Widows Vista and Windows Server 'Longhorn' Branch Office
Download
Report
Transcript Widows Vista and Windows Server 'Longhorn' Branch Office
Windows Vista and Windows Server
2008 Branch Office Technologies
Michael Kleef | Technology Advisor | Microsoft Australia
http://blogs.technet.com/mkleef
Agenda
• Examining the Branch Office
• Introducing Network Changes
• Reviewing Windows Server 2008
Improvements and Benefits
The Current Solution
• Windows Server 2003 R2
– Terminal Services/Citrix
– DFS-R/DFS-N
– Print Improvements
• Doesn’t answer a whole bunch of the problems!
– The DC Security, Service availability trade-off
– SYSVOL inefficiencies
The Branch Vision
A SERVER MANAGED AS A CACHE
A simple, self-healing, self diagnosing, “admin-free” server
Optional
Disposable
Replaceable
Service
Accelerator
Continuity of
Services
•
Clients failover to a central server
•
Service cache: No unique state
•
Easy to re-provision replacements
•
State-of-the-art compression
•
Cache: Limits bandwidth usage
•
Cache: Mitigates WAN latency
•
Cache: Local request handling
•
Store-and-forward to central server
Agenda
• Examining the Branch Office
• Introducing Network Changes
• Reviewing Windows Server 2008
Improvements and Benefits
Improved TCP/IP Stack
Network Adapter
Processor #1
Gateway 2
Processor #2
Gateway 1
Processor #3
The Receive Window Limitation
North
America
Intercontinental
Fiber
Satellite
64 KB
128 KB
256 KB
Maximum Throughput (Mpbs)
512 KB
Round Trip Time in milliseconds
Networking with Windows
Server 2008
SMB 2.0
SMB Requests
SMB Responses
SMB Client
SMB Server
Performance counts!
Windows Vista and Windows Server 2008 Network Benchmark Study
• Excerpt: “just upgrading client PC’s to Vista can yield
throughput and time-to-completion improvements of
up to 2.5X over XP. Complete migration of servers to
Win2k8 can yield throughput and time-to-completion
improvements of up to 3.5x over XP/Win2k3.”
http://download.microsoft.com/download/4/b/4/4b455e48-72c4-4a04-b9a5892fd497087a/TollyResults.pdf
Agenda
• Examining the Branch Office
• Introducing Network Changes
• Reviewing Windows Server 2008
Improvements and Benefits
Read-Only Domain Controller
RODC
Main Office
Branch Office
Features
Read Only Active Directory Database
Only allowed user passwords are stored on RODC
Unidirectional Replication
Role Separation
Benefits
Increases security for remote Domain Controllers where physical security cannot be
guaranteed
Support
ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI
queries, MOM
How RODC Works
Windows Server
2008 DC
3
Read
Only DC
4
Hub
2
5
RODC
6
Branch
1
6
Windows
RODC
Forwards
RODC:
User logs
gives
authentication
Server
Looks
Request
on
TGT
and
in
"Longhorn"
to
DB:
authenticates
to
User
response
Windows
"I don't
and
DChave
RODC
authenticates
Server
andthe
TGT
will
users
"Longhorn"
cache
backsecrets"
request
to
credentials
the
DCRODC
6 Returns
5
4
3
2
1
Read-only DC Mitigates “Stolen DC”
Attacker
Perspective
Hub
Admin
Perspective
RODC
Can I have it now?
