Welcome to Windows 7<br />Stephen L Rose<br />Worldwide Community Manager – Windows Client<br />stros@microsoft.com<br />h...
Agenda<br />Who Am I?<br />Resources, Resources, Resources<br />Windows 7 Overview<br />Windows 7 Anywhere<br />Security a...
What is the Springboard Series?<br />The Springboard Series is the resource for desktop IT pros www.microsoft.com/springbo...
www.TalkingAboutWindows.com  – The people , the backstories, and the events behind Windows 7.<br />Join The Conversation!<...
Let’s Begin<br />
Windows 7 Versions<br />Windows 7 Starter <br />NoAero<br />No 64 Bit<br />Windows 7 Home Basic<br />Emerging Markets only...
Understanding VL and SA<br />What is Volume Licensing?<br />Volume Licensing is the most affordable way to upgrade your ex...
What Else Do I Get With SA?<br />Microsoft Desktop Optimization Pack (MDOP) - MDOP is an add-on subscription license that ...
MDOP Technologies<br />App-V turns applications into centrally managed services that are never installed, never conflict, ...
What’s The Killer Feature In Windows 7?<br />
What’s The Killer Feature In Windows 7?<br />“I Don’t Care How It Works. I Just Want It To Work.”<br />Mobility<br />Direc...
Windows 7 and Access Anywhere<br />
Information Worker’s World Has Been Changing<br />CENTRAL OFFICE<br />BRANCH OFFICES<br />REMOTE WORK<br />MOBILE & DISTRI...
The Evolving Needs<br />IT Professional needs:<br /><ul><li>Secure and flexible infrastructure for“work anywhere”
Reduce costs</li></ul>Mobile & Remote Work-Force needs:<br /><ul><li>Work anywhere
Fast access</li></li></ul><li>Remote Access for Mobile Workers<br />Windows 7 Solution<br />Situation Today<br />DirectAcc...
Easy to service mobile PCs and distribute updates and polices
New network paradigm increases mobile user productivity by providing same experience inside & outsidethe office
Challenging for IT to manage, update, patch mobile PCs while disconnected from company network
Difficult for users to access corporate resources from outside the office</li></li></ul><li>DirectAccess Components<br />S...
Domain-joined
Initial configuration done on Corpnet or over VPN
Runs on Windows Server 2008 R2
Sits on network edge
Single box by default
Services can be split up for scalability</li></li></ul><li>DirectAccess<br />Technical Details<br />IPsec/IPv6<br />Intern...
DirectAccess & IPv6<br />Internet<br />DirectAccessServer<br />DirectAccessClient<br />Tunnel over IPv4 UDP, HTTPS, etc.<b...
DirectAccess & IPsec<br />EnterpriseNetwork<br />Line of Business Applications<br />DirectAccess Server<br />No IPsec<br /...
DirectAccess Deployment<br />Get ready step by step<br />Determine your strategy<br />Be ready to monitor IPv6 traffic<br ...
IT Pro Benefits<br />Improved manageability of remote users <br />IT simplification and cost reduction<br />Consistent sec...
DirectAccess? Show Me!<br />
VPN Reconnect<br />Windows 7 Solution<br />Situation Today<br />VPN Server<br /><ul><li>The client maintains persistent VP...
VPN Client can connect to any VPN Server of choice</li></ul>VPN Server<br /><ul><li>VPN  used frequently for remote access...
Mobile workers reconnect to VPN on every network outage</li></ul>Benefits<br /><ul><li>Better end user experience: seamles...
Reduced support costs </li></li></ul><li>Mobile Broadband<br />Windows 7 Solution<br />Situation Today<br />Integrated sol...
Additional software required
IHVs can integrate devices using Windows 7 platform
No need  for users to install3rd party software
End users have same connectivity experience across WiFi and WWAN</li></li></ul><li>Branch Office Enhancements<br />Windows...
BranchCache<br />Technical Details<br /><ul><li>Authenticates current state of data and access rights of the user against ...
