Boston Area Windows Server User Group

Download Report

Transcript Boston Area Windows Server User Group

Clyde G. Johnson









Libraries
Network power changes
DNSSec Support and Multi-home firewall
TCP and SMB 2
Direct Access
BranchCache
Network Access Protection
Applocker
Read-Only DFS


Aggregates data from multiple sources into a
single folder view
default Libraries in Windows 7 are:
◦
◦
◦
◦

Documents
Music:
Pictures:
Videos:
In explorer view, just go to your Libraries,
right-click, then click on New - Library.





Easy way to share documents, music pics
videos and printers.
Windows 7 only – no XP or Vista
Wireless=yes
One homegroup at a time.
Domain-joined CAN join a homegroup

Smart Network Power
◦ turns off the power to your Ethernet jack when
there is no cable connected

Wake on LAN for wireless
◦ bring the well-known? wired Ethernet feature to
wireless networks.

Multi-Home Firewall Profiles
◦ Each connection can have it’s own profile

DNSSEC Support
◦ Ability to indicate knowledge of DNSSEC in queries.
◦ Ability to process the DNSKEY, RRSIG, NSEC, and DS
resource records.
◦ Ability to check whether the DNS server with which
it communicated has performed validation on the
client’s behalf.
Windows XP & Windows Server 2003

Default TCP windows size of 64KB
◦
◦
◦
◦
NO AUTO TUNING
Severely limits round trip times
Sender transmits are limited to advertised receive window size
Window size backs off by 50% with packet loss
 Windows size increased slightly with every ACK

Manual tuning of receive window size does not offer ideal
results
Windows Vista/Win7 and Windows Server 2008 and R2
Auto-tune enabled by default
Max receive window determined by:
Application consumption capacity
Network capacity and conditions
Winsock
User Mode
TDI Clients
WSK Clients
AFD
Kernel Mode
TDI
WSK
TDX
Next Generation TCP/IP Stack (tcpip.sys)
IPv6
IPv4
802.3
RAW
UDP
WLAN
Loopback
IPv4
Tunnel
IPv6
Tunnel
NDIS





Dual-IP layer architecture for native IPv4 and IPv6 support
Seamless security through expanded IPsec integration
Improved performance via hardware acceleration
Network auto-tuning and optimization algorithms
Greater extensibility and reliability through rich APIs
Windows Filtering
Platform API
TCP

Multiple command in a single packet
◦ Reduced wait time and connection overhead

Much larger buffer size
◦ Network stack is no longer the bottleneck
◦ Application & disk are now the bottleneck



Parallel Write, Parallel Response
Durable handles allow recover from brief
network disruptions
Symlink support






Experience of being seamlessly connected to their corporate network any
time they have Internet access
Computer is joined to the network, Group policy applies.
Uses IPv6-over-IPv4 tunnel if no IPV6 connection available.
Sends only corporate traffic, web traffic stays local.
Authentication. DirectAccess authenticates the computer
Access Control. IT professionals can configure which intranet resources
different users can access using DirectAccess, granting DirectAccess users
unlimited access to the intranet or only allowing them to use specific
applications and access specific servers or subnets.
App Servers
DC/DNS
DirectAccess
Server
Bi-directional Connection
Using IPSec and IPv6
Group Policy to
enable clients
Install BranchCache™
feature on an R2 server
Hosted
Cache
File Server
IIS
Group Policy
Management
Optionally, install a
hosted cache in your
branch

Centralized cache of data downloaded by the
branch
◦ A centralized cache for
 Protocols: HTTP, SMB
 E2E encrypted/signed traffic: SSL, IPsec, SMB signing etc
◦ Does not “modify” protocols; benefits from protocol
optimizations
◦ Configurable size/location/persisted across reboots/flushable
◦ Works across multiple subnets
◦ Admins can seed content by writing custom scripts
◦ Can be a virtual workload in an appliance

Easy to deploy; clients are configured via policy
Policy Servers



Health Policy validation and remediation
Reduces risk of Unauthorized systems on the
network
Helps keep mobile and/or Desktop devices in
compliance
Not policy
compliant
Windows
Client
VPNVPN
DHCP,
Switch/Router
Switch/Rout
er
NPS Server
Policy
compliant
such as: Update, AV
Remediation
Servers
Restricted
Network
Example: Update
Corporate Network




Eliminate unknown or unwelcome
applications on your network
Enforce application standardization within
your org
Easily create and manage rules using Group
Policy
Only works on ultimate and enterprise – NOT
pro


Simple Rule Structure: Allow, Exception &
Deny
Publisher Rules
◦ Product Publisher, Name, Filename & Version

Multiple Policies
◦ Executables, installers, scripts & DLLs

Rule creation tools & wizard
◦ Including PowerShell cmdlets

Audit only mode
New in
Win7 and
WS08R2
Publication data that should never be
changed at branch locations
Any open or create requesting WRITE
access will be failed by a new filter driver
In case the filter is not running, other Win7
Replication Group members will refuse
updates from a read-only replication
partner
16









The New Efficiency Virtual Launch Experience www.thenewefficiency.com
Windows 7 Springboard
www.microsoft.com/springboard
Windows 7 Webcasts and Podcasts
http://go.microsoft.com/?linkid=9681312
Training Offers—Exclusive for Launch Attendees
Windows Team Blog www.windowsteamblog.com
Talking About Windowswww.talkingaboutwindows.com
Windows Client Forumshttp://go.microsoft.com/?linkid=9681314.5
Dan’s Bloghttp://blogs.technet.com/danstolts
Windows Server User Group http://www.windowsboston.org

DNSSEC
◦ http://technet.microsoft.com/en-us/library/dd378952(WS.10).aspx

Deploying DNS Security Extensions (DNSSEC)
◦ http://technet.microsoft.com/en-us/library/ee649268(WS.10).aspx

Power management for network devices
◦

http://technet.microsoft.com/en-us/library/ee617165(WS.10).aspx
HomeGroup
◦ http://technet.microsoft.com/en-us/library/ee449421(WS.10).aspx

BranchCache
◦ http://www.branchcache.com
◦ http://technet.microsoft.com/en-us/network/dd425028.aspx