Trend Problem Vista/WS08 Impact

Download Report

Transcript Trend Problem Vista/WS08 Impact

Defense Communications as a
Scarce Resource
Sandeep K. Singhal, Ph.D
Director, Windows Networking
Microsoft Corporation
Agenda
• Trends in enterprise networking
• Windows networking vision and roadmap
• Windows Vista and Windows Server 2008:
Features at a glance
• Collaboration with MoD
• Looking into the future
• Summary
Trends in Enterprise Networking
Server consolidation
and growth of data
centers
Increasingly mobile
and remote staff
Evolving security
requirements
Trends in Enterprise Networking
Server consolidation
and growth of data
centers
Increasingly mobile
and remote staff
Evolving security
requirements
• Single networking fabric for web, file, database, and backup
• Increased network traffic load on servers
• Increased load on Internet firewalls
Trends in Enterprise Networking
Server consolidation
and growth of data
centers
• Single networking fabric for web, file, database, and backup
• Increased network traffic load on servers
• Increased load on Internet firewalls
Increasingly mobile
and remote staff
• Remote access solutions stretch experience, support, and
management
• Greater reliance on WAN (over Internet) links from branch
offices
• Multiple client access technologies and devices
Evolving security
requirements
Trends in Enterprise Networking
Server consolidation
and growth of data
centers
Increasingly mobile
and remote staff
Evolving security
requirements
• Single networking fabric for web, file, database, and backup
• Increased network traffic load on servers
• Increased load on Internet firewalls
• Remote access solutions stretch experience, support, and
management
• Greater reliance on WAN (over Internet) links from branch
offices
• Multiple client access technologies and devices
• Enterprise edge disappearing with mobile workforce & devices
• Diverse user population (contractors, vendors) require securing
resources in addition to networks
• Federation and regulatory needs require policy-based isolation
domains
Windows Networking Vision:
Secure Seamless Network
IPsec Isolation
Elements of a
Secure, Seamless Network
Policy-based secure access to resources from anywhere
• End to end connectivity over the Internet using IPv6
• All communications authenticated using end to end IPsec
– Connection-by-connection
– Access controlled by identity
• Trust boundaries defined by policy instead of topology
– Traffic management at the edges
• Network access protection (NAP) systems keeps systems
healthy and protected from unhealthy systems
• Existing applications just work
Windows Networking Roadmap
Future: Secure
seamless networks
Win Server 2008/ Win • Internet security
domains
Vista
• Easy to deploy
• Intranet security
domains
• Server and Domain
Isolation (S&DI)
• Network Access
Protection (NAP)
• End host security
• Integrated Windows • IPv6 native and transition
solutions for enterprises
Firewall
Win Server 2003/
Win XP
• Easy to manage
Windows Vista and Windows Server 2008:
Networking Features At A Glance
Trend
Problem
Vista/WS08
Impact
Server
consolidation
and growth of
data centers
Slow data
replication between
data centers
despite high speed
connectivity
Compound
TCP enables
data transfers
at multi-gigabit
speeds
200% increase in replication
speed between Microsoft
Redmond and Bay Area data
centers
Increasing network
load limiting server
scalability
Built-in
hardware
offload and
CPU load
balancing for
network traffic
50% increase in web
requests/sec on same
hardware (as measured by
webbench)
Windows Vista and Windows Server 2008:
Networking Features At A Glance
Trend
Problem
Vista/WS08
Impact
Remote
and
Mobile
workforce
High latency limits
network performance
in branch offices
Automatic
tuning to
optimize for
WAN links
• File copy speed from US to
Microsoft Australia increased by
1000%
• DCE* testing showed 200%
improvement over 2Mbps
satellite links
Network losses limit
throughput on WLAN,
WWAN
Loss detection • Loss recovery time reduced by
and
40% over satellite links in DCE
automatic
testing
recovery
Mobile PCs expose
enterprise networks to
viruses as they roam
between networks
Network
access
protection
(NAP)
solutions