Supports commonly used protocols: HTTP(S), SMB
Support network security protocols (SSL, IPsec)
Requires Windows Server 2008 R2 in the data center and Hosted Cache</li></li></ul><li>BranchCache Distributed Cache<br />M...
BranchCache Hosted Cache<br />Main Office<br />Get<br />Get<br />ID<br />ID<br />ID<br />ID<br />ID<br />Data<br />ID<br /...
BranchCache<br />Hosted CacheData cached at the host server<br />Distributed Cache<br />Data cached in cache pool<br /><ul...
Cache availability is high
Enables branch-wide caching
Upcoming SlideShare
Loading in …5
×

Bus Tour Windows 7 Deck (Full)

1,888 views

Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

Bus Tour Windows 7 Deck (Full)

  1. 1. Welcome to Windows 7<br />Stephen L Rose<br />Worldwide Community Manager – Windows Client<br />stros@microsoft.com<br />http://microsoft.com/springboard<br />Blog- http://windowsteamblog.comTwitter- @stephenlrose / @MSspringboard<br />
  2. 2. Agenda<br />Who Am I?<br />Resources, Resources, Resources<br />Windows 7 Overview<br />Windows 7 Anywhere<br />Security and Control in Windows 7<br />Windows 7 Deployment<br />Wrap-up<br />
  3. 3. What is the Springboard Series?<br />The Springboard Series is the resource for desktop IT pros www.microsoft.com/springboard<br />Springboard is localized in 10 languages <br />Over 50 video walkthroughs on Windows 7 features, tools and tasks<br />Dedicated zones for Application Compatibility, Migration, Deployment and more<br />Straight-talk Monthly Feature Articles & Overview Guides<br />Springboard Insider Monthly Newsletter and Windows Team Blog<br />Virtual Roundtable Events<br />The Springboard Series IT pro experience offers IT Pros dynamic content and structured guidance across the adoption lifecycle<br />Follow us on Twitter @ MSSpringboard<br />
  4. 4.
  5. 5. www.TalkingAboutWindows.com – The people , the backstories, and the events behind Windows 7.<br />Join The Conversation!<br />
  6. 6. Let’s Begin<br />
  7. 7.
  8. 8. Windows 7 Versions<br />Windows 7 Starter <br />NoAero<br />No 64 Bit<br />Windows 7 Home Basic<br />Emerging Markets only<br />Windows 7 Home Premium<br />Includes Aero, Media Center and Touch<br />Windows 7 Professional<br />Does not support Direct Access, BitLocker, BitLocker To Go, BranchCache. Does have XP Mode<br />Windows 7 Enterprise<br />Supports all features. Only available via Volume License to Software Assurance customers.<br />Windows 7 Ultimate<br />Supports all features.<br />
  9. 9.
