Server Role Management IIS 7.

0 Features Windows Powershell Server Core Virtualization New Security features Windows Deployment Services Terminal Services Group Policy Read Only Domain Controller Scalable Networking

Server roles streamline management
Windows Server 2003
• • • • • • • Windows Server 2003 setup Post-Setup security updates Manage your server Configure your server wizard Add/Remove Windows components Computer Management Security Configuration Wizard • • •

Windows Server 2008
Operating system setup Initial Configuration Tasks Server Manager

• Administrator password • Network IP address • Domain membership • Computer name • Windows Updates • Windows Firewall

More than a Web server, Internet Information Services 7.0 provides an accessible, extensible platform for developing and reliably hosting Web applications and services.

IIS 7.0 Enhancements
Modular Architecture Extensible Design Integrated with .NET Manageable Built in Request Tracing
Reduced Attack Surface

Create Streamlined Servers

Rapid Application Deployment Extend/Modify IIS Features Fast Diagnostics

New interactive shell and scripting language

Based on and takes advantage of .NET features

Current tools will still work

Current automation will still work

TechNet ScriptCenter

Hundreds of Scripts Books & Training Materials Community Support

Exchange Server 2007 Terminal Server WMI, Registry, Hardware, etc. Community-Submitted scripts MyITForum.com

Manning Publications O’Reilly Media Sapien Press & others… MS MVPs PowerShell Team Blog Active Newsgroup Channel 9: DFO Show IIS.net

Only a subset of the executable files and DLLs installed No GUI interface installed, no .NET, no PowerShell (for now) Nine available Server Roles Can be managed with remote tools

Winsock WSK Clients AFD •WSK TDI Clients TDI •TDX
•Next Generation TCP/IP Stack (tcpip.sys)

User Mode Kernel Mode

•TCP •IPv4
•802.3

•UDP

•RAW

Inspection API Inspection API

•IPv6
•Loopback •IPv4 Tunnel •IPv6 Tunnel

•WLAN

NDIS

Dual-IP layer architecture for native IPv4 and IPv6 support Improved Network Performance Troubleshooting Improved performance via hardware acceleration and autotuning Greater extensibility and reliability through rich APIs Completely manageable through Group Policy

Receive Window Autotuning Automatically senses network environment and adjusts key performance settings Allows increase of the size of the TCP/IP send / receive window

Windows Filtering Platform Provides filtering capability at all layers of the TCP/IP protocol stack Integrates and provides support for next-generation firewall features

Receive Side Scaling Previous Windows operating systems limits receive protocol processing to single CPU RSS resolves this issue by allowing network load from a network adapter to be balanced across multiple CPUs

Policy-based Quality of Service Prioritize or manage the sending rate for outgoing network traffic Both DSCP marking and throttling can be used together to manage traffic effectively

Management tools

Virtualization Platform and Management

VM 1 “Parent”

VM 2 “Child”

VM 2 “Child”

Greater scalability and improved performance
x64 bit host and guest support • SMP Support
VM 1 “Parent” VM 2 “Child” VM 2 “Child”

VHD

Increased reliability and security
Minimal trusted code base • Windows running a foundation role

• Better flexibility and

manageability
Quick Migration New UI Broad management tool support including SCVMM

Functional Area Performance

Key Supporting Features
Microkernelized hypervisor architecture with a new VSP/VSC architecture Support for large memory per virtual machine (64GB) SMP support for virtual machines (4 virtual processors) Automatable Host setup/configuration Support for x86 and x64 virtual machines Broad OS support Pass through disk access for VMs Rapid creation and deployment of VMs using P2V, V2V, Media, Templates Support for Quick Migration and unplanned downtime Support for Live Backups and VM checkpoints Support for clustering and rapid recovery Integration with management tools for continuous performance monitoring

Scalability

Availability

Manageability

Centralized view of all VMs in the environment and their status Reports on consolidation candidates, utilization trending, optimization opportunities Intelligent placement and Physical to Virtual (P2V) conversions  Fully scriptable using PowerShell®
Improved architecture with a minimal footprint hypervisor layer Hyper-V as a Server Core role Common security and driver model as Windows Server 2008 Robust networking features including support for VLANs and NAT

Security

17

Virtualization
The ability to virtualize workloads with few or no limitations as to what workloads can/may be virtualized. 64-bit (x64) and hardware virtualization required
AMD AMD-V or Intel Virtualization Technology

32-bit (x86) & 64-bit (x64) child partitions Large memory support (>32GB) within VMs SMP support Pass-through disk access for VMs New hardware sharing architecture (VSP/VSC)
Disk, networking, input, video