•
Windows 2003 Forest Functional Mode (only for RODC)
•
Schema Updates for Windows Server 2008
– Copy \sources\adprep to the Schema Master
– Execute adprep /forestprep from this folder
– Schema Prep (link at the end)
•
Adprep /domainprep
– Similar to above
•
Install one Windows Server 2008 DC
– Adprep /rodcprep
– Read the Staged Deployment guide (link at the end)
Examining the RODC
Replication
Replication
DFS Process Description
DFS – OVERVIEW
• Capabilities
Server in
Sydney
User in
Sydney
– Replication: Efficient sync between servers
– Namespace: Virtualizes file servers
– Scale: Thousands of servers, cross domain
DFS
Replication
• WAN efficiency
– Replicate only changed parts of files (RDC)
Namespace
– 15min granularity scheduling & throttling
– Route client to closest Server via DFSN
User in
Perth
– Prevent branch-to-branch failover
Availability
– Self-healing file replication algorithm
– Multi-level Failover and Failback
– Works with Shadow Copy for Shared Folders
– Offline working for disconnected sites
– Define link target priorities within sites
Server
in Perth
Scenarios
Distribution of hub files to branches
Collection of files from branches to hubs
Applications, Documents, patches, etc
Eradicate tape backup in branch
Last-writer-wins distributed file sharing
Efficiently transfer files between sites
Replication
RDC – IN DEPTH
Original file
SHA11
The quick fox
jumped
SHA12
over the lazy
brown dog.
SHA13
The dog was
so lazy that he
didn’t notice
Updated file
copy
Updated file
Request file
The quick fox
jumped
SHA21 … SHA25
SHA14
the fox jumping
over him.
over the lazy
brown dog.
[use recursion]
The brown dog
was
Fetch new chunks 3, 4
so lazy that he
didn’t notice
“The brown dog was”
the fox jumping
over him.
“so lazy that he …”
The quick fox
jumped
SHA21
over the lazy
brown dog.
SHA22
The brown dog
was
SHA23
so lazy that he
didn’t notice
SHA24
the fox jumping
over him.
SHA25
Client
The updated & original files are divided into variable length chunks based on their contents.
For each chunk on the client and server, RDC computes a strong hash (SHA).
The server transmits the list of strong hashes to the client.
For large files, the algorithm is applied recursively at this point.
The client compares the server hashes to its own, and requests the server send only the data
for hashes that don’t match
Client assembles updated file by combining:
Its own chunks whose hashes match those on the server
The missing chunks it received from the server.
File Management
Print Management
• Centrally deploy & manage printers
• Group Policy deployment
• Elimination of script based config
Print Management
Can I have it now?
• R2 Schema Update
• Pushprinterconnections.exe required
for WinXP
Print Management
Windows Server 2008 + Windows Vista
More Efficient Management
Single worldwide servicing model
Event forwarding between client and server
Faster and more reliable remote operating system deployments
Network Access Protection ensures health of connecting systems
Greater Availability
Scalable print servers with client-side rendering
Smooth offline experience with client-side caching
Transactional File System for file and registry operations
Policy-based Quality of Service to prioritize application bandwidth
Faster Communications
Fast enterprise class search on clients and servers
Faster networking with new TCP/IP stack and native IPv6
Improved file-sharing performance over high-latency links
Integrated remote access to internal applications and resources
Session Summary
• Branch Office Improvements Offer Clear Advantages
• Windows Server 2008 Network Changes Benefit Branch
Offices
• RODC improves branch security and delivers efficiency
Resources
•
RODC Staged Deployment
•
http://technet2.microsoft.com/windowsserver/longhorn/en/library/47a23a74-e13c-46de-8d30ad0afb1eaffc1033.mspx?mfr=true
•
Schema Prep
•
http://technet2.microsoft.com/windowsserver2008/en/library/dc4dfacc-7771-4a31-81136e57c090987b1033.mspx?mfr=true
Introducing: TechNet Plus Direct!
All the benefits of TechNet Plus for 30% less,
TechNet Plus Direct subscribers receive…
• Online Benefits Portal – New!
• Immediate download access: software and betas – New!
• Two free Professional Support Incidents
• Managed Newsgroups and Online Concierge
• The TechNet Library containing the KB, security updates, service
packs, resource kits, and more
…TechNet Plus Direct is available exclusively online without media
shipments
For more information, please visit:
www.microsoft.com/technet/subscriptions
Where Else Can I Get Help?
• Live Events and Online webcast series
• Microsoft Professional Blogs Directory
• Chats, Newsgroups, Forums, and Virtual Labs
• Local Locator for Professional User Groups
www.microsoft.com/technet/community