increased Business Value Security

38 11 Remediation Servers Example: Patch Using Network Access Protection Restricted Network 11 Windows Client 22 22 DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) 33 33 Network Policy Server (NPS) validates against IT- defined health policy 44 If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) Not policy compliant 55 If policy compliant, client is granted full access to corporate network Policy compliant NPS DHCP, VPN Switch/Router 44 Policy Servers such as: Patch, AV Corporate Network 55 Client requests access to network and presents current health state Security

39 Network Access Protection Security

40 AD Rights Management Services AD RMS protects access to an organization’s digital files AD RMS in Windows Server 2008 includes several new features Improved installation and administration experience Self-enrollment of the AD RMS cluster Integration with AD Federation Services New AD RMS administrative roles Information Author The Recipient Security

41 Active Directory Federation Services AD FS provides an identity access solution Deploy federation servers in multiple organizations to facilitate business-to- business (B2B) transactions AD FS provides a Web- based, SSO solution AD FS interoperates with other security products that support the Web Services Architecture AD FS improved in Windows Server 2008 Web Server Account Federation Server Resource Federation Server Adatum Contoso Federation Trust Security

42 Federated Rights Management Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities AD RMS is fully claims- aware and can interpret AD FS claims Office SharePoint Server 2007 can be configured to accept federated identity claims Account Federation Server Resource Federation Server Adatum Contoso Federation Trust Web SSO Security

43 Read-Only Domain Controller Main Office Branch Office Features Read Only Active Directory Database Only allowed user passwords are stored on RODC Unidirectional Replication Role Separation Benefits Increases security for remote Domain Controllers where physical security cannot be guaranteed Support ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM RODC Security

44 Branch Hub Read Only DC How RODC Works Windows Server 2008 DC 11 22 33 44 55 66 66 112233445566 User logs on and authenticates RODC: Looks in DB: "I don't have the users secrets" Forwards Request to Windows Server 2008 DC Windows Server 2008 DC authenticates request Returns authentication response and TGT back to the RODC RODC gives TGT to User and RODC will cache credentials RODC Security

45 Read-only DC Mitigates “Stolen DC” Attacker Perspective Hub Admin Perspective Security

46 Active Directory Certificate Services SecurityManageabilityInteroperability Cryptography Next Generation Granular Admin V3 Certificates Windows Server 2008 Server Role PKIView New GPOs OCSP Support IDP CRL Support MSCEP Support Security

47 PKI Enhancements Enterprise PKI (PKIView) Now a Microsoft Management Console snap-in Support for Unicode characters Online Certificate Status Protocol (OSCP) Online Responders Responder Arrays Network Device Enrollment Service Microsoft's implementation of the Simple Certificate Enrollment Protocol (SCEP) Enhances security of communications by using IPsec Web Enrollment Removed previous ActiveX® enrollment control - XEnroll.dll Enhanced new COM enrollment control - CertEnroll.dll Security

48 Cryptography Next Generation Cryptography Next Generation (CNG) Includes algorithms for encryption, digital signatures, key exchange, and hashing Supports cryptography in kernel mode Supports the current set of CryptoAPI 1.0 algorithms Support for elliptic curve cryptography (ECC) algorithms Perform basic cryptographic operations, such as creating hashes and encrypting and decrypting data Security

49 Windows Server 2008 for Developers Core The Fundamentals App Platform Management.NET 3.0 IIS 7Task Scheduler 2.0 MMC 3.0 TransactionsRecovery ConcurrencyNetworking Server Roles

50 Application Platform.NET Framework 3.0 IIS 7.0 Windows Activation Service MSMQ 4.0

51 Management Management MMC 3.0 PowerShell Task Scheduler 2.0

52 The Fundamentals TransactionsRecovery ConcurrencyNetworking The Fundamentals

53 Efficient Communications Fast enterprise class search on clients and servers Faster networking with new TCP/IP stack and native IPv6 Improved file-sharing performance over high-latency links Integrated remote access to internal applications and resources More Efficient Management Single worldwide servicing model Event forwarding between client and server Faster and more reliable remote operating system deployments Network Access Protection ensures health of connecting systems Greater Availability Scalable print servers with client-side rendering Smooth offline experience with client-side caching Transactional File System for file and registry operations Policy-based Quality of Service to prioritize application bandwidth Windows Vista and Windows Server 2008 Better Together

54 Windows Server Roadmap 2008 Beta 3 2008 RTM 2008 2008 R2 “Cougar”

55 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

56 Next Steps

57 Appendix

58 Windows Server 2008 Scenarios Branch Office Security and Policy Enforcement Server Virtualization Anywhere Application Access Web and Applications Platform Server Management High Availability

