Recommended
Recommended
More Related Content
Similar to B875.pptx
Similar to B875.pptx (20)
Recently uploaded
Recently uploaded (20)
B875.pptx
- 3. Develop – minimize your dependencies Package – know your dependencies Configure – use intent based configuration Deploy – use modular, componentized deployments Run – use physical hosts, VMs, or containers Test – use unit tests Secure – don’t let security be an after thought or add-on
- 4. In previous releases Windows Server hasn’t had a point of view • Variety of artifacts used • No clear set of choices or recommendations Windows Server 2016 has a clear point of view • Traditional ops model • Emerging model with Containers
- 6. Architectural Foundation Develop apps using SDK targeting Nano Server Package apps using Windows Server App (WSA) installer Configure apps using DSC Deploy apps and dependencies using Package Management Run apps in physical, VMs, or containers Test apps using Pester Secure apps using Just enough Administration (JEA)
- 7. Develop apps using Frameworks on Nano Server Package apps as Container Images pushed to repositories Configure apps using Container Images Deploy container images from repositories Run containers though orchestrators Test apps using your test frameworks Secure apps using multiple containers and JEA
- 9. Optimized for next-gen distributed applications • Higher density and Reduced attack surface and servicing requirements • Next-gen distributed app frameworks • Interoperate with existing server applications Containers and next-gen applications Full GUI Specialized workloads Third-party applications RDS experience Server Core Lower maintenance server environment Traditional VM workloads Nano Server Just enough OS
- 13. Physical, Virtual, Containers Nano Server Server Core Client (aka Server w/a Desktop Exp) (Aka Full Server) Local Admin Tools Remote Desktop Server
- 15. • advapi32.dll • comctl32.dll • comdlg32.dll • gdi32.dll • kernel32.dll • ole32.dll • psapi.dll • secur32.dll • setupapi.dll • shell32.dll • shlwapi.dll • tdh.dll • user32.dll • version.dll • winmm.dll
- 21. Virtual Machine Specifically Optimized To Run a Container Container Management System Processes System Processes Application Processes
- 22. Container Management Docker Windows Container Images Hyper-V Container Windows Server Container
- 23. Virtual Machine Host Nested Virtual Machine
- 39. What is a container image? > > Creation Layer metadata (json) Layer payload (tar) Layer metadata (json) Layer payload (tar) Layer metadata (json) Layer payload (tar)
- 46. • • • • Windows PowerShell Copyright (C) 2016 Microsoft Corporation. All rights reserved. PS C:> New-Container PS C:> Get-Container PS C:> Get-ContainerImage
- 48. Develop apps using SDK targeting Nano Server Package apps using Windows Server App (WSA) installer Configure apps using DSC Deploy apps and dependencies using Package Management Run apps in physical, VMs, or containers Test apps using Pester Secure apps using JEA Call to Action • Target Nano Server • Create WSAs • Deploy using Package Management Give us feedback on: • Missing Reverse Forwarders nanoserver@microsoft.com https://windowsserver.uservoice.com /forums/295047-general-feedback
- 49. Develop apps using Frameworks on Nano Server Package apps as Containers or as WSA Configure apps using Containers Deploy apps and dependencies using Containers or packages Run apps in containers Test apps using your test frameworks Secure apps using multiple containers and JEA Call to Action • Learn more about Windows containers http://aka.ms/containers • Give your apps a try in Windows containers • Help with PowerShell for Docker • Get ready for Technical Preview 5! • Continue providing feedback and bug reports • http://aka.ms/containers/forum • https://github.com/Microsoft/ Virtualization-Documentation • https://github.com/docker/docker
- 54. End User PackageManagement PowerShell cmdlets PackageManagement Core Discovery Install/Uninstall Inventory PackageManagement Providers Windows Server App (WSA) PowerShellGet Windows Container NuGet NanoServerPackage … Package Sources WSA Package Repository… PowerShell Gallery Container Gallery, Docker NuGet Gallery … www.NPMjs.com WordPress, …
- 64. “Who better to target than the person that already has the ‘keys to the kingdom’?” You’re an Admin Thanks, you’re PWND!! Edward Snowden • Age 30 • College dropout Michael Hayden • Four star general • Director of the NSA • Director of the CIA • Director of National Intelligence
- 65. Safe functions required by role Dangerous functions attackers could abuse Just Enough Admin Allows you to perform administrative tasks without being a full administrator • On a Server - almost any administrative action requires a user be an administrator • Once an administrator, a user can do anything on the server with no oversight • A compromised machine or a breached administrator account enables attacker movement to other assets From full admin to role based admin Just Enough Administration (JEA) using PowerShell WMF 5.0
- 66. Active Directory Endpoint JEA Endpoints • Secure PowerShell configuration • Access controls govern who can connect • User connects as normal user • Commands run-as local admin account • Each session is fully logged • One or more JEA Toolkits = limited set of CMDlets and parameters that represent a logical role Maintenance Endpoint Auditing Endpoint
- 67. https://github.com/PowerShell/JEA https://gallery.technet.microsoft.com/Just-Enough-Administration-6b5ad370 PS C:> Enter-JEAsession Server1 –Name Maintenance Server1> Restart-Service MSSQLSERVER HR Server Server1> Steal-Secrets * Error: You are not authorized to Steal-Secrets