Server Role Management IIS 7.0 Features Windows Powershell Server Core Virtualization New Security features Windows Deployment Services Terminal Services Group Policy Read Only Domain Controller Scalable Networking Server roles streamline management Windows Server 2003 Windows Server 2008 • Windows Server 2003 setup • Operating system setup • Post-Setup security updates • Initial Configuration Tasks • Manage your server • Server Manager • Configure your server wizard • Add/Remove Windows components • Computer Management • Security Configuration Wizard • Administrator password • Network IP address • Domain membership • Computer name • Windows Updates • Windows Firewall More than a Web server, Internet Information Services 7.0 provides an accessible, extensible platform for developing and reliably hosting Web applications and services. IIS 7.0 Enhancements Modular Architecture Extensible Design Integrated with .NET Manageable Built in Request Tracing Create Streamlined Servers Reduced Attack Surface Rapid Application Deployment Extend/Modify IIS Features Fast Diagnostics New interactive shell and scripting language Based on and takes advantage of .NET features Current tools will still work Current automation will still work TechNet ScriptCenter Hundreds of Scripts Books & Training Materials Community Support Exchange Server 2007 Terminal Server WMI, Registry, Hardware, etc. Community-Submitted scripts MyITForum.com Manning Publications O’Reilly Media Sapien Press & others… MS MVPs PowerShell Team Blog Active Newsgroup Channel 9: DFO Show IIS.net Only a subset of the executable files and DLLs installed No GUI interface installed, no .NET, no PowerShell (for now) Nine available Server Roles Can be managed with remote tools Winsock User Mode TDI Clients WSK Clients AFD •WSK TDI •TDX Next Generation TCP/IP Stack (tcpip.sys) •Next Generation TCP/IP Stack (tcpip.sys) TCP UDP •TCP •UDP •RAW •Loop•Loopback back •IPv4 •IPv4 Tunnel Tunnel •IPv6 •IPv6 Tunnel Tunnel Inspection API •IPv6 •IPv4 •WLAN •WLAN RAW IPv6 IPv4 •802.3 •802.3 Kernel Mode NDIS Dual-IP layer architecture for native IPv4 and IPv6 support Improved Network Performance Troubleshooting Improved performance via hardware acceleration and autotuning Greater extensibility and reliability through rich APIs Completely manageable through Group Policy Receive Window Autotuning Windows Filtering Platform Automatically senses network environment and adjusts key performance settings Provides filtering capability at all layers of the TCP/IP protocol stack Allows increase of the size of the TCP/IP send / receive window Integrates and provides support for next-generation firewall features Receive Side Scaling Policy-based Quality of Service Previous Windows operating systems limits receive protocol processing to single CPU Prioritize or manage the sending rate for outgoing network traffic RSS resolves this issue by allowing network load from a network adapter to be balanced across multiple CPUs Both DSCP marking and throttling can be used together to manage traffic effectively Management tools Virtualization Platform and Management VM 1 VM 2 VM 2 “Parent” “Child” “Child” Greater scalability and improved performance x64 bit host and guest support SMP Support VM 1 “Parent” VM 2 VM 2 “Child” “Child” • VHD Increased reliability and security Minimal trusted code base Windows running a foundation role Windows Hypervisor AMD-V / Intel VT Better flexibility and manageability Quick Migration New UI Broad management tool support including SCVMM Functional Area Key Supporting Features Performance Microkernelized hypervisor architecture with a new VSP/VSC architecture Support for large memory per virtual machine (64GB) SMP support for virtual machines (4 virtual processors) Automatable Host setup/configuration Scalability Support for x86 and x64 virtual machines Broad OS support Pass through disk access for VMs Rapid creation and deployment of VMs using P2V, V2V, Media, Templates Availability Support for Quick Migration and unplanned downtime Support for Live Backups and VM checkpoints Support for clustering and rapid recovery Integration with management tools for continuous performance monitoring Manageability Centralized view of all VMs in the environment and their status Reports on consolidation candidates, utilization trending, optimization opportunities Intelligent placement and Physical to Virtual (P2V) conversions Fully scriptable using PowerShell® Security Improved architecture with a minimal footprint hypervisor layer Hyper-V as a Server Core role Common security and driver model as Windows Server 2008 Robust networking features including support for VLANs and NAT 17 Virtualization The ability to virtualize workloads with few or no limitations as to what workloads can/may be virtualized. 