• IT security compliance increased
by 80% after deploying NAP on
Microsoft network
*Defense Communications Efficiency: Joint project between Microsoft and UK MoD
Windows Vista and Windows Server 2008:
Networking Features At A Glance
Trend
Problem
Vista/WS08
Impact
Remote
and
Mobile
workforce
Overlapping private
addresses make remote
management hard
Full IPv6 support
enabled end to end
connectivity
• IPv6 enabled
throughout Microsoft
by deploying only few
new servers
Ad-hoc collaboration in
war zones, conferences
hard in absence of
infrastructure setup
Windows Meeting
• Windows Meeting
Space allows sharing Space widely used
presentations, files,
within Microsoft for
notes
ad-hoc collaboration
Hard to deploy quality of Policy based
service solutions to
enterprise QoS
manage expensive WAN (eQoS)
resources
• eQoS deployed on
Microsoft WAN links
with existing router
hardware to prefer
certain app traffic
Windows Vista and Windows Server 2008:
Networking Features At A Glance
Trend
Problem
Vista/WS08
Impact
Security
Mobility and deperimeterization
increasing threat
surface
Server and domain
isolation (SDI) solutions
enable policy based
security solutions
Universidade de Vila
Velha (UVV) deployed SDI
to increase security and
simplify management
Security policy
management hard
to deploy and
manage
-Group policy based SDI
deployment solution
-IPsec management
integrated with
Windows Firewall
City of Sopporo, Japan
deployed SDI with Nil
cost for 12000 users
across 870 different
departments
Case Study:
Defense Communication Efficiency
Players
• UK MoD
• Microsoft
Started
• 2004
Goal
• Improving efficiency on satellite networks
Approach
• Phased engagement consisting of problem definition, joint solution
development, joint testing, feedback and refinement
Outcome
• Windows Server 08/Vista autotuning, Compound TCP, and loss recovery
improvements
Benefits to
MoD
• GBP 500M per year spending on satellite links – even 10% efficiency
improvement is significant savings
Benefits to
Microsoft
• Microsoft: Validation of algorithms on Large Network Emulator as well as
on real satellite network as part of JWID 05
Case Study:
Defense Communication Efficiency
Players
• UK MoD
• Microsoft
Started
• 2004
Goal
• Improving efficiency on satellite networks
Approach
• Phased engagement consisting of problem definition, joint solution
development, joint testing, feedback and refinement
Outcome
• Windows Server 08/Vista autotuning, Compound TCP, and loss recovery
improvements
Benefits to
• GBP 500M per year spending on satellite links – even 10% efficiency
• Engagement
continuing
Windows
Server 2008/Windows
improvementbeyond
is significant
savings
MoD
Vista
Benefitsareas
to identified
• Several
such as
IPv6, compression,
QoS as well as
• Microsoft: Validation
of algorithms
on Large Network Emulator
on real satellite network as part of JWID 05
Microsoft for managing
• Framework
IP: Facilitates free flow of ideas and
testing results
Looking into the Future
• Remote work
– Easy and reliable network access from anywhere
– Better manageability of mobile PCs
– Extend Intranet NAP and isolation to remote worker
• Branch offices
– Further efficiency in fetching data over WAN links
– Preserve end to end security solutions
• Security domains
– Easier deployment
– Easier management
– Easier support
Summary
Windows Server 08 and Windows Vista
Provide substantial advances that
address key issues faced by
evolving enterprise networks
Influenced by partnership with
MoD
Address business issues impacting
MoD
Plan and prepare for secure seamless networks
Trends in enterprise networking
demand such networks
IPv6, IPsec and NAP are key
building blocks for these networks
Windows Server 2008 and
Windows Vista enable enterprises
to deploy these networks
Sandeep K. Singhal, Ph.D
Director, Windows Networking
[email protected]
+1 (425) 706-6570
QUESTIONS
Backup
Windows Networking Vision:
Secure Seamless Networks
•
•
•
Internet IS your network
Applications just work
All communications authenticated
–
–
IPsec isolation
•
Lab
Guest
Connection-by-connection
Access controlled by identity
Trust boundaries defined by policy
instead of topology
–
–
Traffic management at the edges
Network Immune Systems