  10. 10. Understanding VL and SA<br />What is Volume Licensing?<br />Volume Licensing is the most affordable way to upgrade your existing PCs to Windows 7Enterprise.<br />Windows licenses available through Volume Licensing are upgrade-only licenses. They do not replace purchasing the initial Windows licenses for software that comes pre-installed on new PCs. <br />Each desktop that runs the Windows 7 upgrade must first be licensed to run one of the qualifying operating systems (Windows Vista (Enterprise/Business/Ultimate) or Windows XP (Professional)—otherwise the PC will not have a valid, legal Windows license. <br />What is Software Assurance?<br />When you acquire Windows 7 Professional licenses, either through Volume Licensing upgrades or through an OEM, you can cover those licenses with Software Assurance to get rights to Windows 7 Enterprise.<br />SA also applies to Office and other Microsoft products.<br />
  11. 11. What Else Do I Get With SA?<br />Microsoft Desktop Optimization Pack (MDOP) - MDOP is an add-on subscription license that provides innovative technologies to help better control the desktop PC, accelerate and simplify desktop PC deployments and management, and create a dynamic infrastructure by turning software into centrally-managed services. <br />Windows Virtual Enterprise Centralized Desktop (VECD) for Software Assurance - Windows VECD is an annual device-based subscription that enables organizations to license virtual copies of Windows 7 (or prior OS versions) in a variety of user scenarios.<br />Windows Fundamentals for Legacy PCs - Available exclusively to Microsoft Software Assurance customers, this small-footprint, Windows-based operating system solution is for customers with legacy computers running early operating systems who are not in a position to purchase new hardware.<br />Virtual OS Rights - Use up to four instances of Windows in virtual OS environments for each license that has active Software Assurance coverage.<br />New Version Rights - Receive new versions of licensed software released during the term of your coverage. If you have Software Assurance coverage for your PCs when Windows 7 is released, you will automatically receive rights to use Windows 7 Enterprise on those PCs. <br />
  12. 12. MDOP Technologies<br />App-V turns applications into centrally managed services that are never installed, never conflict, and are streamed on demand to end users<br />AIS is a hosted service that collects software inventory data and translates it into actionable business intelligence<br />DART reduces downtime by accelerating desktop repair, recovery, and troubleshooting unbootable Windows-based desktops<br />DEM enables proactive helpdesk problem management by analyzing and reporting on application and system crashes<br />AGPM enhances governance and control over Group Policy through robust change management and role-based administration<br />MED-V enables deployment and management of Microsoft Virtual PC to address key enterprise scenarios, primarily resolving application compatibility with a new version of Windows<br />
  13. 13. What’s The Killer Feature In Windows 7?<br />
  14. 14. What’s The Killer Feature In Windows 7?<br />“I Don’t Care How It Works. I Just Want It To Work.”<br />Mobility<br />Direct Access / VPN Reconnect/Mobile Broadband / BranchCache<br />Security and Control<br />BitLocker/BitLocker To Go / Improved UAC<br />Desktop Auditing / NAP / AppLocker / IE8<br />GUI<br />New Aero Features / Search / Wireless support / Device Stage / Location Aware Printing / Home Groups / Libraries <br />General<br />Speed / Efficiency / Capabilities / Flexibility / Reliability<br />
  15. 15. Windows 7 and Access Anywhere<br />
  16. 16. Information Worker’s World Has Been Changing<br />CENTRAL OFFICE<br />BRANCH OFFICES<br />REMOTE WORK<br />MOBILE & DISTRIBUTED WORKFORCE<br />
  17. 17. The Evolving Needs<br />IT Professional needs:<br /><ul><li>Secure and flexible infrastructure for“work anywhere”
  18. 18. Reduce costs</li></ul>Mobile & Remote Work-Force needs:<br /><ul><li>Work anywhere
  19. 19. Fast access</li></li></ul><li>Remote Access for Mobile Workers<br />Windows 7 Solution<br />Situation Today<br />DirectAccess<br />Home<br />Office<br />Home<br />Office<br /><ul><li>Corporate network boundary includes managed assets no matter where they are on the Internet
