Embed Size (px)
Citation preview
Contents Chapter 1 : Installation Chapter 2 : Administration Chapter 3 : Users Chapter 4: Groups Chapter 5 : Computers Chapter 6: Group Policy Infrastructure Chapter 7 : Group Policy Settings Chapter 8 : Authentication Chapter 9 : Integrating Domain Name System with AD DS Chapter 10: Domain Controllers Chapter 1 1: Sites and Replication Chapter 1 2: Domains and Forests
Technical Overview
Windows Server 2k8 Versions
SecurityWeb Virtualization
Solid Foundation for Your Business Workloads
Windows Server 2008 pillars
Reduces costs, increases hardware utilization, optimizes your infrastructure,
and improves server availability
Delivers rich web-based experiences
efficiently and effectively
Provides highest levels of protection for your network,
your data, and your business
Most flexible and robust Windows Server operating system to dateProvides the most versatile and reliable Windows platform for all of your workload and application requirements
Management Reliability
SolidFoundation
Windows Server ManagerPowerShell
Windows Deployment Services
Server CoreNext Generation NetworkingHigh Availability Clustering
Most Flexible and Robust Windows Server Operating System to Date
TechNet ScriptCenterExchange Server 2007Terminal ServerWMI, Registry, Hardware, etc.Community-Submitted scripts
MyITForum.com
Windows PowerShell
New Command-line shell & Scripting Language
Futures
Improves productivity & control
Accelerates automation of system admin
Easy-to-use
Works with existing scripts
Will ship in WindowsAdmin GUIs layered over PowerShellOne-to-many remote management using WS-MGMT
Solid Foundation
SolidFoundation
Server Manager
Product Installation
Initial Configuration
Managing Windows Server 2008 Solid Foundation
Server Core
Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems
Windows Server Core
GUI, CLR, Shell, IE, OE,
etc.
Web
DHCP
DNS
File Print
Only a subset of the executable files and DLLs installedNo GUI interface & .NET managed code installedLess disk space and management requiredCan be managed with remote tools (MMC, RDP)
AD DS
AD LDS
Media
Solid Foundation
Complete Redesign of TCP/IP
Insp
ection
AP
I
WSK
WSK Clients TDI Clients
NDIS
AFD
TDX
TDI
Winsock User Mode
Kernel Mode
Dual-IP layer architecture for native IPv4 and IPv6 supportImproved Network Performance TroubleshootingImproved performance via hardware acceleration and auto-tuningGreater extensibility and reliability through rich Windows Filtering Platform APIsCompletely manageable through Group Policy
Next Generation TCP/IP Stack (tcpip.sys)
IPv4
802.3 WLAN Loop-back
IPv4 Tunnel
IPv6 Tunnel
IPv6
RAWUDPTCP
Next Generation TCP/IP Stack (tcpip.sys)
IPv4
802.3 WLAN Loop-back IPv4 Tunnel IPv6 Tunnel
IPv6
RAWUDPTCP
Solid Foundation
Solid FoundationWindows Firewall w/ Advanced Security
Combined firewall and IPsec management
Failover Clustering
Heartbeat
New Validation Wizard for server, storage & network testingSupport for GUID partition table (GPT) disks in cluster storageImproved cluster setup interfaceQuorum resource: no longer single-point-of-failureIPv6 supportGeographically dispersed clusters: accross subnets, no VLAN needed
NodeA
Active Node
NodeB
Passive Node
Solid Foundation
Windows Deployment Services
Rapidly deploy Windows operating systems
Updated and redesigned version of Remote Installation Services (RIS)
Server components
Client components: WinPE
Management components
WDS
Windows Vista
Windows Server 2008
Solid Foundation
Reliability and Performance Monitor
Combines functionality of previous stand-alone tools
Tracks system changes
Provides new functionality
Solid Foundation
Deliver Rich Web-based Experiences Efficiently and Effectively
Internet Information Services 7.0
Windows SharePoint Services
Web
Windows Media Services
WebIIS 7.0: a robust Web & Application Server
IIS 7
Enhanced security and reduced attack surface
Administration: UI & APPCMD & shared configuration
Delegation & true application XCOPY deployment
Highly customizable
Advanced troubleshooting
Windows Communication Foundation (WFC) Windows Activation Service
Web
13
IIS 7
DemoIIS 7.0 new features
Optimize Your Infrastructure and Improve Server Availability
Terminal Services
RemoteApp
Terminal Services Gateway
Windows Server Virtualization
Virtualization
Virtualization Technologies
Windows Server Virtualization
Server VirtualizationPresentation
Virtualization
Application Virtualization
Desktop Virtualization
Management
Virtualization
Virtualization
Windows Server Virtualization
Greater Scalability and improved performance
x64 bit host and guest support
