版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、Windows Server 2008 Scenarios,SVR307,Understand key scenarios for Windows Server 2008,Learn which roles and features enable each scenario,See technologies in action that bring value in each scenario,Session Objectives And Agenda,Remote Infrastructure,Anywhere Application Access,Server Management,Web
2、 and Applications Platform,Security and Policy Enforcement,Server Virtualization,High Availability,Windows Server 2008 Scenarios,Scenario: Server Management,Key Technologies Server Core Server Manager Windows PowerShell Goals Reduce management and servicing needs, while improving reliability and sec
3、urity Configure local server through a single interface Add / remove server roles and features more securely and reliably View status and perform local management tasks from a single tool Automate administration of multiple servers with task-based scripting language Accelerate script authoring, test
4、ing and debugging Perform server management through multiple data stores,Server Core,Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems,GUI, CLR, Shell, IE, OE, etc.,File / Print,DHCP,DNS,AD / LDS,Virtualization,New minimal installation option with only “core” components No GUI i
5、nterface Subset of server roles and features available Manage remotely as you would any server,IIS / WMS,Server Core,Server Manager,Product Installation,Initial Configuration,Server Manager,New Command-line shell & Scripting Language,Resources,Improves productivity & control Accelerates automation o
6、f system admin Works with existing scripts Ships with Windows Server 2008 Easy for non-programmers Role management in future versions,TechNet Script Center MyITF Newsgroup and Web Forum Team Blog and Channel 9 Books from MS Press, Manning, OReilly, Sapien etc.,Partners,Windows PowerShell,Scenario: W
7、eb & Applications Platform,Key Technologies Internet Information Services 7.0 .NET Framework 3.0 Windows Media Services Windows SharePoint Services Goals Efficiently manage Web server, Web applications and Web services. Deploy and configure Web applications and services across server farms quickly C
8、reate customized Web platform that is faster, more secure and more reliable Improve performance & scalability of Web applications and services Achieve fine control and visibility into utilization of key OS resources,IIS 7.0 Overview,IIS 7,Streamlined installation means reduced attack surface,Simplif
9、ied administration through variety of tools,Customization and extensibility through .NET,Xcopy deployment and shared configuration,Event logging and tracing for faster troubleshooting,Application and health management for Web services,Managing Your Web with IIS 7.0,Arsenal of Admin Tools,Delegated M
10、anagement,Secure Remote Management,Shared Config for Web Farms,IIS7,IIS7,IIS7,Site Owner,Delegation,XCopy Deploy,Administrator,Internet,Manage Remotely,Secure HTTPS,SharedConfig,Shared App Hosting,UNC,Web Farm,App,WSS,Centralized Configuration replicates data across server farms Two-Tier administrat
11、ion model Improved Backup and Recovery support Multi-Stage Recycle Bin ASP.NET Forms authentication integration Non-windows based systems,Windows SharePoint Services 3.0,Scenario: Remote Infrastructure,Technologies Active Directory Read-Only Domain Controller Administrative Role Separation Restartab
12、le Active Directory SYSVOL replication using DFS BitLocker Drive Encryption NetIO Goals Improve the efficiency of remote office server deployment and administration Mitigate physical security risks in remote offices Improve the efficiency of WAN communications,Read-Only Domain Controller,Impact of s
13、tolen DC to the Active Directory reduced By default, no users/computers passwords stored on RODC Read-only Partial Attribute Set can prevent application credentials from replicating to RODC Reduced attack surface to the Active Directory for a compromised DC Read-only state with unidirectional replic
14、ation for AD and FRS/DFSR Each RODC has its own KDC KrbTGT account to provide cryptographic key separation Delegated DCPROMO reduces need for DA to TS into RODC RODCs are workstation accounts Not members of Enterprise-DC or Domain-DC groups Very limited rights to write in Directory,Enhanced Security
