Donald HesterMay 11, 2010
For audio call Toll Free 1-888-886-3951
and use PIN/code 450895
Windows 7 for IT Professionals Part 2:Network and SharingWindows 7 for IT Professionals Part 2:Network and Sharing
• Maximize your CCC Confer window.• Phone audio will be in presenter-only mode.• Ask questions and make comments using the chat window.
HousekeepingHousekeeping
Adjusting AudioAdjusting Audio
1) If you’re listening on your computer, adjust your volume using the speaker slider.
2) If you’re listening over the phone, click on phone headset.
Do not listen on both computer and phone.
Saving Files & Open/close CaptionsSaving Files & Open/close Captions
1. Save chat window with floppy disc icon
2. Open/close captioning window with CC icon
Emoticons and PollingEmoticons and Polling
1) Raise hand and Emoticons
2) Polling options
Donald Hester
Windows 7 for IT Professionals Part 2:Network and SharingWindows 7 for IT Professionals Part 2:Network and Sharing
Windows DirectAccess and Windows VPN Reconnect
Windows BranchCache™ Libraries and Search
DirectAccess Overview DirectAccess Requirements and
Deployment Connection Methods VPN Reconnect
FeaturesFeatures
Provides users transparent access to internal network resources whenever they are connected to the Internet
Enables IT Professionals to manage remote computers outside of the office
Establishes a bi-directional connection that enables the client computer to remain current with company policies and to receive software updates
Does not require a VPN connection
Supports multifactor authentication methods
Configurable to restrict which servers, users, and individual applications are accessible
Provides users transparent access to internal network resources whenever they are connected to the Internet
Enables IT Professionals to manage remote computers outside of the office
Establishes a bi-directional connection that enables the client computer to remain current with company policies and to receive software updates
Does not require a VPN connection
Supports multifactor authentication methods
Configurable to restrict which servers, users, and individual applications are accessible
Requirements
Deployment
Requirements
Deployment
Windows Server® 2008 R2 with two network adapters
One domain controller and DNS server running Windows Server 2008 or Windows Server 2008 R2
A Public Key Infrastructure (PKI)
IPsec policies
IPv6 transition technologies
Windows 7 Beta Enterprise on the client computers
Optionally, a NAT-PT device to provide IPv4 access
Windows Server® 2008 R2 with two network adapters
One domain controller and DNS server running Windows Server 2008 or Windows Server 2008 R2
A Public Key Infrastructure (PKI)
IPsec policies
IPv6 transition technologies
Windows 7 Beta Enterprise on the client computers
Optionally, a NAT-PT device to provide IPv4 access
IPv6-over-IPsec to encrypt communications
Scalability determined number of Direct Access servers
Multiple ways to install Direct Access
IPv6-over-IPsec to encrypt communications
Scalability determined number of Direct Access servers
Multiple ways to install Direct Access
Selected Server Full Enterprise Network Selected Server Full Enterprise Network Highest level of security:
Deploy IPv6 and IPsec in the organization
Upgrade application servers Windows Server 2008 R2
Enable selected server access
Allows end-to-end authentication and encryption from the DirectAccess client to internal resources
Highest level of security:
Deploy IPv6 and IPsec in the organization
Upgrade application servers Windows Server 2008 R2
Enable selected server access
Allows end-to-end authentication and encryption from the DirectAccess client to internal resources
Configured using DirectAccess console or IPsec policies
Configured using DirectAccess console or IPsec policies
IPsec session is established between the DirectAccess client and server
IPsec is not used for communications across the internal network
Closely resembles VPN and can be more straightforward to deploy
IPsec session is established between the DirectAccess client and server
IPsec is not used for communications across the internal network
Closely resembles VPN and can be more straightforward to deploy
Flexible configuration meets organizational security requirements
Flexible configuration meets organizational security requirements
Transparent to usersTransparent to users
Users who connect using wireless mobile broadband will benefit most from this capability
Users who connect using wireless mobile broadband will benefit most from this capability
Automatically re-establishes a VPN connection when users temporarily lose Internet connections
Automatically re-establishes a VPN connection when users temporarily lose Internet connections
Provides seamless and consistent VPN connectivity
Provides seamless and consistent VPN connectivity
Uses IKEv2 technology to supply constant VPN connectivity
Uses IKEv2 technology to supply constant VPN connectivity
DirectAccess Deployment Guide• http://technet.microsoft.com/en-us/library/
ee649163(WS.10).aspx
Forefront UAG DirectAccess• http://go.microsoft.com/fwlink/?
