Transcript Slide 1
Jason Leznek, Group Product Manager, Windows Client Justin Graham, Senior Product Manager, Windows Server Information Workers’ World Has Been Changing The Evolving Needs of Organizations IT Professional needs: Secure and flexible infrastructure for “work anywhere” Reduce costs Mobile & Remote Work-Force needs: Work anywhere Fast access Carbon-Neutral (“Green”) Contingenc y Complianc e Costs Consumeriz ation Optimized Desktop Enhance User Productivity Protect Sensitive Data • Increase user productivity by enabling users to access their applications and data quickly, from anywhere Enhance User Productivity • Policy-based Network Access and Security Reduce Costs with Greater Manageability • Update and manage mobile PCs even when not on the corporate the network • Publish server-based applications directly to users’ desktops Protect Sensitive Data • Policy-based network security Reduce Costs with Greater Manageability • Centrally Aggregate Important Client and Server Events • Faster, More Scalable and Efficient Access to Network Resources Fundamentals Security, Reliability, Application Compatibility, Device Compatibility, Performance, Power Management Infrastructure for the Optimized Desktop Enhance User Productivity • Increase user productivity by enabling users to access their applications and data quickly, from anywhere Protect Sensitive Data • Policy-based network security Reduce Costs with Enhanced Manageability • Update and manage mobile PCs even when not on the corporate the network • Publish server-based applications directly to users’ desktops • Policy-based Network Access and Security • Faster, More Scalable and Efficient Access to Network Resources • Centrally Aggregate Important Client and Server Events Fundamentals Security, Reliability, Application Compatibility, Device Compatibility, Performance, Power Management Windows 7 and Windows Server 2008 R2 Combined Value to Deliver the Optimized Desktop Key Scenario Enhance User Productivity Benefits Features Provide Faster, More Scalable and Efficient Access to Network Resources Receive Window Autotuning SMB 2.0 IPv6 Provide users with seamless access to applications and data from anywhere, hence increasing their productivity DirectAccess BranchCache™ Provide users a rich desktop experience from unmanaged or thin clients VDI enhancements Protect Sensitive Data Enable policy-based network security by allowing only healthy PCs from accessing network resources Network Access Protection Server and Domain Isolation Reduce Costs with Enhanced Manageability Update and manage mobile PCs even when not on the corporate the network DirectAccess Publish server-based applications directly to users’ desktops Centrally Aggregate Important Client and Server Events to Help Desk Remote Desktop Services (RDS) Event Forwarding Enhancing User Productivity Faster, More Scalable and Efficient Access to Network Resources IPv6 All Services Within Windows Vista are IPv6-enabled Seamless Cost-Optimized Transitional Approach Receive-Side Auto-tuning Automatically senses network environment and adjusts important performance settings Allows increase of the size of the TCP/IP send/receive window SMB 2.0 protocol improvements Number of open files and shares on the server Packet compounding reduces “chattiness” Message signing settings have been improved Client-side encryption is supported Durable handles are supported Remote Access for Mobile Workers Situation Today Office DirectAccess Home Challenging for IT to manage, update, patch mobile PCs while disconnected from company network Difficult for users to access corporate resources from outside the office Office Home Corporate network boundary includes managed assets no matter where they are on the Internet Easy to service mobile PCs and distribute updates and polices New network paradigm increases mobile user productivity by providing same experience inside & outside the office DirectAccess Components Server Runs on Windows Server 2008 R2 Sits on network edge Single box by default Services can be split up for scalability Client Runs on Windows 7 Domain-joined Initial configuration done on Corpnet or over VPN Microsoft Confidential. DirectAccess Benefits IT Pro Benefits Improved manageability of remote users IT simplification and cost reduction Consistent security for all access scenarios End User Benefits Seamless & secure access to corporate resources Consistent connectivity experience in / out office Combined with other Windows 7 features enhances the end to end IW experience Microsoft Confidential. DirectAccess IPv4 Devices IPv6 Devices IT desktop management AD Group Policy, NAP, software updates Native IPv6 with IPSec Support IPv4 via 6to4 transition services or NAT-PT DirectAccess provides Allows desktop transparent, secured management of access to intranet DirectAccess clients IPv6 Transition resources without a VPN Services Supports direct connectivity to IPv6-based DirectAccess intranet resources Server Allows IPSec encryption and authentication Internet Supports variety of remote network Windows 7 protocols Client Branch Office Enhancements Situation Today Application and data access over WAN is slow in branch offices Slow connections hurt user productivity Improving network performance