Overview Deployment Operations New in DNS Beyond Virtualization Windows Server 2012 offers a dynamic, multi-tenant infrastructure that goes beyond virtualization to provide maximum flexibility for delivering and connecting to cloud services. The.
Download ReportTranscript Overview Deployment Operations New in DNS Beyond Virtualization Windows Server 2012 offers a dynamic, multi-tenant infrastructure that goes beyond virtualization to provide maximum flexibility for delivering and connecting to cloud services. The.
Overview Deployment Operations New in DNS Beyond Virtualization Windows Server 2012 offers a dynamic, multi-tenant infrastructure that goes beyond virtualization to provide maximum flexibility for delivering and connecting to cloud services. The Power of Many Servers, the Simplicity of One Every App, Any Cloud Modern Workstyle, Enabled Windows Server 2012 offers excellent economics by integrating a highly available and easy to manage multi-server platform with breakthrough efficiency and ubiquitous automation. WS2012 is a broad, scalable and elastic server platform that gives you the flexibility to build and deploy applications and websites on-premises, in the cloud and in a hybrid environment, using a consistent set of tools and frameworks. Windows Server 2012 empowers IT to provide users with flexible access to data and applications from virtually anywhere on any device with a rich user experience, while simplifying management and helping maintain security, control and compliance. Overview Deployment Operations New in DNS 65.55.39.10 Overview Deployment Operations New in DNS ENABLING ENTERPRISE DNSSEC ROLLOUT Overview Deployment Operations New in DNS Latest RFCs NSEC3 Support RSA/SHA-2 Signing Automated Trust Anchor rollover ENABLING ENTERPRISE DNSSEC ROLLOUT Overview Deployment Operations New in DNS Active Directory Integrated Support for dynamic updates Preserving the multi-master DNS model Leverage AD for secure key distribution and Trust Anchor distribution ENABLING ENTERPRISE DNSSEC ROLLOUT Overview Deployment Operations New in DNS ENABLING ENTERPRISE DNSSEC ROLLOUT Overview Deployment Operations New in DNS Automated re-signing on static and dynamic updates Automated key rollovers Automated signature refresh Automated updating of secure delegations Automated distribution and updating of Trust Anchors Active Directory integrated zone Classic multi-master deployment Hosted on five DNS servers that are also domain controllers DNS Manager wizard walks admin through signing process Generates Keys for signing zone on the first DC. Signs it’s own copy of the zone Single location for all key generation and management Drives automated rollover Administrator designates one server to be the key master First DNSSEC server becomes KM Private zone signing keys replicate automatically to all DCs hosting the zone through AD replication Each zone owner signs its own copy of the zone when it receives the key Only Windows 8 DCs will sign their copy of the zone 1. 2. 3. 4. Client sends dynamic update to any authoritative DNS server That DNS server updates its own copy of the zone and generates signatures The unsigned update is replicated to all other authoritative servers Each DNS server adds the update to its copy of the zone and generates signatures Overview Deployment Operations New in DNS Trust Anchor Distribution Trust Anchor maintenance Trust Anchors replicate to all DNS servers that are DCs in the forest via AD Distribution of TAs to servers not a domain controller in the forest is manual via PowerShell or DNS Manager Trust Anchor updates are automatically replicated via AD to all servers in the forest Automated Trust Anchor rollover is used to keep TAs up to date Introduce Windows Server 2012 DCs Automated DNSSEC rollover Overview Deployment Operations New in DNS Sign zone Roll out Windows Server 2012 DCs Update LDNS to Windows Server 2012 Deploy last mile solution Validation on all LDNS Servers Deploy TAs on LDNS server Overview Deployment Operations New in DNS Remove old Key Initial Resign w/ new Key Insert new Key Replicate Overview Deployment Operations New in DNS Remove old Key Initial Resign w/ new Key Insert new Key Replicate Automated key rollovers Key rollover frequency is configured per zone Key master automatically generates new keys and replicates via AD Zone owners rollover keys and re-signs the zone Secure delegations from the parent are also automatically updated (within the same forest) Overview Deployment Operations New in DNS Signatures stay up-to-date New records are signed automatically when zone data changes Static and dynamic updates NSEC records are kept up to date Overview Deployment Operations New in DNS 350.00 Overview Deployment Operations 7.00 New in DNS 300.00 6.00 250.00 5.00 200.00 4.00 150.00 3.00 Nodes/second signed 100.00 2.00 50.00 1.00 0.00 0.00 Memory factor Overview Deployment Operations New in DNS Overview Deployment Operations New in DNS #TE(sessioncode) DOWNLOAD Windows Server 2012 Release Candidate Hands-On Labs microsoft.com/windowsserver DOWNLOAD Windows Azure Windowsazure.com/ teched http://northamerica.msteched.com www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn