微软超眩ppt模板超酷课件

2007 Microsoft Corporation. All rights reserved 2007 Microsoft Corporation. All rights reserved 2007 Microsoft Corporation. All rights reserved Understand key scenarios for Windows Server 2008 Learn which roles and features enable each scenario See technologies in action that bring value in each scenario 2007 Microsoft Corporation. All rights reserved Remote Infrastructure Anywhere Application Access Server Management Web and Applications Platform Security and Policy Enforcement Server Virtualization High Availability 2007 Microsoft Corporation. All rights reserved Key Technologies Server Core Server Manager Windows PowerShell Goals Reduce management and servicing needs, while improving reliability and security Configure local server through a single interface Add / remove server roles and features more securely and reliably View status and perform local management tasks from a single tool Automate administration of multiple servers with task-based scripting language Accelerate script authoring, testing and debugging Perform server management through multiple data stores 2007 Microsoft Corporation. All rights reserved New minimal installation option with only “core” components No GUI interface Subset of server roles and features available Manage remotely as you would any server 2007 Microsoft Corporation. All rights reserved Server Server ManagerManager Product InstallationProduct Installation Initial ConfigurationInitial Configuration 2007 Microsoft Corporation. All rights reserved New Command-line shell & Scripting Language Resources Improves productivity & control Accelerates automation of system admin Works with existing scripts Ships with Windows Server 2008 Easy for non-programmers Role management in future versions TechNet Script Center MyITF Newsgroup and Web Forum Team Blog and Channel 9 Books from MS Press, Manning, OReilly, Sapien etc. Partners 2007 Microsoft Corporation. All rights reserved Key Technologies Internet Information Services 7.0 .NET Framework 3.0 Windows Media Services Windows SharePoint Services Goals Efficiently manage Web server, Web applications and Web services. Deploy and configure Web applications and services across server farms quickly Create customized Web platform that is faster, more secure and more reliable Improve performance & scalability of Web applications and services Achieve fine control and visibility into utilization of key OS resources 2007 Microsoft Corporation. All rights reserved Streamlined installation means reduced attack surface Simplified administration through variety of tools Customization and extensibility through .NET Xcopy deployment and shared configuration Event logging and tracing for faster troubleshooting Application and health management for Web services 2007 Microsoft Corporation. All rights reserved Arsenal of Admin Tools Delegated Management Secure Remote Management Shared Config for Web Farms Better Tools Intuitive, Task Oriented GUI .NET Management API Unified WMI Provider for IIS/ASP.NET Powerful Command Line Support Rich Runtime State Information Automatic Failure Tracing & Logging Site Owner Web.config XML XCopy DeployXCopy Deploy Administrator Internet Manage Remotely Secure HTTPS AppHost.config XML Shared Config Shared App Hosting Web Farm App 2007 Microsoft Corporation. All rights reserved Centralized Configuration replicates data across server farms Two-Tier administration model Improved Backup and Recovery support Multi-Stage Recycle Bin ASP.NET Forms authentication integration Non-windows based systems 2007 Microsoft Corporation. All rights reserved Technologies Active Directory Read-Only Domain Controller Administrative Role Separation Restartable Active Directory SYSVOL replication using DFS BitLocker Drive Encryption NetIO Goals Improve the efficiency of remote office server deployment and administration Mitigate physical security risks in remote offices Improve the efficiency of WAN communications 2007 Microsoft Corporation. All rights reserved Impact of stolen DC to the Active Directory reduced By default, no users/computers passwords stored on RODC Read-only Partial Attribute Set can prevent application credentials from replicating to RODC Reduced attack surface to the Active Directory for a compromised DC Read-only state with unidirectional replication for AD and FRS/DFSR Each RODC has its own KDC KrbTGT account to provide cryptographic key separation Delegated DCPROMO reduces need for DA to TS into RODC RODCs are workstation accounts Not members of Enterprise-DC or Domain-DC groups Very limited rights to write in Directory Enhanced Security for remote office DCsEnhanced Security for remote office DCs 2007 Microsoft Corporation. All rights reserved BranchHub Read Only DC Windows Server 2008 DC 1 1 2 2 3 34 4 5 5 6 6 6 6 1 1 2 2 3 3 4 4 5 5 6 6 User logs on and authenticates RODC: Looks in DB: “I dont have the users secrets“ Forwards Request to Windows Server 2008 DC Windows Server 2008 DC authenticates request Returns authentication response and TGT back to the RODC RODC gives TGT to User and RODC will cache credentials RODC 2007 Microsoft Corporation. All rights reserved No accounts cached (default) Pro: Most secure, still provides fast authentication and policy processing. Con: No