Windows Server 2008 DC
Download
Report
Transcript Windows Server 2008 DC
Technical Overview
Nguyen An Que
Technology Specialist
Microsoft Vietnam
[email protected]
Windows Server 2008 pillars
Web
Virtualization
Security
Delivers rich webbased experiences
efficiently and
effectively
Reduces costs,
increases hardware
utilization, optimizes
your infrastructure,
and improves server
availability
Provides
unprecedented levels
of protection for your
network, your data,
and your business
Solid Foundation for Your Business Workloads
Most flexible and robust Windows Server operating
system to date
Provides the most versatile and reliable Windows
platform for all of your workload and application
requirements
Most Flexible and Robust Windows
Server Operating System to Date
Solid
Foundation
Management
Server Manager
PowerShell
Windows Deployment
Services
Reliability
Server Core
Next Generation Networking
High Availability Clustering
Solid
Foundation
Windows PowerShell
New Command-line shell & Scripting Language
Improves productivity & control
Accelerates automation of system admin
Easy-to-use
Works with existing scripts
TechNet ScriptCenter
Exchange Server 2007
Terminal Server
WMI, Registry, Hardware, etc.
Community-Submitted scripts
MyITForum.com
Futures
Will ship in Windows
Admin GUIs layered over
PowerShell
One-to-many remote management
using WS-MGMT
Solid
Foundation
PowerShell
Managing Windows Server 2008
Solid
Foundation
Server Manager
Initial Configuration
Product Installation
Windows Server Core
Only a subset of the executable files and DLLs installed
No GUI interface & .NET managed code installed
Less disk space and management required
Can be managed with remote tools (MMC, RDP)
Solid
Foundation
Solid
Foundation
Server Core
Solid
Foundation
Complete Redesign of TCP/IP
(tcpip.sys)
WinsockNext Generation TCP/IP StackUser
Mode
Kernel Mode
TDI Clients
WSK Clients
AFD
TCPWSK
TDI
UDP
TDX
RAW
Next Generation TCP/IP Stack (tcpip.sys)
RAW
UDP
IPv6
IPv4
802.3
802.3
WLAN
WLAN
IPv6
Loopback
IPv4
Tunnel
Loop-back
IPv6
Tunnel
IPv4 Tunnel
Inspection API
TCP
IPv4
IPv6 Tunnel
NDIS
Dual-IP layer architecture for native IPv4 and IPv6 support
Improved Network Performance Troubleshooting
Improved performance via hardware acceleration and auto-tuning
Greater extensibility and reliability through rich Windows Filtering
Platform APIs
Completely manageable through Group Policy
Windows Firewall w/ Advanced Security
Combined firewall and IPsec management
Solid
Foundation
Solid
Foundation
Windows Firewall
with Advanced Security
Solid
Foundation
Failover Clustering
Active Node
Heartbeat
Passive Node
New Validation Wizard for server, storage & network testing
Support for GUID partition table (GPT) disks in cluster storage
Improved cluster setup interface
Quorum resource: no longer single-point-of-failure
IPv6 support
Geographically dispersed clusters: accross subnets, no VLAN needed
Windows Deployment Services
Solid
Foundation
Rapidly deploy Windows
operating systems
Updated and redesigned
version of Remote Installation
Services (RIS)
Server components
Client components: WinPE
Management components
Windows
Server 2008
Windows
Vista
Reliability and Performance Monitor
Solid
Foundation
Reliability and Performance Monitor
Solid
Foundation
Deliver Rich Web-based Experiences
Efficiently and Effectively
Internet
Information
Services 7.0
Web
Windows Media
Services
Windows
SharePoint
Services
IIS 7.0: a robust Web & Application Server
Web
Enhanced security and reduced
attack surface
Highly customizable
Administration: UI & APPCMD
& shared configuration
Advanced troubleshooting
Delegation & true application
XCOPY deployment
Windows Communication
Foundation (WFC)
Windows Activation Service
Web
New features in IIS 7.0
Optimize Your Infrastructure and
Improve Server Availability
Windows Server
Virtualization
Virtualization
Terminal Services
Gateway
Terminal
Services
RemoteApp
Virtualization Technologies
Virtualization
Server
Virtualization
Presentation
Virtualization
Windows Server
Virtualization
Management
Desktop
Virtualization
Application
Virtualization
Windows Server Virtualization
Greater Scalability and improved
performance
x64 bit host and guest
support
SMP support
Increased reliability and security
Minimal Trusted Code base
Windows running a
foundation role
Better flexibility and
manageability
