Unleashing the Power of Unleashing the Power of Ubiquitous Connectivity with Ubiquitous Connectivity with IPv6IPv6Sandeep K. Singhal, Ph.DDirector of Program ManagementWindows Networking

AgendaAgenda

The Connectivity Imperative

IPv6 Product Report Card

The power of IPv6 andWindows networking

Call to Action

2

3

The Connectivity The Connectivity ImperativeImperative

Seamless Applications Seamless Applications ImpactImpact

The Future of Business ComputingThe Future of Business Computing• Dynamic DatacenterDynamic Datacenter• Focus on Security, Productivity, and ImpactFocus on Security, Productivity, and Impact• Providing a unique “customer experience”Providing a unique “customer experience”

The Future of Personal ComputingThe Future of Personal Computing• From personal computer to personal computingFrom personal computer to personal computing• Across multiple PCs and devicesAcross multiple PCs and devices• Blurring of digital workstyle and lifestyleBlurring of digital workstyle and lifestyle• Individual in control of their digital worldIndividual in control of their digital world

4

IPv6 is a Key Building IPv6 is a Key Building BlockBlock

Continued seamless connectivity demands a new paradigm

SecurityScalabilityFlexibility

5

IPv6 is required to support the new network and Internet

Windows Vista

Windows Server 2008

SQL Server 2008

SQL Server 2005

Exchange Server 2007 SP1

Host Integration Server 2007

Biztalk Server 2006

Office Sharepoint Server 2007

SMS/SCCM 2007

MOM/SCOM 2007 System Center Virtual Machine Manager

Office 2007

Active Directory/DNS/DHCPv6

Groove Coming Soon!

ISA Server Coming Soon!

IPv6 Report CardIPv6 Report Card

6

Windows Vista

Windows Server 2008

SQL Server 2008

SQL Server 2005

Exchange Server 2007 SP1

Host Integration Server 2007

Biztalk Server 2006

Office Sharepoint Server 2007

SMS/SCCM 2007

MOM/SCOM 2007 System Center Virtual Machine Manager

Office 2007

Active Directory/DNS/DHCPv6

Groove Coming Soon!

ISA Server Coming Soon!

IPv6 Report CardIPv6 Report Card

7

More Than the Stack…More Than the Stack…

All standard Windows Server 2008 components are IPv6 capableIPv6 is on by default, and preferredControllable via Group PolicyAll Enterprise-class products currently in production are IPv6 capableGUI-based configurationFull support for IPsec

8

IPv6 Now – Infrastructure IPv6 Now – Infrastructure LaterLater

Transition Technologies let enterprises deploy IPv6 before infrastructure supports it

Phased deploymentsManaged rollout out native IPv6

Native IPv6ISATAP tunnel (IPv6 in IPv4)Native IPv4

IPv4

IPv6

ISATAPRouter

9

ISATAP (RFC 4214) works well inside the network

Single box can enable IPv6 in the enterpriseSecure tunneling of IPv6 over IPv4

IPv6 Now – Infrastructure IPv6 Now – Infrastructure LaterLater

IPv4 Internet

Restricted NAT

Restricted NAT

Teredo Server

Bubble Packets

Teredo works well for unmanaged/home users

Works through a NATProtocol of last resortAutomatically disables in a managed environment

Transition Technologies let consumers deploy IPv6 before infrastructure supports it

Phased deploymentsTransition to managed infrastructure

• On by default• Server Roles plumb firewall

rules• Stateful IP filtering inbound

and outbound• Full support for IPv6/ICMPv6• Location-aware policy profiles

• Domain, Public, Private• Service Hardening

• Prevent critical Windows services from being used for malicious activity

• Enabled by default, and applies to inbound and outbound traffic

Windows Firewall FeaturesWindows Firewall Features

Server and Domain Server and Domain IsolationIsolation

LabsLabsUnmanaged Unmanaged guestsguests

Protect managed computers from Protect managed computers from unmanaged unmanaged or rogue computers and usersor rogue computers and users

Protect specific high-value servers and Protect specific high-value servers and datadata

Server Server IsolationIsolation

Domain Domain IsolationIsolation

Dynamically Dynamically segment your segment your

Windows Windows environment into environment into more secure and more secure and isolated logical isolated logical

networksnetworksbased on policybased on policy

12

Policy-Based Network Policy-Based Network Access ProtectionAccess Protection

Network Access ProtectionNetwork Access ProtectionPolicy-based solution that• Validates whether computers meet

health policies• Limits access for noncompliant

computers• Automatically remediates

noncompliant computers • Continuously updates compliant

computers to maintain health state

Solution HighlightsSolution Highlights• Standards-based• Plug and Play• Works with most devices• Supports multiple antivirus solutions• Has become the standard for Network Access

Control

IntranetIntranet

14

IPv6 IPv6 DeploymeDeployment at nt at MicrosoftMicrosoft

ISATAP available in all buildings world-wide Native v6 connectivity in all development buildings world-wide

Where do we need native v6?•That is where we concentrate upgrades

Everywhere else gets ISATAP connections

Lessons LearnedLessons Learned

Start early with trainingSet up a test labEnsure you have a good application inventoryEnable IPv6 on all machinesUse ISATAP to decrease deployment costsPhased deployments work bestClient impact in dual-stack environment is minimalThe only way to achieve business value with IPv6 is to use applications that leverage the new features of the IPv6 stack

15

Call to ActionCall to Action

Install Windows Vista SP1 and Windows Server 2008Don’t disable IPv6Start training nowDon't buy hardware that won't support IPv6You don't have to deploy IPv6 today, but you do have to start getting ready for IPv6 today

16

© 2008 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.