Vito Konopelec

Microsoft Slovakia

Building The Optimized Desktop Infrastructure with Windows 7 and Windows Server 2008 R2

Branch officesRemote work

Mobile and distributed workforce

Changing World for Information Workers

Central office

IT professional needs:• Secure and flexible infrastructure for working

anywhere

• Reduce costs

Mobile and remote workforce needs:• Work anywhere

• Fast access

The Evolving Needs of Organizations

Optimized Desktop

Client Computing Trends and Choices

Compliance

Costs

ContingencyCarbon-Neutral

(“Green”)

Consumerization

Infrastructure for the Optimized Desktop

• Increase user productivity by enabling access to applications and data quickly, from anywhere

• Enable faster, more scalable, and efficient access to network resources

• Implement policy-based network access and security

• Update and manage mobile PCs even when not on the corporate the network

• Publish server-based applications directly to users’ desktops

• Centrally aggregate important client and server events

Enhance User Productivity Protect Sensitive DataReduce Costs with

Enhanced Manageability

Fundamentals

Security | Reliability | Application Compatibility | Device Compatibility | Performance | Power Management

• Enable faster, more scalable, and efficient access to network resources

• Implement policy-based network security

• Centrally aggregate important client and server events

Combined value to deliver the optimized desktopWindows 7 and Windows Server 2008 R2

Key Scenario Benefits Features

Enhance User Productivity

• Provide faster, more scalable, and efficient access to network resources

• Provide users with seamless access to applications and data from anywhere, helping to increase their productivity

• Provide users with a rich desktop experience from unmanaged or thin clients

• Receive Window auto-tuning • SMB 2.0 • IPv6• DirectAccess• BranchCache™• VDI enhancements

Protect Sensitive Data • Enable policy-based network security by allowing only healthy PCs to access network resources

• Network access protection• Server and domain isolation

Reduce Costs with Enhanced Manageability

• Update and manage mobile PCs even when not on the corporate the network

• Publish server-based applications directly to users’ desktops

• Centrally aggregate important client and server events to help desk

• DirectAccess• Remote Desktop Services

(RDS)• Event forwarding

Enhancing User Productivity

IPv6

• All services within Windows Vista are IPv6-enabled

• Seamless cost-optimized transitional approach

Receive-side auto-tuning

• Automatically senses the network environment and adjusts important performance settings

• Allows increase in the size of the TCP/IP send/receive window

SMB 2.0 protocol improvements

• Number of open files and shares on the server

• Packet compounding reduces “chattiness”

• Message signing settings have been improved

• Client-side encryption is supported

• Durable handles are supported

Faster, More Scalable, and Efficient Access to Network Resources

Situation Today DirectAccess

OfficeHome

• Challenging for IT to manage, update, and patch mobile PCs while disconnected from the company network

• Difficult for users to access corporate resources from outside the office

• Corporate network boundary includes managed assets no matter where they are on the Internet

• Easy to service mobile PCs and distribute updates and polices

• New network paradigm increases mobile user productivity by providing the same experience inside and outsidethe office

HomeOffice

Remote Access for Mobile Workers

ClientServer

• Runs on Windows 7

• Domain-joined

• Initial configuration done on the corporate network or over VPN

• Runs on Windows Server 2008 R2

• Sits on the network edge

• Single box by default

• Services can be split up for scalability

DirectAccess Components

IT Pro Benefits

DirectAccess Benefits

• Improved manageability of remote users

• IT simplification and cost reduction

• Consistent security for all access scenarios

End-User Benefits• Seamless and secure access to corporate resources

• Consistent connectivity experience inside and outside the office

• Enhances the end-to-end IW experience when combined with other Windows 7 features

