2. Windows Server 2008 &
2008 R2 Overview
Tony Krijnen Daniel van Soest
IT Pro Evangelist IT Pro Evangelist
tony.krijnen@microsoft.com danielvs@microsoft.com
3. More Control Increased Protection Greater Flexibility
Spend Less Hardens the OS Quickly Respond
Time on and Protects Your to Changing
Everyday Tasks Environment Business Needs
3
4. Technology Investment Areas
Virtualization Management Web
Hyper-V™ 2.0 Power Management IIS 7.5 & Integrated Extensions
Live Migration AD Administrative Center .NET on Server Core
Remote Desktop Services PowerShell 2.0 Configuration Tracing
Best Practices Analyzer Service-Oriented Architecture
Solid Foundation for Enterprise Workloads
Scalability and Reliability Better Together with Windows 7
>64 Core Support Direct Access
Componentization Branch Cache
DHCP Failover Enhanced Group Policies
DNSSEC BitLocker on Removable Drives
4
5. Agenda
More Control Increased Greater Flexibility Better Together
Protection
Spend Less Hardens the OS Quickly Respond Improve Users
Time on and Protects Your to Changing Productivity with
Everyday Tasks Environment Business Needs Windows 7
Server OS Hardening Virtualization Direct Access
Manager Network Remote Branch Cache
Server Core Access Desktop
PowerShell Protection Services
IIS 7.5 Branch Office
5
6. More Control
Increased Greater Flexibility Better Together
Protection
Spend Less
Time on
6 Everyday Tasks
9. Server Core Architecture
Server Roles
.NET
NEW! ASP.NET TS IAS
Web
Server
Share
Point
Powershell v2
Server Core Server Roles Server
With WinFx, Shell, Tools, etc.
AD DNS DHCP File Print WVS IIS
Server Core GUI, CLR,
Shell, IE,
Security, TCP/IP, File Systems, RPC,
plus other Core Server Sub-Systems Media, OE,
etc.
9
10. Server Core: The Lean, Mean,
Server Machine!
Hard Disk
Memory
Processes
Patches *
Windows Server 2008 Server Core Windows Server 2008
12. PowerShell
Improved Command-line shell & Scripting Language
Improves productivity & control
Accelerates automation of
system admin
Easy-to-use
Works with existing scripts
Community Model
12
13. The Difference is OBJECTS!
Get-Process | Where { $_.handles –gt 500 } | Sort handles | Format-Table
Common Windows PowerShell Parser
Cmdlet
Get-Process
Where Cmdlet
Cmdlet
Sort
Cmdlet
Format
Windows PowerShell Pipeline Processor
13
14. PowerShell 2.0 NEW!
New Features Integration
Graphical PowerShell Active Directory
Administration Center
Improved Security
IIS
Portability
Power Management
New cmdlets
One-to-many remote
management using WS-
MGMT
14
17. Managing Your Web with IIS
Secure HTTPS
Internet XML
AppHost.config
Administrator Shared
Manage Remotely Config
XML Shared App Hosting
Site Owner App Web.config
Web Farm
17
18. Key Changes to IIS 7.5 in R2
NEW!
ASP.NET on Server Core New IIS Manager Modules
Integrated PowerShell Provider Configuration Logging & Tracing
Integrated FTP and WebDAV Extended Protection & Security
18
20. Increased
Protection
More Control Greater Flexibility Better Together
Hardens the OS
and Protects Your
20 Environment
21. Multiple layers of protection
Reduce size of
high risk layers
Increase #
of layers
Service Service
Segment the … 1
D
services Service
Service
… D D Service
2
A
Service
3
Service
B
D Kernel Drivers
D User-mode Drivers
D D D
22. Service Hardening
• Services now have a SID
(S-1-80-<SHA-1 hash of logical service name>)
ACL’s have been set on these SID’s
!Note: Check with your 3rd party application
providers if they limit their services.
Services are taken out of the LocalSystem
security context
23. Changes in SVCHOST structure
Windows XP SP2 / Server 2003 R2 Windows Vista /
Windows Server 2008
Account Services Account Services
LocalSystem Wireless Configuration RemoteAccess LocalSystem WMI Perf Adapter App Management
System Event DHCP Client Firewall Restricted Automatic updates Wireless Configuration
Notification W32time Secondary Logon
Network Connections Rasman
(netman) LocalSystem BITS 6to4
browser
COM+ Event System Themes Task scheduler
6to4
NLA Rasman RemoteAccess
Help and support
Rasauto TrkWks Rasauto
Task scheduler
Shell Hardware Error Reporting WMI
TrkWks
Detection
Cryptographic Services
Themes Network Service DNS Client browser
Removable Storage
Telephony ICS Server
WMI Perf Adapter Fully Restricted
Windows Audio DHCP Client W32time
Automatic updates
Error Reporting
WMI
Workstation Network Service Cryptographic Services PolicyAgent
App Management
ICS Network Restricted Telephony Nlasvc
Secondary Logon
BITS
Network DNS Client Local Service System Event Notification COM+ Event System
Network Connections
Service No Network Access
Shell Hardware Detection
Local Service SSDP Local Service Windows Audio Event Log
WebClient TCP/IP NetBIOS helper Workstation
Fully Restricted
TCP/IP NetBIOS helper WebClient Remote registry
Remote registry
SSDP
23
24. BitLocker Drive Encryption
Protect servers and laptops
Protects data while system is offline
BitLocker
Ensures boot integrity
Group Policy configurable
NEW! Bitlocker To Go
24
25. Recovery of data with broken hardware
22
1
1 4 5 6
3
3 7a
7b
7B
8
8
7D
7d 7c
7C
7e
7E
27. Network Access Protection
Policy Servers
e.g. Patch, AV
3
1 2
Not policy
compliant
4 Fix Up
Servers
e.g. Patch
MSFT NPS Restricted
Windows
Network
Client DHCP, VPN Policy
Switch/Router compliant
5 Corporate Network
27
28. NAP Benefits
Feature Support Benefit
Built-in client Windows Vista, Windows XP • No need to deploy/license 3rd party client
• Updates via WUS / WSUS / SMS
Flexible DHCP, VPN, 802.1x, Terminal • Works with today’s & tomorrow’s networks
enforcement Services, Server and Domain • Enables risk-benefit trade offs
isolation
3rd party All major switch / router / Customers can use any network or security infrastructure
enforcement firewall / VPN vendor
Health SMS, WUS, SecurityCenter, • Seamless integration with Windows infrastructure
assessment 3rd party • Works with any AV, patch or endpoint security solution
User experience Integrated with Windows Polished look and feel tailored for the customer
Vista glass. Branding environment
supported.
