1 / 36

“Top 10 things you need to know”

“Top 10 things you need to know”. Jeff Alexander | IT Pro Evangelist | Microsoft Australia http://blogs.technet.com/jeffa36. The Top 10. Server Role Management IIS 7.0 Features Windows Powershell Server Core Virtualization New Security features Windows Deployment Services

ros
Download Presentation

“Top 10 things you need to know”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Top 10 things you need to know” Jeff Alexander | IT Pro Evangelist | Microsoft Australia http://blogs.technet.com/jeffa36

  2. The Top 10 • Server Role Management • IIS 7.0 Features • Windows Powershell • Server Core • Virtualization • New Security features • Windows Deployment Services • Terminal Services • Group Policy • Read Only Domain Controller • Scalable Networking

  3. Server roles streamline management Windows Server Setup Phases Windows Server 2008 Windows Server 2003 • Windows Server 2003 setup • Post-Setup security updates • Manage your server • Configure your server wizard • Add/Remove Windows components • Computer Management • Security Configuration Wizard • Operating system setup • Initial Configuration Tasks • Server Manager

  4. Initial Configuration Tasks • Administrator password • Network IP address • Domain membership • Computer name • Windows Updates • Windows Firewall

  5. Server Manager ConsoleModifying Roles and Features

  6. CreateStreamlined Servers Modular Architecture Extensible Design Reduced Attack Surface Extend/Modify IIS Features Integrated with .NET Rapid Application Deployment Manageable Built in Request Tracing Internet Information Services (IIS) 7.0 More than a Web server, Internet Information Services 7.0 provides an accessible, extensible platform for developing and reliably hosting Web applications and services. IIS 7.0 Enhancements FastDiagnostics

  7. New IIS 7.0 Features

  8. Windows PowerShell New interactive shell and scripting language Based on and takes advantage of .NET features Current tools will still work Current automation will still work

  9. Windows PowerShell Resources • TechNet ScriptCenter • Exchange Server 2007 • Terminal Server • WMI, Registry, Hardware, etc. • Community-Submitted scripts • MyITForum.com Hundreds of Scripts Manning Publications O’Reilly Media Sapien Press & others… Books & Training Materials MS MVPs PowerShell Team Blog Active Newsgroup Channel 9: DFO Show IIS.net Community Support

  10. Windows PowerShell

  11. Windows Server Core Server Core Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems Hyper-V AD DS DHCP AD LDS DNS Media GUI, CLR, Shell, IE, OE, etc. File/Print IIS7 • Only a subset of the executable files and DLLs installed • No GUI interface installed, no .NET, no PowerShell (for now) • Nine available Server Roles • Can be managed with remote tools

  12. Windows Server Core

  13. Dual-IP layer architecture for native IPv4 and IPv6 support Improved Network Performance Troubleshooting Improved performance via hardware acceleration and autotuning Greater extensibility and reliability through rich APIs Completely manageable through Group Policy Complete Redesign of TCP/IP Winsock User Mode Kernel Mode AFD TDI Clients WSK Clients TDI WSK TDX Next Generation TCP/IP Stack (tcpip.sys) RAW TCP UDP IPv6 IPv4 Inspection API 802.3 WLAN Loop-back IPv4 Tunnel IPv6 Tunnel NDIS Next Generation TCP/IP Stack (tcpip.sys) TCP UDP RAW IPv6 IPv4 802.3 WLAN Loop-back IPv4 Tunnel IPv6 Tunnel

  14. Key New Networking Features Windows Filtering Platform Receive Window Autotuning • Provides filtering capability at all layers of the TCP/IP protocol stack • Integrates and provides support for next-generation firewall features • Automatically senses network environment and adjusts key performance settings • Allows increase of the size of the TCP/IP send / receive window Policy-based Quality of Service Receive Side Scaling • Previous Windows operating systems limits receive protocol processing to single CPU • RSS resolves this issue by allowing network load from a network adapter to be balanced across multiple CPUs • Prioritize or manage the sending rate for outgoing network traffic • Both DSCP marking and throttling can be used together to manage traffic effectively

  15. VM 2“Child” VM 2“Child” VM 1“Parent” Windows Virtualization Management tools VirtualizationPlatform andManagement

  16. VHD Windows Server 2008 Hyper-V • Greater scalability and improved performance • x64 bit host and guest support • SMP Support • Increased reliability and security • Minimal trusted code base • Windows running a foundation role • Better flexibility and manageability • Quick Migration • New UI • Broad management tool support including SCVMM VM 2“Child” VM 2“Child” VM 1“Parent” WindowsHypervisor AMD-V / Intel VT

  17. Server Virtualization: Key Features 17

  18. Hyper-V: Key Features • Virtualization • The ability to virtualize workloads with few or no limitations as to what workloads can/may be virtualized. • 64-bit (x64) and hardware virtualization required • AMD AMD-V or Intel Virtualization Technology • 32-bit (x86) & 64-bit (x64) child partitions • Large memory support (>32GB) within VMs • SMP support • Pass-through disk access for VMs • New hardware sharing architecture (VSP/VSC) • Disk, networking, input, video • Robust networking • VLAN support, NAT, Quarantine 18