IPv6 Devices IPv4 Devices

DirectAccessServer

Windows 7 Client

Native IPv6 with IPSec

IPv6 Transition Services

Supports variety of remote network protocols

DirectAccess

DirectAccess provides transparent, secured

access to intranet resources without a VPN

Allows desktop management of

DirectAccess clients

Allows IPSec encryption and authentication

Supports direct connectivity to IPv6-

based intranet resources

Support IPv4 via 6to4 transition

services or NAT-PTIT desktop manageme

nt

AD Group Policy, NAP,

software updates

Internet

Situation Today BranchCache™

• Application and data access over WAN is slow in branch offices

• Slow connections hurt user productivity

• Improving network performance is expensive and difficult to implement

• Caches content downloaded from file and Web servers

• Users in the branch can quickly open files stored in the cache

• Frees up network bandwidth for other uses

Branch Office Enhancements

IT Pro Benefits

BranchCache Benefits

• Helps reduce WAN utilization and cost

• Data encryption is enforced across the network

• Simple to deploy

End User Benefits• Less waiting for downloads = more productivity

• Combined with other Windows 7 features enhances the end to end IW experience

1. First client downloads data from main office server

Main Office

Client 1

Client 2

2. Second client downloads identifiers from main office server

3. Second client searches local network for data and downloads from first client

Branch Office

Improving Branch PerformanceDistributed mode

1. First client downloads data from main office server

Client 1

Client 2

Branch Office

2. Content pushed to hosted cache from first client

3. Second client downloads identifiers from main office server

4. Second client downloads from hosted cache

Main Office

Hosted cachingImproving Branch Performance

Aero Glass for Remote Desktop Server• Uses have the same new Windows 7 look and feel when using Remote

Desktop Server

RemoteApp and Remote Desktop connections• RemoteApp and Remote Desktop icons integrate into the Start menu• Icons refresh and update automatically

Multimedia support and audio input• Experience rich multimedia redirection • Use VoIP applications and speech recognition

True multiple monitor support• Use up to 10 monitors of any size or layout with RemoteApp and Remote

Desktop• Applications behave like users expect – e.g. PowerPoint installing them locally

RemoteApp language bar support• Configure applications that use different language settings than the local

language (such as right-to-left languages)

Full Fidelity RemoteApp and Remote Desktop

Protect Sensitive Data

Today’s Challenges

Network Access Protection

• Unprotected network taps within an organization’s buildings

• Administrators have limited control over the health of systems joining the network

• Result: hardware/network upgrades and increased operational costs, reduced productivity

Solution: end-to-end, authenticated, tamper-resistant communication• Improved isolation using IPsec

• Network access protection across IPsec, 802.1X, DHCP, VPN

• Increased manageability

1

RemediationServers

Example: PatchRestrictedNetwork

1

Windows Client

2

2 DHCP, VPN, or switch/router relays health status to Microsoft Network Policy Server (RADIUS)

3

3 Network Policy Server (NPS) validates against IT-defined health policy

4If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, and signatures (Repeat 1-4)

Not policy compliant

5 If policy compliant, client is granted full access to corporate network

Policy compliant

NPSDHCP, VPN

switch/router

4

Policy ServersExample: Patch, AV

Corporate Network5

Client requests access to network and presents current health state

Network Access Protection

Policy-Based Dynamic Segmentation

Untrusted

Unmanaged/rogue computer

Domain Isolation

Active Directory Domain Controller

X

Server Isolation

Servers with Sensitive DataHR Workstation

Managed Compute

r

X

Managed Compute

r

Trusted Resource Server

Corporate Network

Define the logical isolation boundariesDistribute policies and credentialsManaged computers can communicateBlock inbound connections from untrustedEnable tiered-access to sensitive resources

Reduce the risk of network security threats

Manageability Beyond the Office

• An additional layer of defense-in-depth• Reduced attack surface area• Increased manageability and more healthy clients

Safeguard sensitive data and intellectual property• Authenticated, end-to-end network communications• Scalable, tiered access to trusted networked resources• Protect the confidentiality and integrity of data

Extend the value of existing investments• No additional hardware or software required• Get more value from Active Directory and group policy• Complements existing third-party network security solutions

Enhanced Manageability

DirectAccess

Manageability Beyond The Office

Enables “always-on” management of remote machines to support a fully manageable environmentScenarios include:• Group policy updates• Folder redirection/client-side caching• Software/update distribution

Event SubscriptionsProactive management of key issues• Pull/forward events to and from multiple machines and

search/collate• Does not require loading entire log from remote machine

Improved management toolset• Reduce repetitive tasks with RDS Powershell support, improved application

installation, connection broker installation and profile management

RDS and VDI – an integrated solution• Single broker to connect users to sessions or virtual machines, out-of-the-box

solution for VDI scenarios with Hyper-V

RemoteApp and Remote Desktop connections• Centrally hosted applications integrated into the Start menu and desktop, can

personalize a non-work PC with work applications without installing them locally

Platform investments• Multiple levels of extensibility for custom partner solutions for RDS- and

VDI-based solutions

Remote Desktop Services Manageability

© 2009 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.