michael kleef technology advisor | microsoft australia
Post on 20-Dec-2015
214 views
TRANSCRIPT
Michael KleefTechnology Advisor | Microsoft Australiahttp://blogs.technet.com/mkleef
Branch Office VisionPromote Server Core to RODCImplement DFS-N and DFS-R RolesImplement BitLockerImplement Policy Based Qos
Data ProtectionData Protection
Remote SupportRemote Support
Server ManagementServer Management
Service DeploymentService Deployment
WAN PerformanceWAN Performance
• Cache: Local request handling• Store-and-forward to central server
• State-of-the-art compression• Cache: Limits bandwidth usage• Cache: Mitigates WAN latency
• Clients failover to a central server
• Service cache: No unique state
• Easy to re-provision replacements
ServiceService
AcceleratorAccelerator
Continuity ofContinuity of
ServicesServices
A simple, self-healing, self diagnosing, “admin-free” A simple, self-healing, self diagnosing, “admin-free” serverserver
OptionalOptional
DisposableDisposable
ReplaceableReplaceable
Server Core Only a subset of the executable files and DLLs installedNo GUI interface installedNine available Server RolesCan be managed with remote tools
Main Office Branch OfficeFeatures
Read Only Active Directory Database and GC PASOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation
BenefitsIncreases security for remote Domain Controllers where physical security cannot be guaranteed
Support ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM
RODC
BranchHub
Read Only DC
Windows Server 2008 DC
11
22
33
4455 66
66
112233445566 User logs on and authenticates
RODC: Looks in DB: "I don't have the users secrets"
Forwards Request to Windows Server 2008 DC
Windows Server 2008 DC authenticates request
Returns authentication response and TGT back to the RODC
RODC gives TGT to User and RODC will cache credentials
RODC
NamespacNamespacee
SydneSydney y
UserUser
SingapoSingaporeUserreUser
SingaporeSingaporeServerServer
Sydney Sydney ServerServer
Mitigate against external threats….BitLocker drive encryption support in Windows Server 2008Protects data while a system is offlineEnsures boot process integritySimplifies equipment recycling
Send Window
Receive Window
Increase restrictive constants
Decrease protocol traffic
More efficient bandwidth utilisation
More resilient against interruptions
RequestRequest
ResponseResponseSMB1SMB1 SMB2SMB2
Vista SP1 Further Information:http://blogs.technet.com/markrussinovich/archive/2008/02/04/2826167.aspx
Open DirOpen Dir
Query Dir
Query Dir
Query VolumeQuery
Volume
Response
Response
Response
Response
Response
Response
Open DirOpen Dir
Query DirQuery DirQuery
VolumeQuery
Volume ResponseResponseClose DirClose Dir
Close DirClose DirRespons
eRespons
eQuery DirQuery Dir
Query VolumeQuery
VolumeSatisfied Satisfied from from cachecache
40% discount for TechNet Plus Direct and TechNet Plus Single User for Launch Attendees Promo code TLNW08 www.microsoft.com.au/technetplus Priority Access to the latest software
Windows Vista SP1
Technical support when you need it most2 technical sessions with a Microsoft Support ProfessionalEnhanced levels of service in TechNet Managed Newsgroups
E-learningUpdated quarterly E-Learning courses
Sign up to the TechNet Flashwww.microsoft.com.au/technetflash
Subscribe to the TechNet Australia Blog
http://blogs.technet.com/itproaustralia
Try a TechNet Virtual Labwww.microsoft.com.au/virtuallabs
How your branch offices can be more efficient with Windows Server 2008
Server CoreRead Only Domain ControllersDFS-N and DFS-RBitLocker Drive Encryption
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of
Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft,
and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.