Windows Server 2008 R2: Work Anywhere Infrastructure

Ashwin PalekarPrincipal Group Program ManagerMicrosoft CorporationSession Code: WSV208

Scott RobertsSenior Program Manager Lead Network SecurityMicrosoft Corporation

Mobile Workforce

Mobile Data

Globalization

Increasingly Porous

Perimeter

“Re-Perimeterization”

How to manage, monitor, and support remote users/machines all the time?How to simplify remote workers’ access

“My network is where my buildings are”

“My network is where my users and assets are”

DirectAccess Server

Data Center and Business Critical

Resources

Local User

Enterprise Network

Remote User

Assume the underlying network is always unsecure

Redefine the corporate edge to protect the datacenter

Security policies based on identity, not location

Industry Trends

Internet

Windows Server 2008 R2 Addressing Enterprise Needs

Addressing User Needs

Supporting IT Professionals

Work Anywhere Infrastructure using Direct Access Secure & Flexible Application access using Terminal Services

DirectAccess

Providing seamless, secure access to enterprise resources from anywhere

DirectAccess in Actiondemo

Benefits Of Direct AccessBringing the corporate network to the user

Always-on access to corpnet while roamingNo explicit user action required – it just worksSame user experience on premise and off

Simplified remote management of mobile resources as if they were on the LANLower total cost of ownership (TCO) with an “always managed” infrastructure Unified secure access across all scenarios and networksIntegrated administration of all connectivity mechanisms

More secure More manageable and cost effective

Healthy, trustable host regardless of networkFine grain per app/server policy controlRicher policy control near assetsAbility to extend regulatory compliance to roaming assetsIncremental deployment path toward IPv6

More productive

VPN vs. DirectAccess - Value

VPN DirectAccess

Manageability

Granular Security

Ease of use

Ubiquitous

Easy to install

DirectAccess Server(Server 2008 R2)

DirectAccess Client(Windows 7)

Internet

Native IPv6

6to4

Teredo

IP-HTTPS

Tunnel over IPv4 UDP, HTTPS, etc.

Encrypted IPsec+ESP

IPsec Gateway

Encrypted IPsec+ESP

Enterprise Network

DirectAccess Server(Server 2008 R2)

Line of Business Applications

No IPsec

IPsec Gateway

IPsec Integrity Only (Auth)

IPsec Integrity + Encryption

Windows Server 2008Non-Windows Server

DirectAccess Components

Runs on Windows 7Domain-joinedInitial configuration done on Corpnet or over VPN

Runs on Windows Server 2008 R2Sits on network edgeSingle box by defaultServices can be split up for scalability

Server Client

Direct Access Supporting Technologies

Trusted, compliant,healthy machine

Windows 7 client

Corporate Network

Applications & Data

NAP (includes Server & Domain Isolation

[SDI])

Forefront Client

Security

Windows Firewall

BitLocker + Trusted Platform Module (TPM)

IAG SP2 ForefrontUAG

DC & DNS(Server 2008

R2)

DA Server

Compliant Client

Compliant Client

Data Center and Business Critical Resources

NAP / NPS Servers

Internet

CORPNET UserCORPNET

Compliant Network

CORPNET User

IPsec/IPv6

IPsec/IPv6

Direct Access Supporting Technologies

Non- Compliant Client

Forefront Client Security

IAG SP2

Unmanaged Client

Situation Today Windows 7 Solution

Mobile Broadband

Internet connectivity via mobile broadband cards is expanding:

Inconsistent user experienceAdditional software required

Standard driver model (plug & play experience for built-in and external 3G cards)Mobile Broadband connection experience integrated into standard Windows UIStandard APIs for building customized connection management experienceCompatible with DirectAccess and VPN Reconnect

Situation Today Windows 7 Solution

VPN Reconnect

VPN used frequently for remote access to corporate resourcesMobile workers reconnect to VPN on every network outage

VPN Server

VPN Server

BenefitsBetter end user experience: seamless and consistent VPN connectivityReduced support costs

The client maintains persistent VPN connection across network outagesVPN Client can connect to any VPN Server of choice

BranchCache

Windows Server

2008 R2

Slow WAN Link

Client 1 Client 2

Windows 7 Clients

Windows Server 2008

Slow WAN Link

Client 1 Client 2

Vista SP1 Clients

Subsequent access from the same client is satisfied from the transparent cache (local machine access)

