1 / 72

Windows Server 2008 R2 Overview Part 2 Technical

Windows Server 2008 R2 Overview Part 2 Technical. Doug Spindler’s Background. 24 years in IT as a Technology Consultant MCT, MCITP, MCTS President of Pacific IT Professionals A professional association for IT Professionals Join today at www.pacitpros.org Technology Instructor Author

jake
Télécharger la présentation

Windows Server 2008 R2 Overview Part 2 Technical

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server 2008 R2 Overview Part 2 Technical

  2. Doug Spindler’s Background • 24 years in IT as a Technology Consultant • MCT, MCITP, MCTS • President of Pacific IT Professionals • A professional association for IT Professionals • Join today at www.pacitpros.org • Technology Instructor • Author • Speaker • Lecturer • IT Pro Hero

  3. Why IT Pros will want to deploy Win 7 and Server 2008R2 NOW! No I do not work for Microsoft. This is NOT a marketing presentation.

  4. Customer top security concerns • Security • Network Performance • Reliability • Ease of use for users

  5. IT Pro “got to” haves • Bitlocker – whole drive encryption • User Access Control (UAC) • Secure Socket Tunneling Protocol • Terminal Services RemoteApp • Application virtualization - SoftGrid • Granular password policy • Re-startable AD without a reboot

  6. Enhancements to Network Security Network Level • Network Access Protection • Server Isolation • Domain Isolation • GPO managed • Quality of Server - QoS • Host based firewall • Firewall and IPSEC integration

  7. Labs • Unmanaged guests NAP Protects network & gets clients up to date

  8. Isolated • Labs • Unmanaged guests Server Isolation Isolates high-valued servers and data from the rest of the network.

  9. Isolated • Labs • Unmanaged guests Domain Isolation Isolates high-valued servers and clients from the rest of the network.

  10. ‘Policy-based’ QoS EnablesManagement of Hosts’ Bandwidth

  11. Enhancements to Network Security Operating system • New network stack – New code • Impervious to existing attacks • New attack code is require • Windows Firewall with Advanced Security – Protects hosts

  12. Conclusion New code in the network stack = Your Network is more secure Attackers will attack someone else

  13. Windows history • Network stack used in XP and Server 2003 (and prior) was written for Windows 95 • Pentium I – 100MHz • 10 Mb/sec network • Modems • Only minor enhancements and fixes since • Stack is inefficient – Lots of latency • Code (by today’s standards) is inefficient

  14. Network Performance Enhancements • TCP Chimney • TCP-A (I/OAT) • Receive Window Auto-Tuning • SMB2 Protocol • Receive side scaling (RSS) • Compound TCP – cTCP Congestion Control • Policy-based Quality of Service (QoS) • Black-Hole Router detection (BHRD) • Dead Gateway Detection

  15. Network Performance Enhancements TCP Chimney TCP-A (I/OAT) Intel Ideal for iSCSI implementations

  16. Network Performance EnhancementsReceive Window Auto-Tuning • Dynamic allocated packet receive buffer • More in flight data – up to 16MB • If too much data, use QoS. • Max 16MB window @ 100ms ~ 1.34Gbps

  17. Win 7 Performance – Auto Tuning • Testing between Windows 2K3 server to Win 7 client • Average latency is 180 ms round trip • Applications tested - TTCP, FTP, Xcopy • TTCP - 3259 KB/sec (26.07 Mbps*) 869% increase • FTP - 633 KB/sec (5.06 Mbps) 85% increase • Xcopy - 604 KB/sec (4.83 Mbps) 109% increase

  18. Network Performance EnhancementsReceive Window Auto-Tuning The application layer passes a block of data down to the Transport Layer (TCP). The transport layer then sends the data to the client. Data Server Client Transport layer breaks the data up into blocks equal to the maximum segment size (MSS) for the link. For Ethernet this is 1460 bytes.

  19. Network Performance EnhancementsReceive Window Auto-Tuning Let’s assume the advertised Window Size of the Client is 8760 bytes and the MSS is 1460 bytes. Outstanding Packets = Window Size / MSS Outstanding Packets = 8760 / 1460 Outstanding Packets = 6 The sender (Server in this case) can only have 6 outstanding packets on the network at one time. It must stop sending until it receives an acknowledgement for some or all of the packets before sending more.

  20. Network Performance EnhancementsReceive Window Auto-Tuning Once the transport layer has sent the 6th packet, it must stop until it receives an acknowledgement for one or more of the transmitted packets. Data 6 5 4 3 2 1 Server Client

  21. Network Performance EnhancementsReceive Window Auto-Tuning Data Client 6 5 4 3 Server Acknowledge 1 and 2 The client receives packets 1 and 2. Once it receives packet number 2 it sends an Acknowledgement back to the server indicated that it successfully received the packets.

