Transcript Top 10 things you need to know”

Server Role Management
IIS 7.0 Features
Windows Powershell
Server Core
Virtualization
New Security features
Windows Deployment Services
Terminal Services
Group Policy
Read Only Domain Controller
Scalable Networking
Server roles streamline management
Windows Server 2003
Windows Server 2008
• Windows Server 2003 setup
• Operating system setup
• Post-Setup security updates
• Initial Configuration Tasks
• Manage your server
• Server Manager
• Configure your server wizard
• Add/Remove Windows components
• Computer Management
• Security Configuration Wizard
• Administrator password
• Network IP address
• Domain membership
• Computer name
• Windows Updates
• Windows Firewall
More than a Web server, Internet Information Services 7.0 provides an
accessible, extensible platform for developing and reliably hosting Web
applications and services.
IIS 7.0 Enhancements
Modular Architecture
Extensible Design
Integrated with .NET
Manageable
Built in
Request Tracing
Create
Streamlined
Servers
Reduced Attack
Surface
Rapid
Application
Deployment
Extend/Modify
IIS Features
Fast
Diagnostics
New interactive shell and scripting language
Based on and takes advantage of .NET features
Current tools will still work
Current automation will still work
TechNet ScriptCenter
Hundreds of Scripts
Books & Training
Materials
Community Support
Exchange Server 2007
Terminal Server
WMI, Registry, Hardware, etc.
Community-Submitted scripts
MyITForum.com
Manning Publications
O’Reilly Media
Sapien Press & others…
MS MVPs
PowerShell Team Blog
Active Newsgroup
Channel 9: DFO Show
IIS.net
Only a subset of the executable files and DLLs installed
No GUI interface installed, no .NET, no PowerShell (for now)
Nine available Server Roles
Can be managed with remote tools
Winsock
User Mode
TDI Clients
WSK Clients
AFD
•WSK
TDI
•TDX
Next Generation TCP/IP Stack (tcpip.sys)
•Next Generation TCP/IP Stack (tcpip.sys)
TCP
UDP
•TCP
•UDP
•RAW
•Loop•Loopback
back
•IPv4
•IPv4
Tunnel
Tunnel
•IPv6
•IPv6
Tunnel
Tunnel
Inspection API
•IPv6
•IPv4
•WLAN
•WLAN
RAW
IPv6
IPv4
•802.3
•802.3
Kernel Mode
NDIS
Dual-IP layer architecture for native IPv4 and IPv6 support
Improved Network Performance Troubleshooting
Improved performance via hardware acceleration and autotuning
Greater extensibility and reliability through rich APIs
Completely manageable through Group Policy
Receive Window Autotuning
Windows Filtering Platform
Automatically senses network
environment and adjusts key
performance settings
Provides filtering capability at
all layers of the TCP/IP protocol
stack
Allows increase of the size of
the TCP/IP send / receive
window
Integrates and provides support
for next-generation firewall
features
Receive Side Scaling
Policy-based Quality of Service
Previous Windows operating
systems limits receive protocol
processing to single CPU
Prioritize or manage the
sending rate for outgoing
network traffic
RSS resolves this issue by
allowing network load from a
network adapter to be balanced
across multiple CPUs
Both DSCP marking and
throttling can be used together
to manage traffic effectively
Management tools
Virtualization
Platform and
Management
VM 1
VM 2
VM 2
“Parent”
“Child”
“Child”
Greater scalability and
improved performance
x64 bit host and guest support
SMP Support
VM 1
“Parent”
VM 2
VM 2
“Child”
“Child”
•
VHD
Increased reliability and
security
Minimal trusted code base
Windows running a foundation
role
Windows Hypervisor
AMD-V / Intel VT
Better flexibility and
manageability
Quick Migration
New UI
Broad management tool support
including SCVMM
Functional Area
Key Supporting Features
Performance
Microkernelized hypervisor architecture with a new VSP/VSC architecture
Support for large memory per virtual machine (64GB)
SMP support for virtual machines (4 virtual processors)
Automatable Host setup/configuration
Scalability
Support for x86 and x64 virtual machines
Broad OS support
Pass through disk access for VMs
Rapid creation and deployment of VMs using P2V, V2V, Media, Templates
Availability
Support for Quick Migration and unplanned downtime
Support for Live Backups and VM checkpoints
Support for clustering and rapid recovery
Integration with management tools for continuous performance monitoring
Manageability
Centralized view of all VMs in the environment and their status
Reports on consolidation candidates, utilization trending, optimization opportunities
Intelligent placement and Physical to Virtual (P2V) conversions
Fully scriptable using PowerShell®
Security
Improved architecture with a minimal footprint hypervisor layer
Hyper-V as a Server Core role
Common security and driver model as Windows Server 2008
Robust networking features including support for VLANs and NAT
17
Virtualization
The ability to virtualize workloads with few or no limitations as to
what workloads can/may be virtualized.
