server role management iis 7.0 features windows powershell server core virtualization new security...
Post on 21-Dec-2015
238 views
TRANSCRIPT
“Top 10 things you need to know”
Jeff Alexander | IT Pro Evangelist | Microsoft Australiahttp://blogs.technet.com/jeffa36
The Top 10Server Role Management
IIS 7.0 Features
Windows Powershell
Server Core
Virtualization
New Security features
Windows Deployment Services
Terminal Services
Group Policy
Read Only Domain Controller
Scalable Networking
• Windows Server 2003 setup
• Post-Setup security updates
• Manage your server
• Configure your server wizard
• Add/Remove Windows components
• Computer Management
• Security Configuration Wizard
• Operating system setup
• Initial Configuration Tasks
• Server Manager
Windows Server 2008Windows Server 2003
Server roles streamline management
Windows Server Setup Phases
• Administrator password
• Network IP address
• Domain membership
• Computer name
• Windows Updates
• Windows Firewall
Initial Configuration Tasks
Server Manager ConsoleModifying Roles and Features
More than a Web server, Internet Information Services 7.0
provides an accessible, extensible platform for developing and
reliably hosting Web applications and services.
Modular Architecture
Manageable
Built in Request Tracing
Extensible Design
Integrated with .NET
IIS 7.0 Enhancements
CreateStreamlined
ServersReduced Attack Surface
Extend/Modify IIS Features
Rapid Application Deployment
FastDiagnostics
Internet Information Services (IIS) 7.0
New IIS 7.0 Features
Windows PowerShell
New interactive shell and scripting language
Based on and takes advantage of .NET features
Current tools will still work
Current automation will still work
Hundreds of Scripts
Books & Training Materials
Community Support
MS MVPs
PowerShell Team Blog
Active Newsgroup
Channel 9: DFO Show
IIS.net
Manning Publications
O’Reilly Media
Sapien Press & others…
TechNet ScriptCenterExchange Server 2007
Terminal Server
WMI, Registry, Hardware, etc.
Community-Submitted scripts
MyITForum.com
Windows PowerShell Resources
Windows PowerShell
Server Core
Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems
Windows Server Core
GUI, CLR, Shell, IE, OE, etc.
Hyper-V
DHCP
DNS
File/Print IIS7
Only a subset of the executable files and DLLs installedNo GUI interface installed, no .NET, no PowerShell (for now)Nine available Server RolesCan be managed with remote tools
AD DS
AD LDS
Media
Windows Server Core
Complete Redesign of TCP/IP
Dual-IP layer architecture for native IPv4 and IPv6 supportImproved Network Performance TroubleshootingImproved performance via hardware acceleration and autotuningGreater extensibility and reliability through rich APIsCompletely manageable through Group Policy
Insp
ectio
n
AP
I
• WSK
WSK Clients TDI Clients
NDIS
AFD
• TDX
TDI
WinsockUser
ModeKernel Mode
• Next Generation TCP/IP Stack (tcpip.sys)
• IPv4
• 802.3• WLA
N• Loop-
back
• IPv4 Tunn
el
• IPv6 Tunn
el
• IPv6
• RAW• UDP• TCP
Next Generation TCP/IP Stack (tcpip.sys)
IPv4
• 802.3
• WLAN
• Loop-
back
• IPv4 Tunn
el
• IPv6 Tunn
el
IPv6
RAWUDPTCP
Key New Networking FeaturesReceive Window Autotuning Windows Filtering Platform
Receive Side Scaling Policy-based Quality of Service
Automatically senses network environment and adjusts key performance settings
Allows increase of the size of the TCP/IP send / receive window
Provides filtering capability at all layers of the TCP/IP protocol stack
Integrates and provides support for next-generation firewall features
Previous Windows operating systems limits receive protocol processing to single CPU
RSS resolves this issue by allowing network load from a network adapter to be balanced across multiple CPUs
Prioritize or manage the sending rate for outgoing network traffic
Both DSCP marking and throttling can be used together to manage traffic effectively
Windows Virtualization
VirtualizationPlatform andManagement
Management tools
VM 2
“Child”
VM 1
“Parent”
VM 2
“Child”
