Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

What's Up with Windows Server 2008

Special Fall 2007 Issue:
"Livin' the Longhorn Life"
1
What it is
Latest version of Windows NT Server, NT Server 6.0
Available in Standard, Enterprise, Data Center, even
Web Edition
Also offers a reduced-function version called "Server
Core" in Standard, Enterprise, Data Center and even
Web Edition
Ultimately named "Windows Server 2008”
Shipping 27 February…
2
You remember this, of course?
It's where a goodly piece of Server 2008
comes from; more specifically….
3
First-In-Vista Server 2008
Technologies
New setup engine
Deployment tools
slmgr, KMS server
and other licensing
tools
Folder renames
(“Users”)
Heavy XML use
New search engine
More metadata
“Previous versions”
Transaction-based
NTFS
User Account Control
Windows Integrity
Levels
BitLocker drive
encryption
4
First-In-Vista Server 2008
Technologies
More secure services
architecture
PatchGuard antirootkit technology
Tighter security
defaults
IPv6 included and
installed by default
Windows Meeting
Space
Remote desktop
changes
700+ new group
policy settings
Revised file share
Hardware installation
policies
New Windows Event
Viewer
5
First-In-Vista Server 2008
Technologies
New WinRM protocol
(eventual RPC
replacement)
Improved task
scheduler
New boot manager
controlled by bcdedit,
not boot.ini
Reliability Monitor
6
64 Bit is the Default
As you may know, Exchange 2007 only shipped in a
64-bit version
The current point of view at MS is that "32 bit server
hardware is legacy hardware"
Keep that in mind when buying hardware
And don't worry about the "there are no 64 bit drivers"
stuff -- server hardware's got drivers
7
Management Tools
Tools to herd them dogies
8
Server Manager
Folds together
Add/remove Windows components
Manage Your Server
Server Configuration Manager
… and a bunch of other stuff
Intended to be "one stop shopping" for server
management
9
Server Manager
Comes up automatically, or run Administrative Tools /
Server Manager
Format is to show current state, and offer changes in
the upper-right-hand side
Differentiates "features" and "roles"
Think of it as the old Manage Your Server wizard
combined with the Security Configuration Wizard
Also ties together other MMCs
10
11
12
What's New In Monitoring
Data Collector Sets (find them in Server Manager)
Monitor a suite of related items
But it's more than Perfmon -- it's got rules for warning
you about things needing attention
Help includes proscriptive advice and links to KB
articles
Sort of a "MOM lite"
13
14
Group Policies
all the Vista stuff, and…
GPMC built in
GP effect on Sysvol greatly reduced
"Find" finally comes to GPMC
You can amalgamate numbers of like GP settings to
get a single task done with a “Starter GPO“
You can add comments to GP objects and starter
GPOs
We even get PolicyMaker, yay!
15
Rollouts
Still Windows Deployment Services
But… this'll make Ghost fans happy
You'll be able to multicast Windows Image (.wim) files
Image multicasting does not require IPv6
16
Virtual Machine Technology
17
The Hypervisor
it's virtually impossible to ignore virtual machines
An option for Longhorn & Server Core
Similar notion to VMWare's ESX
Lighter-weight hypervisor, however
Built to exploit AMD Pacifica/V and Intel
Vanderpool/VT's new opcodes
(Separate AMD support is in it)
Theory: a smaller base "hypervisor" means
faster virtual machines
Arrives about six months post-Longhorn
Ends up without Live Migration, the VMotion
competitor (bummer!)
18
Hypervisor Structure
VM 1
(“Parent”)
Virtualization
Stack
Drivers
Drivers
Drivers
VM 2
(“Child”)
VM 3
(“Child”)
Drivers
Drivers
Drivers
Drivers
Drivers
Drivers
Hypervisor is sort of
the base OS,
although it doesn't
do much
First VM acts very
much like the "host"
OS
Hypervisor
Hardware
19
Virtual Tech and Licenses
Buy a copy of Standard server and you can create one
VM
Buy a copy of Enterprise server and you can create
four VMs
Buy a copy of Datacenter server and you can create as
many VMs as you like
20
Networking
21
Network Access Protection
Problem: people bring computers into your intranet,
computers that may carry malware
Solution: some kind of quarantine system
Covers DHCP, VPN, IPsec and wireless
Two modes: "monitoring" and "isolating"
This is not NAQ, the 2003 thing that required a PhD to
make work
22
NAP Ingredients
Network policy: "no XP box gets on the network unless
it's got SP2 and patches X, Y, and Z"
NAP-smart network components
A "quarantine" network
A certificate infrastructure
A policy server
Clients with System Health Agents (none for 2000, Mac
or Linux yet)
23
NAP Approach (VPN example)
Remote user contacts VPN server
Gets directed to the policy server
Policy server interrogates the System Health Agents on
the remote user
Compares it to the network policy, sees if pass or fail
If "isolate," leave remote user on quarantine network; if
"monitor," let 'em on the network
24
What if you fail?