LinkId=179989
13
Feature Components Deployment Models Client and Server Configurations
15
http://edge.technet.com/Media/Branch-Cache-in-Windows-7/
End User Benefits
IT Professional Benefits
End User Benefits
IT Professional Benefits
Helps reduce WAN link utilization Improves the responsiveness of network
applications when users are accessing main office servers
Improves file transfer time
Helps reduce WAN link utilization Improves the responsiveness of network
applications when users are accessing main office servers
Improves file transfer time
Supports commonly used protocols Provides compatibility with end-to-end security
protocols Supports end-to-end encryption between clients and
servers Optimizes traffic flows between Windows 7 Beta clients
and Windows 7 Beta servers
Remains completely transparent to the user
Supports commonly used protocols Provides compatibility with end-to-end security
protocols Supports end-to-end encryption between clients and
servers Optimizes traffic flows between Windows 7 Beta clients
and Windows 7 Beta servers
Remains completely transparent to the user
Distributed or Cooperative Caching ModeDistributed or Cooperative Caching Mode Cache is distributed across client computers Peer-to-peer architecture - Windows 7 Beta clients cache
content Additional clients retrieve the same content from the first client
computer Best choice if you do not have a local computer running
Windows Server 2008 R2
Cache is distributed across client computers Peer-to-peer architecture - Windows 7 Beta clients cache
content Additional clients retrieve the same content from the first client
computer Best choice if you do not have a local computer running
Windows Server 2008 R2
Hosted CachingHosted Caching Cache resides on a Windows Server 2008 R2 server deployed in
the branch office Content is copied to the server Additional clients retrieve the same content directly from the
server Content is available even when the client that originally
requested the data is offline
Cache resides on a Windows Server 2008 R2 server deployed in the branch office
Content is copied to the server Additional clients retrieve the same content directly from the
server Content is available even when the client that originally
requested the data is offline
Client Configuration Server ConfigurationClient Configuration Server Configuration Off by default Enable and configure
manually or by Group Policy
Caching mode to cooperative or hosted
Host name of hosted cache server
Set client cache size Set cache location on
disk Firewall rules required
Off by default Enable and configure
manually or by Group Policy
Caching mode to cooperative or hosted
Host name of hosted cache server
Set client cache size Set cache location on
disk Firewall rules required
Windows Server 2008 R2 - required either in the main server location or at the branch office Windows 7 Beta Enterprise - required on the client PCs
Windows Server 2008 R2 - required either in the main server location or at the branch office Windows 7 Beta Enterprise - required on the client PCs
Not installed by default Enable and configure
manually or by Group Policy Enable for all file shares or
on a file share by file share basis
If enabled on a Web server, must be enabled for all Web sites
Hosted cache must be equipped with certificate trusted by client computers suitable for TLS
Not installed by default Enable and configure
manually or by Group Policy Enable for all file shares or
on a file share by file share basis
If enabled on a Web server, must be enabled for all Web sites
Hosted cache must be equipped with certificate trusted by client computers suitable for TLS
Thin, expensive WAN links between headquarters and branches
• High bandwidth utilization• Poor application responsiveness• Data centralization worsens the problem
Get
GetIDData
Get
IDData
Data
Get
GetID
Put
Data
Get
DataID
Search
Get
Sear
ch
Request
Offer
ID
ID
ID
Data
ID
Data
Libraries Search Federation and Search
Connectors Start Menu Search Enterprise Search Scopes Search, Windows Explorer, and Group
Policy
Organize and view the files on local computers and other computers and servers on the corporate network
Organize and view the files on local computers and other computers and servers on the corporate network
Two types of libraries: search-only and browseTwo types of libraries: search-only and browse
Automatically indexed for faster viewing and searching
Automatically indexed for faster viewing and searching
Create new libraries to meet specific business requirements
Create new libraries to meet specific business requirements
Modify the existing libraries to add or remove locations
Modify the existing libraries to add or remove locations
Share with other users or keep private Share with other users or keep private
24
25
26
FeaturesFeatures Supports OpenSearch 1.1 compatible queries Supports RSS or ATOM feeds for search results Creates search connectors using an OpenSearch
Description file (.osdx file) Deploys using push, pull, or imaging Searches connector files - located in %USERPROFILE%\
Searches Link files - located in %USERPROFILE%\Links
Supports OpenSearch 1.1 compatible queries Supports RSS or ATOM feeds for search results Creates search connectors using an OpenSearch
Description file (.osdx file) Deploys using push, pull, or imaging Searches connector files - located in %USERPROFILE%\
Searches Link files - located in %USERPROFILE%\Links
Search Federation provides support for searching beyond the user's PC directly in Windows Explorer.Search connectors are used to search remote data stores and respect the security of the remote source.
