Activating Windows in Enterprise Environment

Download Report

Transcript Activating Windows in Enterprise Environment 

Windows Vista:
Volume Activation 2.0
Ramprabhu Rathnam
Director – Product Management
Microsoft Corporation
Agenda
•
•
•
•
•
Introduction
Software Protection Platform
Activation Options
Resources
Q&A
Challenges
VLK 1.0 Realities
•
•
•
•
•
Unrestrained usage
Not easy to track or manage
Does not offer tools or
means for easier, scalable,
and more secure
deployments
Stolen or compromised
Get confused with nongenuine software
Goals for Windows Vista
•
•
•
•
•
Enable protection and
management of license keys
Flexible options to suit
varying operating models
Minimal impact to desktop
deployment and
management
Reduce the risk of running
tampered software
Facilitate genuine
differentiation
Software Protection Platform
Digital licensing and software IP protection solution
for Windows Vista & “Longhorn” customers
•
Improve the security of
the software
• Reduce piracy through
enhanced and flexible
product activation options
•
Protect software from
malicious tampering &
reverse engineering
•
Enable differentiation &
compliance
• Facilitate genuine
differentiation
•
Ease software asset
management efforts
•
•
Trusted license store
and public APIs
Assist in Electronic
Software Distribution
•
Windows Anytime
Upgrade
Activation Options
Online
Phone
Multiple Activation Key (MAK)
Key Management Service (KMS)
BIOS-bound
Pre-install
Volume Activation 2.0
•
•
•
Help automate and manage the activation process for all volume
licensed editions of Windows Vista & Windows Server “Longhorn”
Two types of Keys
•
•
Three activation methods
•
•
•
•
•
Multiple Activation Key
Key Management Service Key
MAK Independent Activation: Each desktop individually connects and
activates with Microsoft (online or telephone)
MAK Proxy Activation: One centralized activation request on behalf of
multiple desktops with one connection to Microsoft
KMS Activation: Activate using customer hosted service and NOT with
Microsoft
Machines using the OEM SKU do not require VA 2.0
Planned and managed as part of integrated desktop deployment
process
Multiple Activation Key
•
•
One time activation against Microsoft
Two methods of activation using a MAK:
•
•
•
•
MAK Independent Activation: Each desktop individually connects
and activates with Microsoft (online or telephone)
MAK Proxy Activation: One centralized activation request on
behalf of multiple desktops with one connection to Microsoft
Reactivation may be required if there is significant
change in the underlying hardware
Has an associated upper limit, depending on the license
agreement, and can be easily refilled
MAK Independent Activation
Internet
2
`
MAK Independent
client
Microsoft
1
`
VAMT host
1.
Distribute MAK :
a. Change product key wizard or WMI script
b. During OS installation
c. Volume Activation Management Tool (VAMT)
2.
MAK client(s) connect once to Microsoft via Internet (SSL) for
activation or use telephone.
Volume Activation Management Tool
•
•
•
Performs both MAK Proxy and MAK Independent
activation
Provides activation status of all machines in the
environment
Supports discovery of machines in the environment:
•
•
•
•
•
•
•
Active Directory (AD)
Workgroup, and
Individual machines by IP address or Machine Name
Requires remote WMI access
Stores all data in a well defined XML format
Allows for Import/Export of data
Availability in Q1 of 2007
MAK Proxy Activation using VAMT
Active Directory
Internet
3
1
Microsoft
2.
3.
4.
MAK Proxy
client
Find Windows Vista machine(s) from Active Directory (LDAP) or
through network discovery APIs NetServerEnum()
Apply MAK and collect Installation ID (IID) using WMI
optionally export to XML file
Connect to Microsoft over Internet (SSL) and obtain corresponding
Confirmation ID (CID)
optionally update XML file with CIDs
Activate MAK Proxy client(s) by applying CID
optionally import updated XML file first
4
`
`
VAMT host
1.
2
Key Management Service
•
•
•
•
•
•
Activate using customer hosted service and NOT with
Microsoft
Systems must re-activate by connecting to KMS host at
least every 180 days
Requires 25+ for Windows Vista and 5+ for Windows
“Longhorn” server
Default activation option for all volume editions of
Windows Vista and Windows Server “Longhorn”
Requires no user interaction
Currently available on Windows Vista and “Longhorn”.
Planned support for Windows Server 2003 in Q1 2007
How KMS Activation Works
1
4
DNS
2
KMS Client
3
KMS Host(s)
1.
2.
Discover KMS host via registry or DNS SRV RR (_vlmcs._tcp)
Send RPC request to KMS host on 1688/TCP by default (~250b)
Generate client machine ID (CMID)
Assemble and sign request (AES encryption)
On failure retry every 2 hours (default)
3.
4.
KMS host adds CMID to queue and responds with current count
(~200b)
KMS client evaluates count vs. license policy and activates itself
Store KMS host Product ID, intervals, and client hardware ID in license store
On success renew activation every 7 days (default)
Managing
•
•
•
Administrative tools
•
•
Volume Activation Management Tool
KMS Management Pack for System Center Operations Manager
(MOM Pack)
Management interfaces
•
•
•
•
Command line interface
Public APIs
WMI properties
Event Logs on every machine
Integration with Management tools
•
•
SMS 2003 SP3 and System Center Configuration Manager will
have built-in activation reports
Public APIs that can be used by any mgmt tools to duplicate this
functionality
Example Configuration using MAK/KMS
Secure Zone
Isolated Lab
Contains at
least 25
machines.
`
`
`
`
`
KMS Clients
`
KMS Client
KMS Client
KMS Client
Core Network
`
Desktop
Hosting KMS
KMS Phone
activation
`
Internet
`
Microsoft
`
KMS Client
1688/TCP
Disconnected
Machines
Internet
KMS Client
KMS Client
MAK Phone
Activation
`
MAK
Independent
KMS
Internet
Multiple Machines
Hosting KMS
`
Summary
•
•
Activation is a required process for all editions of
Windows Vista & Windows Server “Longhorn”
Multiple activation options exist for volume
customers
•
•
•
•
MAK independent, MAK proxy and KMS
Provides centralized management and
protection of VL keys
Enhances software asset management efforts
Integrated with Business Desktop Deployment
for easier deployment and management
Resources
•
Business Desktop Deployment Solution Accelerator:
•
•
Volume Activation 2.0 on TechNet:
•
•
http://go.microsoft.com/fwlink/?LinkID=75673
Volume Activation 2.0 on Download Center:
•
•
http://www.microsoft.com/technet/desktopdeployment/bdd
http://go.microsoft.com/fwlink/?LinkID=75674
For product key information and call center numbers:
•
http://www.microsoft.com/licensing/resources/vol/default.mspx
© 2006 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only.
MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Reduced Functionality Mode
•
Placed in reduced functionality mode when:
• Grace period expired, Hardware changed significantly, Tampering
detected, or Windows Genuine validation failed
•
•
While in RFM the User experience differs:
• Some features will be disabled e.g. ReadyBoost, Defender
• Some features will be degraded e.g. Aero
• Desktop will display non-Genuine watermark
• Users will have access to their desktop and data in “Safe” mode
Multiple options available to restore full functionality
Volume Activation Management Tool
User interface is subject to change