1 / 50

Windows Server 2008 R2 and Windows 7

Windows Server 2008 R2 and Windows 7. Better together. Markus Erlacher Technial Solution Professional, Microsoft Switzerland markus.erlacher@microsoft.com. Agenda. DirectAccess BranchCache SMB Remote Desktop Services for VDI. DirectAccess. Trustworthy Networking Vision. Internet.

kalea
Download Presentation

Windows Server 2008 R2 and Windows 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server 2008 R2and Windows 7 Better together Markus Erlacher Technial Solution Professional, Microsoft Switzerland markus.erlacher@microsoft.com

  2. Agenda • DirectAccess • BranchCache • SMB • Remote Desktop Services for VDI

  3. DirectAccess

  4. Trustworthy Networking Vision Internet Remote Client Enterprise Network Identity: Strong authentication required for all users Authorization: Machine health is validated or remediated before allowing network access Local Client Protection: All network transactions are authenticated and encrypted Datacenter Servers Policies are based on identity, not on location

  5. DEMO DirectAccess

  6. Technical Foundations Name Resolution: DNS and NRPT Data Protection: IPsec • Connectivity: IPv6

  7. DirectAccess requires IPv6 If native IPv6 isn't available, remote clients use IPv6 Transition Technologies The corporate network can deploy native IPv6, transition technologies, or NAT-PT Connectivity: IPv6 IPv6 Options DirectAccess works best if the Corporate Network has native IPv6 deployed Internet Intranet NAT-PT

  8. IPsec tightly integrates with IPv6, allowing rules engine to determine when and how traffic should be protected Data Protection: IPsec IPsec Authentication Encryption • End to edge • End to end • End to edge • End to end

  9. Remote DirectAccess clients utilize smart routing by default The Name Resolution Policy Table allows this to happen efficiently and securely Sends name queries to internal DNS servers based on pre-configured DNS namespace Name Resolution: DNS and the NRPT DirectAccess Connection Internet Connection

  10. Native IPv6 support Public IPv4 addresses will use 6to4 to tunnel IPv6 inside IP Protocol 41 Private IPv4 addresses will use Teredo to tunnel IPv6 inside IPv4 UDP (UDP 3544) If client cannot connect to DirectAccess Server, IP-HTTPS will connect over port 443 External Connectivity IP Address Assigned by ISP: IPv6 Address Used to connect: 6to4 Private IPv4 Teredo Native IPv6 Native IPv6 Public IPv4 DirectAccess Client Native IPv6 6to4 IP-HTTPS Teredo

  11. Native - Servers can run any OS that fully supports IPv6 - Requires IPv6 infrastructure - Best choice over time ISATAP - IPv6 inside IPv4 - Servers must be Windows Server 2008 or R2 - No router upgrades NAT-PT - Translates IPv6 to IPv4 - Works with any OS - UAG has this built in Internal IPv6 IPv6 Options DirectAccess works best if the Corporate Network has native IPv6 deployed Internet Intranet NAT-PT

  12. External IPsec Internet DirectAccessClient DirectAccessServer IP-HTTPS Encrypted IPsec+ESP Encrypted IPsec+ESP IPsecGateway IPsec Hardware Offload Supported

  13. Internal IPsec Enterprise Network DirectAccess Server Line of Business Applications No IPsec IPsec Integrity Only (Auth) IPsec Integrity + Encryption IPsecGateway

  14. IPsec Tunnel Detail DirectAccessClient DirectAccessServer Tunnel 1: Infrastructure Tunnel Auth: Machine Certificate End: AD/DNS/Management Tunnel 2: Application Tunnel Auth: Machine Certificate + (User Kerb or Cert) End: Any

  15. Client side only Requires a leading dot Static table that defines which DNS servers the client will use for the listed names Configurable via GPO at Computer Configuration |Policies|WindowsSettings|Name Resolution Policy Can be viewed with NETSH name show policy NRPT

