Transcript Slide 1
Jason Leznek, Group Product Manager, Windows Client
Justin Graham, Senior Product Manager, Windows Server
Information Workers’ World Has Been Changing
The Evolving Needs of Organizations
IT Professional needs:
Secure and flexible infrastructure for
“work anywhere”
Reduce costs
Mobile & Remote Work-Force needs:
Work anywhere
Fast access
Carbon-Neutral
(“Green”)
Contingenc
y
Complianc
e
Costs
Consumeriz
ation
Optimized Desktop
Enhance User Productivity
Protect Sensitive Data
• Increase user productivity by
enabling users to access their
applications and data quickly,
from anywhere
Enhance User Productivity
• Policy-based Network Access and
Security
Reduce Costs with Greater
Manageability
• Update and manage mobile PCs
even when not on the corporate
the network
• Publish server-based
applications directly to users’
desktops
Protect Sensitive Data
• Policy-based network security
Reduce Costs with Greater
Manageability
• Centrally Aggregate Important
Client and Server Events
• Faster, More Scalable and
Efficient Access to Network
Resources
Fundamentals
Security, Reliability, Application Compatibility, Device Compatibility, Performance, Power Management
Infrastructure for the Optimized Desktop
Enhance User Productivity
• Increase user productivity by
enabling users to access their
applications and data quickly,
from anywhere
Protect Sensitive Data
• Policy-based network security
Reduce Costs with Enhanced
Manageability
• Update and manage mobile PCs
even when not on the corporate
the network
• Publish server-based
applications directly to users’
desktops
• Policy-based Network Access
and Security
• Faster, More Scalable and
Efficient Access to Network
Resources
• Centrally Aggregate Important
Client and Server Events
Fundamentals
Security, Reliability, Application Compatibility, Device Compatibility, Performance, Power Management
Windows 7 and Windows Server 2008 R2
Combined Value to Deliver the Optimized Desktop
Key Scenario
Enhance User
Productivity
Benefits
Features
Provide Faster, More Scalable and Efficient Access to Network
Resources
Receive Window Autotuning
SMB 2.0
IPv6
Provide users with seamless access to applications and data from
anywhere, hence increasing their productivity
DirectAccess
BranchCache™
Provide users a rich desktop experience from unmanaged or thin
clients
VDI enhancements
Protect Sensitive
Data
Enable policy-based network security by allowing only healthy PCs
from accessing network resources
Network Access Protection
Server and Domain
Isolation
Reduce Costs with
Enhanced
Manageability
Update and manage mobile PCs even when not on the corporate
the network
DirectAccess
Publish server-based applications directly to users’ desktops
Centrally Aggregate Important Client and Server Events to Help
Desk
Remote Desktop Services
(RDS)
Event Forwarding
Enhancing User
Productivity
Faster, More Scalable and Efficient Access to
Network Resources
IPv6
All Services Within Windows Vista are IPv6-enabled
Seamless Cost-Optimized Transitional Approach
Receive-Side Auto-tuning
Automatically senses network environment and adjusts important
performance settings
Allows increase of the size of the TCP/IP send/receive window
SMB 2.0 protocol improvements
Number of open files and shares on the server
Packet compounding reduces “chattiness”
Message signing settings have been improved
Client-side encryption is supported
Durable handles are supported
Remote Access for Mobile Workers
Situation Today
Office
DirectAccess
Home
Challenging for IT to manage, update,
patch mobile PCs while disconnected
from company network
Difficult for users to access corporate
resources from outside the office
Office
Home
Corporate network boundary
includes managed assets no matter
where they are on the Internet
Easy to service mobile PCs and
distribute updates and polices
New network paradigm increases
mobile user productivity by providing
same experience inside & outside
the office
DirectAccess Components
Server
Runs on Windows Server
2008 R2
Sits on network edge
Single box by default
Services can be split up
for scalability
Client
Runs on Windows 7
Domain-joined
Initial configuration done on
Corpnet or over VPN
Microsoft Confidential.
DirectAccess Benefits
IT Pro Benefits
Improved manageability of remote users
IT simplification and cost reduction
Consistent security for all access scenarios
End User Benefits
Seamless & secure access to corporate resources
Consistent connectivity experience in / out office
Combined with other Windows 7 features enhances
the end to end IW experience
Microsoft Confidential.
DirectAccess
IPv4 Devices
IPv6 Devices
IT desktop
management
AD Group Policy,
NAP, software
updates
Native IPv6
with IPSec
Support IPv4 via
6to4 transition
services or NAT-PT
DirectAccess
provides
Allows desktop
transparent,
secured
management
of
access
to
intranet
DirectAccess clients
IPv6 Transition
resources without a VPN
Services
Supports direct
connectivity to IPv6-based DirectAccess
intranet resources
Server
Allows IPSec encryption and
authentication
Internet
Supports variety of
remote network Windows 7
protocols
Client
Branch Office Enhancements
Situation Today
Application and data access over WAN
is slow in branch offices
Slow connections hurt user
productivity
Improving network performance is
expensive and difficult to implement
BranchCache™
Caches content downloaded from file
and Web servers
Users in the branch can quickly open
files stored in the cache
Frees up network bandwidth for other
uses
BranchCache Benefits
IT Pro Benefits
Helps reduce WAN utilization and cost
Data encryption is enforced across the network
Simple to deploy
End User Benefits
Less waiting for downloads = more productivity
Combined with other Windows 7 features
enhances the end to end IW experience
Microsoft Confidential.
