AI001 Windows Server 2008 * What`s New
Download
Report
Transcript AI001 Windows Server 2008 * What`s New
Web
Virtualization
Security
Rich, Web based
experiences
Optimize your
Infrastructure
Hardens the OS
and Protects Your
Environment
Enhanced
Scripting and Task
Automation
Modular and
Extensible
Platform
Integrated
Hypervisor
Server
Consolidation
Power Savings
Better Security
and Compliance
Tools
Network Access
Protection
Solid Foundation for Your Business Workloads
Web
Security
Virtualization
Internet Information Services 7.0
Read-Only Domain Controller
Windows Server Virtualization
Efficient management and deployment tools
Customizable platform with .NET extensibility
Increased security and delegated
management for branch offices
Hypervisor-based virtualization platform
High availability through Failover Clustering
Windows Media Services
Network Access Protection
Terminal Services Gateway
Advanced streaming and caching
Health validation and compliance checking
Access internal resources through the firewall
Windows SharePoint Services
Federated Rights Management
Powerful document and team collaboration
Protected document collaboration
Terminal Services RemoteApp
Access and run remote applications locally
Solid Foundation for Enterprise Workloads
Manageability
Reliability
Server Manager
Server Core
Role-based configuration, management and reporting
Minimal installation option for better security and reliability
Windows PowerShell
Next Generation Networking
Command shell and scripting language for task automation
New TCP/IP stack for improved scalability and performance
Windows Deployment Services
Failover Clustering
Fast and efficient imaging of clients and servers
Easy to implement and flexible high availability
Server Manager
Initial Configuration
Product Installation
New Command-line shell & Scripting Language
Improves productivity & control
Accelerates automation of system admin
Works with existing scripts
Ships with Windows Server 2008
Easy for non-programmers
Role management in future versions
Partners
Resources
TechNet Script Center
MyITForum.com
Newsgroup and Web Forum
Team Blog and Channel 9
Books from Manning, O’Reilly,
Microsoft Press, Sapien
Server Management
and
Windows Powershell
Automatically adjusts for maximum efficiency
Faster network transfers, especially across WAN links
Optimized use of available network bandwidth
Reduced packet loss resulting in fewer retransmits
Optimized performance without loss
Intelligent, automated tuning of TCP receive window size
Better packet loss resiliency (e.g. wireless connectivity)
Advanced congestion control for better throughput
Active Node
Heartbeat
Passive Node
New Validation Wizard
Support for GUID partition table (GPT) disks in cluster storage
Improved cluster setup and migration
Improvements to stability and security – no single point of failure
Geographically dispersed clusters
Streamlined installation means
reduced attack surface
Xcopy deployment and shared
configuration
Simplified administration
through variety of tools
Event logging and tracing for
faster troubleshooting
Customization and extensibility
through .NET
Application and health
management for Web services
Impact of stolen DC to the Active Directory reduced
By default, no users/computers passwords stored on RODC
Read-only Partial Attribute Set can prevent application credentials
from
replicating to RODC
Reduced attack surface to the Active Directory for a
compromised DC
Read-only state with unidirectional replication for AD and
FRS/DFSR
Each RODC has its own KDC KrbTGT account to provide
cryptographic key separation
Delegated DCPROMO reduces need for DA to TS into RODC
Windows Server 2008 writeable DCs register SRV records on
behalf of RODCs to prevent name squatting
RODCs are workstation accounts
Not members of Enterprise-DC or Domain-DC groups
Very limited rights to write in Directory
Windows Server
2008 DC
3
Read
Only DC
4
Hub
2
5
RODC
6
Branch
1
6
1 User logs on and authenticates
2 RODC: Looks in DB: "I don't have the users secrets"
3 Forwards Request to Windows Server 2008 DC
4 Windows Server 2008 DC authenticates request
5 Returns authentication response and TGT back to the RODC
6 RODC gives TGT to User and RODC will cache credentials
Policy Validation
• Determines whether the computers are compliant with the company’s
security policy. Compliant computers are deemed “healthy”
Network Restriction
• Restricts network access to computers based on their health
Remediation
• Provides necessary updates to allow the computer to “get healthy.” Once
healthy, the network restrictions are removed
Ongoing Compliance
• Changes to the company’s security policy or to the computers’ health may
dynamically result in network restrictions
Policy Servers
e.g. MSFT Security
Center, SMS, Antigen
or 3rd party
3
1
Windows
Vista Client
2
DHCP, VPN
Switch/Router
MSFT
Network
Policy Server
Not policy
compliant
Policy
compliant
5
Customer
Benefits
4
Fix Up
Servers
Restricted
Network
e.g. MSFT
WSUS, SMS & 3rd
party
Corporate Network
Enhanced Security
All communications are authenticated, authorized & healthy
Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X
Policy-based access that IT Pros can set and control
AD RMS protects access to an
organization’s digital files
AD RMS in Windows Server 2008
includes several new features
Improved installation and
administration experience
Self-enrollment of the
AD RMS cluster
Integration with
AD Federation Services
New administrative roles
Information Author
The Recipient
Encryption
Policy
Full Volume
Encryption Key
(FVEK)
Group Policy allows central encryption policy and
provides Branch Office protection
Provides data protection, even when the system is
in unauthorized hands or is running a different or
exploiting Operating System
Uses a v1.2 TPM or USB flash drive for key storage
Windows Server Core
New minimal installation option with only “core” components
No GUI interface or graphical applications installed
Subset of server roles and features available
Manage remotely as you would any server
Windows Server Core
A Comprehensive Set of Virtualization Products, from the Data Center to the Desktop
Assets – Both Virtual and Physical – Managed from a Single Platform
Server
Virtualization
Presentation
Virtualization
Desktop
Virtualization
Windows Server
2008 Virtualization
Application
Virtualization
Greater scalability and improved
performance
x64 bit host and guest
support
SMP support
Increased reliability and security
Minimal trusted code base
Runs as a Server Core role
Better flexibility and
manageability
New UI/Integration with
SCVMM
VM 2
VM 3
VM 1
“Parent”
VM 2
“Child”
VM 3
“Child”
Virtual Server 2005 R2
Windows Server 2003
Hardware
Windows Hypervisor
AMD-V / Intel VT
Virtual
Hard Disks
(VHD)
Internet
Tunnels RDP
over HTTPs
Perimeter
Network
Strips off
RDP / HTTPs
RDP traffic
passed to TS
Terminal
Servers
and other
RDP Hosts
Internet
Remote/
Mobile User
Corporate
Network
Terminal
Services
Gateway
Network
Active
Policy Server Directory DC
• Run server-based
applications locally
• Centrally manage
applications
• Zero footprint client
installation
RDP 6.0
client required
Terminal Server
Infrastructure Optimization
Application Re-Platforming
Extending Core Systems
Training and Support
Sustain & Enhance
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions,
it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.