1. Windows Server 2016 Secure IaaS Microsoft Build 2016 6/1/2018 4:00 AM
How to make money using Secure IaaS.
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Hosting Challenges Security Cost Efficient Infrastructure
PRISM FY16
6/1/2018 4:00 AM
Hosting Challenges
Security
Cost Efficient Infrastructure
Next Generation Application Platform
Increasing breaches incidents
Identity is target of attacks
Not easy to secure virtual environments
Looking for cost savings
Need to reduce datacenter footprint
Lack of integration between solutions
Integration with Dev and Ops
Fast and lightweight OS
How to plan for public cloud
In modern hosting environments, providing a safer, inexpensive and agile platform for your customers is more important than ever to be competitive in today’s marketplace consisting of both public and private cloud solutions.
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. Presenting Windows Server 2016
PRISM FY16
6/1/2018 4:00 AM
Presenting Windows Server 2016
Advanced Multi-Layer Security
Azure Inspired, Software Defined Infrastructure
Next Generation Application Platform
Privileged identity protection
Secure virtualization platform
Breach resistance
Built-in compute, storage and network virtualization
Hyper-Converged
Hyper-Scale
Traditional & cloud-native apps
Containers & microservices
Azure Hybrid Use Benefit
Windows Server 2016 provides you with the tools necessary to provide services and solutions to your clients while lowering your operational costs, increasing the security posture of your hosting environment, and ensuring that your client’s data stays within their purview.
The operating system that powers Azure and Your Business
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4. Hosting Opportunities
Using Windows Server 2016
Platform for Modern Apps
Secure IaaS
Cost Efficient Reliable Storage
Software Defined Datacenter.
Provide higher density and performance for container-based apps and microservices.
Compatible with existing server applications.
Prevent and block attacks against virtual machines, applications, and data with layers of protection built into the OS.
Use industry-standard hardware to build lower- cost, high density, highly available and scalable storage.
Achieve cost-savings and flexibility with software-defined compute, storage and network virtualization technologies inspired by Microsoft Azure.
Talk to each of the four Offerings described above and how they can help create new revenue streams with value add services and solutions.
Establishes new revenue streams with value added services every step of the way

5. Secure IaaS (Virtual Machines)
Microsoft Build 2016
6/1/2018 4:00 AM
Secure IaaS (Virtual Machines)
Shielded VM Use BitLocker to encrypt the disk and state of virtual machines protecting secrets from compromised admins & malware
Host Guardian Service Attests to host health releasing the keys required to boot or migrate a Shielded VM only to healthy hosts
Generation 2 VM Supports virtualized equivalents of hardware security technologies (e.g. TPMs) enabling BitLocker encryption for Shielded VMs
BUILDING PERIMETER
COMPUTER ROOM
HYPER-V
Virtual machine
HYPER-V
Shielded
virtual machine
Physical machine
Server
Administrator ü ü
*Configuration dependent û *
torage
administrator S û ü û
Secure IaaS ensures that Hosters have just enough access (JEA) to administer and manage the environment their client’s applications and data is stored on.
Network
administrator û ü û
Backup
operator û ü û
Virtualization-host
administrator û ü û
Virtual machine
administrator û ü ü
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. Shielded Virtual Machines Works with Host Guardian Service
Cloud/Datacenter
Hyper-V Host 1
Host OS
Guest VM
Guest VM
Guest VM
Hypervisor
Please sir, may I have some keys?
Hyper-V Host 2
Host OS
Guest VM
Guest VM
Fabric Controller
Powering up a VM works – with WS2016 and SVM, host requests key from Host Guardian service, and releases key.
Hypervisor
Hyper-V Host 3
Host OS
Guest VM
Guest VM
Key Protection
Hypervisor
Host Guardian Service

7. Shielded Virtual Machines Works with Host Guardian Service
Cloud/Datacenter
Key release criteria (TPM-mode)
Known physical machines
Trusted Hyper-V instance
CI-compliant configuration
Hyper-V Host 1
Host OS
Guest VM
Guest VM
Guest VM
Hypervisor
Sure, I know you and you look healthy
Hyper-V Host 2
Host OS
Guest VM
Guest VM
Fabric Controller
Hypervisor
Hyper-V Host 3
Host OS
Guest VM
Guest VM
Key Protection
Hypervisor
Host Guardian Service

8. Challenges in protecting the OS
Microsoft Build 2016
6/1/2018 4:00 AM
Challenges in protecting the OS
New exploits can attack the OS boot-path all the way up through applications.
Known and unknown threats need to be blocked without impacting legitimate workloads. ?
Once a hacker gets in, we discussed how they can “lay in wait” for days or weeks, looking for an opportunity to get at the really valuable data.  This is usually tied to your strategic applications or databases.  This means we need many layers of protection, from the OS boot-path, all the way to the application.
Example threat: Ransomware on university servers locks users away from critical student and research data—until a ransom is paid to the attacker.
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Help protect the OS and applications On-premises or in any cloud
Microsoft Build 2016
6/1/2018 4:00 AM
Help protect the OS and applications On-premises or in any cloud
Device Guard
Ensure that only permitted binaries can be executed from the moment the OS is booted.
Windows Defender
Actively protects from known malware without impacting workloads.
Control Flow Guard
Protects against unknown vulnerabilities by helping prevent memory corruption attacks.
Additional security features can be enabled as needed to help you:
Prevent malware and ransomware from being injected into servers.
Quickly identify behavior that indicates a server breach.
How Windows Server 2016 helps:
Ensure only permitted binaries are executed with Code Integrity. If someone tries to infect your OS with a new application (malware, etc.) they cannot run when the OS is protected by Code Integrity.
Windows Defender is the same antimalware feature you get in Windows 10 …it  also protects against known vulnerabilities without impacting server roles (such as Web Servers).
Protect against unknown vulnerabilities (these are attacks that are not identified yet in our antimalware database) with Control Flow Guard. If application is acting strange or suspiciously, we can block it until we check it out.
These features work no matter where you deploy it! Your datacenter, on Azure/AWS/Google or a VMware environment.
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10. Setup a call with a Technology Solutions Professional or Architect.