offline access for anyone. WAN required for Logon Most accounts cached Pro: Ease of password management. Intended for customers who care most about manageability improvements of RODC and not security. Con: More passwords potentially exposed to RODC Few accounts (branch-specific accounts) cached Pro: Enables offline access for those that need it, and maximizes security for other Con: Fine grained administration is new task Need to map computers per branch Requires watching Auth2 attribute list to manually identify accounts, or use MIIS to automate. Password replication policy management modelsPassword replication policy management models 2007 Microsoft Corporation. All rights reserved Threat mitigationThreat mitigation Hub Admin perspectiveAttacker perspective 2007 Microsoft Corporation. All rights reserved Administrative Role Separation Provides a new “local administrator” level of access per RODC Prevents accidental AD modifications by machine administrators Does not prevent “local administrator” from maliciously modifying the local DB Stop/Start the AD Directory Services without reboot Reduce DC downtime for offline operations Keep other services running while DC offline Acts like a member server while DC offline SYSVOL replication using DFS-R Greater scalability and reliability Bandwidth utilization reduction through RDC Additional remote infrastructure improvementsAdditional remote infrastructure improvements 2007 Microsoft Corporation. All rights reserved Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage Full Volume Encryption Key (FVEK) Encryption Policy 2007 Microsoft Corporation. All rights reserved Receive Window AutotuningWindows Filtering Platform Receive Side ScalingPolicy-based Quality of Service Automatically senses network Automatically senses network environment and adjusts key environment and adjusts key performance settingsperformance settings Allows increase of the size of Allows increase of the size of the TCP/IP send / receive the TCP/IP send / receive windowwindow Provides filtering capability at Provides filtering capability at all layers of the TCP/IP protocol all layers of the TCP/IP protocol stack stack Integrates and provides support Integrates and provides support for next-generation firewall for next-generation firewall featuresfeatures Previous Windows operating Previous Windows operating systems limits receive protocol systems limits receive protocol processing to single CPUprocessing to single CPU RSS resolves this issue by RSS resolves this issue by allowing network load from a allowing network load from a network adapter to be balanced network adapter to be balanced across multiple CPUsacross multiple CPUs Prioritize or manage the Prioritize or manage the sending rate for outgoing sending rate for outgoing network trafficnetwork traffic Both DSCP marking and Both DSCP marking and throttling can be used together throttling can be used together to manage traffic effectivelyto manage traffic effectively 2007 Microsoft Corporation. All rights reserved The Receive Window LimitationThe Receive Window Limitation Maximum Throughput (Mpbs) RTT ms North North AmericaAmerica IntercontinentalIntercontinental FiberFiber SatelliteSatellite64 KB 128 KB 256 KB 512 KB 2007 Microsoft Corporation. All rights reserved Key Technologies Terminal Services Gateway Terminal Services Remote Programs Terminal Services Web Access Goals Provide anywhere access to business applications over the Internet Remove risk of data loss from laptops by using secure remote access to applications and data located centrally Reduce management costs by removing the need for application servers at distributed locations Provide secure access to terminal services without needing to enable full network access via VPN or other mechanisms. Consolidate existing terminal servers using x64 technology 2007 Microsoft Corporation. All rights reserved Two key areas of focus in Windows Server 2008 Improving the platform & enabling partner value add Improve out of the box experience for less complex scenarios 2007 Microsoft Corporation. All rights reserved Internet Perimeter Network Corporate Network Remote/ Mobile User Terminal Services Gateway Network Policy Server Active Directory DC Tunnels RDP over HTTPs Strips off RDP / HTTPs Terminal Servers and other RDP Hosts RDP traffic passed to TS Internet 2007 Microsoft Corporation. All rights reserved Terminal Server Run server-based applications locally Centrally manage applications Zero footprint client installation RDP 6.0 client required 2007 Microsoft Corporation. All rights reserved Key Technologies Network Access Services Internet Protocol security (IPsec) System Health Validator / System Health Agent Health Certificate Server Wireless Mangement Goals Check health and verify compliance for roaming or visiting laptops and home computers Simplify system and software updates and application installation Enhance wireless network security with improved network authentication and encryption 2007 Microsoft Corporation. All rights reserved Todays Challenges Wireless Clients Use Different Configuration Utilities Limited Central Management Of Wireless Configuration Throughout An Organization Result: Provisioning Wireless Clients Is Costly And Time- consuming Solution