New UI/Integration with
SCVMM
VM 2
VM 1
“Host”
VM 3
Virtualization
VM 2
“Child”
VM 3
“Child”
Virtual Server 2005 R2
Windows Hypervisor
Windows Server 2003
AMD-V / Intel VT
Hardware
Virtual
Hard Disks
(VHD)
Application Virtualization
Application Isolation
Dynamic Streaming
System Center Integration
Software as a Centrallymanaged Service
Available through…
Virtualization
Virtualization Investments
Virtualization
A Multi-level Approach
Licensing
Infrastructure
Management Interoperability Applications
Terminal Services
Deliver
cost-effective,
flexible and
simplified
licensing
Royalty Free
VHD format
Create agility
Better utilize
server
resources
Partner with
AMD and Intel
Ease
consolidation
onto virtual
infrastructure
Better utilize
management
resources
Support
heterogeneity
across the
datacenter
OSP (Open
Specification
Promise) VHD
Accelerate
deployment
Reduce the
cost of
supporting
applications
Terminal Services Gateway
Internet
Tunnels RDP
over HTTPs
Perimeter
Network
Strips off
RDP / HTTPs
Corporate
Network
RDP traffic
passed to TS
Terminal
Servers
and other
RDP Hosts
Internet
Remote/
Mobile User
Virtualization
Terminal
Services
Gateway
Network
Active
Policy Server Directory DC
Terminal Services RemoteApp
Remote
Desktop client
required
Virtualization
Virtualization
Terminal Services
Hardens Operating System and
Increases Environment Protection
Network Access
Protection
Security
Federated
Rights
Management
Read-Only
Domain
Controller
Network Access Protection
How it works
Policy Servers
e.g. Patch, AV
3
2
3
1
Not policy
compliant
Windows
Client
NPS
DHCP, VPN
Switch/Router
Client requests access to network and presents current
health state
2
DHCP, VPN or Switch/Router relays health status to
Microsoft Network Policy Server (RADIUS)
3
Network Policy Server (NPS) validates against IT-defined
health policy
If not policy compliant, client is put in a restricted VLAN
and given access to fix up resources to download patches,
configurations, signatures (Repeat 1 - 4)
5
Fix Up
Servers
Restricted
Network
e.g. Patch
Policy
compliant
1
4
4
5
If policy compliant, client is granted full access to corporate network
Corporate Network
Security
Active Directory Federation Services
Company A
Security
Company B
AD FS provides an identity
access solution
Account
Federation
Server
Federation Trust
Resource
Federation
Server
Web
Server
Deploy federation servers in
multiple organizations to
facilitate business-tobusiness (B2B) transactions
AD FS provides a Webbased, SSO solution
Federated Identity support in
Rights Management Service (RMS)
Company A
Account
Federation
Server
Security
Company B
Federation Trust
Resource
Federation
Server
Web
SSO
Together AD FS and AD
RMS enable users from
different domains to
securely share documents
based on federated
identities
Read-Only Domain Controller
Security
RODC
Head Quarter
Branch Office
Features
Read Only Active Directory Database
Only allowed user passwords are stored on RODC
Unidirectional Replication
Role Separation
Benefits
Increases security for remote Domain Controllers where physical
security cannot be guaranteed
How RODC Works
Windows Server
2008 DC
Security
3
Read
Only DC
4
Head
Quarter
2
Branch
5
6
1
6
What if a DC is stolen?
Security
Solid
Foundation
Branch Office Benefits
Optimization
DFS Replication
Security
BitLocker
Full Volume Encryption
Server Core
Read-Only Domain Controller
Head Quarter
Administration
SOAP-based remote
management (WinRM)
Restartable Active Directory
Branch Office
PKI Support
Built-in Certificate Service
Usage
Data Encryption
Digital Signature
Smart Card authentication
Security
Windows Server 2008:
A Robust Application Platform
Application Platform
.NET Framework 3.0
Windows Activation Service
MSMQ 4.0
IIS 7.0
Web
Virtualization
Modular design
Less attack surface
Admin delegation
APPCMD
Win Activation Svc
Tracing &
Troubleshooting
Security
NAP
Read-Only DC
AD RMS
AD Federation Svc
PKI support
BitLocker
Windows
Virtualization
TS Gateway
TS RemoteApps
Solid Foundation for Your Business Workloads
Windows PowerShell
IPv6
Server Core
Failover Clustering
Server Manager
Reliability & Performance
Monitor
Windows Firewall with
Advanced Security & IPSec
Windows Deployment Svc
www.microsoft.com/WindowsServer2008
Windows Server 2008 Summary
[email protected]
More information
www.microsoft.com/WindowsServer2008
www.iis.net