64-bit (x64) and hardware virtualization required AMD AMD-V or Intel Virtualization Technology 32-bit (x86) & 64-bit (x64) child partitions Large memory support (>32GB) within VMs SMP support Pass-through disk access for VMs New hardware sharing architecture (VSP/VSC) Disk, networking, input, video Robust networking VLAN support, NAT, Quarantine 18 Provided by: OS Hyper-V Parent Partition MS / XenSource / Novell Child Partitions ISV/IHV/OEM Virtualization Stack WMI Provider VM Service VM Worker Process Windows Server 2008 Windows Kernel VSP VMBus Applications Applications Applications User Mode Windows Server 2003, 2008 Windows Kernel Non hypervisor aware OS VSC VMBus Xen-enabled Linux Kernel Linux VSCs Hypercall Adapter Emulation VMBus Kernel Mode Windows Hypervisor “Designed for Windows” Server Hardware 19 Security Development Process Secure Startup and shield up at install Code integrity Windows service hardening Inbound and outbound firewall Restart Manager Compliance Improved auditing Network Access Protection Event Forwarding Policy Based Networking Server and Domain Isolation Removable Device Installation Control Active Directory Rights Management Services Policy-based solution that Validates whether computers meet health policies Limits access for noncompliant computers Automatically remediates noncompliant computers Continuously updates compliant computers to maintain health state Standards-based Plug and Play Works with most devices Supports multiple antivirus solutions Has become the standard for Network Access Control Intran How it works 1 Access requested Policy Servers 1 e.g.., Patch, AV 2 Health state sent to NPS (RADIUS) 3 NPS validates against health policy 4 If compliant, access 5 granted If not compliant, restricted network access and remediation Microsoft 3 NPS 2 Not policy compliant 5 Remediation Restricted Servers Network e.g., Patch Policy compliant DCHP, VPN Switch/Router 4 Corporate Network Support for deploying Windows (all versions) Boots WinPE over PXE Use Windows Imaging (WIM) file format Extensible Granular Images Management Longhorn Server Specifics Multicast TFTP download performance enhancements EFI x64 network boot support Tunnels RDP over HTTPS Perimeter network Strips off RDP/HTTPS Terminal Services Gateway Server Business partner / client site Corp LAN Terminal Server RDP/SSL traffic passed to TS Internet Hotel •Internal Firewall Home External Firewall Internet Terminal Server E-mail Server Roaming wireless Remote Desktop client required Terminal Services Gateway Server EasyPrint makes printing to a local printer, well, easy by exploiting XPS Four Registry entries let you dial up bandwidth allocation between the UI stuff (mouse, screen) and data transfer (printing, file transfer) WinFX means remoted graphics commands (which is way more exciting than it sounds) Windows Vista set the stage… 700+ new settings, ability to control things we never could before centrally (i.e. power save settings, device installation restrictions) Group policies no longer just a thread in Winlogon, but instead a separate service Meticulous step-by-step logging makes GP troubleshooting light-years easier Printer/drive mapping via GPO Powerful new ADMX template format Server 2008 rocks the house with… Group Policy Preferences lets you create a do-it-yourself group policy setting out of, well, just about anything… with a few mouse clicks Built into Windows Server 2008 GPMC Part of the Desktop Standard acquisition Remote Server Admin Tools (RSAT) delivered for Vista RODC Main Office Remote Site Features Read Only Active Directory Database Only allowed user passwords are stored on RODC Unidirectional Replication Role Separation Benefits Increases security for remote Domain Controllers where physical security cannot be guaranteed Support ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM How RODC Works Windows Server Read 3 2008 DC 4 Only DC 2 Hub 5 RODC 6 Branch 1 6 6 5 4 3 2 1 RODC RODC: Returns gives Looks authentication TGT in DB: totoUser "I response don't and have RODC and theTGT will users Forwards Windows Server Request 2008 Windows DC authenticates Server 2008 User logs on and authenticates secrets" back cache tocredentials the RODC DC request Hub Admin Perspective •Attacker Perspective More Efficient Management Single worldwide servicing model Event forwarding between client and server Faster and more reliable remote operating system deployments Network Access Protection ensures health of connecting systems Greater Availability Scalable print servers with client-side rendering Smooth offline experience with client-side caching Transactional File System for file and registry operations Policy-based Quality of Service to prioritize application bandwidth Efficient Communications Fast enterprise class search on clients and servers Faster networking with new TCP/IP stack and native IPv6 Improved file-sharing performance over high-latency links Integrated remote access to internal applications and resources • All the benefits of TechNet Plus for 30% less, • TechNet Plus Direct subscribers receive… • Online Benefits Portal – New! • Immediate download access: software and betas – New! • 2 free Professional Support Incidents • Managed Newsgroups and Online Concierge • The TechNet Library containing the KB, security updates, service packs, resource kits, and more TechNet Plus Direct is available exclusively online without media shipments For more information, please visit: www.microsoft.com/technet/subscriptions