Upload
patricia-adams
View
221
Download
2
Tags:
Embed Size (px)
Citation preview
Windows Server 2008 R2: Work Anywhere Infrastructure
Ashwin PalekarPrincipal Group Program ManagerMicrosoft CorporationSession Code: WSV208
Scott RobertsSenior Program Manager Lead Network SecurityMicrosoft Corporation
“Re-Perimeterization”
How to manage, monitor, and support remote users/machines all the time?How to simplify remote workers’ access
“My network is where my buildings are”
“My network is where my users and assets are”
DirectAccess Server
Data Center and Business Critical
Resources
Local User
Enterprise Network
Remote User
Assume the underlying network is always unsecure
Redefine the corporate edge to protect the datacenter
Security policies based on identity, not location
Industry Trends
Internet
Windows Server 2008 R2 Addressing Enterprise Needs
Addressing User Needs
Supporting IT Professionals
Work Anywhere Infrastructure using Direct Access Secure & Flexible Application access using Terminal Services
Benefits Of Direct AccessBringing the corporate network to the user
Always-on access to corpnet while roamingNo explicit user action required – it just worksSame user experience on premise and off
Simplified remote management of mobile resources as if they were on the LANLower total cost of ownership (TCO) with an “always managed” infrastructure Unified secure access across all scenarios and networksIntegrated administration of all connectivity mechanisms
More secure More manageable and cost effective
Healthy, trustable host regardless of networkFine grain per app/server policy controlRicher policy control near assetsAbility to extend regulatory compliance to roaming assetsIncremental deployment path toward IPv6
More productive
VPN vs. DirectAccess - Value
VPN DirectAccess
Manageability
Granular Security
Ease of use
Ubiquitous
Easy to install
DirectAccess Server(Server 2008 R2)
DirectAccess Client(Windows 7)
Internet
Native IPv6
6to4
Teredo
IP-HTTPS
Tunnel over IPv4 UDP, HTTPS, etc.
Encrypted IPsec+ESP
IPsec Gateway
Encrypted IPsec+ESP
Enterprise Network
DirectAccess Server(Server 2008 R2)
Line of Business Applications
No IPsec
IPsec Gateway
IPsec Integrity Only (Auth)
IPsec Integrity + Encryption
Windows Server 2008Non-Windows Server
DirectAccess Components
Runs on Windows 7Domain-joinedInitial configuration done on Corpnet or over VPN
Runs on Windows Server 2008 R2Sits on network edgeSingle box by defaultServices can be split up for scalability
Server Client
Direct Access Supporting Technologies
Trusted, compliant,healthy machine
Windows 7 client
Corporate Network
Applications & Data
NAP (includes Server & Domain Isolation
[SDI])
Forefront Client
Security
Windows Firewall
BitLocker + Trusted Platform Module (TPM)
IAG SP2 ForefrontUAG
DC & DNS(Server 2008
R2)
DA Server
Compliant Client
Compliant Client
Data Center and Business Critical Resources
NAP / NPS Servers
Internet
CORPNET UserCORPNET
Compliant Network
CORPNET User
IPsec/IPv6
IPsec/IPv6
Direct Access Supporting Technologies
Non- Compliant Client
Forefront Client Security
IAG SP2
Unmanaged Client
Situation Today Windows 7 Solution
Mobile Broadband
Internet connectivity via mobile broadband cards is expanding:
Inconsistent user experienceAdditional software required
Standard driver model (plug & play experience for built-in and external 3G cards)Mobile Broadband connection experience integrated into standard Windows UIStandard APIs for building customized connection management experienceCompatible with DirectAccess and VPN Reconnect
Situation Today Windows 7 Solution
VPN Reconnect
VPN used frequently for remote access to corporate resourcesMobile workers reconnect to VPN on every network outage
VPN Server
VPN Server
BenefitsBetter end user experience: seamless and consistent VPN connectivityReduced support costs
The client maintains persistent VPN connection across network outagesVPN Client can connect to any VPN Server of choice
BranchCache
Windows Server
2008 R2
Slow WAN Link
Client 1 Client 2
Windows 7 Clients
Windows Server 2008
Slow WAN Link
Client 1 Client 2
Vista SP1 Clients
Subsequent access from the same client is satisfied from the transparent cache (local machine access)
Situation Today Windows 7 Solution
Introducing New Names in R2
WS03 WS 2008 WS 2008 R2
Terminal Services Terminal Services Remote Desktop Services
