Windows Server2008 R2 Overview (1)

Windows Server 2008 & 2008 R2 Overview Tony Krijnen Daniel van Soest IT Pro Evangelist IT Pro Evangelist tony.krijnen@microsoft.com danielvs@microsoft.com

More Control Increased Protection Greater Flexibility Spend Less Hardens the OS Quickly Respond Time on and Protects Your to Changing Everyday Tasks Environment Business Needs 3

Technology Investment Areas Virtualization Management Web Hyper-V™ 2.0 Power Management IIS 7.5 & Integrated Extensions Live Migration AD Administrative Center .NET on Server Core Remote Desktop Services PowerShell 2.0 Configuration Tracing Best Practices Analyzer Service-Oriented Architecture Solid Foundation for Enterprise Workloads Scalability and Reliability Better Together with Windows 7 >64 Core Support Direct Access Componentization Branch Cache DHCP Failover Enhanced Group Policies DNSSEC BitLocker on Removable Drives 4

Agenda More Control Increased Greater Flexibility Better Together Protection Spend Less Hardens the OS Quickly Respond Improve Users Time on and Protects Your to Changing Productivity with Everyday Tasks Environment Business Needs Windows 7 Server OS Hardening Virtualization Direct Access Manager Network Remote Branch Cache Server Core Access Desktop PowerShell Protection Services IIS 7.5 Branch Office 5

More Control Increased Greater Flexibility Better Together Protection Spend Less Time on 6 Everyday Tasks

Managing Windows Server 2008 NEW! Best Practise Analyzer AD, DNS, TS, Cert, IIS 7

Server Manager 8

Server Core Architecture Server Roles .NET NEW! ASP.NET TS IAS Web Server Share Point Powershell v2 Server Core Server Roles Server With WinFx, Shell, Tools, etc. AD DNS DHCP File Print WVS IIS Server Core GUI, CLR, Shell, IE, Security, TCP/IP, File Systems, RPC, plus other Core Server Sub-Systems Media, OE, etc. 9

Server Core: The Lean, Mean, Server Machine! Hard Disk Memory Processes Patches * Windows Server 2008 Server Core Windows Server 2008

Server Core 11

PowerShell Improved Command-line shell & Scripting Language Improves productivity & control Accelerates automation of system admin Easy-to-use Works with existing scripts Community Model 12

The Difference is OBJECTS! Get-Process | Where { $_.handles –gt 500 } | Sort handles | Format-Table Common Windows PowerShell Parser Cmdlet Get-Process Where Cmdlet Cmdlet Sort Cmdlet Format Windows PowerShell Pipeline Processor 13

PowerShell 2.0 NEW! New Features Integration Graphical PowerShell Active Directory Administration Center Improved Security IIS Portability Power Management New cmdlets One-to-many remote management using WS- MGMT 14

Windows Remote Management WMI WS-MAN Internet Administrator 15

PowerShell & WS- Management 16

Managing Your Web with IIS Secure HTTPS Internet XML AppHost.config Administrator Shared Manage Remotely Config XML Shared App Hosting Site Owner App Web.config Web Farm 17

Key Changes to IIS 7.5 in R2 NEW! ASP.NET on Server Core New IIS Manager Modules Integrated PowerShell Provider Configuration Logging & Tracing Integrated FTP and WebDAV Extended Protection & Security 18

Internet Information Services 19

Increased Protection More Control Greater Flexibility Better Together Hardens the OS and Protects Your 20 Environment

Multiple layers of protection Reduce size of high risk layers Increase # of layers Service Service Segment the … 1 D services Service Service … D D Service 2 A Service 3 Service B D Kernel Drivers D User-mode Drivers D D D

Service Hardening • Services now have a SID (S-1-80-<SHA-1 hash of logical service name>) ACL’s have been set on these SID’s !Note: Check with your 3rd party application providers if they limit their services. Services are taken out of the LocalSystem security context

Changes in SVCHOST structure Windows XP SP2 / Server 2003 R2 Windows Vista / Windows Server 2008 Account Services Account Services LocalSystem Wireless Configuration RemoteAccess LocalSystem WMI Perf Adapter App Management System Event DHCP Client Firewall Restricted Automatic updates Wireless Configuration Notification W32time Secondary Logon Network Connections Rasman (netman) LocalSystem BITS 6to4 browser COM+ Event System Themes Task scheduler 6to4 NLA Rasman RemoteAccess Help and support Rasauto TrkWks Rasauto Task scheduler Shell Hardware Error Reporting WMI TrkWks Detection Cryptographic Services Themes Network Service DNS Client browser Removable Storage Telephony ICS Server WMI Perf Adapter Fully Restricted Windows Audio DHCP Client W32time Automatic updates Error Reporting WMI Workstation Network Service Cryptographic Services PolicyAgent App Management ICS Network Restricted Telephony Nlasvc Secondary Logon BITS Network DNS Client Local Service System Event Notification COM+ Event System Network Connections Service No Network Access Shell Hardware Detection Local Service SSDP Local Service Windows Audio Event Log WebClient TCP/IP NetBIOS helper Workstation Fully Restricted TCP/IP NetBIOS helper WebClient Remote registry Remote registry SSDP 23

BitLocker Drive Encryption Protect servers and laptops Protects data while system is offline BitLocker Ensures boot integrity Group Policy configurable NEW! Bitlocker To Go 24

Recovery of data with broken hardware 22 1 1 4 5 6 3 3 7a 7b 7B 8 8 7D 7d 7c 7C 7e 7E

Bitlocker™ Views? 26

Network Access Protection Policy Servers e.g. Patch, AV 3 1 2 Not policy compliant 4 Fix Up Servers e.g. Patch MSFT NPS Restricted Windows Network Client DHCP, VPN Policy Switch/Router compliant 5 Corporate Network 27

