1 / 26

Branch Office Solutions in Windows Server 2008

SVR304. Branch Office Solutions in Windows Server 2008. Julius Sinkevicius Group Product Manager Windows Server – Microsoft Corporation juliuss@microsoft.com. Session Agenda. Windows Server 2008 and Branch Office Benefits. Server Core. BitLocker Drive Encryption.

geordi
Download Presentation

Branch Office Solutions in Windows Server 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SVR304 Branch Office Solutions in Windows Server 2008 Julius SinkeviciusGroup Product Manager Windows Server – Microsoft Corporation juliuss@microsoft.com

  2. Session Agenda Windows Server 2008 and Branch Office Benefits Server Core BitLocker Drive Encryption Next generation TCP stack Active Directory Domain Services enhancements Improving file access in the branch

  3. WS2008 Branch Office Benefits Optimization: Replication and Protocols Security: Enhanced Data and Domain Controller protection Administration: Improved Remote Management

  4. Server Core • Reduced footprint server • Available as an option at initial install • Boot and operate stand-alone in headless/embedded scenarios • Less to install, manage, patch, attack • No GUI – all management through command line and remote MMC • Supported server roles • AD Domain Services, AD Lightweight Directory Services, DHCP, DNS, File, Print, Streaming Media Services • Optional Windows features • Failover Clustering, Network Load Balancing, Subsystem for UNIX-based Applications, Backup, Multipath IO, Removable Storage, BitLocker Drive Encryption, SNMP, WINS, Telnet Client

  5. BitLocker Drive Encryption Operating System Volume Contains: • Encrypted OS • Encrypted Page File • Encrypted Temp Files • Encrypted Data • Encrypted Hibernation File Where’s the Encryption Key? • SRK (Storage Root Key) contained in TPM • SRK encrypts the VMK (Volume Master Key) • VMK encrypts FVEK (Full Volume Encryption Key) – used for the actual data encryption • FVEK and VMK are stored encrypted on the Operating System Volume VMK FVEK 2 SRK 3 Operating System Volume 1 4 System Volume Contains: MBR Boot Manager Boot Utilities System

  6. Next Generation TCP Stack Automatically adjusts for maximum efficiency Faster network transfers, especially across WAN links Optimized use of available network bandwidth Reduced packet loss resulting in fewer retransmits Optimized performance without loss Intelligent, automated tuning of TCP receive window size Advanced congestion control for better throughput (CTCP) Better packet loss resiliency (e.g. wireless connectivity)

  7. The Receive Window Limitation North America Satellite IntercontinentalFiber 64 KB 128 KB 256 KB 512 KB Maximum Throughput (Mpbs) RTT ms

  8. Active Directory Domain Services Read-Only Domain Controller (RODC) • Full Active Directory (AD) database excluding credentials • Caches allowed credentials (default is none) • Supports only read operations • Inbound replication for both AD database and SYSVOL • Read-Only Partial Attribute Set to further restrict inbound replication • Dedicated cryptographic key • Deploy in existing AD environment with no changes

  9. How RODC Works Windows Server 2008 DC Read Only DC 3 4 2 RODC Branch Hub 5 6 1 6 RODC: Looks in DB: "I don't have the users secrets" RODC gives TGT to User and RODC will cache credentials Returns authentication response and TGT back to the RODC Windows Server 2008 DC authenticates request Forwards Request to Windows Server 2008 DC 5 6 4 3 2 1 User logs on and authenticates

  10. Active Directory Domain Services Threat mitigation - compromised RODC Attacker perspective Admin perspective

  11. Active Directory Domain Services Additional branch improvements • Delegated administration • Admin role separation • Two-stage DC promo • Restartable • SYSVOL replication using DFS-R

  12. Improving File Access In The Branch Metrics for measuring improvement • End User Wait Time • First time access • Subsequent access • Efficient use of bandwidth • Bytes transmitted • Time of day

  13. Types Of Data • Files accessed by a single user • Server copy used mostly for backup purposes • Files accessed by multiple users from multiple machines • Server allows sharing and collaboration across users • Files accessed by many users from many machines • Data updates are rare • Large file set Single User Data Shared Data Published Data

  14. Single User Data Client caching • Client operates off local cache when in branch network conditions (high latency and/or low bandwidth) • Changes synchronized transparently • Offline access when network is unavailable • Seamless transitions between online and offline states Sync

  15. Single User Data Benefits of cached access • Move user data from local drive to central server, while preserving access speed • Provides central backup of user data • Easy data migration to new machines • Data synchronization can be scheduled when bandwidth is cheap

  16. Shared Data – Streaming Improvement Parallel requests greatly increase read/write speed Request Download speed (kb/sec), 100 ms RTT Response SMB1 SMB2

  17. Shared Data – Chattiness Improvement Compounding reduces roundtrips Open Dir Open Dir Response Query Dir Query Dir Query Volume Response Response Query Volume Close Dir Response Close Dir Query Dir Response Satisfied from cache Query Volume

  18. Published Data • Client caching of data set is impractical • Improvements in data access (streaming, compounding) improve access • However, high cost of data transfer since every access is a first access

  19. Published Data • Windows Server 2003 R2 • DFS Replication to pre-stage data in the branch • DFS Namespaces for location and fault tolerance • RDC differencing engine for delta replication • Windows Server 2008 • Improved scalability and performance • Windows-based branch appliances offer caching of data in the branch

  20. Improving File Access In The Branch Client and server improvements • Windows Vista Client + Windows Server 2003 R2 (or earlier) • Improved offline experience offers user fast response times while keeping data synchronized between client and server • Windows Vista Client + Windows Server 2008 • Data streaming improves file transfer times • Operation compounding reduces chattiness

  21. Branch Office Benefits • Optimization • SysVolReplication • DFS Replication • Protocols • Security • BitLocker • Server Core • Read-Only Domain Controller • Role Separation • Administration • Print Management Console • PowerShell, WinRS, WinRM • Virtualization • Restartable Active Directory Hub Site Branch Office

  22. Resources Technical Communities, Webcasts, Blogs, Chats & User Groups http://www.microsoft.com/communities/default.mspx Microsoft Learning and Certification http://www.microsoft.com/learning/default.mspx Microsoft Developer Network (MSDN) & TechNet http://microsoft.com/msdn http://microsoft.com/technet Trial Software and Virtual Labs http://www.microsoft.com/technet/downloads/trials/default.mspx Windows Server 2008 http://www.microsoft.com/windowsserver2008/default.mspx Branch Office http://www.microsoft.com/technet/branchoffice/default.mspx

  23. Q&A

  24. Complete an evaluation on CommNet and enter to win!

More Related