  20. 20. Easy to service mobile PCs and distribute updates and polices
  21. 21. New network paradigm increases mobile user productivity by providing same experience inside & outsidethe office
  22. 22. Challenging for IT to manage, update, patch mobile PCs while disconnected from company network
  23. 23. Difficult for users to access corporate resources from outside the office</li></li></ul><li>DirectAccess Components<br />Server<br />Client<br /><ul><li>Runs on Windows 7
  24. 24. Domain-joined
  25. 25. Initial configuration done on Corpnet or over VPN
  26. 26. Runs on Windows Server 2008 R2
  27. 27. Sits on network edge
  28. 28. Single box by default
  29. 29. Services can be split up for scalability</li></li></ul><li>DirectAccess<br />Technical Details<br />IPsec/IPv6<br />Internet<br />Compliant Client<br />Compliant Client<br />NAP / NPS Servers<br />IPsec/IPv6<br />IPsec/IPv6<br />Tunnel over IPv4 UDP, HTTPS, etc.<br />DirectAccess Server<br />Intranet User<br />Assume the underlying network is always insecure<br />Data Center and Business Critical Resources<br />Intranet User<br />Redefine enterprise network edge to insulate the datacenter and business critical resources<br />Enterprise Network<br />Security policies based on identity, not location<br />
  30. 30. DirectAccess & IPv6<br />Internet<br />DirectAccessServer<br />DirectAccessClient<br />Tunnel over IPv4 UDP, HTTPS, etc.<br />Encrypted IPsec+ESP<br />Native IPv6<br />6to4<br />Teredo<br />IP-HTTPS<br />
  31. 31. DirectAccess & IPsec<br />EnterpriseNetwork<br />Line of Business Applications<br />DirectAccess Server<br />No IPsec<br />IPsec Integrity Only (Auth)<br />IPsec Integrity + Encryption<br />
  32. 32. DirectAccess Deployment<br />Get ready step by step<br />Determine your strategy<br />Be ready to monitor IPv6 traffic<br />Choose an Access Model: Full Intranet Access vs. Selected Server Access?<br />Assess deployment scale<br />Get your infrastructure ready<br />Windows 7 clients<br />Windows Server 2008 R2 DirectAccess Server<br />DC, DNS Server, Active Directory, PKI, Application Servers, etc.<br />During deployment<br />Use DirectAccess configuration wizard to setup DirectAccess Server and generate policies for clients, application servers, and DC/DNS<br />Customize policies as needed<br />
  33. 33. IT Pro Benefits<br />Improved manageability of remote users <br />IT simplification and cost reduction<br />Consistent security for all access scenarios<br />Seamless & secure access to corporate resources<br />Consistent connectivity experience in / out office<br />Combined with other Windows 7 features enhances the end to end IW experience<br />DirectAccess Benefits<br />End User Benefits<br />
  34. 34. DirectAccess? Show Me!<br />
  35. 35. VPN Reconnect<br />Windows 7 Solution<br />Situation Today<br />VPN Server<br /><ul><li>The client maintains persistent VPN connection across network outages
  36. 36. VPN Client can connect to any VPN Server of choice</li></ul>VPN Server<br /><ul><li>VPN used frequently for remote access to corporate resources
  37. 37. Mobile workers reconnect to VPN on every network outage</li></ul>Benefits<br /><ul><li>Better end user experience: seamless and consistent VPN connectivity
  38. 38. Reduced support costs </li></li></ul><li>Mobile Broadband<br />Windows 7 Solution<br />Situation Today<br />Integrated solution that is consistent and easy to discover<br /><ul><li>Plug & play experience for 3G cards (built-in or external)</li></ul>Benefits<br /> Internet connectivity via mobile broadband cards is expanding:<br /><ul><li>Inconsistent user experience
  39. 39. Additional software required
  40. 40. IHVs can integrate devices using Windows 7 platform
  41. 41. No need for users to install3rd party software
  42. 42. End users have same connectivity experience across WiFi and WWAN</li></li></ul><li>Branch Office Enhancements<br />Windows 7 Solution<br />Situation Today<br />BranchCache™<br />Caches content downloaded from file and Web servers<br />Users in the branch can quickly open files stored in the cache<br />Frees up network bandwidth for other uses<br />Application and data access over WAN is slow in branch offices<br />Slow connections hurt user productivity <br />Improving network performance is expensive and difficult to implement <br />