15、 for remote office DCs,Branch,Hub,Read Only DC,How RODC Works,Windows Server 2008 DC,1,2,3,4,5,6,6,1,2,3,4,5,6,User logs on and authenticates,RODC: Looks in DB: I dont have the users secrets,Forwards Request to Windows Server 2008 DC,Windows Server 2008 DC authenticates request,Returns authenticatio
16、n response and TGT back to the RODC,RODC gives TGT to User and RODC will cache credentials,RODC,Read-Only Domain Controller,No accounts cached (default) Pro: Most secure, still provides fast authentication and policy processing. Con: No offline access for anyone. WAN required for Logon Most accounts
17、 cached Pro: Ease of password management. Intended for customers who care most about manageability improvements of RODC and not security. Con: More passwords potentially exposed to RODC Few accounts (branch-specific accounts) cached Pro: Enables offline access for those that need it, and maximizes s
18、ecurity for other Con: Fine grained administration is new task Need to map computers per branch Requires watching Auth2 attribute list to manually identify accounts, or use MIIS to automate.,Password replication policy management models,Read-Only Domain Controller,Threat mitigation,Hub Admin perspec
19、tive,Attacker perspective,Active Directory (AD),Administrative Role Separation Provides a new “local administrator” level of access per RODC Prevents accidental AD modifications by machine administrators Does not prevent “local administrator” from maliciously modifying the local DB Stop/Start the AD
20、 Directory Services without reboot Reduce DC downtime for offline operations Keep other services running while DC offline Acts like a member server while DC offline SYSVOL replication using DFS-R Greater scalability and reliability Bandwidth utilization reduction through RDC,Additional remote infras
21、tructure improvements,BitLocker Drive Encryption,Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for
22、 key storage,Full Volume Encryption Key (FVEK),Encryption Policy,Key New Networking Features,Receive Window Autotuning,Windows Filtering Platform,Receive Side Scaling,Policy-based Quality of Service,Automatically senses network environment and adjusts key performance settings Allows increase of the
23、size of the TCP/IP send / receive window,Provides filtering capability at all layers of the TCP/IP protocol stack Integrates and provides support for next-generation firewall features,Previous Windows operating systems limits receive protocol processing to single CPU RSS resolves this issue by allow
24、ing network load from a network adapter to be balanced across multiple CPUs,Prioritize or manage the sending rate for outgoing network traffic Both DSCP marking and throttling can be used together to manage traffic effectively,The Receive Window Limitation,Maximum Throughput (Mpbs),RTT ms,64 KB,128
25、KB,256 KB,512 KB,Scenario: Anywhere Application Access,Key Technologies Terminal Services Gateway Terminal Services Remote Programs Terminal Services Web Access Goals Provide anywhere access to business applications over the Internet Remove risk of data loss from laptops by using secure remote acces
26、s to applications and data located centrally Reduce management costs by removing the need for application servers at distributed locations Provide secure access to terminal services without needing to enable full network access via VPN or other mechanisms. Consolidate existing terminal servers using
27、 x64 technology,Terminal Services in Windows Server 2008,Two key areas of focus in Windows Server 2008 Improving the platform & enabling partner value add Improve out of the box experience for less complex scenarios,External Firewall,Internal Firewall,Internet,Perimeter Network,Corporate Network,Rem
28、ote/ Mobile User,Terminal Services Gateway,Tunnels RDP over HTTPs,Strips off RDP / HTTPs,Terminal Servers and other RDP Hosts,RDP traffic passed to TS,Internet,Terminal Services Gateway,Terminal Services RemoteApp,Terminal Server,Run server-based applications locally Centrally manage applications Ze
29、ro footprint client installation,RDP 6.0client required,Scenario: Security & Policy Enforcement,Key Technologies Network Access Services Internet Protocol security (IPsec) System Health Validator / System Health Agent Health Certificate Server Wireless Mangement Goals Check health and verify complia
30、nce for roaming or visiting laptops and home computers Simplify system and software updates and application installation Enhance wireless network security with improved network authentication and encryption,WLAN Management GP,Todays Challenges Wireless Clients Use Different Configuration Utilities L