SMP support
Increased reliability and security
Minimal Trusted Code base
Windows running a foundation role
Better flexibility and manageability
New UI/Integration with SCVMM
AMD-V / Intel VT
Windows Hypervisor
VM 1“Parent”
VM 2“Child”
VM 3“Child”
VirtualHard Disks
(VHD)
Hardware
Windows Server 2003
Virtual Server 2005 R2
VM 2 VM 3
Virtualization
Application Virtualization
Application Isolation
Dynamic Streaming
System Center Integration
Software as a Centrally-managed Service
Available through…
Virtualization
Virtualization Investments
ManagementInfrastructure Applications InteroperabilityLicensing
Create agilityBetter utilizeserver resourcesPartner with AMD and Intel
Ease consolidationonto virtual infrastructureBetter utilizemanagementresources
Supportheterogeneityacross thedatacenterOSP (Open Specification Promise) VHD
AcceleratedeploymentReduce the cost of supportingapplications
Deliver cost-effective, flexible and simplified licensingRoyalty Free VHD format
A Multi-level Approach
Terminal Services
Virtualization
Terminal Services Gateway
Ext
ern
al F
irew
all
Inte
rnal
Fir
ewal
l
InternetPerimeter Network
Corporate Network
Remote/ Mobile User
Terminal Services Gateway
Network Policy Server
Active Directory DC
Tunnels RDP over HTTPs
Strips off RDP / HTTPs
Terminal Servers and other
RDP Hosts
RDP traffic passed to TS
Internet
Virtualization
Terminal Services RemoteApp
Terminal ServicesGateway Server
Remote Desktop client
required
Virtualization
Hardens Operating System and Increases Environment Protection
Read-Only Domain
ControllerNetwork Access
Protection
Federated Rights
Management
Security
1
RemediationServers
Example: Patch
Using Network Access Protection
RestrictedNetwork
1
WindowsClient
2
2 DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
3
3 Network Policy Server (NPS) validates against IT-defined health policy
4
If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4)
Not policy compliant
5 If policy compliant, client is granted full access to corporate network
Policy compliant
NPSDHCP, VPN
Switch/Router
4
Policy Serverssuch as: Patch, AV
Corporate Network5
Client requests access to network and presents current health state
Security
Security
5+9
DemoNetwork Access Protection
Auto-Remediation
Active Directory Federation Services
WebServer
AD AD
AccountFederation
Server
ResourceFederation
Server
Company BCompany A
Federation Trust
Security
AD FS provides an identity access solution
Deploy federation servers in multiple organizations to facilitate business-to-business (B2B) transactions
AD FS provides a Web-based, SSO solution
Federated Identity support inAD Rights Management Services
AD AD
AccountFederation
Server
ResourceFederation
Server
Company BCompany A
Federation Trust
RMS
WebSSO
Security
Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities
Read-Only Domain Controller
Head Quarter Branch Office
FeaturesRead Only Active Directory DatabaseOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation
BenefitsIncreases security for remote Domain Controllers where physical security cannot be guaranteed
RODC
Security
BranchHead Quarter
Read Only DC
How RODC Works
Windows Server 2008 DC
1
2
3
4
56
6
123456 User logs on and authenticatesRODC: Looks in DB: "I don't have the users secrets"Forwards Request to Windows Server 2008 DCWindows Server 2008 DC authenticates requestReturns authentication response and TGT back to the RODCRODC gives TGT to User and RODC will cache credentials
RODC
Security
SecurityWhat if a DC is stolen?
Head Quarter
Branch Office
Branch Office Benefits
OptimizationDFS Replication
SecurityBitLocker
Full Volume EncryptionServer CoreRead-Only Domain Controller
AdministrationSOAP-based remote management (WinRM)Restartable Active Directory
Solid Foundation
PKI Support Security
Built-in Certificate Service
Usage
Data Encryption
Digital Signature
Smart Card authentication
Windows Server 2008: A Robust Application Platform
Application Platform
.NET Framework 3.0
IIS 7.0
Windows Activation Service
MSMQ 4.0
Windows Server 2008 Summary
Security
NAPRead-Only DCAD RMSAD Federation SvcPKI supportBitLocker
Virtualization
Windows VirtualizationTS GatewayTS RemoteApps
Web
Modular designLess attack surfaceAdmin delegationAPPCMDWin Activation SvcTracing & Troubleshooting
Solid Foundation for Your Business WorkloadsWindows PowerShell
Server Core
Server Manager
Windows Firewall with Advanced Security & IPSec
IPv6
Failover Clustering
Reliability & Performance Monitor
Windows Deployment Svc
www.m
icrosoft.com/W
indowsServer2008
More information
www.microsoft.com/WindowsServer2008 www.iis.net
Thank You!
