Presented by Steven Audis Microsoft Education Technology Advisor
More Pressure than Ever on IT Technology Change Regulatory Compliance Competition Security Cost Reduction Keep Business Up & Running Customer Connection End User Productivity Business Results & New Value
Windows Server 2008 Web Virtualization Security Delivers rich webbased experiences efficiently and effectively Reduces costs, increases hardware utilization, optimizes your infrastructure, and improves server availability Provides unprecedented levels of protection for your network, your data, and your business Solid Foundation for Your Business Workloads Most flexible and robust Windows Server operating system to date Provides the most versatile and reliable Windows platform for all of your workload and application requirements
Most Flexible and Robust Windows Server Operating System to Date Solid Foundation Management Windows Server Manager Windows PowerShell Windows Deployment Services Reliability Server Core Next Generation Networking High Availability Clustering
Windows PowerShell Solid Foundation New Command-line shell & Scripting Language Improves productivity & control Accelerates automation of system admin Easy-to-use Solid Foundation Works with existing scripts Remote server management via WMI Partners Futures Will ship in Windows Admin GUIs layered over PowerShell One-to-many remote management using WS-MGMT
Managing Windows Server 2008 Solid Foundation Server Manager Initial Configuration Product Installation
Windows Server Core Solid Foundation Only a subset of the executable files and DLLs installed No GUI interface installed Five available Server Roles Can be managed with remote tools
Complete Redesign of TCP/IP Solid Foundation WSK Clients WSK Winsock TDI Clients AFD TDI Next Generation TCP/IP Stack (tcpip.sys) TDX User Mode Kernel Mode TCP TCP IPv4 IPv4 802.3 WLAN 802.3 WLAN UDP Next Generation TCP/IP Stack (tcpip.sys) UDP Loopback IPv6 IPv4 Tunnel IPv4 Tunnel RAW IPv6 RAW IPv6 Tunnel IPv6 Tunnel Inspection API NDIS Dual-IP layer architecture for native IPv4 and IPv6 support Improved Network Performance Troubleshooting Improved performance via hardware acceleration and autotuning Greater extensibility and reliability through rich APIs Completely manageable through Group Policy
Key New Networking Features Solid Foundation Receive Window Autotuning Automatically senses network environment and adjusts key performance settings Allows increase of the size of the TCP/IP send / receive window Windows Filtering Platform Provides filtering capability at all layers of the TCP/IP protocol stack Integrates and provides support for next-generation firewall features Receive Side Scaling Previous Windows operating systems limits receive protocol processing to single CPU RSS resolves this issue by allowing network load from a network adapter to be balanced across multiple CPUs Policy-based Quality of Service Prioritize or manage the sending rate for outgoing network traffic Both DSCP marking and throttling can be used together to manage traffic effectively
Windows Firewall w/ Advanced Security Solid Foundation Combined Firewall Policy-based rules firewall become and networking IPsec more management intelligent
Windows Deployment Services Solid Foundation Windows Server 2008 Windows Vista Rapidly deploy Windows operating systems Updated and redesigned version of Remote Installation Services (RIS) Server components Client components Management components Windows Deployment Services provides several enhancements to RIS
Reliability and Performance Monitor Solid Foundation Combines functionality of previous stand-alone tools Tracks system changes Provides new functionality
Deliver Rich Web-based Experiences Efficiently and Effectively Internet Information Services 7.0 Web Windows SharePoint Services Windows Media Services
IIS 7.0 Overview Web Web Customization Troubleshooting Administration Enhanced security and reduced attack surface True application xcopy deployment Application and health management for WFC services
IIS 7.0 Web Administration Web Enhanced Web Administration at Every Stage in the Application Lifecycle Simpler Application Deployment to Web Farms & UNC Shares Deploy More Secure, Reliable Application Hosting Troubleshoot Host Reduced Downtime From Faster Troubleshooting Manage Greater Productivity Via Delegated Management & Better Tools
Windows SharePoint Services Web Administration model enhancements New and improved compliance features and capabilities New and improved operational tools and capabilities Improved support for network configuration Extensibility enhancements
Windows Media Services Web Ultimate Streaming Experience Fast Streaming delivers instanton/always-on Intelligent Streaming optimizes the experience Dynamic Content Programming Manage channels on-the-fly Generate revenue with Lead-In and Interstitial Ads Industrial-Strength Platform Increases industryleading scalability Rich administration with broad range of tools
Optimize Your Infrastructure and Improve Server Availability Windows Server Virtualization Virtualization Terminal Services RemoteApp Terminal Services Gateway
Virtualization Technologies Virtualization Presentation Virtualization Server Virtualization Virtualization Management Windows Server Virtualization Desktop Virtualization Application Virtualization
Windows Server Virtualization Virtualization Greater Scalability and improved performance x64 bit host and guest support SMP support Increased reliability and security Minimal Trusted Code base Windows running a foundation role Better flexibility and manageability New UI/Integration with SCVMM VM 2 VM 3 Virtual Server 2005 R2 Windows Server 2003 Hardware VM 1 Parent VM 2 Child Windows Hypervisor AMD-V / Intel VT VM 3 Child Virtual Hard Disks (VHD)