Robust networking
VLAN support, NAT, Quarantine

18

Provided by: OS Hyper-V MS / XenSource / Novell ISV/IHV/OEM

Parent Partition
Virtualization Stack WMI Provider VM Service VM Worker Process

Child Partitions

Applications

Applications

Applications User Mode

Windows Server 2008 Windows Kernel

Windows Server 2003, 2008 Windows Kernel

Non hypervisor aware OS

Xen-enabled Linux Kernel Hypercall Adapter

Linux VSCs

VSP

VSC Emulation

VMBus

VMBus

VMBus

Kernel Mode

Windows Hypervisor “Designed for Windows” Server Hardware
19

Security
Development Process Secure Startup and shield up at install Code integrity Windows service hardening Inbound and outbound firewall Restart Manager • • • • • • •

Compliance
Improved auditing Network Access Protection Event Forwarding Policy Based Networking Server and Domain Isolation Removable Device Installation Control Active Directory Rights Management Services

Intran

1 Access requested
Health state sent 2 to NPS (RADIUS) NPS validates against 3 health policy

1
Microsoft NPS

Policy Servers
e.g.., Patch, AV

3
Not policy complian t

2

5

Remediati on

Restricted Network

Servers
e.g., Patch

4 If compliant, access 5
granted If not compliant, restricted network access and remediation

DCHP, VPN
Switch/Route r

Policy complian t

4

Corporate Network

Support for deploying Windows (all versions) Boots WinPE over PXE Use Windows Imaging (WIM) file format Extensible Granular Images Management Longhorn Server Specifics
Multicast TFTP download performance enhancements EFI x64 network boot support

Internet
Home

External Firewall

Perimeter network
Strips off RDP/HTTPS

•Internal Firewall

Corp LAN
Terminal Server

Tunnels RDP over HTTPS

Internet
Hotel Terminal Services Gateway Server

RDP/SSL traffic passed to TS
Terminal Server

Business partner / client site Roaming wireless

E-mail Server

Remote Desktop client required

Terminal Services Gateway Server

EasyPrint makes printing to a local printer, well, easy by exploiting XPS Four Registry entries let you dial up bandwidth allocation between the UI stuff (mouse, screen) and data transfer (printing, file transfer) WinFX means remoted graphics commands (which is way more exciting than it sounds)

Windows Vista set the stage…
700+ new settings, ability to control things we never could before centrally (i.e. power save settings, device installation restrictions) Group policies no longer just a thread in Winlogon, but instead a separate service Meticulous step-by-step logging makes GP troubleshooting light-years easier Printer/drive mapping via GPO Powerful new ADMX template format

Group Policy Preferences lets you create a do-it-yourself group policy setting out of, well, just about anything… with a few mouse clicks Built into Windows Server 2008 GPMC Part of the Desktop Standard acquisition Remote Server Admin Tools (RSAT) delivered for Vista

RODC

Main Office

Remote Site

Features • Read Only Active Directory Database • Only allowed user passwords are stored on RODC • Unidirectional Replication • Role Separation Benefits • Increases security for remote Domain Controllers where physical security cannot be guaranteed Support ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM

How RODC Works

Windows Server 2008 DC
4

3

Read Only DC
2

Hub

5

RODC
6

Branch
1

6

6 5 4 3 2 1

RODC authentication response and will ReturnsLooks in DB: "IDC authenticates RODC:gives TGT to User and RODC TGT Windows Request to Windows Server 2008 Forwards Server 2008 don't have the users User logs on and authenticates cache back credentials secrets"the RODC request DC to

•Attacker Perspective Hub Admin Perspective

More Efficient Management
Single worldwide servicing model Event forwarding between client and server Faster and more reliable remote operating system deployments Network Access Protection ensures health of connecting systems

Greater Availability

Scalable print servers with client-side rendering Smooth offline experience with client-side caching Transactional File System for file and registry operations Policy-based Quality of Service to prioritize application bandwidth

Efficient Communications
    Fast enterprise class search on clients and servers Faster networking with new TCP/IP stack and native IPv6 Improved file-sharing performance over high-latency links Integrated remote access to internal applications and

• All the benefits of TechNet Plus for 30% less, • TechNet Plus Direct subscribers receive…
• • • • • Online Benefits Portal – New! 2 free Professional Support Incidents Managed Newsgroups and Online Concierge

Ava ilab le N ow !

Immediate download access: software and betas – New!

The TechNet Library containing the KB, security updates, service packs, resource kits, and more

TechNet Plus Direct is available exclusively online without media shipments For more information, please visit: www.microsoft.com/technet/subscriptions