View
216
Download
0
Category
Tags:
Preview:
Citation preview
Unleashing the Power of Unleashing the Power of Ubiquitous Connectivity with Ubiquitous Connectivity with IPv6IPv6Sandeep K. Singhal, Ph.DDirector of Program ManagementWindows Networking
AgendaAgenda
The Connectivity Imperative
IPv6 Product Report Card
The power of IPv6 andWindows networking
Call to Action
2
Seamless Applications Seamless Applications ImpactImpact
The Future of Business ComputingThe Future of Business Computing• Dynamic DatacenterDynamic Datacenter• Focus on Security, Productivity, and ImpactFocus on Security, Productivity, and Impact• Providing a unique “customer experience”Providing a unique “customer experience”
The Future of Personal ComputingThe Future of Personal Computing• From personal computer to personal computingFrom personal computer to personal computing• Across multiple PCs and devicesAcross multiple PCs and devices• Blurring of digital workstyle and lifestyleBlurring of digital workstyle and lifestyle• Individual in control of their digital worldIndividual in control of their digital world
4
IPv6 is a Key Building IPv6 is a Key Building BlockBlock
Continued seamless connectivity demands a new paradigm
SecurityScalabilityFlexibility
5
IPv6 is required to support the new network and Internet
Windows Vista
Windows Server 2008
SQL Server 2008
SQL Server 2005
Exchange Server 2007 SP1
Host Integration Server 2007
Biztalk Server 2006
Office Sharepoint Server 2007
SMS/SCCM 2007
MOM/SCOM 2007 System Center Virtual Machine Manager
Office 2007
Active Directory/DNS/DHCPv6
Groove Coming Soon!
ISA Server Coming Soon!
IPv6 Report CardIPv6 Report Card
6
Windows Vista
Windows Server 2008
SQL Server 2008
SQL Server 2005
Exchange Server 2007 SP1
Host Integration Server 2007
Biztalk Server 2006
Office Sharepoint Server 2007
SMS/SCCM 2007
MOM/SCOM 2007 System Center Virtual Machine Manager
Office 2007
Active Directory/DNS/DHCPv6
Groove Coming Soon!
ISA Server Coming Soon!
IPv6 Report CardIPv6 Report Card
7
More Than the Stack…More Than the Stack…
All standard Windows Server 2008 components are IPv6 capableIPv6 is on by default, and preferredControllable via Group PolicyAll Enterprise-class products currently in production are IPv6 capableGUI-based configurationFull support for IPsec
8
IPv6 Now – Infrastructure IPv6 Now – Infrastructure LaterLater
Transition Technologies let enterprises deploy IPv6 before infrastructure supports it
Phased deploymentsManaged rollout out native IPv6
Native IPv6ISATAP tunnel (IPv6 in IPv4)Native IPv4
IPv4
IPv6
ISATAPRouter
9
ISATAP (RFC 4214) works well inside the network
Single box can enable IPv6 in the enterpriseSecure tunneling of IPv6 over IPv4
IPv6 Now – Infrastructure IPv6 Now – Infrastructure LaterLater
IPv4 Internet
Restricted NAT
Restricted NAT
Teredo Server
Bubble Packets
Teredo works well for unmanaged/home users
Works through a NATProtocol of last resortAutomatically disables in a managed environment
Transition Technologies let consumers deploy IPv6 before infrastructure supports it
Phased deploymentsTransition to managed infrastructure
• On by default• Server Roles plumb firewall
rules• Stateful IP filtering inbound
and outbound• Full support for IPv6/ICMPv6• Location-aware policy profiles
• Domain, Public, Private• Service Hardening
• Prevent critical Windows services from being used for malicious activity
• Enabled by default, and applies to inbound and outbound traffic
Windows Firewall FeaturesWindows Firewall Features
Server and Domain Server and Domain IsolationIsolation
LabsLabsUnmanaged Unmanaged guestsguests
Protect managed computers from Protect managed computers from unmanaged unmanaged or rogue computers and usersor rogue computers and users
Protect specific high-value servers and Protect specific high-value servers and datadata
Server Server IsolationIsolation
Domain Domain IsolationIsolation
Dynamically Dynamically segment your segment your
Windows Windows environment into environment into more secure and more secure and isolated logical isolated logical
networksnetworksbased on policybased on policy
12
Policy-Based Network Policy-Based Network Access ProtectionAccess Protection
Network Access ProtectionNetwork Access ProtectionPolicy-based solution that• Validates whether computers meet
health policies• Limits access for noncompliant
computers• Automatically remediates
noncompliant computers • Continuously updates compliant
computers to maintain health state
Solution HighlightsSolution Highlights• Standards-based• Plug and Play• Works with most devices• Supports multiple antivirus solutions• Has become the standard for Network Access
Control
IntranetIntranet
14
IPv6 IPv6 DeploymeDeployment at nt at MicrosoftMicrosoft
ISATAP available in all buildings world-wide Native v6 connectivity in all development buildings world-wide
Where do we need native v6?•That is where we concentrate upgrades
Everywhere else gets ISATAP connections
Lessons LearnedLessons Learned
Start early with trainingSet up a test labEnsure you have a good application inventoryEnable IPv6 on all machinesUse ISATAP to decrease deployment costsPhased deployments work bestClient impact in dual-stack environment is minimalThe only way to achieve business value with IPv6 is to use applications that leverage the new features of the IPv6 stack
15
Call to ActionCall to Action
Install Windows Vista SP1 and Windows Server 2008Don’t disable IPv6Start training nowDon't buy hardware that won't support IPv6You don't have to deploy IPv6 today, but you do have to start getting ready for IPv6 today
16
Recommended