Application Virtualization Virtualization Application Isolation Dynamic Streaming System Center Integration Software as a Centrallymanaged Service Available through
Virtualization Investments Virtualization A Multi-level Approach Licensing Infrastructure Management Interoperability Applications Terminal Services Deliver cost-effective, flexible and simplified licensing Royalty Free VHD format Create agility Better utilize server resources Partner with AMD and Intel Ease consolidation onto virtual infrastructure Better utilize management resources Support heterogeneity across the datacenter OSP (Open Specification Promise) VHD Accelerate deployment Reduce the cost of supporting applications
Terminal Services Gateway Virtualization Internet Tunnels RDP over HTTPs Internet Perimeter Network Strips off RDP / HTTPs Corporate Network RDP traffic passed to TS Terminal Servers and other RDP Hosts Remote/ Mobile User Terminal Services Gateway Network Policy Server Active Directory DC
Terminal Services RemoteApp Virtualization RemoteApp Programs Only supported programs look console like by Remote they used integrated are Desktop make running application client with locally 6.0, or computer available newer Centrally Also used configure to make a terminal programs server available with via the TS Terminal Web Access Server Configuration console Remote Desktop client required Terminal Services Gateway Server
Hardens Operating System and Increases Environment Protection Network Access Protection Security Read-Only Domain Controller Federated Rights Management
Server Protection Features Security Security Compliance Development Process Secure Startup and shield up at install Code integrity Windows service hardening Inbound and outbound firewall Restart Manager Security Improved auditing Network Access Protection Event Forwarding Policy Based Networking Server and Domain Isolation Removable Device Installation Control Active Directory Rights Management Services
Windows Server 2008 Hardening Security Windows XP SP2/Server 2003 R2 Windows Vista/Server 2008 LocalSystem Firewall Restricted LocalSystem LocalSystem Network Service Local Service Network Service Fully Restricted Network Service Network Restricted Local Service No Network Access Local Service Fully Restricted
BitLocker Drive Encryption Security Encryption Policy Full Volume Encryption Key (FVEK) Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage
Network Access Protection Security What is Network Access Protection? Policy Servers such as: Patch, AV Windows Client Health Policy Validation DHCP, VPN Switch/Router NPS Ability to Provide Limited Access Increased Business Value Not policy compliant Policy compliant Health Policy Compliance Restricted Network Enhanced Security Corporate Network Cisco and Microsoft Integration Story Remediation Servers Example: Patch
Using Network Access Protection Security Policy Servers such as: Patch, AV 3 Windows Client 1 DHCP, VPN Switch/Router 2 NPS Not policy compliant Policy compliant 4 Restricted Network Remediation Servers Example: Patch 12 34 5 If not policy compliant, client is put in a restricted Client DHCP, Network VLAN If policy requests and VPN compliant, Policy given or Server Switch/Router access client (NPS) to to is network fix granted validates up relays resources and full health presents against access status to to ITdefined download corporate Microsoft health network patches, Network state policy configurations, Policy Server signatures (RADIUS) current to (Repeat 1-4) 5 Corporate Network
Active Directory Federation Services Security Contoso Adatum AD FS provides an identity access solution Account Federation Server Federation Trust Resource Federation Server Deploy federation servers in multiple organizations to facilitate business-tobusiness (B2B) transactions AD FS provides a Webbased, SSO solution AD FS interoperates with other security products that support the Web Services Architecture Web Server AD FS improved in Windows Server 2008
Federated Rights Management Security Contoso Adatum Account Federation Server Federation Trust Web SSO Resource Federation Server Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities AD RMS is fully claimsaware and can interpret AD FS claims Office SharePoint Server 2007 can be configured to accept federated identity claims
Active Directory Certificate Services Security Security Manageability Interoperability Cryptography Next Generation Windows Server 2008 Server Role OCSP Support Granular Admin PKIView IDP CRL Support V3 Certificates New GPOs MSCEP Support
Cryptography Next Generation Security Cryptography Next Generation (CNG) Includes algorithms for encryption, digital signatures, key exchange, and hashing Supports cryptography in kernel mode Supports the current set of CryptoAPI 1.0 algorithms Support for elliptic curve cryptography (ECC) algorithms Perform basic cryptographic operations, such as creating hashes and encrypting and decrypting data
Windows Vista and Windows Server 2008 Better Together More Efficient Management Single worldwide servicing model Event forwarding between client and server Faster and more reliable remote operating system deployments Network Access Protection ensures health of connecting systems Greater Availability Scalable print servers with client-side rendering Smooth offline experience with client-side caching Transactional File System for file and registry operations Policy-based Quality of Service to prioritize application bandwidth Efficient Communications Fast enterprise class search on clients and servers Faster networking with new TCP/IP stack and native IPv6 Improved file-sharing performance over high-latency links Integrated remote access to internal applications and resources
Windows Server Roadmap 2008 R2 2008 Cougar 2008 RTM 2008 Beta 3
2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.