Michael KleefTechnology Advisor | Microsoft Australiahttp://blogs.technet.com/mkleef

Branch Office VisionPromote Server Core to RODCImplement DFS-N and DFS-R RolesImplement BitLockerImplement Policy Based Qos

Data ProtectionData Protection

Remote SupportRemote Support

Server ManagementServer Management

Service DeploymentService Deployment

WAN PerformanceWAN Performance

• Cache: Local request handling• Store-and-forward to central server

• State-of-the-art compression• Cache: Limits bandwidth usage• Cache: Mitigates WAN latency

• Clients failover to a central server

• Service cache: No unique state

• Easy to re-provision replacements

ServiceService

AcceleratorAccelerator

Continuity ofContinuity of

ServicesServices

A simple, self-healing, self diagnosing, “admin-free” A simple, self-healing, self diagnosing, “admin-free” serverserver

OptionalOptional

DisposableDisposable

ReplaceableReplaceable

Server Core Only a subset of the executable files and DLLs installedNo GUI interface installedNine available Server RolesCan be managed with remote tools

Main Office Branch OfficeFeatures

Read Only Active Directory Database and GC PASOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation

BenefitsIncreases security for remote Domain Controllers where physical security cannot be guaranteed

Support ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM

RODC

BranchHub

Read Only DC

Windows Server 2008 DC

11

22

33

4455 66

66

112233445566 User logs on and authenticates

RODC: Looks in DB: "I don't have the users secrets"

Forwards Request to Windows Server 2008 DC

Windows Server 2008 DC authenticates request

Returns authentication response and TGT back to the RODC

RODC gives TGT to User and RODC will cache credentials

RODC

NamespacNamespacee

SydneSydney y

UserUser

SingapoSingaporeUserreUser

SingaporeSingaporeServerServer

Sydney Sydney ServerServer

Mitigate against external threats….BitLocker drive encryption support in Windows Server 2008Protects data while a system is offlineEnsures boot process integritySimplifies equipment recycling

Send Window

Receive Window

Increase restrictive constants

Decrease protocol traffic

More efficient bandwidth utilisation

More resilient against interruptions

RequestRequest

ResponseResponseSMB1SMB1 SMB2SMB2

Vista SP1 Further Information:http://blogs.technet.com/markrussinovich/archive/2008/02/04/2826167.aspx

Open DirOpen Dir

Query Dir

Query Dir

Query VolumeQuery

Volume

Response

Response

Response

Response

Response

Response

Open DirOpen Dir

Query DirQuery DirQuery

VolumeQuery

Volume ResponseResponseClose DirClose Dir

Close DirClose DirRespons

eRespons

eQuery DirQuery Dir

Query VolumeQuery

VolumeSatisfied Satisfied from from cachecache

40% discount for TechNet Plus Direct and TechNet Plus Single User for Launch Attendees Promo code TLNW08 www.microsoft.com.au/technetplus Priority Access to the latest software

Windows Vista SP1

Technical support when you need it most2 technical sessions with a Microsoft Support ProfessionalEnhanced levels of service in TechNet Managed Newsgroups

E-learningUpdated quarterly E-Learning courses

Sign up to the TechNet Flashwww.microsoft.com.au/technetflash

Subscribe to the TechNet Australia Blog

http://blogs.technet.com/itproaustralia

Try a TechNet Virtual Labwww.microsoft.com.au/virtuallabs

How your branch offices can be more efficient with Windows Server 2008

Server CoreRead Only Domain ControllersDFS-N and DFS-RBitLocker Drive Encryption

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of

Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft,

and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.