  43. 43. BranchCache<br />Technical Details<br /><ul><li>Authenticates current state of data and access rights of the user against the server
  44. 44. Supports commonly used protocols: HTTP(S), SMB
  45. 45. Support network security protocols (SSL, IPsec)
  46. 46. Requires Windows Server 2008 R2 in the data center and Hosted Cache</li></li></ul><li>BranchCache Distributed Cache<br />Main Office<br />Data<br />Get<br />Get<br />ID<br />ID<br />Data<br />Data<br />Get<br />Get<br />Branch Office<br />
  47. 47. BranchCache Hosted Cache<br />Main Office<br />Get<br />Get<br />ID<br />ID<br />ID<br />ID<br />ID<br />Data<br />ID<br />Data<br />Data<br />Data<br />Search<br />Search<br />Get<br />Put<br />Advertize<br />Get<br />Request<br />Branch Office<br />
  48. 48. BranchCache<br />Hosted CacheData cached at the host server<br />Distributed Cache<br />Data cached in cache pool<br /><ul><li>Cache stored centrally: existing Windows Server 2008 R2 in the branch
  49. 49. Cache availability is high
  50. 50. Enables branch-wide caching
  51. 51. Increased reliability
  52. 52. Recommended for branches without a branch server
  53. 53. Easy to deploy: Enabled on clients through Group Policy
  54. 54. Cache availability decreases with laptops that go offline</li></ul>Enterprise<br />
  55. 55. BranchCache Benefits<br />IT Pro Benefits<br /><ul><li>Optimize network utilization:
  56. 56. HTTP and HTTPS-based intranet traffic
  57. 57. SMB (and signed SMB) shares on the read path
  58. 58. Support network security protocols (SSL, IPsec)
  59. 59. Reduce the cost of managing WAN
  60. 60. Improve application responsiveness and reduce file transferwait time
  61. 61. Combined with other SMB offerings enhance the userexperience on remote shares</li></ul>End User Benefits<br />
  62. 62. Enhance Security & Control in Windows 7<br />
  63. 63. Windows 7 Enterprise Security<br />Building upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.<br />Fundamentally Secure Platform<br />Helping Protect Users & Infrastructure<br />Helping Secure Anywhere Access<br />Helping<br />Protect <br />Data<br />Windows Vista Foundation<br />Streamlined User Account Control<br />Enhanced Auditing<br />Network Security<br />Network Access Protection<br />DirectAccessTM<br />AppLockerTM<br />Internet Explorer 8<br />Data Recovery<br />RMS<br />EFS<br />BitLocker & BitLocker To GoTM<br />
  64. 64. Fundamentally Secure Platform<br />Windows Vista Foundation<br />Enhanced Auditing<br />Streamlined User Account Control<br />Make the system work well for standard users<br />Administrators use full privilege only for administrative tasks<br />File and registry virtualization helps applications that are not UAC compliant <br />Group Policy Configurable<br />XML based<br />Granular audit categories<br />Detailed collection of audit results<br />Simplified compliance management<br />Security Development Lifecycle process<br />Kernel Patch Protection<br />Windows Service Hardening<br />DEP & ASLR<br />IE 8 inclusive<br />Mandatory Integrity Controls<br />
  65. 65. User Account Control<br />Windows Vista<br />System Works for Standard User<br />All users, including administrators, run as Standard User by default<br />Administrators use full privilege only for administrative tasks or applications<br />Influence the ecosystem to write software that does not need administrative rights<br />Streamlined UAC<br />Reduce the number of OS applications and tasks that require elevation<br />Refactor applications into elevated/non-elevated pieces<br />Flexible prompt behavior for administrators<br />Continued ecosystem influence for standard user applications<br />Challenges<br />Customer Value<br />User provides explicit consent before using elevated privilege<br />Disabling UAC removes protections, not just consent prompt<br />Users can do even more as a standard user<br />Administrators will see fewer UAC Elevation Prompts<br />Windows 7<br />