Group Policy or Command-Line Provisioning of Wireless Clients Deployment simplified Support for mixed wireless security environments Separation of wired 802.1x and wireless services Granular manageability and extensibility supported User experience improved Can Leverage Investment in Active Directory for Granular Targeting Can Limit Connection to Authorized Networks Only 2007 Microsoft Corporation. All rights reserved Policy-driven accessPolicy-driven access 2007 Microsoft Corporation. All rights reserved 1 Restricted Network MSFT Network Policy Server 3 Policy Servers e.g. MSFT Security Center, SMS, Antigen or 3rd party Policy compliant DHCP, VPN Switch/Router 2 Windows Vista Client Fix Up Servers e.g. MSFT WSUS, SMS & 3rd party Corporate Network 5 Not policy compliant 4 Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control Customer Benefits 2007 Microsoft Corporation. All rights reserved Client SHA System Health agents check client state QA Coordinates SHA/EC EC Method of enforcement Remediation Server Serves up patches, AV signatures, etc. Network Policy Server QS evaluates client health SHV evaluates SHA answer System Health Server Provides SHV NPS Policy Server (RADIUS) Quarantine Server (QS) Client Quarantine Agent (QA) Health policyUpdates Health Statements Network Access Requests System Health Servers Remediation Servers Health Certificate 802.1x Switches Policy Firewalls SSL VPN Gateways Certificate Servers (SHA) MS SHA, SMS System Health Validator (EC) (DHCP, IPsec, 802.1X, VPN) (SHA) 3rd Parties (EC) 3rd Party EAP VPNs 2007 Microsoft Corporation. All rights reserved Key Technologies Active Directory Domain Services Active Directory Certificate Services Active Directory Federation Service Active Directory Rights Management Services Goals Securely extend and protect information and applications to business partners Reduce the risk of unauthorized access through strong authentication Reduce the number of user accounts and repositories that need to be managed Securely manage user accounts and information outside the datacenter 2007 Microsoft Corporation. All rights reserved Enterprise PKI (PKIView)Enterprise PKI (PKIView) Now a Microsoft Management Now a Microsoft Management Console snap-in Console snap-in Support for Unicode charactersSupport for Unicode characters Online Certificate Status Online Certificate Status Protocol (OSCP)Protocol (OSCP) Online Responders Online Responders Responder ArraysResponder Arrays Network Device Enrollment Network Device Enrollment ServiceService Microsofts implementation of Microsofts implementation of the Simple Certificate the Simple Certificate Enrollment Protocol (SCEP) Enrollment Protocol (SCEP) Enhances security of Enhances security of communications by using IPseccommunications by using IPsec Web EnrollmentWeb Enrollment Removed previous ActiveX Removed previous ActiveX enrollment control - XEnroll.dll enrollment control - XEnroll.dll Enhanced new COM Enhanced new COM enrollment control - enrollment control - CertEnroll.dllCertEnroll.dll 2007 Microsoft Corporation. All rights reserved Information AuthorThe Recipient AD RMS protects access to an organizations digital files AD RMS in Windows Server 2008 includes several new features Improved installation and administration experience Self-enrollment of the AD RMS cluster Integration with AD Federation Services New administrative roles 2007 Microsoft Corporation. All rights reserved Key Technologies Windows Server Virtualization Server Core Goals Server Consolidation maximize hardware utilization and consolidate workloads to reduce costs Development and Test create more flexible environments that reduce costs and improve lifecycle management Business Continuity Management eliminate impact of downtime and enable disaster recovery abilities Dynamic Datacenter - create a more agile infrastructure with new management capabilities to move virtual machines without impact 2007 Microsoft Corporation. All rights reserved Test and Development Business Continuity Management Dynamic Datacenter Production Server Consolidation 2007 Microsoft Corporation. All rights reserved Virtualization Technologies Windows Server Virtualization Server Virtualization Presentation Virtualization Application Virtualization Desktop Virtualization Management 2007 Microsoft Corporation. All rights reserved Virtualization Stack Parent PartitionChild Partitions Kernel Mode User Mode Virtualization Service Providers (VSPs) Windows Kernel Server Core IHV Drivers Virtualization Service Clients (VSCs) Windows Kernel EnlightenmentsVMBus Windows Server hypervisor VM Service WMI Provider Applications “Designed for Windows” Server Hardware Provided by: Microsoft ISV OEM Virtual Server VM Worker Processes 2007 Microsoft Corporation. All rights reserved Key Technologies Failover Clustering Goals Reduce complexity through new management interface Simplify creation and management of clustered servers. Reduce support costs and implementation times through simpler configuration Implement geographically dispersed clusters to adapt to the customers environment 2007 Microsoft Corporation. All rights reserved Heartbeat New Validation Wizard Support for GUID partition table (GPT) disks in cluster storage Improved cluster setup and mig