IIS 7.0: a robust Web & Application Server

advertisement
Technical Overview
Windows Server 2008 pillars
Web
Virtualization
Security
Delivers rich webbased experiences
efficiently and
effectively
Reduces costs,
increases hardware
utilization, optimizes
your infrastructure,
and improves server
availability
Provides highest
levels of protection
for your network, your
data, and your
business
Solid Foundation for Your Business Workloads
Most flexible and robust Windows Server operating
system to date
Provides the most versatile and reliable Windows
platform for all of your workload and application
requirements
Most Flexible and Robust Windows
Server Operating System to Date
Solid
Foundation
Management
Windows Server Manager
PowerShell
Windows Deployment
Services
Reliability
Server Core
Next Generation Networking
High Availability Clustering
Solid
Foundation
Windows PowerShell
New Command-line shell & Scripting Language
Improves productivity & control
Accelerates automation of system admin
Easy-to-use
Works with existing scripts
Solid
Foundation
TechNet ScriptCenter
Exchange Server 2007
Terminal Server
WMI, Registry, Hardware, etc.
Community-Submitted scripts
MyITForum.com
Futures
Will ship in Windows
Admin GUIs layered over
PowerShell
One-to-many remote
management using WS-MGMT
7
Managing Windows Server 2008
Solid
Foundation
Server Manager
Initial Configuration
Product Installation
Windows Server Core
Only a subset of the executable files and DLLs installed
No GUI interface & .NET managed code installed
Less disk space and management required
Can be managed with remote tools (MMC, RDP)
Solid
Foundation
8
Solid
Foundation
Complete Redesign of TCP/IP
(tcpip.sys)
WinsockNext Generation TCP/IP StackUser
Mode
Kernel Mode
TDI Clients
WSK Clients
AFD
TCPWSK
TDI
UDP
TDX
RAW
Next Generation TCP/IP Stack (tcpip.sys)
RAW
UDP
IPv6
IPv4
802.3
802.3
WLAN
WLAN
IPv6
Loopback
IPv4
Tunnel
Loop-back
IPv6
Tunnel
IPv4 Tunnel
Inspection API
TCP
IPv4
IPv6 Tunnel
NDIS
Dual-IP layer architecture for native IPv4 and IPv6 support
Improved Network Performance Troubleshooting
Improved performance via hardware acceleration and auto-tuning
Greater extensibility and reliability through rich Windows Filtering
Platform APIs
Completely manageable through Group Policy
Windows Firewall w/ Advanced Security
Combined firewall and IPsec management
Solid
Foundation
8
Solid
Foundation
Failover Clustering
Active Node
Heartbeat
Passive Node
New Validation Wizard for server, storage & network testing
Support for GUID partition table (GPT) disks in cluster storage
Improved cluster setup interface
Quorum resource: no longer single-point-of-failure
IPv6 support
Geographically dispersed clusters: accross subnets, no VLAN needed
Windows Deployment Services
Solid
Foundation
Rapidly deploy Windows
operating systems
Updated and redesigned
version of Remote Installation
Services (RIS)
Server components
Client components: WinPE
Management components
Windows
Server 2008
Windows
Vista
Reliability and Performance Monitor
Combines functionality of previous stand-alone tools
Tracks system changes
Provides new functionality
Solid
Foundation
Deliver Rich Web-based Experiences
Efficiently and Effectively
Internet
Information
Services 7.0
Web
Windows Media
Services
Windows
SharePoint
Services
IIS 7.0: a robust Web & Application Server
Web
Web
Enhanced security and reduced
attack surface
Highly customizable
Administration: UI & APPCMD
& shared configuration
Advanced troubleshooting
Delegation & true application
XCOPY deployment
Windows Communication
Foundation (WFC)
Windows Activation Service
13
Optimize Your Infrastructure and
Improve Server Availability
Windows Server
Virtualization
Virtualization
Terminal Services
Gateway
Terminal
Services
RemoteApp
Virtualization Technologies
Server
Virtualization
Presentation
Virtualization
Virtualization
Management
Desktop
Virtualization
Virtualization
Windows Server
Virtualization
Application
Virtualization
Windows Server Virtualization
Greater Scalability and improved
performance
x64 bit host and guest
support
SMP support
Increased reliability and security
Minimal Trusted Code base
Windows running a
foundation role
Better flexibility and
manageability
New UI/Integration with
SCVMM
VM 2
VM 3
VM 1
“Parent”
Virtualization
VM 2
“Child”
VM 3
“Child”
Virtual Server 2005 R2
Windows Hypervisor
Windows Server 2003
AMD-V / Intel VT
Hardware
Virtual
Hard Disks
(VHD)
Application Virtualization