  22. Cost of the delays in XP and Server 2003? • Only way to get Gig out of Gig is to maintain a sending a gig sending rate. Which is a 1.21 microsecond gap between packets. • Any delays in sending decreases throughput or “dead air”

  23. The cost of a delay • 195 microseconds 195/1.21 = 160 packets. • 180 microseconds 180/1.21 = 150 packets. • 160,000packets = 242,880,000 Bytes or 240 MB

  24. What is the right Window Size?Receive Window Auto-Tuning TCP Window Size = Bandwidth * Roundtrip Delay In previous version of Windows the buffer size was fixed

  25. Network Performance EnhancementsReceive Window Auto-Tuning Win 7 and Server 2008R2 Advantage – More data, less “dead air” Data 12 11 10 9 8 7 6 5 4 3 Server Client

  26. Network Performance EnhancementsReceive Window Auto-Tuning Win 7-Server 2008R2 advantage, more initial in-flight data Green Win 7 Orange XP XP

  27. Network Performance EnhancementsReceive Window Auto-Tuning Win 7 & Server 2008R2 advantage, More efficient use of the network. Green Win 7 Orange XP XP & Server 2003 Less in-flight data, resulting in less throughput.

  28. Network Performance EnhancementsSMB2 Protocol • Combined control messages • More efficient use of the network • SMB 2 only available • Server 2008R2 – Server 2008R2 • Server 2008R2 – Win 7 • Win 7 – Win 7 No error correction in SMB

  29. Network Performance Enhancements • Receive side scaling (RSS) Allows packet receive-processing to scale with the number of available computer processors.

  30. Network Performance Enhancements • Compound TCP – cTCP Congestion Control Less time to transfer dataIn this example 80 minutes Faster recovery Congestion

  31. What do all of these things give you? • TCP Chimney • TCP-A (I/OAT) • Receive side scaling (RSS) • Receive Window Auto-Tuning • Compound TCP – cTCP Congestion Control • Policy-based Quality of Service (QoS) • Black-Hole Router detection (BHRD) • Dead Gateway Detection The Win 7 – Server 2008R2 advantageFaster transfer of data

  32. demo

  33. Blast some data through

  34. Myth A Microsoft 2000, XP, Server 2000, 2003 host on a gigabit network will transfer data at gigabit speed.

  35. Conclusion • New network stack • = • Dramatic improvements in network performance Win 7 – Server 2008R2 advantageFaster data transfers with less CPU utilization.

  36. Server 2008R2 - Win 7 and IPv6

  37. History of Internet Protocols • Network Control Protocol (NCP) • First protocol used on the Internet • IPv4 • Second generation protocol • NCP and IPv4 were run concurrently • Flag day January, 1, 1983 • IPv6 • Interplanetary Protocol

  38. IPv6 Myths • IPv6 is experimental • No one is using IPv6 in production • My network won’t run IPv6 • Microsoft is making a big mistake with IPv6 • IPv6 is less secure than IPv4 • IPv6 causes Win 7 to run slower

  39. FACTS • We are running out of IPv4 addresses • IPv6 is the preferred protocol in Win 7 and Server2008R2 and can not be removed • You been assigned an IPv6 address (Publicly assigned) • It can be used today • Linux and Apple already support IPv6 • Microsoft’s implementation of IPv6 is feature rich (compared to Apple and Linux)

  40. Available IPv4 address by year Grey – available IP address Orange – Allocated IPv4

  41. IPv6 is 2 128 addresses • 340,282,366,920,938,000,000,000,000,000,000,000,000 addresses Are your ready to

  42. IPv6 is 2 128 addresses • 340,282,366,920,938,000,000,000,000,000,000,000,000 addresses IP on everything

  43. How big is 2 128 or 340,282,366,920,938,000,000,000,000,000,000,000,000? • If the IPv4 address space is size of one atomic nucleus big, the IPv6 address space would require a month of light-speed travel to reach. Thanks to Sean Siler at Microsoft for this clever way of to explain just how large the address space is.

  44. Think Global…Microsoft was brilliant for implementing IPv6 • Thanks to Microsoft for doing this IPv6 in Win 7 and Server 2008R2 • Ipv6 addressing and routing is easier • No need for NAT • Most Application just work • Microsoft has made a commitment to IPv6 • New MS software will support IPv6

  45. New network stack design in Server 2008R2 and Win 7 Winsock User Mode Kernel Mode AFD TDI Clients WSK Clients TDI WSK TDX Win 7 and Server 2008R2 tcpip.sys RAW TCP UDP Inspection API IPv6 IPv4 802.3 WLAN Loop-back IPv4 Tunnel 1394 IPv6 Tunnel NDIS

  46. IPv6 can not be removed from tcpip.sys Win 7 and Server 2008R2 tcpip.sys RAW TCP UDP IPv6 IPv4 802.3 WLAN Loop-back IPv4 Tunnel 1394 IPv6 Tunnel

  47. Win 7 and Server 2008R2R2

  48. Market forces pushing IPv6 adoption • Mobile Internet Services -  Internet Multimedia Services (IMS) • Next gen cell phones • IPTV Cable companies • End to end security requirements • Auto configuration for home and mobile devices • Foreign countries • 2008 Olympics

  49. IPv4 had no security, IPSec and L2TP were “bolt-ons” App Presentation Session App Transport Presentation Network Session Transport L2TP VPN Transport IPSec VPN Network Network Data Link Data Link Physical Physical

More Related