Branch Office Solutions in Windows Server 2008
description
Transcript of Branch Office Solutions in Windows Server 2008
![Page 1: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/1.jpg)
![Page 2: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/2.jpg)
SVR304
Branch Office Solutions in Windows Server 2008
Julius SinkeviciusGroup Product ManagerWindows Server – Microsoft [email protected]
![Page 3: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/3.jpg)
Server Core
BitLocker Drive Encryption
Next generation TCP stack
Active Directory Domain Services enhancements
Improving file access in the branch
Session Agenda
Windows Server 2008 and Branch Office Benefits
![Page 4: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/4.jpg)
WS2008 Branch Office Benefits
Optimization: Replication and Protocols
Security: Enhanced Data and Domain Controller protection
Administration: Improved Remote Management
![Page 5: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/5.jpg)
Server Core
Reduced footprint serverAvailable as an option at initial install
Boot and operate stand-alone in headless/embedded scenarios
Less to install, manage, patch, attack
No GUI – all management through command line and remote MMC
Supported server rolesAD Domain Services, AD Lightweight Directory Services, DHCP, DNS, File, Print, Streaming Media Services
Optional Windows featuresFailover Clustering, Network Load Balancing, Subsystem for UNIX-based Applications, Backup, Multipath IO, Removable Storage, BitLocker Drive Encryption, SNMP, WINS, Telnet Client
![Page 6: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/6.jpg)
System System Volume Contains:
MBR
Boot Manager
Boot Utilities
FVEK
3
4
Operating System Volume
SRK
1
VMK
2
BitLocker Drive Encryption
Operating System Volume Contains:
Encrypted OS
Encrypted Page File
Encrypted Temp Files
Encrypted Data
Encrypted Hibernation File
Where’s the Encryption Key?
SRK (Storage Root Key) contained in TPM
SRK encrypts the VMK (Volume Master Key)
VMK encrypts FVEK (Full Volume Encryption Key) – used for the actual data encryption
FVEK and VMK are stored encrypted on the Operating System Volume
![Page 7: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/7.jpg)
Next Generation TCP Stack
Optimized performance without loss
Intelligent, automated tuning of TCP receive window size
Advanced congestion control for better throughput (CTCP)
Better packet loss resiliency (e.g. wireless connectivity)
Automatically adjusts for maximum efficiency
Faster network transfers, especially across WAN links
Optimized use of available network bandwidth
Reduced packet loss resulting in fewer retransmits
![Page 8: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/8.jpg)
The Receive Window LimitationM
axim
um T
hrou
ghpu
t (M
pbs)
RTT ms
North America
IntercontinentalFiber
Satellite 64 KB
128 KB256 KB
512 KB
![Page 9: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/9.jpg)
Active Directory Domain Services
Full Active Directory (AD) database excluding credentials
Caches allowed credentials (default is none)
Supports only read operationsInbound replication for both AD database and SYSVOLRead-Only Partial Attribute Set to further restrict inbound replicationDedicated cryptographic keyDeploy in existing AD environment with no changes
Read-Only Domain Controller (RODC)
![Page 10: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/10.jpg)
BranchHub
Read Only DC
How RODC Works
Windows Server 2008 DC
1
2
3
4
56
6
123456 User logs on and authenticatesRODC: Looks in DB: "I don't have the users secrets"Forwards Request to Windows Server 2008 DCWindows Server 2008 DC authenticates requestReturns authentication response and TGT back to the RODCRODC gives TGT to User and RODC will cache credentials
RODC
![Page 11: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/11.jpg)
Active Directory Domain ServicesThreat mitigation - compromised RODC
Admin perspectiveAttacker perspective
![Page 12: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/12.jpg)
Active Directory Domain Services
Delegated administrationAdmin role separationTwo-stage DC promo
RestartableSYSVOL replication using DFS-R
Additional branch improvements
![Page 13: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/13.jpg)
Improving File Access In The Branch
End User Wait TimeFirst time accessSubsequent access
Efficient use of bandwidthBytes transmittedTime of day
Metrics for measuring improvement
![Page 14: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/14.jpg)
Types Of Data
Single User Data
Shared Data
Published Data
Files accessed by a single user
Server copy used mostly for backup purposes
Files accessed by multiple users from multiple machines
Server allows sharing and collaboration across users
Files accessed by many users from many machines
Data updates are rare
Large file set
![Page 15: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/15.jpg)
Sync
Single User Data
Client operates off local cache when in branch network conditions (high latency and/or low bandwidth)Changes synchronized transparentlyOffline access when network is unavailableSeamless transitions between online and offline states
Client caching
![Page 16: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/16.jpg)
Single User Data
Move user data from local drive to central server, while preserving access speedProvides central backup of user dataEasy data migration to new machinesData synchronization can be scheduled when bandwidth is cheap
Benefits of cached access
![Page 17: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/17.jpg)
Shared Data – Streaming ImprovementParallel requests greatly increase read/write speed
16 MB file 1 GB file0
2000
4000
6000
8000
10000
309 312703
22472203
9383
XP-SMB1 Vista-SMB1 Vista-SMB2
Download speed (kb/sec), 100 ms RTTRequest
Response
SMB1 SMB2
![Page 18: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/18.jpg)
Shared Data – Chattiness ImprovementCompounding reduces roundtrips
Open Dir
Query Dir
Query Volume
Response
Response
Response
Open Dir
Query DirQuery
Volume ResponseClose Dir
Traffic reduction for shel...0%
50%
7%
44%
Vista SMB2
2008 SMB2
Close DirRespons
e
Query Dir
Query Volume
Satisfied from cache
![Page 19: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/19.jpg)
Published Data
Client caching of data set is impracticalImprovements in data access (streaming, compounding) improve accessHowever, high cost of data transfer since every access is a first access
![Page 20: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/20.jpg)
Published Data
Windows Server 2003 R2DFS Replication to pre-stage data in the branchDFS Namespaces for location and fault toleranceRDC differencing engine for delta replication
Windows Server 2008Improved scalability and performance
Windows-based branch appliances offer caching of data in the branch
![Page 21: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/21.jpg)
Improving File Access In The Branch
Windows Vista Client + Windows Server 2003 R2 (or earlier)
Improved offline experience offers user fast response times while keeping data synchronized between client and server
Windows Vista Client + Windows Server 2008Data streaming improves file transfer timesOperation compounding reduces chattiness
Client and server improvements
![Page 22: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/22.jpg)
Hub Site
Branch Office
Branch Office Benefits
OptimizationSysVol ReplicationDFS ReplicationProtocols
SecurityBitLockerServer CoreRead-Only Domain ControllerRole Separation
AdministrationPrint Management ConsolePowerShell, WinRS, WinRMVirtualizationRestartable Active Directory
![Page 23: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/23.jpg)
Resources
Technical Communities, Webcasts, Blogs, Chats & User Groupshttp://www.microsoft.com/communities/default.mspx
Microsoft Developer Network (MSDN) & TechNet http://microsoft.com/msdn http://microsoft.com/technet
Trial Software and Virtual Labshttp://www.microsoft.com/technet/downloads/trials/default.mspx
Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx
Windows Server 2008http://www.microsoft.com/windowsserver2008/default.mspx
Branch Officehttp://www.microsoft.com/technet/branchoffice/default.mspx
![Page 24: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/24.jpg)
Q&A
![Page 25: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/25.jpg)
Complete an evaluation on
CommNet and enter to win!
![Page 26: Branch Office Solutions in Windows Server 2008](https://reader036.fdocuments.in/reader036/viewer/2022062804/568149a5550346895db6e77a/html5/thumbnails/26.jpg)
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.