Application Isolation
Dynamic Streaming
System Center Integration
Software as a Centrallymanaged Service
Available through…
Virtualization
Virtualization Investments
Virtualization
A Multi-level Approach
Licensing
Infrastructure
Management Interoperability Applications
Terminal Services
Deliver
cost-effective,
flexible and
simplified
licensing
Royalty Free
VHD format
Create agility
Better utilize
server
resources
Partner with
AMD and Intel
Ease
consolidation
onto virtual
infrastructure
Better utilize
management
resources
Support
heterogeneity
across the
datacenter
OSP (Open
Specification
Promise) VHD
Accelerate
deployment
Reduce the
cost of
supporting
applications
Terminal Services Gateway
Internet
Tunnels RDP
over HTTPs
Perimeter
Network
Strips off
RDP / HTTPs
Corporate
Network
RDP traffic
passed to TS
Terminal
Servers
and other
RDP Hosts
Internet
Remote/
Mobile User
Virtualization
Terminal
Services
Gateway
Network
Active
Policy Server Directory DC
Terminal Services RemoteApp
Remote
Desktop client
required
Terminal Services
Gateway Server
Virtualization
6
Hardens Operating System and
Increases Environment Protection
Network Access
Protection
Security
Federated
Rights
Management
Read-Only
Domain
Controller
Using Network Access Protection
Security
Policy Servers
such as: Patch, AV
3
1
2
Not policy
compliant
Windows
Client
DHCP, VPN
Switch/Router
NPS
Policy
compliant
4
Remediation
Servers
Restricted
Network
Example: Patch
5
Corporate Network
2
3
4
5
1
If not policy compliant, client is put in a restricted
DHCP,
Network
If
Client
policy
requests
VPN
compliant,
Policy
or Server
Switch/Router
access
client
(NPS)
toto
isnetwork
granted
validates
relays
and
full
health
presents
against
access
status
ITVLAN
and
given
access
fix
up
resources
to to
to Microsoft
defined
corporate
current
health
health
network
Network
state
policy
Policy Server signatures
(RADIUS)
download
patches,
configurations,
(Repeat 1 - 4)
Security
5+9
Auto-Remediation
Active Directory Federation Services
Company A
Security
Company B
AD FS provides an identity
access solution
Account
Federation
Server
Federation Trust
Resource
Federation
Server
Web
Server
Deploy federation servers in
multiple organizations to
facilitate business-tobusiness (B2B) transactions
AD FS provides a Webbased, SSO solution
Federated Identity support in
AD Rights Management Services
Company A
Account
Federation
Server
Security
Company B
Federation Trust
Resource
Federation
Server
Web
SSO
Together AD FS and
AD RMS enable users from
different domains to
securely share documents
based on federated
identities
Read-Only Domain Controller
Security
RODC
Head Quarter
Branch Office
Features
Read Only Active Directory Database
Only allowed user passwords are stored on RODC
Unidirectional Replication
Role Separation
Benefits
Increases security for remote Domain Controllers where physical
security cannot be guaranteed
How RODC Works
Windows Server
2008 DC
Security
3
Read
Only DC
4
2
Head
Quarter
RODC
5
Branch
6
1
6
6
5
4
3
2
1
RODC:
Looks
in DB:
"I
don't
have
theTGT
users
RODC
Forwards
Windows
Returns
gives
authentication
Server
Request
2008
totoUser
Windows
DC
response
and
authenticates
RODC
Server
and
will
2008
User logs
on TGT
and
authenticates
secrets"
DC
request
back
cache
tocredentials
the RODC
What if a DC is stolen?
Security
Solid
Foundation
Branch Office Benefits
Optimization
DFS Replication
Security
BitLocker
Full Volume Encryption
Server Core
Read-Only Domain Controller
Head Quarter
Administration
SOAP-based remote
management (WinRM)
Restartable Active Directory
Branch Office
PKI Support
Built-in Certificate Service
Usage
Data Encryption
Digital Signature
Smart Card authentication
Security
Windows Server 2008:
A Robust Application Platform
Application Platform
.NET Framework 3.0
Windows Activation Service
MSMQ 4.0
IIS 7.0
Web
Virtualization
Modular design
Less attack surface
Admin delegation
APPCMD
Win Activation Svc
Tracing &
Troubleshooting
Security
NAP
Read-Only DC
AD RMS
AD Federation Svc
PKI support
BitLocker
Windows
Virtualization
TS Gateway
TS RemoteApps
Solid Foundation for Your Business Workloads
Windows PowerShell
IPv6
Server Core
Failover Clustering
Server Manager
Reliability & Performance
Monitor
Windows Firewall with
Advanced Security & IPSec
Windows Deployment Svc
www.microsoft.com/WindowsServer2008
Windows Server 2008 Summary
More information


www.microsoft.com/WindowsServer2008
www.iis.net
Thank You!
Download