AMD-V / Intel VT
Windows
Hypervisor
VM 1
“Parent”
VM 2
“Child”
VM 2
“Child”
•
VHD
Greater scalability and improved performance
x64 bit host and guest supportSMP Support
Increased reliability and security
Minimal trusted code baseWindows running a foundation role
Better flexibility and manageability
Quick Migration New UIBroad management tool support including SCVMM
Windows Server 2008 Hyper-V
17
Functional Area Key Supporting Features
Performance Microkernelized hypervisor architecture with a new VSP/VSC architectureSupport for large memory per virtual machine (64GB)SMP support for virtual machines (4 virtual processors)Automatable Host setup/configuration
Scalability Support for x86 and x64 virtual machinesBroad OS support Pass through disk access for VMsRapid creation and deployment of VMs using P2V, V2V, Media, Templates
Availability Support for Quick Migration and unplanned downtimeSupport for Live Backups and VM checkpoints Support for clustering and rapid recovery Integration with management tools for continuous performance monitoring
Manageability Centralized view of all VMs in the environment and their statusReports on consolidation candidates, utilization trending, optimization opportunitiesIntelligent placement and Physical to Virtual (P2V) conversions
Fully scriptable using PowerShell®
Security Improved architecture with a minimal footprint hypervisor layerHyper-V as a Server Core roleCommon security and driver model as Windows Server 2008Robust networking features including support for VLANs and NAT
Server Virtualization: Key Features
VirtualizationThe ability to virtualize workloads with few or no limitations as to what workloads can/may be virtualized.64-bit (x64) and hardware virtualization required
AMD AMD-V or Intel Virtualization Technology
32-bit (x86) & 64-bit (x64) child partitionsLarge memory support (>32GB) within VMsSMP supportPass-through disk access for VMsNew hardware sharing architecture (VSP/VSC)
Disk, networking, input, video
Robust networkingVLAN support, NAT, Quarantine
18
Hyper-V: Key Features
Provided by:
OS
MS / XenSource / NovellISV/IHV/OEM
Hyper-V
Windows Hypervisor
“Designed for Windows” Server Hardware
Non hypervisor aware OS
Windows Server 2003, 2008
Applications
WindowsKernel VSC
WindowsKernel
Windows Server 2008
VSP
VMBus Emulation
Parent Partition
Kernel Mode
User Mode
Xen-enabledLinux Kernel Linux
VSCs
VMBus
Hypercall Adapter
Applications
Child Partitions
VMBus
Virtualization Stack
VMService
WMI Provider VM WorkerProcess
Applications
19
Hyper-V: Architecture
Windows Server Virtualization
Server Protection Features
Development Process
Secure Startup and shield up at install
Code integrity
Windows service hardening
Inbound and outbound firewall
Restart Manager
Improved auditing
Network Access Protection
Event Forwarding
Policy Based Networking
Server and Domain Isolation
Removable Device Installation Control
Active Directory Rights Management Services
Security Compliance
Network Access Protection
Network Access Protection
Network Access ProtectionPolicy-based solution that
Validates whether computers meet health policiesLimits access for noncompliant computersAutomatically remediatesnoncompliant computers Continuously updates compliant computers to maintain health state
Solution HighlightsStandards-basedPlug and PlayWorks with most devicesSupports multiple antivirus solutionsHas become the standard for Network Access Control
Customers
Partners
Remote Employees
Intranet
Internet
Network Access ProtectionHow it works
Access requested
Health state sentto NPS (RADIUS)
NPS validates against health policy
If compliant, access granted
If not compliant,restricted network access and remediation
Microsoft
NPS
Corporate Network
Policy Serverse.g.., Patch, AV
DCHP,
VPN
Switch/Router
Restricted
Network
Remediati
on
Servers
e.g., Patch
Not policy
compliant
Policy complian
t
1
3
5
4
1
3
4
5
2
2
Windows Deployment ServicesSupport for deploying Windows (all versions)
