6416B_05
advertisement
Module 5: Next Generation Networking Module Overview Describe the Windows Server 2008 network architecture Identify new and improved networking features with Windows Server 2008 List new improvements to DNS with Windows Server 2008 Describe routing configuration components in Windows Server 2008 Describe new features for wireless networks Lesson 1: Networking with Windows Server 2008 Describe the Windows Server 2008 network architecture Identify new and improved networking features with Windows Server 2008 Explain how the new TCP/IP Stack improves networking Identify the difference between IPv4 and IPv6 addresses Review of Windows Server Network Architecture Win32 Wnet/Wininet Application NetBIOS Application RPC Application Windows Sockets Application Applications and User Mode Services Application Interfaces RPC WNet Windows Sockets Wininet NetBIOS Support User Named Pipes Kernel Redirector/Server NetBT AFD TCP Packet Classifier Traffic Control ICMP IP Forwarder IP Filtering IGMP ARP Packet Scheduler Packet Queue Packet Queue Driver Interfaces NDIS Wrapper Packet Queue Packet Queue IP New Networking Features Next Generation TCP/IP Stack IPv6 Enhancements Policy-Based Quality of Service The New TCP/IP Architecture Winsock TDI Clients WSK Clients AFD User Mode Kernel Mode TDI WSK TDX Next Generation TCP/IP stack (tcpip.sys) IPv6 IPv4 802.3 RAW UDP WLAN Loopback IPv4 Tunnel IPv6 Tunnel Windows Filtering Platform API TCP NDIS • • • • • Dual-IP layer architecture for native IPv4 and IPv6 support Better security through expanded IPsec integration Improved performance via hardware acceleration Network auto-tuning and optimization algorithms Greater extensibility and reliability through rich APIs IPv6 New header format Large address space Efficient and hierarchical addressing and routing infrastructure Stateless and stateful address configuration Built-in security Better support for prioritized delivery New protocol for neighboring node interaction Extensibility Lesson 2: New Networking Features List features in Windows Server 2008 networking that enable greater security Use the Windows Advanced Firewall List features in Windows Server 2008 networking that enable greater performance Describe Receive Window Auto Tuning Describe Policy-based Quality of Service List features in Windows Server 2008 networking that enable greater scalability Use Server and Domain isolation Describe Server and Domain isolation usage Security Features Reduce the risk of network security threats An additional layer of defense-in-depth Reduced attack surface area to known computers Increased manageability and more healthy clients Safeguard sensitive data and intellectual property Authenticated, end-to-end network communications Scalable, tiered access to trusted networked resources Protect the confidentiality and integrity of data Full featured, enterprise functionality Support for computer and user authentication with IPsec Network Access Protection over VPNs and IPsec Secure routing compartments extends isolation to VPN Windows Firewall with Advanced Security Performance Optimized performance without loss Intelligent, automated tuning of TCP receive window size Better packet loss resiliency Advanced congestion control for better throughput Automatically adjusts for maximum efficiency Faster network transfers, especially across WAN links Optimized use of available network bandwidth Reduced packet loss, resulting in fewer retransmits Receive Window Auto Tuning Replicating data between Tukwila, Bay Area Default configurations On Windows Server 2003 SP1 100Mbps NICs, 10Mbps throughput On Windows Server 2008 100Mbps NICs, 80Mbps throughput 1000Mbps NICs, 400Mbps throughput Policy-Based Quality of Service •Source IPv4/IPv6 addresses •Destination IPv4/IPv6 addresses •Protocol •Source or destination ports Scalability Cost-effectively scale networking up and out Specialized hardware frees CPU(s) for applications Ease consolidation with support for multiple Gbps More efficient use of large server resources Adopt hardware acceleration and offloading Receive-side scaling optimizes multi-processor systems Architected to support latest TCP offload hardware Offload hardware less expensive than new highend PCs Server and Domain Isolation Active Directory Domain Controller Corporate Network Trusted Resource Server X HR Workstation Unmanaged Computer Servers with Sensitive Data X Server Isolation Untrusted Managed Computer Managed Computer Domain Isolation Server and Domain Isolation Usage Data Application Host Server and Domain Isolation Internal Network Perimeter Physical Security Policies, Procedures & Awareness Lesson 3: DNS with Windows Server 2008 Describe how DNS works Describe DNS functionality List new features of DNS with Windows Server 2008 Explain DNS client changes DNS Functionality Support for Active Directory Domain Services Stub Zones Integration with other Microsoft networking services Improved ease of administration RFC-compliant dynamic update protocol support Support for incremental zone transfer between servers Conditional forwarders New DNS Features in Windows Server 2008 Background Zone Loading Support for IPv6 Addresses DNS RODC Support GlobalNames Zone DNS Client Changes Changes to the way DNS Clients Locate DCs LLMNR LLMNR DNS Server DNS Link-Local Multicast Server Name Resolution Lesson 4: Configuring Routing The Components of an IP Address Overview of Routers Defining Routing Interfaces Configuring Routing Tables The Components of an IP Address 8 bits 11000000 192 IP Address 192.168.2.180 . 8 bits 10101000 168 . . 8 bits 00000011 3 8 bits 00011000 24 32 bits IP Address 192.168.2.181 IP Address 192.168.2.182 IP Address 3FFE:0:0:0:0:FF:28:C9A IP Address 3FFE:0:0:0:0:FF:28:AF3 IP Address 3FFE:0:0:0:0:FF:28:FF 16 bits 0011111111111110 3FFE : 16 bits 0010100100000000 2900 : 16 bits : 16 bits : 16 bits 1101000000000101 0000000000000000 0000001010101010 D005 0000 02AA 128 bits : 16 bits 0000000011111111 00FF : 16 bits : 16 bits 1111111000101000 1001110001011010 FF28 9C5A Overview of Routers A router is a multihomed device that can forward packets based on network addressing Subnet1 10.10.1.0/24 Subnet2 10.10.2.0/24 Router1 DEN-CL1 Subnet3 10.10.3.0/24 Router2 Subnet5 10.10.5.0/24 Subnet4 10.10.4.0/24 Router3 DEN-CL5 DEN-CL4 Defining Routing Interfaces A routing interface is a network connection over which packets are forwarded Two types of routing interfaces: LAN Demand dial Configuring Routing Tables A routing table contains information about the location of the network IDs in the internetwork Three types of routing table entries: Network route Host route Default route Lesson 5: Configuring Wireless Settings in Windows Server 2008 Windows Server 2008 wireless network architecture Authentication and wireless networking Security enhancements for wireless networks Wireless Group Policy enhancements Managing through line commands Authentication and Wireless Networking Extensible Authentication Protocol (EAP) WPA2 Single Sign On Security Enhancements for Wireless Networks FIPS 140-2 Certified Mode US Government Security Standard NAP Integration Health check of clients WPA2-Enterprise • WPA-Enterprise AES in software, not on network adapter Dynamic WEP Wireless Group Policy Enhancements New Policies WPA2 authentication Allowed and denied networks Description Sets WPA2 authentication options, such as allowing WPA-Enterprise or WPA Personal connections. Specify allowed and denied networks by SSID. Fast Roaming Settings Allow for WPA2 quick roaming through preauthentication and PMK caching. Non-broadcast wireless networks Set hidden networks as a preferred network. Automatic or manual connections Configure preferred networks as automatic or manual connections Managing through line commands Use for bootstrap applications or non-domain computers Save client settings Specify Single Sign On (SSO) Enable FIPS 140-2 Specify allowed and denied networks Specify order of preferred networks Display configuration Remove configuration Move settings between clients
