Windows 8 Client Part 1 "The OS internals for IT-Pro's"

Tom DecaluwéInfrastructure Manager

Macintosh Retail GroupContact me:

tom@decaluwe.euhttp://trycatch.be/blogs/decaluwet

Windows 8 slow adoption- Touch UI- Different- Disruptive leap- Bad economical times- We just migrated to

Windows 7- Apple is better- Lack of “devices”- Lack of “time” for IT pro’s

Keala group

Enthusiasm

My Promise

“I’ll show every one of you at least 1 feature

to be enthusiastic about”

The ecosystem

Lab for the Day

www

192.168.1.50

DEMONET192.168.1.1

What we will CoverWindows 8 Internals Windows 8 Application

What we will CoverWindows 8 Internals Windows 8 Application

The History

The evolution

The editions

27 years of evolution

V1.0198516 Bit

V 72009

V 82012?64 Bit mobile

V1.0198516 Bit

V3.11992

V2000 XP2001

V 72009 V 8

2012

V 62007

Windows 8 Editions

X86 PC

• Windows 8 • Windows 8 Pro• Windows 8 Enterprise

ARM/

WOA

• Windows RT

Setup Experience

FASTER

More Secure

Upgrade speedWin7 vs Win8• Win 7 => 4 wizards +/-

60 screens• Win 8 => one wizard

+/- 11 clicks

Upgrade Performance• Win 7 => moved file by

file,…• Win 8 => moves the

whole folder in one go,…

Source and Destinations

Hard disk Virtual Machine

USB (Win To GO) VHD

ISO VHD USB

The simple and detailed upgrade UI

Windows To Go

Portable

Flexible

You have limited hard disk space, like SSD but worse ;-)

How it differs from a normal pc

• Internal disks disabled• TPM not used => replaced with pre-operating

system boot password• No hibernation• No Recovery Environment• No Push button reset• Disabled windows Store• No MAK activation

Some usage scenarios

-Contractors that bring their own PC-Shared PC’s-Quick DR-Home computing / BYOD-…

Computer roamingWindows uniquely identifies computers based on constant characteristics of the machine firmware -SMBIOS UUID if present or certain SMBIOS strings

This ID is used to ensure when Windows returns to a computer, only the necessary set of drivers are loaded

When roaming to a new computer drivers are installed on the first boot, similar to the first time you boot a generalized Windows image

MBR Disk

System Partition - Boot Files• FAT32 File System• 300MB• Legacy Boot Manager

(Bootmgr)• UEFI Boot Manager

(Bootmgfw.efi)

Operating System Partition - Apps, Data, Settings• NTFS File System

Boot Disk RemovalBoot disk removal is detected by the USB stackThe kernel freezes the systemThe stack will wait 60 seconds for the boot disk to return

and then power down the systemIf the boot disk is returned, the system will resume

Put it back in the same USB port

DEMO

Quick DR

RefreshKeep all personal data, Metro style apps, and important settings from the PC, and reinstall Windows.

ResetRemove all personal data, apps, and settings from the PC, and reinstall Windows

RERecovery Environment

Reset you PC

1. Win RE - Boots into the Windows Recovery Environment

2. Win RE - Erases and formats3. Win RE - Installs a fresh copy4. PC restarts into the newly

installed OS

Remove everything and start from scratch

Refresh your PC

1.Boots into Windows RE2.Win RE scans the hard drive for your data, settings, and apps,

and puts them aside (on the same drive).3.Win RE installs a fresh copy of Windows.4.Win RE restores the data, settings, and apps,5.The PC clean boots

Fix a problem with your computerIt’s a reinstall without losing your data,

settings, and Metro style apps

Kept or removed?Kept• Wireless network connections• Mobile broadband connections• BitLocker and BitLocker To Go

settings• Drive letter assignments• Personalization settings such

as lock screen background and desktop wallpaper

• Metro apps (not the classic apps)

Removed• File type associations• Display settings• Windows Firewall settings• Classic apps

Include the appsRefresh from a previous state

mkdir C:\RefreshImagerecimg -CreateImage C:\RefreshImage

DEMO

Windows 8 Boot

FASTER

More Secure

Pre-OS environmentWin7 Win8

Bios vs UEFI boot speed

POST

POST

OS Initialization Service & App Initialization

Service & App Init

Hiberfile Read (Session0)