59 Windows Server 2008 Roles Active Directory Certificate Services Active Directory Domain Services Active Directory Federation Services Active Directory Lightweight Directory Services Active Directory Rights Management Services Application Server DHCP Server DNS Server Fax Server File Services Network Policy and Access Services Print Services Streaming Media Services Terminal Services UDDI Services Web Server Windows Deployment Services Windows SharePoint Services

60 Windows Server 2008 Edition Feature Differences

61 The Receive Window Limitation More Control Maximum Throughput (Mpbs) RTT ms North America Intercontinental Fiber Satellite 64 KB 128 KB 256 KB 512 KB

62 62 Key Drivers of Core Infrastructure Optimization People, Process and Technology Desktop, Server and Device Management Security and Networking Identity and Access Management Data Protection and Recovery IT and Security Process

63 Security, Security, Security Scenario-focused Integrated innovation Compatibility Heterogeneous interoperability Enabling broad industry ecosystem and volume economics Best of breed functionality for all server workloads Key Development Tenets Server Functions Operational Infrastructure Solutions Application Platform Information Worker Infrastructure Management Workloads Storage (file, portal) Print Email Collaboration Application/Web Server Unix integration services Database High Performance Computing Software Distribution Virtualization Operations Management General Purpose & Enterprise Medium Business Small Business Networking Remote Access Security Identity Management Terminal Server

64 IT Complexity Challenges Every day tasks just take too much time Need to fix problems before users are affected Infrastructure is growing – need to manage more. Management Keeping systems reliable and running is job #1 Patching - too much effort, too much downtime Securing systems is complex and hard to manage Mobile and remote devices provide a back door for viruses Security & Reliability Need infrastructure to adapt to the changing business needs Number of and access needs of remote users is increasing Too hard to deploy new technologies with existing systems Changing Business Needs

65 Security Development Lifecycle Tasks and Processes Security Kickoff & Register with SWI Security Design Best Practices Security Arch & Attack Surface Review Use Security Development Tools & Security Best Dev & Test Practices Create Security Docs and Tools For Product Prepare Security Response Plan Security Push Pen Testing Final Security Review Security Servicing & Response Execution Feature Lists Quality Guidelines Arch Docs Schedules Design Specifications Testing and Verification Development of New Code Bug Fixes Code Signing A Checkpoint Express Signoff RTM Product Support Service Packs/ QFEs Security Updates RequirementsDesignImplementationVerificationRelease Support & Servicing Threat Modeling Functional Specifications Traditional Microsoft Software Product Development Lifecycle Tasks and Processes Security Training

66 DD D Windows Service Hardening Windows Service Hardening Defense In Depth – Factoring/Profiling Reduce size of high risk layers Segment the services Increase # of layers Kernel Drivers D D User-mode Drivers D DD Service1 Service2 Service3 Service … Service… ServiceA ServiceB

67 Network Access Protection Network Access Protection How it works Not policy compliant 1 RestrictedNetwork Client requests access to network and presents current health state 1 4 If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) 2 DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) 5 If policy compliant, client is granted full access to corporate network MSFT NPS 3 Policy Servers e.g. Patch, AV Policy compliant DHCP, VPN Switch/Router 3 Network Policy Server (NPS) validates against IT-defined health policy 2 WindowsClient Fix Up Servers e.g. Patch Corporate Network 5 4 3

Download ppt "Windows Server 2008 Technical Decision Maker Presentation."

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Remote Desktop Services

Remote Desktop Services
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
System Center Operations Manager 2007 Management Pack Roadmap (Apr/May 2008)

System Center Operations Manager 2007 Management Pack Roadmap (Apr/May 2008)
1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.

1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
Technical Overview Nguyen An Que Technology Specialist Microsoft Vietnam

Technical Overview Nguyen An Que Technology Specialist Microsoft Vietnam
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
Windows Server Strategy And Roadmap Jeff Price Senior Director Windows Server Microsoft Corporation.

Windows Server Strategy And Roadmap Jeff Price Senior Director Windows Server Microsoft Corporation.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Windows Server “Longhorn” Overview December 2006.

Windows Server “Longhorn” Overview December 2006.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
Connect with life Gopikrishna Kannan Program Manager | Microsoft Corporation

Connect with life Gopikrishna Kannan Program Manager | Microsoft Corporation
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
More Control and Flexibility Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

More Control and Flexibility Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

Similar presentations

Ads by Google