31、imited Central Management Of Wireless Configuration Throughout An Organization Result: Provisioning Wireless Clients Is Costly And Time-consuming Solution Group Policy or Command-Line Provisioning of Wireless Clients Deployment simplified Support for mixed wireless security environments Separation o
32、f wired 802.1x and wireless services Granular manageability and extensibility supported User experience improved Can Leverage Investment in Active Directory for Granular Targeting Can Limit Connection to Authorized Networks Only,Network Access Protection,Policy-driven access,1,MSFT Network Policy Se
33、rver,3,Policy compliant,DHCP, VPN Switch/Router,2,Windows Vista Client,5,Not policy compliant,4,Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control,Customer Bene
34、fits,Network Access Protection,NAP Core Components,Client SHA System Health agents check client state QA Coordinates SHA/EC EC Method of enforcement Remediation Server Serves up patches, AV signatures, etc.,Network Policy Server QS evaluates client health SHV evaluates SHA answer System Health Serve
35、r Provides SHV,NPS Policy Server (RADIUS),Quarantine Server (QS),Client,Quarantine Agent (QA),Health policy,Updates,Health Statements,Network Access Requests,System Health Servers,Remediation Servers,Health Certificate,802.1x Switches Policy Firewalls SSL VPN Gateways Certificate Servers,(SHA) MS SH
36、A, SMS,System Health Validator,(EC) (DHCP, IPsec, 802.1X, VPN),(SHA) 3rd Parties,(EC) 3rd Party EAP VPNs,Scenario: Security & Policy Enforcement,Key Technologies Active Directory Domain Services Active Directory Certificate Services Active Directory Federation Service Active Directory Rights Managem
37、ent Services Goals Securely extend and protect information and applications to business partners Reduce the risk of unauthorized access through strong authentication Reduce the number of user accounts and repositories that need to be managed Securely manage user accounts and information outside the
38、datacenter,Enterprise PKI (PKIView) Now a Microsoft Management Console snap-in Support for Unicode characters,Online Certificate Status Protocol (OSCP) Online Responders Responder Arrays,Network Device Enrollment Service Microsofts implementation of the Simple Certificate Enrollment Protocol (SCEP)
39、Enhances security of communications by using IPsec,Web Enrollment Removed previous ActiveX enrollment control - XEnroll.dll Enhanced new COM enrollment control - CertEnroll.dll,AD Certificate Services / PKI Features,Information Author,The Recipient,AD RMS protects access to an organizations digital
40、files AD RMS in Windows Server 2008 includes several new features Improved installation and administration experience Self-enrollment of the ADRMS cluster Integration with ADFederation Services New administrative roles,RMS Server,SQL,AD,AD Rights Management Services,Scenario: Server Virtualization,K
41、ey Technologies Windows Server Virtualization Server Core Goals Server Consolidation maximize hardware utilization and consolidate workloads to reduce costs Development and Test create more flexible environments that reduce costs and improve lifecycle management Business Continuity Management elimin
42、ate impact of downtime and enable disaster recovery abilities Dynamic Datacenter - create a more agile infrastructure with new management capabilities to move virtual machines without impact,Server Virtualization Scenarios,Test and Development,Business Continuity Management,Dynamic Datacenter,Production Server Consolidation,Virtualization Technologies,Windows Server Virtualization,Server Virtualization,Presentation Virtualization,Application Virtualization,Desktop Virtualization,Management,Virtualization Stack,Windows Server Virtualization: Architecture,Par
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 部编版二年级语文上册第5课《玲玲的画》教学课件
- 二层以太网交换机功能、性能指标完全解释
- 光气化工艺考试题库及答案
- 重庆市两江新区2023-2024学年下学期八年级期末英语抽测试题
- 1《那不勒斯舞曲》(课件)-2023-2024学年人音版(2012)音乐四年级下册
- 8《数与形》(教案)-2023-2024学年六年级数学上册人教版
- 《登上月球核心素养目标教学设计、教材分析与教学反思-2023-2024学年科学青岛版五四学制》
- 《小纸扇核心素养目标教学设计、教材分析与教学反思-2023-2024学年科学人教版》
- 软件配置管理控制程序
- (立项备案)电动自行车项目投资计划书
- 境外公共安全管理培训课件
- 电气挂(摘)牌安全管理制度
- 药房规范化建设标准
- 儿童康复家庭指导课件
- 35kV集电线路专项施工方案(完整版)
- 4S店物业管理服务方案参考借鉴范本课件
- 2022年中南大学自主招生综合素质评价模拟试题
- 护理安全非惩罚性不良事件报告制度
- 2022年成都市新津县中医院医护人员招聘考试笔试题库及答案解析
- 南宁市生育保险待遇申报表
- 数据中心基础设施运行维护规范
评论
0/150
提交评论