Isolated system can be sent to a "remediation server"
that supplies patches, service packs, etc
It's not just VPN; replace "VPN" with
DHCP server
802.1x network devices
Radius server
TS Gateway (later)
All work in the same way
25
SMB Gets Cooler
SMB 2.0 offers
Larger dynamic block sizing -- significantly better file
transfer speed
Support on Vista and Longhorn
Transfers encrypted files encryptedly
less chatty, quicker setup
more robust, handles short network glitches better
mutual authentication
requires SMB signing
26
How much faster?
A white paper on Microsoft’s site says that
moving from XP/2003 to Vista/2008 can
produce start-to-finish changes in speed in file
transfers of 2.5x to 3.3x
I was not, however, able to duplicate those
results, so I guess your mileage may vary
27
IIS 7.0
No more metabase; sites are configured with an ASCII
text XML file called ApplicationHost.config
Very nice and much simpler to pare a site down to its
basics, which makes for faster code and more security
Modularity is amazing – they’re trying for the best of
Apache
28
Terminal Services Gets Better
SSL connections, runs on RPC over HTTP
Terminal Services Gateway lets you get past
firewalls
WinFX apps will “remote” graphical calls
Will let you deploy an app so that the app by
itself is a TS session… but it looks to the user
like a standard window ("remote applications")
Can redirect many PnP devices
29
Command-Line Remote
Management
Wouldn't it be great to have ssh?
We've got WinRS, "Windows remote shell"
(which is always encrypted)
Built atop WinRM, "Windows Remote
Management" which is an implementation of
the WS-Management standard
Runs on port 80
Harder to do outside a domain but simple
inside a domain
ex: winrs -r:otherpc ipconfig
30
A SQL Server In Every Box
Longhorn has an optional feature called "Windows
Internal Database"
It's basically SQL Server 2005 Express
Download the SQL 2005 command line client
sqlcmd -S \\.\pipe\mssql$microsoft##ssee\sql\query -E
Start it with NET START
MSSQL$MICROSOFT##SSEE
31
Name Resolution Changes
(or lack of changes)
32
What's up with WINS?
Well, it's like this:
WINS, your days are numbered.
Unfortunately that number appears to be pretty large.
Supposedly NetBT was going to be disabled by default
on LH, but it isn't yet
33
DNS Changes
Several new RR types and features
Here are just the top two
(Join me tomorrow to see more on these and other
name resolution changes!)
34
DNS Changes
dnames
Migrating domain names?
It can be a pain to find all of the things referring to
somename.old.com and change them to
somename.new.com
New DNAME record tells DNS, "whenever someone
asks for somename.old.com, just return the record for
somename.new.com"
35
DNS Changes
next nearest site
Right now, computers try to find a local DC and if that
fails they just look at the global list of DCs
With Vista and Longhorn clients, you can enable a
feature whereby the client will try the "next nearest site"
if the nearest fails
Lots more on DNS, but those are the biggies
Join me for the "Changes in Name Resolution in Server
2008 Talk" for more!
36
Server Core
37
What it is
Reduced-function version of Server
Can be a DC, RODC, DNS, DHCP server, Web or file
server
No .NET, no MMC, no IE
Administer locally with command prompt
Most GUI stuff will not run
Remote: TS, MMC, WinRS
Will host a hypervisor when Veridian arrives
38
Why Run Server Core?
The answer to a prayer!
Runs a limited set of roles/features, so all kinds
of services are off
Installs to a VM in 11 minutes flat
Needs far less RAM and CPU; I run one in 183
MB RAM
Make it an RODC/DNS/file server and you've
got one interesting appliance server
Okay, so the user interface isn't glitzy…
39
Here's Server Core…
40
Tools That Work on SC
Notepad
Task Manager
TM's new Services
tab
Regedit
vbscript
Driver Verifier
Pnputil (installs
drivers)
Chewable cud
Plus the usual
command line stuff,
and some new stuff
dnscmd
wevtutil
ocsetup installs roles
Heck, it's even got
edlin
41
Active Directory
42
What's NOT Fixed
MS discovered a while back that any domain
admin in any domain in a forest can elevate
him/herself to enterprise admin
New advice: "the forest is the security
boundary"
In other words, there's not that much point to
multi-domain forests
Result: many firms need quite a number of
forests
Not addressed in Longhorn. Bummer.