64-bit (x64) and hardware virtualization required
AMD AMD-V or Intel Virtualization Technology
32-bit (x86) & 64-bit (x64) child partitions
Large memory support (>32GB) within VMs
SMP support
Pass-through disk access for VMs
New hardware sharing architecture (VSP/VSC)
Disk, networking, input, video
Robust networking
VLAN support, NAT, Quarantine
18
Provided by:
OS
Hyper-V
Parent Partition
MS / XenSource
/ Novell
Child Partitions
ISV/IHV/OEM
Virtualization Stack
WMI Provider
VM
Service
VM
Worker
Process
Windows Server 2008
Windows
Kernel
VSP
VMBus
Applications
Applications
Applications
User Mode
Windows Server 2003,
2008
Windows
Kernel
Non hypervisor
aware OS
VSC
VMBus
Xen-enabled
Linux Kernel
Linux
VSCs
Hypercall
Adapter
Emulation
VMBus
Kernel Mode
Windows Hypervisor
“Designed for Windows” Server Hardware
19
Security
Development Process
Secure Startup and
shield up at install
Code integrity
Windows service
hardening
Inbound and outbound
firewall
Restart Manager
Compliance
Improved auditing
Network Access
Protection
Event Forwarding
Policy Based Networking
Server and Domain
Isolation
Removable Device
Installation Control
Active Directory Rights
Management Services
Policy-based solution that
Validates whether computers meet
health policies
Limits access for noncompliant computers
Automatically remediates
noncompliant computers
Continuously updates compliant
computers to maintain health state
Standards-based
Plug and Play
Works with most devices
Supports multiple antivirus solutions
Has become the standard for Network Access Control
Intran
How it works
1 Access requested
Policy Servers
1
e.g.., Patch, AV
2 Health state sent
to NPS (RADIUS)
3 NPS validates against
health policy
4 If compliant, access
5
granted
If not compliant,
restricted network access
and remediation
Microsoft
3
NPS
2
Not policy
compliant
5
Remediation
Restricted
Servers
Network
e.g., Patch
Policy
compliant
DCHP,
VPN
Switch/Router
4
Corporate Network
Support for deploying Windows (all versions)
Boots WinPE over PXE
Use Windows Imaging (WIM) file format
Extensible
Granular Images Management
Longhorn Server Specifics
Multicast
TFTP download performance enhancements
EFI x64 network boot support
Tunnels RDP
over HTTPS
Perimeter
network
Strips off
RDP/HTTPS
Terminal Services
Gateway Server
Business partner
/ client site
Corp LAN
Terminal
Server
RDP/SSL traffic
passed to TS
Internet
Hotel
•Internal Firewall
Home
External Firewall
Internet
Terminal
Server
E-mail
Server
Roaming
wireless
Remote
Desktop client
required
Terminal Services
Gateway Server
EasyPrint makes printing to a local printer,
well, easy by exploiting XPS
Four Registry entries let you dial up
bandwidth allocation between the UI stuff
(mouse, screen) and data transfer (printing,
file transfer)
WinFX means remoted graphics commands
(which is way more exciting than it sounds)
Windows Vista set the stage…
700+ new settings, ability to control things we
never could before centrally (i.e. power save
settings, device installation restrictions)
Group policies no longer just a thread in
Winlogon, but instead a separate service
Meticulous step-by-step logging makes GP
troubleshooting light-years easier
Printer/drive mapping via GPO
Powerful new ADMX template format
Server 2008 rocks the house with…
Group Policy Preferences lets you create a
do-it-yourself group policy setting out of,
well, just about anything… with a few mouse
clicks
Built into Windows Server 2008 GPMC
Part of the Desktop Standard acquisition
Remote Server Admin Tools (RSAT)
delivered for Vista
RODC
Main Office
Remote Site
Features
Read Only Active Directory Database
Only allowed user passwords are stored on RODC
Unidirectional Replication
Role Separation
Benefits
Increases security for remote Domain Controllers where physical security
cannot be guaranteed
Support
ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN,
DFS, SMS, ADSI queries, MOM
How RODC Works
Windows Server
Read
3
2008 DC
4
Only DC
2
Hub
5
RODC
6
Branch
1
6
6
5
4
3
2
1
RODC
RODC:
Returns
gives
Looks
authentication
TGT
in DB:
totoUser
"I
response
don't
and
have
RODC
and
theTGT
will
users
Forwards
Windows
Server
Request
2008
Windows
DC
authenticates
Server
2008
User logs on and authenticates
secrets"
back
cache
tocredentials
the RODC
DC
request
Hub
Admin
Perspective
•Attacker
Perspective
More Efficient Management
Single worldwide servicing model
Event forwarding between client and server
Faster and more reliable remote operating system deployments
Network Access Protection ensures health of connecting systems
Greater Availability
Scalable print servers with client-side rendering
Smooth offline experience with client-side caching
Transactional File System for file and registry operations
Policy-based Quality of Service to prioritize application bandwidth
Efficient Communications
Fast enterprise class search on clients and servers
Faster networking with new TCP/IP stack and native IPv6
Improved file-sharing performance over high-latency links
Integrated remote access to internal applications and resources
• All the benefits of TechNet Plus for 30% less,
• TechNet Plus Direct subscribers receive…
• Online Benefits Portal – New!
•
Immediate download access: software and betas – New!
• 2 free Professional Support Incidents
• Managed Newsgroups and Online Concierge
• The TechNet Library containing the KB, security updates, service
packs, resource kits, and more
TechNet Plus Direct is available exclusively online without media shipments
For more information, please visit: www.microsoft.com/technet/subscriptions