Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
Module 5:Next Generation Networking
Module Overview
Describe the Windows Server 2008 network architectureDescribe the Windows Server 2008 network architectureIdentify new and improved networking features with Windows Server 2008List new improvements to DNS with Windows Server 2008Describe new features for wireless networks
Lesson 1: Networking with Windows Server 2008
Describe the Windows Server 2008 network architectureDescribe the Windows Server 2008 network architectureIdentify new and improved networking features with Windows Server 2008Explain how the new TCP/IP Stack improves networkingIdentify the difference between IPv4 and IPv6 addressesIdentify the difference between IPv4 and IPv6 addresses
Review of Windows Server Network Architecture
Windows Sockets Application
NetBIOSApplication
RPC Application Win32 Wnet/Wininet
ApplicationApplications and User Mode Services
UserRPC WNet Wininet NetBIOS
SupportWindows Sockets
Application Interfaces
Named PipesKernel
Redirector/Server
NetBT AFD
IP
TCP
NetBT AFD
Packet Classifier IPICMP IP Forwarder IP Filtering IGMP ARP
Packet Scheduler
Classifier
Traffic
NDIS Wrapper
Packet Queue Packet Queue Packet Queue Packet QueueControlDriver Interfaces
NDIS Wrapper
New Networking Features
Next Generation TCP/IP Stack
IPv6 Enhancements
Policy-Based Quality of Service
The New TCP/IP Architecture
WSK Clients TDI Clients
Winsock User ModeKernel Mode
WSK
WSK Clients
Next Generation TCP/IP stack (tcpip sys)
AFD
TDX
TDI
Windo
FilterinPlatformIPv4 IPv6
RAWUDPTCPNext Generation TCP/IP stack (tcpip.sys)
ows
ng m
API
802.3
NDIS
WLAN Loop-back
IPv4 Tunnel
IPv6 Tunnel
NDIS
• Dual-IP layer architecture for native IPv4 and IPv6 support• Better security through expanded IPsec integrationy g p g• Improved performance via hardware acceleration• Network auto-tuning and optimization algorithms• Greater extensibility and reliability through rich APIs• Greater extensibility and reliability through rich APIs
IPv6
New header formatLarge address spaceEfficient and hierarchical addressing and routing infrastructureStateless and stateful address configurationBuilt-in securityBetter support for prioritized deliveryNew protocol for neighboring node interactionp g gExtensibility
Lesson 2: New Networking Features
List features in Windows Server 2008 networking that List features in Windows Server 2008 networking that enable greater securityUse the Windows Advanced FirewallList features in Windows Server 2008 networking that enable greater performanceDescribe Receive Window Auto TuningDescribe Policy-based Quality of ServiceDescribe Policy based Quality of ServiceList features in Windows Server 2008 networking that enable greater scalabilityg yUse Server and Domain isolationDescribe Server and Domain isolation usageDescribe Server and Domain isolation usage
Security Features
Reduce the risk of network security threatsA dditi l l f d f i d thAn additional layer of defense-in-depthReduced attack surface area to known computersIncreased manageability and more healthy clientsg y y
Safeguard sensitive data and intellectual propertyAuthenticated, end-to-end network communicationsScalable, tiered access to trusted networked resourcesProtect the confidentiality and integrity of data
Full featured, enterprise functionality
Protect the confidentiality and integrity of data
Support for computer and user authentication with IPsecNetwork Access Protection over VPNs and IPsecSecure routing compartments extends isolation to VPNSecure routing compartments extends isolation to VPN
Windows Firewall with Advanced Security
Performance
Optimized performance without lossI t lli t t t d t i f TCP i i d iIntelligent, automated tuning of TCP receive window sizeBetter packet loss resiliencyAdvanced congestion control for better throughputg g p
Automatically adjusts for maximum efficiencyFaster network transfers especially across WAN linksFaster network transfers, especially across WAN linksOptimized use of available network bandwidthReduced packet loss, resulting in fewer retransmits