  66. 66. Desktop Auditing<br />Windows Vista<br />Enhanced Auditing<br />New XML based events<br />Fine grained support for audit of administrative privilege<br />Simplified filtering of “noise” to find the event you’re looking for<br />Tasks tied to events<br />Simplified configuration results in lower TCO<br />Demonstrate why a person has access to specific information<br />Understand why a person has been denied access to specific information<br />Track all changes made by specific people or groups<br />Challenges<br />Granular auditing complex to configure<br />Auditing access and privilege use for a group of users<br />Windows 7<br />
  67. 67. UAC & Auditing<br />
  68. 68. Securing Anywhere Access<br />Network Security<br />DirectAccess<br />Network Access Protection<br />Ensure that only “healthy” machines can access corporate data<br />Enable “unhealthy” machines to get clean before they gain access <br />Security protected, seamless, always on connection to corporate network<br />Improved management of remote users <br />Consistent security for all access scenarios<br />Policy based network segmentation for more secure and isolated logical networks<br />Multi-Home Firewall Profiles<br />DNSSec Support<br />
  69. 69. Network Access Protection<br />Remediation<br />Servers<br />Example: Patch<br />Restricted<br />Network<br />Corporate Network<br />Policy Servers<br />such as: Patch, AV<br />Health policy validation and remediation<br />Helps keep mobile, desktop and server devices in compliance<br />Reduces risk from unauthorized systems on the network<br />Not policy compliant<br />Policy compliant<br />DHCP, VPN<br />Switch/Router <br />Windows<br />Client<br />NPS<br />Windows 7<br />
  70. 70. Protect Users & Infrastructure<br />AppLockerTM<br />Data Recovery<br />Internet Explorer 8<br />Protect users against social engineering and privacy exploits<br />Protect users against browser based exploits<br />Protect users against web server exploits<br />File back up and restore<br />CompletePC™ image-based backup <br />System Restore<br />Volume Shadow Copies<br />Volume Revert <br />Enables application standardization without increasing TCO<br />Increase security to safeguard against data and privacy loss<br />Support compliance enforcement<br />
  71. 71. Help Desk Made Easier<br />Problem Steps Recorder<br />Windows Troubleshooting Platform<br />
  72. 72. Application Control<br />Situation Today<br />AppLocker<br />Eliminate unwanted/unknown applications in your network<br />Enforce application standardization within your organization<br />Easily create and manage flexible rules using Group Policy<br />Users can install and run non-standard applications<br />Even standard users can install some types of software<br />Unauthorized applications may:<br />Introduce malware<br />Increase helpdesk calls<br />Reduce user productivity<br />Undermine compliance efforts<br />Windows 7 Solution<br />
  73. 73. AppLocker Demo<br />
  74. 74. AppLocker<br />Technical Details<br />Simple Rule Structure: Allow, Exception & Deny<br />Publisher Rules<br />Product Publisher, Name, Filename & Version<br />Multiple Policies<br />Executables, installers, scripts & DLLs<br />Rule creation tools & wizard<br />Audit only mode<br />SKU Availability<br />AppLocker – Enterprise / Ultimate<br />
  75. 75. BitLocker / BitLocker To Go<br />Situation Today<br />BitLocker To Go<br />+<br />Worldwide Shipments (000s)<br />Extend BitLocker drive encryption to removable devices<br />Create group policies to mandate the use of encryption and block unencrypted drives <br />Simplify BitLocker setup and configuration of primary hard drive<br /><ul><li>Gartner “Forecast: USB Flash Drives, Worldwide, 2001-2011” 24 September 2007, Joseph Unsworth  
  76. 76. Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa, George Shiffler III </li></ul>Windows 7 Solution<br />
  77. 77. BitLocker /BitLocker To Go<br />Technical Details<br />BitLocker Enhancements<br />Automatic 200 Mb hidden boot partition<br />New Key Protectors<br />Domain Recovery Agent (DRA)<br />Smart card – data volumes only<br />BitLocker To Go<br />Support for FAT*<br />Protectors: DRA, passphrase, smart card and/or auto-unlock<br />Management: protector configuration, encryption enforcement<br />Read-only access on Vista & XP<br />SKU Availability<br />Encrypting – Enterprise, Ultimate<br />Unlocking – All<br />
  78. 78. Microsoft Learningwww.microsoft.com/learning<br />Springboard Serieswww.microsoft.com/springboard<br />
  79. 79. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />

×