is expensive and difficult to implement BranchCache™ Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache Frees up network bandwidth for other uses BranchCache Benefits IT Pro Benefits Helps reduce WAN utilization and cost Data encryption is enforced across the network Simple to deploy End User Benefits Less waiting for downloads = more productivity Combined with other Windows 7 features enhances the end to end IW experience Microsoft Confidential. Improving Branch Performance Distributed Mode 2. Second client downloads identifiers from main office server Client 1 Main Office 1. First client downloads data from main office server Branch Office Client 2 3. Second client searches local network for data and downloads from first client Improving Branch Performance Hosted Caching 2. Content pushed to hosted cache from first client 4. Second client downloads from hosted cache Client 1 Main Office 1. First client downloads data from main office server Branch Office Client 2 3. Second client downloads identifiers from main office server Full Fidelity RemoteApp & Desktops RemoteApp & Desktop Connections RemoteApp & Desktops icons integrated into start menu etc Icons refreshed & updated automatically Multimedia Support & Audio Input Experience rich multimedia redirection Use VoIP applications and speech recognition. True multiple monitor support Use up to 10 monitors of any size or layout with RemoteApp and Desktops Applications behave like users expect – e.g. PowerPoint installing them locally Aero Glass for Remote Desktop Server Uses have the same new Windows 7 look and feel when using Remote Desktop Server RemoteApp™ Language Bar Support Configure applications that use alternate language settings (e.g. right to left languages) from the local language Microsoft Confidential. Protect Sensitive Data Network Access Protection Today’s Challenges Unprotected Network Taps Within An Organization’s Buildings Administrators Have Limited Control About Health Of Systems Joining Network Result: Hardware/Network Upgrades And Increased Operational Costs, Reduced Productivity Solution – End-to-End, Authenticated, Tamper-resistant Communication Improved Isolation Using IPsec Network Access Protection Across IPsec, 802.1X, DHCP, VPN Increased Manageability Network Access Protection Policy Servers such as: Patch, AV 3 1 2 Not policy compliant Windows Client DHCP, VPN Switch/Router 4 Remediation Servers Example: Patch Restricted Network NPS Policy compliant 5 Corporate Network If not policy compliant, client is put in a restricted VLAN and given access fix up resources to DHCP, Network If Client policy requests VPN compliant, Policy or Switch/Router Server access client (NPS) toto isnetwork granted validates relays and full health presents access against status to IT- to 2 3 4 5 1 download patches, configurations, signatures (Repeat Microsoft defined corporate current health health Network network state policy Policy Server (RADIUS) 1-4) Microsoft Confidential. Policy-based Dynamic Segmentation Corporate Network Active Directory Domain Controller Trusted Resource Server X Servers with HR Workstation Sensitive Data Unmanaged/Rogue Computer X Server Isolation Untrusted Managed Computer Managed Computer Domain Isolation Enable tiered-access sensitive resources Block inbound connections from untrusted Managed can communicate Define Distribute thecomputers logical policies isolation andto credentials boundaries Business and Technical Benefits Reduce the risk of network security threats An additional layer of defense-in-depth Reduced attack surface area Increased manageability and more healthy clients Safeguard sensitive data and intellectual property Authenticated, end-to-end network communications Scalable, tiered access to trusted networked resources Protect the confidentiality and integrity of data Extend the value of existing investments No additional hardware or software required Get more value from Active Directory and Group Policy Complements existing 3rd network security solutions Enhanced Manageability Manageability Beyond The Office DirectAccess Enables “always-on” management of remote machines to support a fullymanageable environment Scenarios include: Group Policy Updates Folder Redirection/Client-side Caching Software/Update Distribution Event Subscriptions Proactive management of key issues Pull/Forward events to/from multiple machines and search/collate Does not require loading entire log from remote machine Microsoft Confidential. Remote Desktop Services Manageability RDS and VDI – An Integrated Solution Single broker to connect users to sessions or virtual machines, out of the box solution for VDI scenarios with Hyper-V RemoteApp & Desktop Connections Centrally hosted applications integrated into Start Menu, desktop, etc. Can personalize a non-work PC with work applications without installing them locally Improved Management Toolset Reduce repetitive task with RDS Powershell support, improved application install, connection broker install & profile management Platform Investments Multiple levels of extensibility for custom partner solutions for Remote Desktop Services & VDI based solutions Microsoft Confidential. Questions and Answers © 2009 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.