Technical Overview Windows Server 2008 pillars Web Virtualization Security Delivers rich webbased experiences efficiently and effectively Reduces costs, increases hardware utilization, optimizes your infrastructure, and improves server availability Provides highest levels of protection for your network, your data, and your business Solid Foundation for Your Business Workloads Most flexible and robust Windows Server operating system to date Provides the most versatile and reliable Windows platform for all of your workload and application requirements Most Flexible and Robust Windows Server Operating System to Date Solid Foundation Management Windows Server Manager PowerShell Windows Deployment Services Reliability Server Core Next Generation Networking High Availability Clustering Solid Foundation Windows PowerShell New Command-line shell & Scripting Language Improves productivity & control Accelerates automation of system admin Easy-to-use Works with existing scripts Solid Foundation TechNet ScriptCenter Exchange Server 2007 Terminal Server WMI, Registry, Hardware, etc. Community-Submitted scripts MyITForum.com Futures Will ship in Windows Admin GUIs layered over PowerShell One-to-many remote management using WS-MGMT 7 Managing Windows Server 2008 Solid Foundation Server Manager Initial Configuration Product Installation Windows Server Core Only a subset of the executable files and DLLs installed No GUI interface & .NET managed code installed Less disk space and management required Can be managed with remote tools (MMC, RDP) Solid Foundation 8 Solid Foundation Complete Redesign of TCP/IP (tcpip.sys) WinsockNext Generation TCP/IP StackUser Mode Kernel Mode TDI Clients WSK Clients AFD TCPWSK TDI UDP TDX RAW Next Generation TCP/IP Stack (tcpip.sys) RAW UDP IPv6 IPv4 802.3 802.3 WLAN WLAN IPv6 Loopback IPv4 Tunnel Loop-back IPv6 Tunnel IPv4 Tunnel Inspection API TCP IPv4 IPv6 Tunnel NDIS Dual-IP layer architecture for native IPv4 and IPv6 support Improved Network Performance Troubleshooting Improved performance via hardware acceleration and auto-tuning Greater extensibility and reliability through rich Windows Filtering Platform APIs Completely manageable through Group Policy Windows Firewall w/ Advanced Security Combined firewall and IPsec management Solid Foundation 8 Solid Foundation Failover Clustering Active Node Heartbeat Passive Node New Validation Wizard for server, storage & network testing Support for GUID partition table (GPT) disks in cluster storage Improved cluster setup interface Quorum resource: no longer single-point-of-failure IPv6 support Geographically dispersed clusters: accross subnets, no VLAN needed Windows Deployment Services Solid Foundation Rapidly deploy Windows operating systems Updated and redesigned version of Remote Installation Services (RIS) Server components Client components: WinPE Management components Windows Server 2008 Windows Vista Reliability and Performance Monitor Combines functionality of previous stand-alone tools Tracks system changes Provides new functionality Solid Foundation Deliver Rich Web-based Experiences Efficiently and Effectively Internet Information Services 7.0 Web Windows Media Services Windows SharePoint Services IIS 7.0: a robust Web & Application Server Web Web Enhanced security and reduced attack surface Highly customizable Administration: UI & APPCMD & shared configuration Advanced troubleshooting Delegation & true application XCOPY deployment Windows Communication Foundation (WFC) Windows Activation Service 13 Optimize Your Infrastructure and Improve Server Availability Windows Server Virtualization Virtualization Terminal Services Gateway Terminal Services RemoteApp Virtualization Technologies Server Virtualization Presentation Virtualization Virtualization Management Desktop Virtualization Virtualization Windows Server Virtualization Application Virtualization Windows Server Virtualization Greater Scalability and improved performance x64 bit host and guest support SMP support Increased reliability and security Minimal Trusted Code base Windows running a foundation role Better flexibility and manageability New UI/Integration with SCVMM VM 2 VM 3 VM 1 “Parent” Virtualization VM 2 “Child” VM 3 “Child” Virtual Server 2005 R2 Windows Hypervisor Windows Server 2003 AMD-V / Intel VT Hardware Virtual Hard Disks (VHD) Application Virtualization