“Top 10 things you need to know”

Jeff Alexander | IT Pro Evangelist | Microsoft Australiahttp://blogs.technet.com/jeffa36

The Top 10Server Role Management

IIS 7.0 Features

Windows Powershell

Server Core

Virtualization

New Security features

Windows Deployment Services

Terminal Services

Group Policy

Read Only Domain Controller

Scalable Networking

• Windows Server 2003 setup

• Post-Setup security updates

• Manage your server

• Configure your server wizard

• Add/Remove Windows components

• Computer Management

• Security Configuration Wizard

• Operating system setup

• Initial Configuration Tasks

• Server Manager

Windows Server 2008Windows Server 2003

Server roles streamline management

Windows Server Setup Phases

• Administrator password

• Network IP address

• Domain membership

• Computer name

• Windows Updates

• Windows Firewall

Initial Configuration Tasks

Server Manager ConsoleModifying Roles and Features

More than a Web server, Internet Information Services 7.0

provides an accessible, extensible platform for developing and

reliably hosting Web applications and services.

Modular Architecture

Manageable

Built in Request Tracing

Extensible Design

Integrated with .NET

IIS 7.0 Enhancements

CreateStreamlined

ServersReduced Attack Surface

Extend/Modify IIS Features

Rapid Application Deployment

FastDiagnostics

Internet Information Services (IIS) 7.0

New IIS 7.0 Features

Windows PowerShell

New interactive shell and scripting language

Based on and takes advantage of .NET features

Current tools will still work

Current automation will still work

Hundreds of Scripts

Books & Training Materials

Community Support

MS MVPs

PowerShell Team Blog

Active Newsgroup

Channel 9: DFO Show

IIS.net

Manning Publications

O’Reilly Media

Sapien Press & others…

TechNet ScriptCenterExchange Server 2007

Terminal Server

WMI, Registry, Hardware, etc.

Community-Submitted scripts

MyITForum.com

Windows PowerShell Resources

Windows PowerShell

Server Core

Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems

Windows Server Core

GUI, CLR, Shell, IE, OE, etc.

Hyper-V

DHCP

DNS

File/Print IIS7

Only a subset of the executable files and DLLs installedNo GUI interface installed, no .NET, no PowerShell (for now)Nine available Server RolesCan be managed with remote tools

AD DS

AD LDS

Media

Windows Server Core

Complete Redesign of TCP/IP

Dual-IP layer architecture for native IPv4 and IPv6 supportImproved Network Performance TroubleshootingImproved performance via hardware acceleration and autotuningGreater extensibility and reliability through rich APIsCompletely manageable through Group Policy

Insp

ectio

n

AP

I

• WSK

WSK Clients TDI Clients

NDIS

AFD

• TDX

TDI

WinsockUser

ModeKernel Mode

• Next Generation TCP/IP Stack (tcpip.sys)

• IPv4

• 802.3• WLA

N• Loop-

back

• IPv4 Tunn

el

• IPv6 Tunn

el

• IPv6

• RAW• UDP• TCP

Next Generation TCP/IP Stack (tcpip.sys)

IPv4

• 802.3

• WLAN

• Loop-

back

• IPv4 Tunn

el

• IPv6 Tunn

el

IPv6

RAWUDPTCP

Key New Networking FeaturesReceive Window Autotuning Windows Filtering Platform

Receive Side Scaling Policy-based Quality of Service

Automatically senses network environment and adjusts key performance settings

Allows increase of the size of the TCP/IP send / receive window

Provides filtering capability at all layers of the TCP/IP protocol stack

Integrates and provides support for next-generation firewall features

Previous Windows operating systems limits receive protocol processing to single CPU

RSS resolves this issue by allowing network load from a network adapter to be balanced across multiple CPUs

Prioritize or manage the sending rate for outgoing network traffic

Both DSCP marking and throttling can be used together to manage traffic effectively

Windows Virtualization

VirtualizationPlatform andManagement

Management tools

VM 2

“Child”

