400 likes | 524 Vues
Nguyen An Que Technology Specialist Microsoft Vietnam Que.Nguyen@microsoft.com. Technical Overview. Windows Server 2008 pillars. Web. Virtualization. Security. Delivers rich web-based experiences efficiently and effectively .
E N D
Nguyen An Que Technology Specialist Microsoft Vietnam Que.Nguyen@microsoft.com Technical Overview
Windows Server 2008 pillars Web Virtualization Security Delivers rich web-based experiences efficiently and effectively Provides highest levels of protection for your network, your data, and your business Reduces costs, increases hardware utilization, optimizes your infrastructure, and improves server availability Solid Foundation for Your Business Workloads Most flexible and robust Windows Server operating system to date Provides the most versatile and reliable Windows platform for all of your workload and application requirements
Most Flexible and Robust Windows Server Operating System to Date SolidFoundation Reliability Management Windows Server Manager PowerShell Windows Deployment Services Server Core Next Generation Networking High Availability Clustering
Windows PowerShell Solid Foundation New Command-line shell & Scripting Language Improves productivity & control Accelerates automation of system admin Easy-to-use Works with existing scripts SolidFoundation Futures • TechNet ScriptCenter • Exchange Server 2007 • Terminal Server • WMI, Registry, Hardware, etc. • Community-Submitted scripts • MyITForum.com Will ship in Windows Admin GUIs layered over PowerShell One-to-many remote management using WS-MGMT
Demo PowerShell 7
Managing Windows Server 2008 Solid Foundation Server Manager Initial Configuration Product Installation
Windows Server Core Solid Foundation Server Core Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems Web AD DS DHCP AD LDS DNS Media GUI, CLR, Shell, IE, OE, etc. File Print Only a subset of the executable files and DLLs installed No GUI interface & .NET managed code installed Less disk space and management required Can be managed with remote tools (MMC, RDP)
Demo Server Core 8
Dual-IP layer architecture for native IPv4 and IPv6 support Improved Network Performance Troubleshooting Improved performance via hardware acceleration and auto-tuning Greater extensibility and reliability through rich Windows Filtering Platform APIs Completely manageable through Group Policy Solid Foundation Complete Redesign of TCP/IP Winsock User Mode Kernel Mode AFD TDI Clients WSK Clients TDI WSK TDX Next Generation TCP/IP Stack (tcpip.sys) RAW TCP UDP Inspection API IPv6 IPv4 802.3 WLAN Loop-back IPv4 Tunnel IPv6 Tunnel NDIS Next Generation TCP/IP Stack (tcpip.sys) TCP UDP RAW IPv6 IPv4 802.3 WLAN Loop-back IPv4 Tunnel IPv6 Tunnel
Solid Foundation Windows Firewall w/ Advanced Security Combined firewall and IPsec management
Demo Windows Firewall & IPSec 8
Failover Clustering Solid Foundation NodeA NodeB Heartbeat Active Node Passive Node New Validation Wizard for server, storage & network testing Support for GUID partition table (GPT) disks in cluster storage Improved cluster setup interface Quorum resource: no longer single-point-of-failure IPv6 support Geographically dispersed clusters: accross subnets, no VLAN needed
Windows Deployment Services Solid Foundation Rapidly deploy Windows operating systems Updated and redesigned version of Remote Installation Services (RIS) Server components Client components: WinPE Management components WDS Windows Vista Windows Server 2008
Reliability and Performance Monitor Solid Foundation Combines functionality of previous stand-alone tools Tracks system changes Provides new functionality
Deliver Rich Web-based Experiences Efficiently and Effectively Web Windows SharePoint Services Internet Information Services 7.0 Windows Media Services
IIS 7.0: a robust Web & Application Server Web Web IIS 7 Highly customizable Enhanced security and reduced attack surface Administration: UI & APPCMD & shared configuration Advanced troubleshooting Delegation & true application XCOPY deployment Windows Communication Foundation (WFC) Windows Activation Service
Demo IIS 7.0 new features 13 IIS 7
Optimize Your Infrastructure and Improve Server Availability Terminal Services RemoteApp Virtualization Windows Server Virtualization Terminal Services Gateway
Virtualization Technologies Virtualization Server Virtualization Presentation Virtualization Windows Server Virtualization • Virtualization Management Desktop Virtualization Application Virtualization