Boots WinPE over PXE Use Windows Imaging (WIM) file formatExtensibleGranular Images ManagementLonghorn Server Specifics
MulticastTFTP download performance enhancementsEFI x64 network boot support
Terminal Services Gateway
Perimeter network
Internet Corp LAN
Exte
rnal
Fire
wal
l
•In
tern
al F
irew
all
Home Terminal Server
Internet
TerminalServer
Terminal Services Gateway Server
E-mailServer
Business partner / client site
Roaming wireless
Hotel
Tunnels RDP over HTTPS
Tunnels RDP over HTTPS
Strips off RDP/HTTPSStrips off
RDP/HTTPS
RDP/SSL traffic passed to TS
RDP/SSL traffic passed to TS
Terminal Services Remote Programs
Terminal Services Gateway Server
Remote Desktop client
required
Remote Desktop client
required
Other Not-To-Be-Missed Cool Terminal Services News
EasyPrint makes printing to a local printer, well, easy by exploiting XPSFour Registry entries let you dial up bandwidth allocation between the UI stuff (mouse, screen) and data transfer (printing, file transfer)WinFX means remoted graphics commands (which is way more exciting than it sounds)
Windows Server 2008 Group Policy
Windows Vista set the stage…700+ new settings, ability to control things we never could before centrally (i.e. power save settings, device installation restrictions)Group policies no longer just a thread in Winlogon, but instead a separate serviceMeticulous step-by-step logging makes GP troubleshooting light-years easierPrinter/drive mapping via GPOPowerful new ADMX template format
Server 2008 rocks the house with…
Ever Said, "I Wish There Were a GP Setting For…?"
Group Policy Preferences lets you create a do-it-yourself group policy setting out of, well, just about anything… with a few mouse clicksBuilt into Windows Server 2008 GPMCPart of the Desktop Standard acquisitionRemote Server Admin Tools (RSAT) delivered for Vista
Read-Only Domain Controller
Main Office Remote Site
FeaturesRead Only Active Directory DatabaseOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation
BenefitsIncreases security for remote Domain Controllers where physical security cannot be guaranteed
Support ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM
RODC
BranchHub
Read
Only
DC
How RODC Works
Windows
Server 2008
DC
1
2
3
4
56
6
123456User logs on and authenticatesRODC: Looks in DB: "I don't have the users
secrets"
Forwards Request to Windows Server 2008
DC
Windows Server 2008 DC authenticates
request
Returns authentication response and TGT
back to the RODC
RODC gives TGT to User and RODC will
cache credentials
RODC
Read-only DC Mitigates “Stolen DC”
• Attacker PerspectiveHub Admin Perspective
Efficient Communications Fast enterprise class search on clients and serversFaster networking with new TCP/IP stack and native IPv6Improved file-sharing performance over high-latency linksIntegrated remote access to internal applications and resources
More Efficient ManagementSingle worldwide servicing modelEvent forwarding between client and serverFaster and more reliable remote operating system deploymentsNetwork Access Protection ensures health of connecting systems
Greater AvailabilityScalable print servers with client-side renderingSmooth offline experience with client-side cachingTransactional File System for file and registry operationsPolicy-based Quality of Service to prioritize application bandwidth
Windows Vista and Windows Server 2008: Better Together
For more information, please visit: www.microsoft.com/technet/subscriptions
Introducing: TechNet Plus Direct!
• All the benefits of TechNet Plus for 30% less,
• TechNet Plus Direct subscribers receive…
• Online Benefits Portal – New!
• Immediate download access: software and betas – New!
• 2 free Professional Support Incidents
• Managed Newsgroups and Online Concierge
• The TechNet Library containing the KB, security updates, service
packs, resource kits, and more
TechNet Plus Direct is available exclusively online without media shipments
Available Now!