VM 1

“Parent”

VM 2

“Child”

AMD-V / Intel VT

Windows

Hypervisor

VM 1

“Parent”

VM 2

“Child”

VM 2

“Child”

•

VHD

Greater scalability and improved performance

x64 bit host and guest supportSMP Support

Increased reliability and security

Minimal trusted code baseWindows running a foundation role

Better flexibility and manageability

Quick Migration New UIBroad management tool support including SCVMM

Windows Server 2008 Hyper-V

17

Functional Area Key Supporting Features

Performance Microkernelized hypervisor architecture with a new VSP/VSC architectureSupport for large memory per virtual machine (64GB)SMP support for virtual machines (4 virtual processors)Automatable Host setup/configuration

Scalability Support for x86 and x64 virtual machinesBroad OS support Pass through disk access for VMsRapid creation and deployment of VMs using P2V, V2V, Media, Templates

Availability Support for Quick Migration and unplanned downtimeSupport for Live Backups and VM checkpoints Support for clustering and rapid recovery Integration with management tools for continuous performance monitoring

Manageability Centralized view of all VMs in the environment and their statusReports on consolidation candidates, utilization trending, optimization opportunitiesIntelligent placement and Physical to Virtual (P2V) conversions

Fully scriptable using PowerShell®

Security Improved architecture with a minimal footprint hypervisor layerHyper-V as a Server Core roleCommon security and driver model as Windows Server 2008Robust networking features including support for VLANs and NAT

Server Virtualization: Key Features

VirtualizationThe ability to virtualize workloads with few or no limitations as to what workloads can/may be virtualized.64-bit (x64) and hardware virtualization required

AMD AMD-V or Intel Virtualization Technology

32-bit (x86) & 64-bit (x64) child partitionsLarge memory support (>32GB) within VMsSMP supportPass-through disk access for VMsNew hardware sharing architecture (VSP/VSC)

Disk, networking, input, video

Robust networkingVLAN support, NAT, Quarantine

18

Hyper-V: Key Features

Provided by:

OS

MS / XenSource / NovellISV/IHV/OEM

Hyper-V

Windows Hypervisor

“Designed for Windows” Server Hardware

Non hypervisor aware OS

Windows Server 2003, 2008

Applications

WindowsKernel VSC

WindowsKernel

Windows Server 2008

VSP

VMBus Emulation

Parent Partition

Kernel Mode

User Mode

Xen-enabledLinux Kernel Linux

VSCs

VMBus

Hypercall Adapter

Applications

Child Partitions

VMBus

Virtualization Stack

VMService

WMI Provider VM WorkerProcess

Applications

19

Hyper-V: Architecture

Windows Server Virtualization

Server Protection Features

Development Process

Secure Startup and shield up at install

Code integrity

Windows service hardening

Inbound and outbound firewall

Restart Manager

Improved auditing

Network Access Protection

Event Forwarding

Policy Based Networking

Server and Domain Isolation

Removable Device Installation Control

Active Directory Rights Management Services

Security Compliance

Network Access Protection

Network Access Protection

Network Access ProtectionPolicy-based solution that

Validates whether computers meet health policiesLimits access for noncompliant computersAutomatically remediatesnoncompliant computers Continuously updates compliant computers to maintain health state

Solution HighlightsStandards-basedPlug and PlayWorks with most devicesSupports multiple antivirus solutionsHas become the standard for Network Access Control

Customers

Partners

Remote Employees

Intranet

Internet

Network Access ProtectionHow it works

Access requested

Health state sentto NPS (RADIUS)

NPS validates against health policy

If compliant, access granted

If not compliant,restricted network access and remediation

Microsoft

NPS

Corporate Network

Policy Serverse.g.., Patch, AV

DCHP,

VPN

Switch/Router

Restricted

Network

Remediati

on

Servers

e.g., Patch

Not policy

compliant

Policy complian

t

1

3

5

4

1

3

4

5

2

2

Windows Deployment ServicesSupport for deploying Windows (all versions)