Improving Branch Performance
Distributed Mode
2. Second client
downloads identifiers
from main office server
Client 1
Main
Office
1. First client downloads
data from main office
server
Branch Office
Client 2
3. Second client searches
local network for data and
downloads from first client
Improving Branch Performance
Hosted Caching
2. Content pushed to hosted
cache from first client
4. Second client
downloads from
hosted cache
Client 1
Main
Office
1. First client downloads
data from main office
server
Branch Office
Client 2
3. Second client
downloads identifiers
from main office server
Full Fidelity RemoteApp & Desktops
RemoteApp & Desktop Connections
RemoteApp & Desktops icons integrated into start menu etc
Icons refreshed & updated automatically
Multimedia Support & Audio Input
Experience rich multimedia redirection
Use VoIP applications and speech recognition.
True multiple monitor support
Use up to 10 monitors of any size or layout with RemoteApp and Desktops
Applications behave like users expect – e.g. PowerPoint installing them locally
Aero Glass for Remote Desktop Server
Uses have the same new Windows 7 look and feel when using Remote
Desktop Server
RemoteApp™ Language Bar Support
Configure applications that use alternate language settings (e.g. right to left
languages) from the local language
Microsoft Confidential.
Protect Sensitive
Data
Network Access Protection
Today’s Challenges
Unprotected Network Taps Within An Organization’s Buildings
Administrators Have Limited Control About Health Of Systems Joining
Network
Result: Hardware/Network Upgrades And Increased Operational Costs,
Reduced Productivity
Solution – End-to-End, Authenticated, Tamper-resistant Communication
Improved Isolation Using IPsec
Network Access Protection Across IPsec, 802.1X, DHCP, VPN
Increased Manageability
Network Access Protection
Policy Servers
such as: Patch, AV
3
1
2
Not policy
compliant
Windows
Client
DHCP, VPN
Switch/Router
4
Remediation
Servers
Example: Patch
Restricted
Network
NPS
Policy
compliant
5
Corporate Network
If not policy compliant, client is put in a restricted
VLAN
and
given
access
fix
up
resources
to
DHCP,
Network
If
Client
policy
requests
VPN
compliant,
Policy
or Switch/Router
Server
access
client
(NPS)
toto
isnetwork
granted
validates
relays
and
full
health
presents
access
against
status
to
IT- to
2
3
4
5
1
download
patches,
configurations,
signatures (Repeat
Microsoft
defined
corporate
current
health
health
Network
network
state
policy
Policy
Server (RADIUS)
1-4)
Microsoft Confidential.
Policy-based Dynamic Segmentation
Corporate
Network
Active Directory
Domain Controller
Trusted Resource
Server
X
Servers with
HR Workstation Sensitive Data
Unmanaged/Rogue
Computer
X
Server
Isolation
Untrusted
Managed
Computer
Managed
Computer
Domain
Isolation
Enable
tiered-access
sensitive
resources
Block
inbound
connections
from
untrusted
Managed
can
communicate
Define
Distribute
thecomputers
logical
policies
isolation
andto
credentials
boundaries
Business and Technical Benefits
Reduce the risk of network security threats
An additional layer of defense-in-depth
Reduced attack surface area
Increased manageability and more healthy clients
Safeguard sensitive data and intellectual property
Authenticated, end-to-end network communications
Scalable, tiered access to trusted networked resources
Protect the confidentiality and integrity of data
Extend the value of existing investments
No additional hardware or software required
Get more value from Active Directory and Group Policy
Complements existing 3rd network security solutions
Enhanced
Manageability
Manageability Beyond The Office
DirectAccess
Enables “always-on” management of remote machines to support a fullymanageable environment
Scenarios include:
Group Policy Updates
Folder Redirection/Client-side Caching
Software/Update Distribution
Event Subscriptions
Proactive management of key issues
Pull/Forward events to/from multiple machines and search/collate
Does not require loading entire log from remote machine
Microsoft Confidential.
Remote Desktop Services Manageability
RDS and VDI – An Integrated Solution
Single broker to connect users to sessions or virtual machines, out of
the box solution for VDI scenarios with Hyper-V
RemoteApp & Desktop Connections
Centrally hosted applications integrated into Start Menu, desktop, etc. Can
personalize a non-work PC with work applications without installing them
locally
Improved Management Toolset
Reduce repetitive task with RDS Powershell support, improved
application install, connection broker install & profile management
Platform Investments
Multiple levels of extensibility for custom partner solutions for Remote
Desktop Services & VDI based solutions
Microsoft Confidential.
Questions and
Answers
© 2009 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.