  16. Customer knowledge The customer should have a basic working knowledge or IPsec and TCP/IP The customer should be interested in learning about and deploying new technologies, such as IPv6 DirectAccess Clients: Windows 7, domain-joined machines DirectAccess Server: Windows Server 2008 R2, domain-joined machines DNS Servers supporting DirectAccess clients must be Windows Server 2008 SP2 or later Requirements for DirectAccess

  17. BranchCache

  18. Thin, expensive WAN links between main office and branch offices High link utilization Poor application responsiveness Trend towards data centralization Problem background

  19. Reduce bandwidth utilization Improve end user experience Preserve e2e security Simple to deploy BranchCache

  20. Distributed Cache Main Office Data Get Get ID ID Data Data Branch Office Get Get

  21. Hosted Cache Main Office Get Get ID ID ID ID ID Data ID Data Data Data Search Search Get Put Offer Get Request Branch Office

  22. Hosted cache vs Distributed Distributed Cache Distributed Cache Data cached amongst clients • Recommended for branches without any infrastructure • Easy to deploy: enabled on clients through Group Policy • Cache availability decreases with laptops that go offline Enterprise Hosted Cache Data cached at the host server • Recommended for larger branches • Cache stored centrally: can use existing server in the branch • Cache availability is high • Enables branch-wide caching

  23. Overall framework 3rd Party Applications IE BITS WMP Office CopyFile Explorer Office SharePoint SMB HTTP BranchCache™

  24. Deployment Group Policy to enable clients Branch Office Branch Office Install BranchCache™ feature R2 content servers Hosted Cache Branch Office IIS File Server • Optionally, install a hosted cache in your branch. Group Policy Management Main Office

  25. Must run Server 2008 R2 HTTP server (IIS) - Install the BranchCache feature from Server Manager SMB server (File server) – Install the BranchCache role service feature within the file server role using Server Manager That’s it… Deployment - Content server

  26. Deployment – Distributed Cache

  27. Deployment – Hosted Cache

  28. ConfigMgr 2007 SP2 with WS08R2 DP May be used instead of Branch Distribution Point Distributed Cache Mode only BranchCache does not span subnets, BDP does BranchCache does not work with XP, BDP does Vista with BITS 4.0 has partial BranchCache features If you have a server in the branch make it a DP BranchCache for ConfigMgr

  29. Vista with BITS 4.0 supports HTTP BranchCahce Traffic but not SMB Can be used with ConfigMgr 2007 SP2 for software updates DP must be WS08R2 Upgrade XP to Windows 7 BranchCache for Vista and XP

  30. Customers using WSUS for patching will need 3.0 SP2 to support BranchCache features on Windows Server 2008 R2. BranchCache for WSUS

  31. HTTP Streaming in AppV optimized using BranchCache Virtual applications only have to traverse the WAN link once Eliminate IIS Servers (AppV staging servers) from the branch office Support available on Windows 7 and Windows Server 2008 R2 BranchCache for Application Virtualization (AppV)

  32. Goals Improve SharePoint, IIS responsiveness in branch offices without requiring separate branch infrastructure Enable Office Web Applications to see improved performance in branch offices Integration IIS and SharePoint need to run on Windows Server 2008 R2 Users never get stale content; if content is updated, the content identifiers change Support available for Windows 7 and Windows 2008 R2 BranchCache for SharePoint & IIS

  33. SMB 2.1 introduces “Leasing and OpLocks” – mechanisms to improve protocol behavior over the WAN link BranchCache integration ensures that data needs to move over the WAN link only once SMB Transparent Caching enables better road-warrior scenarios Offline Files enables file access even when WAN link is down All application semantics around locking are automatically maintained Available on Windows 7 and Windows Server 2008 R2 BranchCache for File Servers

  34. Scale Distributed cache scales well to approximately 100 users per branch WS-Discovery traffic is a key consideration Results may vary Highly dependant on content, workload and usage patterns Hosted Cache scalability is comparable to standard file server workloads Scale and Performance

  35. BranchCache will…

  36. BranchCache will not…

  37. SMB 2.x

  38. SMB1 Limitations Considered “chatty” Poor WAN performance due to limited request pipelining / compounding Arbitrary limits on number of users, open files, shares Protocol evolved through many releases over many years Difficult to extend, maintain and secure due to large number /variety of commands Motivations for SMB2 Data access over WAN has become much more common LAN performance also much increased (1Gb is here, 10Gb coming) Build a solid foundation for continued innovation The Need For SMB2