Boots WinPE over PXE Use Windows Imaging (WIM) file formatExtensibleGranular Images ManagementLonghorn Server Specifics

MulticastTFTP download performance enhancementsEFI x64 network boot support

Terminal Services Gateway

Perimeter network

Internet Corp LAN

Exte

rnal

Fire

wal

l

•In

tern

al F

irew

all

Home Terminal Server

Internet

TerminalServer

Terminal Services Gateway Server

E-mailServer

Business partner / client site

Roaming wireless

Hotel

Tunnels RDP over HTTPS

Tunnels RDP over HTTPS

Strips off RDP/HTTPSStrips off

RDP/HTTPS

RDP/SSL traffic passed to TS

RDP/SSL traffic passed to TS

Terminal Services Remote Programs

Terminal Services Gateway Server

Remote Desktop client

required

Remote Desktop client

required

Other Not-To-Be-Missed Cool Terminal Services News

EasyPrint makes printing to a local printer, well, easy by exploiting XPSFour Registry entries let you dial up bandwidth allocation between the UI stuff (mouse, screen) and data transfer (printing, file transfer)WinFX means remoted graphics commands (which is way more exciting than it sounds)

Windows Server 2008 Group Policy

Windows Vista set the stage…700+ new settings, ability to control things we never could before centrally (i.e. power save settings, device installation restrictions)Group policies no longer just a thread in Winlogon, but instead a separate serviceMeticulous step-by-step logging makes GP troubleshooting light-years easierPrinter/drive mapping via GPOPowerful new ADMX template format

Server 2008 rocks the house with…

Ever Said, "I Wish There Were a GP Setting For…?"

Group Policy Preferences lets you create a do-it-yourself group policy setting out of, well, just about anything… with a few mouse clicksBuilt into Windows Server 2008 GPMCPart of the Desktop Standard acquisitionRemote Server Admin Tools (RSAT) delivered for Vista

Read-Only Domain Controller

Main Office Remote Site

FeaturesRead Only Active Directory DatabaseOnly allowed user passwords are stored on RODCUnidirectional ReplicationRole Separation

BenefitsIncreases security for remote Domain Controllers where physical security cannot be guaranteed

Support ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM

RODC

BranchHub

Read

Only

DC

How RODC Works

Windows

Server 2008

DC

1

2

3

4

56

6

123456User logs on and authenticatesRODC: Looks in DB: "I don't have the users

secrets"

Forwards Request to Windows Server 2008

DC

Windows Server 2008 DC authenticates

request

Returns authentication response and TGT

back to the RODC

RODC gives TGT to User and RODC will

cache credentials

RODC

Read-only DC Mitigates “Stolen DC”

• Attacker PerspectiveHub Admin Perspective

Efficient Communications Fast enterprise class search on clients and serversFaster networking with new TCP/IP stack and native IPv6Improved file-sharing performance over high-latency linksIntegrated remote access to internal applications and resources

More Efficient ManagementSingle worldwide servicing modelEvent forwarding between client and serverFaster and more reliable remote operating system deploymentsNetwork Access Protection ensures health of connecting systems

Greater AvailabilityScalable print servers with client-side renderingSmooth offline experience with client-side cachingTransactional File System for file and registry operationsPolicy-based Quality of Service to prioritize application bandwidth

Windows Vista and Windows Server 2008: Better Together

For more information, please visit: www.microsoft.com/technet/subscriptions

Introducing: TechNet Plus Direct!

• All the benefits of TechNet Plus for 30% less,

• TechNet Plus Direct subscribers receive…

• Online Benefits Portal – New!

• Immediate download access: software and betas – New!

• 2 free Professional Support Incidents

• Managed Newsgroups and Online Concierge

• The TechNet Library containing the KB, security updates, service

packs, resource kits, and more

TechNet Plus Direct is available exclusively online without media shipments

Available Now!