Search Federation provides support for searching beyond the user's PC directly in Windows Explorer.Search connectors are used to search remote data stores and respect the security of the remote source.
28
29
<?xml version="1.0" encoding="UTF-8"?><OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"><ShortName>Name of Connector</ShortName><Description>Description of Connector</Description><Url type="application/rss+xml" template="[RSS Search Feed URL]" /></OpenSearchDescription>
Search Connectors• http://www.microsoft.com/
enterprisesearch/en/us/search-connectors.aspx
• http://www.blogsdna.com/2260/how-to-create-windows-7-search-connectors-federated-search.htm
30
Results within the libraries are sorted by relevance
Results within the libraries are sorted by relevance
Recommendations presented at the beginning of a search
Recommendations presented at the beginning of a search
Search for Control Panel tasksSearch for Control Panel tasks
Searches look at all the data in existing libraries
Searches look at all the data in existing libraries
Results appear as normal files Results appear as normal files
Can appear at the bottom of a Windows Explorer search results listCan appear at the bottom of a Windows Explorer search results list
Can appear on the user's Start menu Can appear on the user's Start menu
Help users find the data they needHelp users find the data they need
Use Group Policy to deployUse Group Policy to deploy
Use scopes to point users to the right data sources Use scopes to point users to the right data sources
New Group PoliciesNew Group Policies Disable Known Folders Pin Internet search
sites to the “Search again” links and the Start menu
Pin Libraries or Search Connectors to the “Search again” links and the Start menu
Remove the Search button from Windows Explorer
Disable Known Folders Pin Internet search
sites to the “Search again” links and the Start menu
Pin Libraries or Search Connectors to the “Search again” links and the Start menu
Remove the Search button from Windows Explorer
Remove the Search the Internet “Search again” link
Turn off the display of snippets in Smart Details view
Turn off display of recent search entries in the Windows Explorer search box
Remove the Search the Internet “Search again” link
Turn off the display of snippets in Smart Details view
Turn off display of recent search entries in the Windows Explorer search box
DirectAccess and VPN Reconnect Enables management and updating of internet-connected remote PCs,
without a VPN connection, when users are off the corporate network Key requirements: Windows Server 2008 R2, IPSec, IPv6, and Windows 7
Beta client VPN Reconnect enables remote users to retain connection through internet
connectivity interruptions
BranchCache Reduces WAN bandwidth traffic and latency Content can be cached either on a Windows Server 2008 R2 or on
individual computers in a peer-to-peer fashion
Libraries and Search Search enhancements help users instantly find information on local
computers. Search Federation enables searching of remote document repositories,
SharePoint sites, and the Web. Libraries make finding, using, and sharing information less difficult and time
consuming.
35
God Mode is easy to set up:• Create a new folder anywhere.
• Rename the folder by pasting this name exactly as it appears (copy it first):
• GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
36
Donald E. HesterCISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+
Maze & Associates
@One / San Diego City College
www.LearnSecurity.org
http://www.linkedin.com/in/donaldehester
http://www.facebook.com/group.php?gid=245570977486
Q&AQ&A
Evaluation Survey LinkEvaluation Survey Link
Help us improve our seminars by filing out a short online evaluation survey at:
http://www.surveymonkey.com/s/10SpWinIT2
Thanks for attendingFor upcoming events and links to recently archived
seminars, check the @ONE Web site at:
http://onefortraining.org/
Windows 7 for IT Professionals Part 2:Network and SharingWindows 7 for IT Professionals Part 2:Network and Sharing