Application Isolation Dynamic Streaming System Center Integration Software as a Centrallymanaged Service Available through… Virtualization Virtualization Investments Virtualization A Multi-level Approach Licensing Infrastructure Management Interoperability Applications Terminal Services Deliver cost-effective, flexible and simplified licensing Royalty Free VHD format Create agility Better utilize server resources Partner with AMD and Intel Ease consolidation onto virtual infrastructure Better utilize management resources Support heterogeneity across the datacenter OSP (Open Specification Promise) VHD Accelerate deployment Reduce the cost of supporting applications Terminal Services Gateway Internet Tunnels RDP over HTTPs Perimeter Network Strips off RDP / HTTPs Corporate Network RDP traffic passed to TS Terminal Servers and other RDP Hosts Internet Remote/ Mobile User Virtualization Terminal Services Gateway Network Active Policy Server Directory DC Terminal Services RemoteApp Remote Desktop client required Terminal Services Gateway Server Virtualization 6 Hardens Operating System and Increases Environment Protection Network Access Protection Security Federated Rights Management Read-Only Domain Controller Using Network Access Protection Security Policy Servers such as: Patch, AV 3 1 2 Not policy compliant Windows Client DHCP, VPN Switch/Router NPS Policy compliant 4 Remediation Servers Restricted Network Example: Patch 5 Corporate Network 2 3 4 5 1 If not policy compliant, client is put in a restricted DHCP, Network If Client policy requests VPN compliant, Policy or Server Switch/Router access client (NPS) toto isnetwork granted validates relays and full health presents against access status ITVLAN and given access fix up resources to to to Microsoft defined corporate current health health network Network state policy Policy Server signatures (RADIUS) download patches, configurations, (Repeat 1 - 4) Security 5+9 Auto-Remediation Active Directory Federation Services Company A Security Company B AD FS provides an identity access solution Account Federation Server Federation Trust Resource Federation Server Web Server Deploy federation servers in multiple organizations to facilitate business-tobusiness (B2B) transactions AD FS provides a Webbased, SSO solution Federated Identity support in AD Rights Management Services Company A Account Federation Server Security Company B Federation Trust Resource Federation Server Web SSO Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities Read-Only Domain Controller Security RODC Head Quarter Branch Office Features Read Only Active Directory Database Only allowed user passwords are stored on RODC Unidirectional Replication Role Separation Benefits Increases security for remote Domain Controllers where physical security cannot be guaranteed How RODC Works Windows Server 2008 DC Security 3 Read Only DC 4 2 Head Quarter RODC 5 Branch 6 1 6 6 5 4 3 2 1 RODC: Looks in DB: "I don't have theTGT users RODC Forwards Windows Returns gives authentication Server Request 2008 totoUser Windows DC response and authenticates RODC Server and will 2008 User logs on TGT and authenticates secrets" DC request back cache tocredentials the RODC What if a DC is stolen? Security Solid Foundation Branch Office Benefits Optimization DFS Replication Security BitLocker Full Volume Encryption Server Core Read-Only Domain Controller Head Quarter Administration SOAP-based remote management (WinRM) Restartable Active Directory Branch Office PKI Support Built-in Certificate Service Usage Data Encryption Digital Signature Smart Card authentication Security Windows Server 2008: A Robust Application Platform Application Platform .NET Framework 3.0 Windows Activation Service MSMQ 4.0 IIS 7.0 Web Virtualization Modular design Less attack surface Admin delegation APPCMD Win Activation Svc Tracing & Troubleshooting Security NAP Read-Only DC AD RMS AD Federation Svc PKI support BitLocker Windows Virtualization TS Gateway TS RemoteApps Solid Foundation for Your Business Workloads Windows PowerShell IPv6 Server Core Failover Clustering Server Manager Reliability & Performance Monitor Windows Firewall with Advanced Security & IPSec Windows Deployment Svc www.microsoft.com/WindowsServer2008 Windows Server 2008 Summary More information www.microsoft.com/WindowsServer2008 www.iis.net Thank You!