Management Integration with SMS, AD, Complete policy based administration and operation
Group Policy and MOM for
client, server and service
operations
30. Branch Office Benefits
RODC
Main Office Branch Office
Server Core
PowerShell, WinRS, WinRM
BitLocker
Read-Only Domain Controller
Role Separation
Restartable Active Directory
Virtualization
Branch Caching
31. Greater Flexibility
More Control Increased Better Together
Protection
Quickly Respond
to Changing
31 Business Needs
32. Provided by:
Hyper-V Architecture OS
ISV / IHV / OEM
Microsoft Hyper-V
Microsoft / XenSource
Parent Partition Child Partitions
VM Worker
Processes
Applications Applications Applications Applications
WMI Provider User
VM Service Mode
Windows Server Windows Server Non-Hypervisor Xen-Enabled Linux
2008 2003, 2008 Aware OS Kernel
Windows
Linux
VSP Windows
Kernel Kernel VSC VSC
IHV
Drivers VMBus Kernel
VMBus VMBus Emulation Hypercall Adapter Mode
Windows hypervisor Ring -1
“Designed for Windows” Server Hardware
33. What is Microsoft Hyper-V Server?
Microsoft Hyper-V Server 2008 Windows Server 2008 Hyper-V
(HVS) (Windows Role)
Microsoft Hyper-V Server
Hyper-V
Windows Windows Windows Windows Windows
Parent or Linux or Linux Parent or Linux or Linux
Partition Partition
Windows hypervisor Windows hypervisor
Hardware Hardware
Clustering
NEW! Quick & Live
Migration!
33
34. HVconfig
Automatic startup at login
Easy setup utility for server configuration
Localized in 11 languages
34
35. Hyper-V 2.0 Live Migration
Configuration
NEW!
Host 1 State Host 2
Blue = Storage
Purple = Networking
Shared Storage
36. Cluster Shared Volumes (CSV) NEW!
SAN
Communication
Network VHD VHD VHD Distributed File
Resiliency Access for Hyper-V
Easier Storage Management
40. Terminal Services = Remote Desktop Services
NEW! Improved Improved
Full Fidelity
TS & VDI – an Improved user
RemoteApp &
integrated solution experience
Desktops
Hyper-V support for RemoteApp & Desktop True multiple monitor
virtual desktops Connections support
Single discovery &
RemoteApp & Desktop Multimedia Support &
publishing
& Web Access Bi direction audio
infrastructure
SCVMM Integration & RD Gateway Security 2D and 3D remoting for
Support Improvements DirectX
Platform Improvements
New API, Connection Broker Extensibility, Dynamic CPU Allocation,
IP address virtualization, Best Practices Analyzer, Full MSI support
41. TS Gateway In Action
RDP hosts can now be put behind firewall
HTTP/S used to traverse firewall
AD/NPS/NAP checked before connection allowed
New Remote Desktop Connection AD/NPS/NAP
client required
Vista RDC TS Gateway
(TS) client
AD / NPS / NAP checked
User initiates HTTP/S connection to established to TSG
RDP over HTTP/S TS Gateway RDP 3389 to host Terminal Servers
or XP/Vista
User browses to TS Web Access
TS Web
Access
Internet DMZ Internal
Network
44. Centralized Desktops: TS vs. VDI
Terminal Services (Sessions) VDI (VMs)
Technology Maturity Proven Emerging
Scalability Higher ratio of users/server Lower ratio users/server
Isolation/Security
Remote User Experience Protocol-dependent Protocol-dependent
User Flexibility User is running as a user User can have full rights
Application Compatibility Windows Server OS Windows Client desktop
Availability of Skilled IT Staff High (TS experts) Low (VM experts)
45. Better Together
More Control Increased Greater Flexibility
Protection
Improve Users
Productivity with
46 Windows 7
46. Remote Access for Mobile Workers
Office Home Office Home
Difficult for users to access corporate New network paradigm enables same
resources from outside the office experience inside & outside the office
Challenging for IT to manage, update, Seamless access to network resources
patch mobile PCs while disconnected increases productivity of mobile users
from company network Infrastructure investments also make
it easy to service mobile PCs and
distribute updates and polices
47
47. Branch Office Network Performance
Application and data access over WAN Caches content downloaded from file
is slow in branch offices and Web servers
Slow connections hurt user Users in the branch can quickly open
productivity files stored in the cache
Improving network performance is Frees up network bandwidth for other
expensive and difficult to implement uses
48