Receive Window Auto Tuning
Replicating data between Tukwila, Bay AreaDefault configurationsOn Windows Server 2003 SP1
100Mbps NICs, 10Mbps throughputOn Windows Server 2008
100Mbps NICs, 80Mbps throughput1000Mbps NICs 400Mbps throughput1000Mbps NICs, 400Mbps throughput
Policy-Based Quality of Service
•Source IPv4/IPv6 addresses•Source IPv4/IPv6 addresses
•Destination IPv4/IPv6 addresses
P t l•Protocol
•Source or destination ports
Scalability
Cost-effectively scale networking up d tand out
Specialized hardware frees CPU(s) for applicationsapplicationsEase consolidation with support for multiple GbpsMore efficient use of large server resources
Adopt hardware acceleration and offloadingp gReceive-side scaling optimizes multi-processor systemsArchitected to support latest TCP offload hardwareOffload hardware less expensive than new high-end PCsend PCs
Server and Domain Isolation
Active Directory Domain Active Directory Domain Controller
Trusted Resource Server
Corporate Network
HR WorkstationX
Servers with
UnmanagedComputer
Server X
Sensitive Data
UntrustedDomain
IsolationManaged ComputerManaged
Computer Domain Isolation
Server and Domain Isolation Usage
D tData
Application
HostServer and Domain Isolation
Internal Network
Server and Domain Isolation
Physical Security
Perimeter
Policies, Procedures & Awareness
Lesson 3: DNS with Windows Server 2008
Describe how DNS worksDescribe how DNS worksDescribe DNS functionalityList new features of DNS with Windows Server 2008List new features of DNS with Windows Server 2008Explain DNS client changes
DNS Overview
DNS
DNS Functionality
Support for Active Directory Domain Support for Active Directory Domain ServicesStub ZonesIntegration with other Microsoft networking servicesImproved ease of administrationRFC-compliant dynamic update protocol RFC compliant dynamic update protocol supportSupport for incremental zone transfer ppbetween serversConditional forwarders
New DNS Features in Windows Server 2008
Background Zone Loading
Support for IPv6 Addressesg
DNS
GlobalNames
RODC SupportZone
DNS Client Changes
LLMNRChanges to the way LLMNR
LLMNRChanges to the way DNS Clients Locate
DCs
DNS Server
DNS S
DNS Server
Link-Local Multicast ServerName Resolution
Lesson 5: Configuring Wireless Settings in Windows Server 2008
Windows Server 2008 wireless network architectureWindows Server 2008 wireless network architectureAuthentication and wireless networkingSecurity enhancements for wireless networksSecurity enhancements for wireless networksWireless Group Policy enhancementsM i th h li dManaging through line commands
Windows Server 2008 Wireless Architecture
802.11 is a separate media type than 802.3 (Ethernet)( )
Authentication, authorization, and management i OSin OS
Extensible through API
Authentication and Wireless Networking
Extensible Authentication
P t lProtocol
(EAP)
WPA2
Single Sign Ong g
Security Enhancements for Wireless Networks
FIPS 140-2 Certified NAP IntegrationFIPS 140-2 Certified Mode
Health check of clients
NAP Integration
WPA2-Enterprise
WPA E t i
US Government Security Standard
WPA-Enterprise
Dynamic WEP•
AES in software, not on ,network adapter
Wireless Group Policy Enhancements
New Policies DescriptionNew Policies DescriptionWPA2 authentication Sets WPA2 authentication options, such
as allowing WPA-Enterprise or WPA Personal connectionsPersonal connections.
Allowed and denied networks
Specify allowed and denied networks by SSID.
Fast Roaming Settings Allow for WPA2 quick roaming through preauthentication and PMK caching.
Non broadcast wireless Set hidden networks as a preferred Non-broadcast wireless networks
Set hidden networks as a preferred network.
Automatic or manual Configure preferred networks as connections automatic or manual connections
Managing through line commands
Use for bootstrap applications or non domain Use for bootstrap applications or non-domain computers
S li t ttiSave client settingsSpecify Single Sign On (SSO)E bl FIPS 140 2Enable FIPS 140-2Specify allowed and denied networksSpecify order of preferred networksDisplay configurationRemove configurationMove settings between clients