43
Fine-Grained Password Policies
Want to have people in the Sales group change their
passwords every three months, but the folks in the
Administrators group every six months?
Roll out Longhorn DCs
You can then apply different password policies to
different groups
44
Read-Only DCs
In the old days, we had one read/write DC (the PDC),
and a bunch of read-only DCs (BDCs)
That was bad.
So then we had only read/write DCs
That was bad also.
With Longhorn, you can make any DC an "RODC,"
read-only domain controller
45
RODC authentication
Default: RODCs contain no user account info
All authentication requests go to the nearest RWDC*
You can choose to download any subset of user
accounts to a RODC, perhaps the local ones
Think of them as the "arms length" DCs
* RWDC = "read/write DC." Official MR&D acronym, copyright 2007
46
RODC Updates
Like the old BDC model
Find a RWDC
Refer account changes there
Accept updates from the RWDCs
Sysvol is read-only on a RODC as well
As RODCs are lower-power, it's possible to
create "subdomain admins" who can do local
administration of an RODC without being a
herd domain admin
47
Hardening RODCs
Design assumes that an RODC may be stolen
When decommissioning a stolen RODC, ADUC offers a
list of the accounts on that RODC to make for quick
disabling/password changing
BitLocker and RODC are an obvious pairing
48
New Sysvol
Sysvol holds default profiles, logon scripts and
the bulk of each group policy
It has turned out to be the weak link on DCs
R2 introduced a better file replication system,
DFS-R
Sysvol on Longhorn will shift from the old FRS
replication system to DFS-R
Activated in "2008 domain functional level" with
a wizard
49
AD Snapshots
Neat new backup
Backs up to network share or DVD
Snapshot Viewer lets you examine older backups… but
not copy/recover them
Meanwhile, normal AD backups go away and are
replaced with a "disaster recovery-friendly" backup tool,
CompletePC Backup
50
Miscellaneous
Kerberos can now use AES instead of RC4, when in
Longhorn FL
Freshly-created Longhorn forests shift to Longhorn FL
automatically
Active Directory can now be restarted without having to
reboot to directory services restore mode
Restores still need DSRM, though
51
Remember…
this thing ain't shipped yet!
Don't believe me…
Get on the beta program
The technical people at MS are listening very
hard
52
Thanks!
I’m at help@minasi.com
PLEASE FILL OUT AN EVAL!
Tech newsletter, forum at www.minasi.com
Other sessions, all tomorrow (Tuesday):
10:45 AM: SVR318 Name Resolution 2008 Style: DNS, WINS and
NetBIOS in 2008 (Auditorium)
3:15: This talk repeated (Rm 116)
5:00: Chalk Talk on Name Resolution (RM 131)
53
Resources
Technical Communities, Webcasts, Blogs, Chats &
User Groups
http://www.microsoft.com/communities/default.mspx
learn
Microsoft Learning and Certification
http://www.microsoft.com/learning/default.mspx
support
connect
Microsoft Developer Network (MSDN) & TechNet
http://microsoft.com/msdn
http://microsoft.com/technet
Trial Software and Virtual Labs
http://www.microsoft.com/technet/downloads/trials/default.
mspx
New, as a pilot for 2007, the Breakout sessions will be
available post event, in the TechEd Video Library, via the
My Event page of the website
subscribe
TechNet Library
Knowledge
Base
Forums
TechNet Magazine
Security
bulletins User
Groups
Newsgro
ups
E-learning Product
Evaluations
Videos
Webcasts
V-labs
Visit TechNet in the ATE Pavilion and get a FREE 60-day subscription to TechNet
Plus!
Complete your evaluation on the My Event pages
of the website at the CommNet or the Feedback
Terminals to win!
All attendees who submit
a session feedback form
within 12 hours after the
session ends will have the
chance to win the very latest
HTC 'Touch' smartphone
complete with Windows
Mobile® 6 Professional
© 2007 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only.
MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Related documents
Top 10 things you need to know
Top 10 things you need to know
Application software assignment
Application software assignment
Day 9 Inheritance
Day 9 Inheritance
Chapter 1Computer Concept
Chapter 1Computer Concept
Your value drivers for potential investors
Your value drivers for potential investors
SPEAKING EXAM TOPICS FOR NEW ENGLISH FILE
SPEAKING EXAM TOPICS FOR NEW ENGLISH FILE
Download