  19. Provided by: OS Hyper-V MS / XenSource / Novell Applications VSP VSC ISV/IHV/OEM Windows Server 2003, 2008 Windows Server 2008 WindowsKernel WindowsKernel Non hypervisor aware OS VMBus Hyper-V: Architecture Parent Partition Child Partitions Virtualization Stack Applications Applications VM WorkerProcess WMI Provider VMService User Mode Xen-enabled Linux Kernel Linux VSCs Hypercall Adapter VMBus Emulation VMBus Kernel Mode Windows Hypervisor “Designed for Windows” Server Hardware 19

  20. Windows Server Virtualization

  21. Server Protection Features Compliance Security Improved auditing Network Access Protection Event Forwarding Policy Based Networking Server and Domain Isolation Removable Device Installation Control Active Directory Rights Management Services Development Process Secure Startup and shield up at install Code integrity Windows service hardening Inbound and outbound firewall Restart Manager

  22. Network Access Protection

  23. Network Access Protection Policy-based solution that Validates whether computers meet health policies Limits access for noncompliant computers Automatically remediatesnoncompliant computers Continuously updates compliant computers to maintain health state Network Access Protection Internet Boundary Zone Employees , Partners, Vendors Intranet Customers Partners Solution Highlights Standards-based Plug and Play Works with most devices Supports multiple antivirus solutions Has become the standard for Network Access Control Remote Employees

  24. Access requested Health state sentto NPS (RADIUS) NPS validates against health policy If compliant, access granted If not compliant,restricted network access and remediation Network Access ProtectionHow it works 1 Policy Serverse.g.., Patch, AV 1 Microsoft NPS 2 3 5 Not policy compliant Remediation Serverse.g., Patch 2 3 RestrictedNetwork Policy compliant 4 DCHP, VPN Switch/Router 5 Corporate Network 4

  25. Windows Deployment Services Support for deploying Windows (all versions) Boots WinPE over PXE Use Windows Imaging (WIM) file format Extensible Granular Images Management Longhorn Server Specifics Multicast TFTP download performance enhancements EFI x64 network boot support

  26. Terminal Services Gateway Terminal Server Home Terminal Server Internet Terminal Services Gateway Server Business partner / client site E-mail Server Roaming wireless Perimeter network Corp LAN Internet Internal Firewall External Firewall Strips off RDP/HTTPS Tunnels RDP over HTTPS RDP/SSL traffic passed to TS Hotel

  27. Terminal Services Remote Programs Terminal Services Gateway Server Remote Desktop client required

  28. Other Not-To-Be-Missed Cool Terminal Services News • EasyPrint makes printing to a local printer, well, easy by exploiting XPS • Four Registry entries let you dial up bandwidth allocation between the UI stuff (mouse, screen) and data transfer (printing, file transfer) • WinFX means remoted graphics commands (which is way more exciting than it sounds)

  29. Windows Server 2008 Group Policy • Windows Vista set the stage… • 700+ new settings, ability to control things we never could before centrally (i.e. power save settings, device installation restrictions) • Group policies no longer just a thread in Winlogon, but instead a separate service • Meticulous step-by-step logging makes GP troubleshooting light-years easier • Printer/drive mapping via GPO • Powerful new ADMX template format • Server 2008 rocks the house with…

  30. Ever Said, "I Wish There Were a GP Setting For…?" • Group Policy Preferences lets you create a do-it-yourself group policy setting out of, well, just about anything… with a few mouse clicks • Built into Windows Server 2008 GPMC • Part of the Desktop Standard acquisition • Remote Server Admin Tools (RSAT) delivered for Vista

  31. Read-Only Domain Controller RODC Main Office Remote Site • Features • Read Only Active Directory Database • Only allowed user passwords are stored on RODC • Unidirectional Replication • Role Separation • Benefits • Increases security for remote Domain Controllers where physical security cannot be guaranteed • Support • ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM

  32. How RODC Works Windows Server 2008 DC Read Only DC 3 4 2 RODC Branch Hub 5 6 1 6 RODC gives TGT to User and RODC will cache credentials Returns authentication response and TGT back to the RODC RODC: Looks in DB: "I don't have the users secrets" Windows Server 2008 DC authenticates request Forwards Request to Windows Server 2008 DC 5 6 4 3 2 1 User logs on and authenticates

  33. Read-only DC Mitigates “Stolen DC” Hub Admin Perspective • Attacker Perspective

  34. Windows Vista and Windows Server 2008: Better Together More Efficient Management Single worldwide servicing model Event forwarding between client and server Faster and more reliable remote operating system deployments Network Access Protection ensures health of connecting systems Greater Availability Scalable print servers with client-side rendering Smooth offline experience with client-side caching Transactional File System for file and registry operations Policy-based Quality of Service to prioritize application bandwidth Efficient Communications Fast enterprise class search on clients and servers Faster networking with new TCP/IP stack and native IPv6 Improved file-sharing performance over high-latency links Integrated remote access to internal applications and resources

  35. Introducing: TechNet Plus Direct! Available Now! • All the benefits of TechNet Plus for 30% less, • TechNet Plus Direct subscribers receive… • Online Benefits Portal – New! • Immediate download access: software and betas – New! • 2 free Professional Support Incidents • Managed Newsgroups and Online Concierge • The TechNet Library containing the KB, security updates, service packs, resource kits, and more TechNet Plus Direct is available exclusively online without media shipments For more information, please visit: www.microsoft.com/technet/subscriptions

More Related