Situation Today Windows 7 Solution

Remote Desktop Servicesannouncing

Introducing New Names in R2

WS03 WS 2008 WS 2008 R2

Terminal Services Terminal Services Remote Desktop Services

Terminal Server Terminal Server RD Session Host

TS Session Directory TS Session Broker RD Connection Broker

TS Licensing Server TS Licensing Server RD Licensing Server

TS Gateway RD Gateway

TS Web Access RD Web Access

RD Virtualization Host

TS & VDI – an integrated solution

Hyper-V support for virtual desktops

Single discovery, broker & publishing

infrastructure

SCVMM Support

Remote Application Access

RemoteApp & Desktop Connections

RemoteApp & Desktop & Web

Access

RD Gateway Security Improvements

Full Fidelity RemoteApp &

Desktops

True multiple monitor support

Multimedia Support & Bi direction audio

2D and 3D remoting for DirectX 10.1

(DXGI 1.1)

ImprovedNEW! Improved

Platform & Management ImprovementsNew API, Connection Broker Extensibility,,

Powershell Support, Best Practices Analyze, Full MSI support

WS08 R2 – New and Improved

Remote Desktop Connection

Broker

TS-basedRemote Desktop Hyper-V-based

Remote Desktop

Virtual Machine

Management (SCVMM)

TS & VDI – An Integrated Solution

RemoteApp & Desktop ConnectionsRemoteApp & Desktops icons integrated into start menu etcIcons refreshed & updated automatically

Multimedia Support & Audio InputExperience rich multimedia redirection Use VoIP applications and speech recognition.

True multiple monitor supportUse upto 10 monitors of any size or layout with RemoteApp and DesktopsAll applications behave like users expect – e.g. PowerPoint

Aero Glass for Remote Desktop Session Host Uses have the same new Windows 7 look and feel when using Remote Desktop Server

RemoteApp™ Language Bar SupportConfigure applications that use alternate language settings (e.g. right to left languages) from the local language bar

Full Fidelity RemoteApp & Desktops

TS and VDI – An Integrated SolutionSingle broker to connect users to sessions or virtual machines, out of the box solution for VDI scenarios with Hyper-V

RemoteApp & Desktop ConnectionsCentrally managed list of applications and desktops (RDS & VDI)Automatically published, refreshed & integrated with Windows 7

Remote Desktop Web AccessIntegrated with RemoteApp & Desktop Connection management toolsProvides access to applications & desktops from Windows 7, Vista & XP

Integrated Single Sign Ononly a single logon for RemoteApp & Desktop connectionsForms based logon for RD Web Access

Remote Desktop Gateway Session & Idle timeouts to enforce policy and authorization refreshPluggable authentication and consent signing

Remote Application Access

Improved Application CompatibilityImproved Microsoft Installer (MSI) compatibility

Powershell ProviderEasily automate and script administrative tasks for remote desktop scenarios

Use Profile Cache QuotaRemoves need to delete profiles at logoff – speeds up logon.Ensures profiles never overrun disk space; least used profiles deleted

RemoteApp & Desktop Connections ExtensibilityCan support discovery of any custom application typeEnsure common UI and location for discovering connections

Connection Broker ExtensibilityOrchestration plug-ins – e.g. VM preparation, VM placementPolicy plug-ins – e.g. load balancing, security etc

Platform & Management Improvements

SummaryCall-to-action

Windows Server 2008 R2 offers great innovation for your Anywhere Access infrastructureLearn more about Direct Access and Remote Desktop ServicesGet ready deploying Windows Server 2008

Related Content

VIR307 Windows 2008 R2: Remote Desktop Services: VDI Drilldown- Drilldown into RD Connection Broker and VDI features

WSV308 Windows Server 2008 R2: Remote Desktop Services Overview- Overview of Remote Desktop Services & drilldown into RD Session Host

VIR305 - Microsoft Remote Desktop Protocol (RDP) Architecture and Improvements.- Drilldown into RDP features

Windows Server ResourcesMake sure you pick up your copy of Windows Server 2008 R2 RC from the Materials Distribution Counter

Learn More about Windows Server 2008 R2: www.microsoft.com/WindowsServer2008R2

Technical Learning Center (Orange Section): Highlighting Windows Server 2008 and R2 technologies•Over 15 booths and experts from Microsoft and our partners

www.microsoft.com/teched Tech·Talks Tech·Ed BloggersLive Simulcasts Virtual Labs

http://microsoft.com/technet

Evaluation licenses, pre-released products, and MORE!

Resources for IT Professionals

Complete an evaluation on CommNet and enter to win!

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED

OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.