Device Initialization

Explorer Ready

Explorer ReadyWindows 7

Windows 8

End-users judge their pc performance according to boot speed

Power -> logon

POST Explorer Init.Device Init.Hiber Resume

2s 4s 6s 7s

OEM Logo

OEM Logo

Seconds

Boot Phase

User View

Clean, high-resolution branding elements persist through OS boot

Post with highest supported native resolution

Seamless single graphics transition from firmware to native OS driver

How to shutdown

shutdown /s /full /t 0 => force full shutdown without hibernate file

Shutdown => system kernel hibernateRestart => full restart null boot

3 Security Components for boot

Secure Boot

Measured boot

Remote attestation

UEFI secure boot“Protects against bootkits by verifying the boot loader before

loading”Step1:MS creates a signature of the boot loader and pre-stages it onto PC’s

Boot loader Hash sig

SHA256 Encrypt

MSRSA2048 key

pairPriv Pub

UEFI secure bootStep2:UEFI firmware database are pre-staged on Windows 8 logo devices

• db: sig database, keys you trust• dbx: forbidden signature database,

blacklist a loader or key• KEK: key exchange keys, to update

db or dbx• PK: platform key => to update

KEK

For windows 8 certified devices they must adhere to the hardware certification requirements => KEK and DB must contain a Microsoft key, secure boot must be enabled out of the box.

Measured boot

BIOS

Boot loader

Kernel

Early DriversEarly DriversEarly Drivers

Boot log database

Hash of next item(s)

Creates a log with hash of everything that was loaded

ELAM

TPM

Kernel initializes ELAM can look at the hashes of the drivers and decide to load yes/no before loading early drivers into memory

Remote AttestationAllow a boot log to be evaluated and enforce a policy

Client

TPM

AttestationServer

Measured boot log

TOKEN

All 3 components

UEFIPOST

Win8 Boot

loader

WindowsKernel ELAM

3rd party software

Windows logon

Anti-Malwaresoftware

Attestation server

Measured boot log

TOKEN

TPM

Connected state

Lower power => ultra low idle power time

Content always up to date

Connected Standby

New Windows power stateThe PC’s screen is off, but the device remains in a very low idle stateThe network adapter maintains a connection to the network Metro style apps continue to receive live tile updates and toast notificationsBackground Tasks and Push Notifications enable customers to receive real-time communication via apps such as email, IM and VoIP

Screen On(Active)

User present

and using device

Screen Off

(Connected

Standby)User not

present, still connected

Shutdown

User not present,

no context saved

Power consumption

Consistent plow power

Less than 5% battery drain over 16 hour period in Connected Standby

App model for connected standby

App model is right by design for powerApps are suspended when the computer enters Connected StandbyApps may register background activity in Background TasksNotifications API allows suspended apps to handle incoming events from the cloud

Pattern matching and wake used for push notifications and real-time apps

Win File system

Storage Spaces

BitLocker

Checkdisk

Storage Optimizer

Storage SpacesThin provisioning

Logical vs physical size10GB vs 4 GB

Resilience

- mirror - Parity

DEMO

CheckdiskWin7

Only two states- Volume is healthy- Volume is not healthy => volume goes

offline

Fix time was directly related to #files on the volume

A disk has 2 health states

Win8Fix corruption with a minimum of downtime

ReFS => no longer requires fixing offline

A disk has 4 health states

4 Point Health State

Check phase

BitLocker- Support Encrypted Hard Drive to offload cryptography to disk

processor- BitLocker Pre-provisioning in WinPE environment- Used space encryption- Standard user PIN change- Network Unlock

Storage Optimizer

- Trim Support for SSD

Virtualisation

Client Hyper-V

Remote desktop, VDI, …

Client Hyper-V- Same technology as Windows Server 2012- Requirements

- 64-bit system - SLAT (second level address translation)- 4 GB RAM

* We are missing seamless apps

Overview

Cheat sheet

1. After this session2. On the booth floor3. This evening during the ask the experts 4. By email: tom@decaluwe.eu

I want to hear your questions

Windows 8 is great!

Share your enthusiasm

END“Part 1”