  39. Scalability for file sharing greatly increased Performance massively improved Request compounding reduces “chattiness” Larger reads/writes can fill the pipe even with significant link latency Secure and robust Durable handles Message signing settings improved (HMAC SHA-256 replaces MD5) Small command set reduces attack surface and complexity Symbolic link support Evaluation of symlinks involving remote paths is limited by default Can only be created by administrators (via Group Policy) SMB2 Benefits

  40. Improved WAN utilization Benefits due to combination of: TCP stack improvements SMB2 request pipelining SMB2 large request support CopyFileEx() improvements Large buffers Async, non-cached, IO SMB2 CopyFile Performance Write Request Write Response Vista Pre-Vista

  41. XCOPY, remote->Local, 1Gb / 100ms RTT SMB2 CopyFile Performance Throughput in kb/s

  42. Dramatic benefits in explorer directory enumeration, due to a combination of: compounding/speculative requests directory and attribute caching For this scenario, a directory containing about 50 Excel 2007 files was opened using Windows Explorer Network – 1Gb/s, 100ms RTT SMB2 Explorer Performance

  43. First shipped in Windows Vista RTM Not all protocol features utilized by Windows Vista RTM implementation Dialect revved for Windows Server 2008 / Windows Vista SP1 Windows Server 2008 / Windows Vista SP1 enhancements Uses request compounding Cached: directory enumerations and file attributes Cached: common share and file system property queries SMB2 Versions

  44. Seamless transitions Faster synchronization Support for large files like Outlook PST’s Per-user encryption Improved “Slow-link Mode” Ghosting – consistent client/server namespace Better interoperability with DFS Scriptable API support Offline Files In Windows Vista / Windows 7

  45. Background Synchronization Offline files are automatically synchronized in the background Slow-link mode is ON by default (when round-trip latency ≥ 80ms) Fully integrated with Sync Center, showing last update time Configurable settings for IT administrators Improved App File Open & Close SMB optimizations reduce the exchanges required to open and save application files Transparent Caching Automatically cache the network file to the local client disk The cached copy is only used if the local/server versions are the same All files modifications are made on the server Administrators can control by Group Policy (not enabled by default on fast networks) More R2 Improvements

  46. Remote Desktop Services for VDI

  47. VDI is typically memory and disk IO constrained Windows 7 generally has less disk IO than Windows XP Windows 7 generally requires more RAM than Windows XP Windows 7 is faster to provision than Windows XP RAM is an temporal artificial limit Recommendations: Minimize unrequired system services Minimize network traffic Screensavers and screen redraws impact network IO Ensure that applications are checked for disk IO efficiency Ensure latest drivers are being used http://blogs.msdn.com/rds/archive/2009/11/02/windows-7-with-rdp7-best-os-for-vdi.aspx VDI RecommendationsWindows 7: A viable choice for VDI

  48. Windows 7: User Experience • Aero Glass for Remote Desktop Server • Provides the same new Windows 7 look and feel when using RDS • Multimedia Support & Audio Input • Provides a high-quality multimedia experience with multimedia redirection capabilities • True Multiple Monitor Support • Allows users to view their remote desktop on multiple monitors configured the same way as if their desktop or applications were running locally • Enhanced Bitmap Acceleration • Allows rich media content, such as portable graphics stacks (Silverlight, Flash) and 3D content, to be rendered on the host and to be sent as accelerated bitmaps to the remote client • RemoteFX for VDI (Enabled through SP1) • Next Gen User Experience powered by the server graphics card • Only supported on Windows 7

  49. Thank you for your Attention! • For more Information please contact • Markus Erlacher • Technical Solution Professional - DataCenter • markus.erlacher@microsoft.com • Tel: +41 78 844 64 28 • Mobile: + 41 78 844 64 28 • Microsoft Switzerland • Richtistrasse 3 • 8304 Wallisellen

More Related