NAP Benefits Feature Support Benefit Built-in client Windows Vista, Windows XP • No need to deploy/license 3rd party client • Updates via WUS / WSUS / SMS Flexible DHCP, VPN, 802.1x, Terminal • Works with today’s & tomorrow’s networks enforcement Services, Server and Domain • Enables risk-benefit trade offs isolation 3rd party All major switch / router / Customers can use any network or security infrastructure enforcement firewall / VPN vendor Health SMS, WUS, SecurityCenter, • Seamless integration with Windows infrastructure assessment 3rd party • Works with any AV, patch or endpoint security solution User experience Integrated with Windows Polished look and feel tailored for the customer Vista glass. Branding environment supported. Management Integration with SMS, AD, Complete policy based administration and operation Group Policy and MOM for client, server and service operations

Network Access Protection 29

Branch Office Benefits RODC Main Office Branch Office Server Core PowerShell, WinRS, WinRM BitLocker Read-Only Domain Controller Role Separation Restartable Active Directory Virtualization Branch Caching

Greater Flexibility More Control Increased Better Together Protection Quickly Respond to Changing 31 Business Needs

Provided by: Hyper-V Architecture OS ISV / IHV / OEM Microsoft Hyper-V Microsoft / XenSource Parent Partition Child Partitions VM Worker Processes Applications Applications Applications Applications WMI Provider User VM Service Mode Windows Server Windows Server Non-Hypervisor Xen-Enabled Linux 2008 2003, 2008 Aware OS Kernel Windows Linux VSP Windows Kernel Kernel VSC VSC IHV Drivers VMBus Kernel VMBus VMBus Emulation Hypercall Adapter Mode Windows hypervisor Ring -1 “Designed for Windows” Server Hardware

What is Microsoft Hyper-V Server? Microsoft Hyper-V Server 2008 Windows Server 2008 Hyper-V (HVS) (Windows Role) Microsoft Hyper-V Server Hyper-V Windows Windows Windows Windows Windows Parent or Linux or Linux Parent or Linux or Linux Partition Partition Windows hypervisor Windows hypervisor Hardware Hardware Clustering NEW! Quick & Live Migration! 33

HVconfig Automatic startup at login Easy setup utility for server configuration Localized in 11 languages 34

Hyper-V 2.0 Live Migration Configuration NEW! Host 1 State Host 2 Blue = Storage Purple = Networking Shared Storage

Cluster Shared Volumes (CSV) NEW! SAN Communication Network VHD VHD VHD Distributed File Resiliency Access for Hyper-V Easier Storage Management

Live Migration 37

Windows Server 2008 16 LP Server

Windows Server 2008 R2 Core Parking 16 LP Server NEW!

Terminal Services = Remote Desktop Services NEW! Improved Improved Full Fidelity TS & VDI – an Improved user RemoteApp & integrated solution experience Desktops Hyper-V support for RemoteApp & Desktop True multiple monitor virtual desktops Connections support Single discovery & RemoteApp & Desktop Multimedia Support & publishing & Web Access Bi direction audio infrastructure SCVMM Integration & RD Gateway Security 2D and 3D remoting for Support Improvements DirectX Platform Improvements New API, Connection Broker Extensibility, Dynamic CPU Allocation, IP address virtualization, Best Practices Analyzer, Full MSI support

TS Gateway In Action RDP hosts can now be put behind firewall HTTP/S used to traverse firewall AD/NPS/NAP checked before connection allowed New Remote Desktop Connection AD/NPS/NAP client required Vista RDC TS Gateway (TS) client AD / NPS / NAP checked User initiates HTTP/S connection to established to TSG RDP over HTTP/S TS Gateway RDP 3389 to host Terminal Servers or XP/Vista User browses to TS Web Access TS Web Access Internet DMZ Internal Network

Remote Desktop Services 43

RDS & VDI – An Integrated Solution RDS-based Hyper-V-based Remote Desktop Remote Desktop NEW! Remote Desktop Connection Broker Virtual Machine Management (SCVMM) RDS TS Web Gateway Access

Centralized Desktops: TS vs. VDI Terminal Services (Sessions) VDI (VMs) Technology Maturity Proven Emerging Scalability Higher ratio of users/server Lower ratio users/server Isolation/Security Remote User Experience Protocol-dependent Protocol-dependent User Flexibility User is running as a user User can have full rights Application Compatibility Windows Server OS Windows Client desktop Availability of Skilled IT Staff High (TS experts) Low (VM experts)

Better Together More Control Increased Greater Flexibility Protection Improve Users Productivity with 46 Windows 7

Remote Access for Mobile Workers Office Home Office Home Difficult for users to access corporate New network paradigm enables same resources from outside the office experience inside & outside the office Challenging for IT to manage, update, Seamless access to network resources patch mobile PCs while disconnected increases productivity of mobile users from company network Infrastructure investments also make it easy to service mobile PCs and distribute updates and polices 47

Branch Office Network Performance Application and data access over WAN Caches content downloaded from file is slow in branch offices and Web servers Slow connections hurt user Users in the branch can quickly open productivity files stored in the cache Improving network performance is Frees up network bandwidth for other expensive and difficult to implement uses 48

Windows Server Roadmap R2 2008 Service Pack Two 49

tony.krijnen@microsoft.com danielvs@microsoft.com 50

Windows Server2008 R2 Overview (1)

by Microsoft Iceland on Dec 30, 2009

Accessibility

Categories

Tags

Upload Details

Usage Rights

Statistics

Windows Server2008 R2 Overview (1) — Presentation Transcript