Terminal Server Terminal Server RD Session Host
TS Session Directory TS Session Broker RD Connection Broker
TS Licensing Server TS Licensing Server RD Licensing Server
TS Gateway RD Gateway
TS Web Access RD Web Access
RD Virtualization Host
TS & VDI – an integrated solution
Hyper-V support for virtual desktops
Single discovery, broker & publishing
infrastructure
SCVMM Support
Remote Application Access
RemoteApp & Desktop Connections
RemoteApp & Desktop & Web
Access
RD Gateway Security Improvements
Full Fidelity RemoteApp &
Desktops
True multiple monitor support
Multimedia Support & Bi direction audio
2D and 3D remoting for DirectX 10.1
(DXGI 1.1)
ImprovedNEW! Improved
Platform & Management ImprovementsNew API, Connection Broker Extensibility,,
Powershell Support, Best Practices Analyze, Full MSI support
WS08 R2 – New and Improved
Remote Desktop Connection
Broker
TS-basedRemote Desktop Hyper-V-based
Remote Desktop
Virtual Machine
Management (SCVMM)
TS & VDI – An Integrated Solution
RemoteApp & Desktop ConnectionsRemoteApp & Desktops icons integrated into start menu etcIcons refreshed & updated automatically
Multimedia Support & Audio InputExperience rich multimedia redirection Use VoIP applications and speech recognition.
True multiple monitor supportUse upto 10 monitors of any size or layout with RemoteApp and DesktopsAll applications behave like users expect – e.g. PowerPoint
Aero Glass for Remote Desktop Session Host Uses have the same new Windows 7 look and feel when using Remote Desktop Server
RemoteApp™ Language Bar SupportConfigure applications that use alternate language settings (e.g. right to left languages) from the local language bar
Full Fidelity RemoteApp & Desktops
TS and VDI – An Integrated SolutionSingle broker to connect users to sessions or virtual machines, out of the box solution for VDI scenarios with Hyper-V
RemoteApp & Desktop ConnectionsCentrally managed list of applications and desktops (RDS & VDI)Automatically published, refreshed & integrated with Windows 7
Remote Desktop Web AccessIntegrated with RemoteApp & Desktop Connection management toolsProvides access to applications & desktops from Windows 7, Vista & XP
Integrated Single Sign Ononly a single logon for RemoteApp & Desktop connectionsForms based logon for RD Web Access
Remote Desktop Gateway Session & Idle timeouts to enforce policy and authorization refreshPluggable authentication and consent signing
Remote Application Access
Improved Application CompatibilityImproved Microsoft Installer (MSI) compatibility
Powershell ProviderEasily automate and script administrative tasks for remote desktop scenarios
Use Profile Cache QuotaRemoves need to delete profiles at logoff – speeds up logon.Ensures profiles never overrun disk space; least used profiles deleted
RemoteApp & Desktop Connections ExtensibilityCan support discovery of any custom application typeEnsure common UI and location for discovering connections
Connection Broker ExtensibilityOrchestration plug-ins – e.g. VM preparation, VM placementPolicy plug-ins – e.g. load balancing, security etc
Platform & Management Improvements
SummaryCall-to-action
Windows Server 2008 R2 offers great innovation for your Anywhere Access infrastructureLearn more about Direct Access and Remote Desktop ServicesGet ready deploying Windows Server 2008
Related Content
VIR307 Windows 2008 R2: Remote Desktop Services: VDI Drilldown- Drilldown into RD Connection Broker and VDI features
WSV308 Windows Server 2008 R2: Remote Desktop Services Overview- Overview of Remote Desktop Services & drilldown into RD Session Host
VIR305 - Microsoft Remote Desktop Protocol (RDP) Architecture and Improvements.- Drilldown into RDP features
Windows Server ResourcesMake sure you pick up your copy of Windows Server 2008 R2 RC from the Materials Distribution Counter
Learn More about Windows Server 2008 R2: www.microsoft.com/WindowsServer2008R2
Technical Learning Center (Orange Section): Highlighting Windows Server 2008 and R2 technologies•Over 15 booths and experts from Microsoft and our partners
www.microsoft.com/teched Tech·Talks Tech·Ed BloggersLive Simulcasts Virtual Labs
http://microsoft.com/technet
Evaluation licenses, pre-released products, and MORE!
Resources for IT Professionals
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED
OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.