VirtualHard Disks (VHD) Windows Server Virtualization Virtualization • Greater Scalability and improved performance • x64 bit host and guest support • SMP support • Increased reliability and security • Minimal Trusted Code base • Windows running a foundation role • Better flexibility and manageability • New UI/Integration with SCVMM VM 2“Child” VM 3“Child” VM 2 VM 3 VM 1“Parent” Virtual Server 2005 R2 Windows Server 2003 Hardware Windows Hypervisor AMD-V / Intel VT
Application Virtualization Virtualization Application Isolation Dynamic Streaming System Center Integration Software as a Centrally-managed Service Available through…
Virtualization Investments Virtualization A Multi-level Approach Licensing Infrastructure Management Interoperability Applications Terminal Services Deliver cost-effective, flexible and simplified licensing Royalty Free VHD format Create agility Better utilizeserver resources Partner with AMD and Intel Ease consolidationonto virtual infrastructure Better utilizemanagementresources Supportheterogeneityacross thedatacenter OSP (Open Specification Promise) VHD Acceleratedeployment Reduce the cost of supportingapplications
Terminal Services Gateway Virtualization Perimeter Network Corporate Network Internet Strips off RDP / HTTPs RDP traffic passed to TS Tunnels RDP over HTTPs Internal Firewall External Firewall Terminal Servers and other RDP Hosts Internet Remote/ Mobile User Terminal Services Gateway Network Policy Server Active Directory DC
Terminal Services RemoteApp Virtualization Remote Desktop client required Terminal Services Gateway Server
Demo Terminal Service RemoteApps 6
Hardens Operating System and Increases Environment Protection Read-Only Domain Controller Security Network Access Protection Federated Rights Management
Remediation Servers Example: Patch Restricted Network Corporate Network Using Network Access Protection Security Policy Servers such as: Patch, AV 3 1 2 Not policy compliant 4 DHCP, VPN Switch/Router Windows Client NPS Policy compliant 5 If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) Network Policy Server (NPS) validates against IT-defined health policy Client requests access to network and presents current health state DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) If policy compliant, client is granted full access to corporate network 4 3 2 5 1
Security Demo Network Access Protection 5+9
Active DirectoryFederation Services Security Company A Company B • AD FS provides an identity access solution • Deploy federation servers in multiple organizations to facilitate business-to-business (B2B) transactions • AD FS provides a Web-based, SSO solution AD AD ResourceFederationServer Federation Trust AccountFederationServer WebServer
Federated Identity support inAD Rights Management Services Security Company A Company B • Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities AD AD ResourceFederationServer Federation Trust AccountFederationServer RMS WebSSO
Read-Only Domain Controller Security RODC Head Quarter Branch Office • Features • Read Only Active Directory Database • Only allowed user passwords are stored on RODC • Unidirectional Replication • Role Separation • Benefits • Increases security for remote Domain Controllers where physical security cannot be guaranteed
How RODC Works Security Windows Server 2008 DC Read Only DC 3 4 2 RODC Branch Head Quarter 5 6 1 6 RODC: Looks in DB: "I don't have the users secrets" RODC gives TGT to User and RODC will cache credentials Returns authentication response and TGT back to the RODC Windows Server 2008 DC authenticates request Forwards Request to Windows Server 2008 DC 6 5 4 3 2 1 User logs on and authenticates
What if a DC is stolen? Security
Solid Foundation Branch Office Benefits • Optimization • DFS Replication • Security • BitLocker • Full Volume Encryption • Server Core • Read-Only Domain Controller • Administration • SOAP-based remote management (WinRM) • Restartable Active Directory Head Quarter Branch Office
PKI Support Security • Built-in Certificate Service • Usage • Data Encryption • Digital Signature • Smart Card authentication
Windows Server 2008: A RobustApplication Platform Application Platform .NET Framework 3.0 Windows Activation Service MSMQ 4.0 IIS 7.0
Windows Server 2008 Summary Web Virtualization Security www.microsoft.com/WindowsServer2008 Modular design Less attack surface Admin delegation APPCMD Win Activation Svc Tracing & Troubleshooting NAP Read-Only DC AD RMS AD Federation Svc PKI support BitLocker Windows Virtualization TS Gateway TS RemoteApps Solid Foundation for Your Business Workloads IPv6 Failover Clustering Reliability & Performance Monitor Windows Deployment Svc Windows PowerShell Server Core Server Manager Windows Firewall with Advanced Security & IPSec
More information • www.microsoft.com/WindowsServer2008 • www.iis.net
Thank You! Que.Nguyen@microsoft.com