Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ljubomir Ivaniš CPU d.o.o.

Similar presentations


Presentation on theme: "Ljubomir Ivaniš CPU d.o.o."— Presentation transcript:

1 Ljubomir Ivaniš CPU d.o.o.
4/1/2017 9:19 PM Microsoft Server Platform Title: Windows Server 2008 Overview Talking Points: Introduce yourself This presentation will provide an overview of the exciting new features in Microsoft® Windows Server® 2008, and how they may be used by both developers and in organizations. Ljubomir Ivaniš CPU d.o.o. Microsoft Certified IT Professional Virtualization Administrator 2008 R2 Microsoft Certified IT Professional Enterprise Administrator Microsoft Certified Trainer

2 Virtualization Terminal Services Server Core IP V6 NAP Security

3 Streamlined Administration
4/1/2017 9:19 PM Streamlined Administration Easier Setup with Initial Configuration Tasks Faster Deployment with Windows Deployment Services Simplified Administration with Server Manager Console Title: Streamlined Administration Talking Points:  With the ever-growing number of computers and workstations in a typical enterprise network, IT personnel spend a substantial amount of time installing, deploying, and maintaining variants of the Windows operating system on servers and workstations. It is crucial to the overall productivity of the business that a consistently high level of quality is maintained in these processes. Windows Server 2008 includes many new features and enhancements designed to reduce the cost and effort of deploying and managing all Windows servers within the corporate network. Easier Windows Server Setup and Faster Deployment Installing operating systems has historically been a time-consuming process requiring the constant monitoring and hands-on interaction of IT administrators to ensure proper installation. Windows Server 2008 streamlines the setup process, freeing the administrator to perform other tasks. A redesigned installation interface guides administrators and users through the most common post-installation tasks, helping ensure that the server is configured correctly and securely. The improved installation process of Windows Server 2008 saves the time setting up the operating system, freeing administrators to perform more valuable tasks. In addition to a streamlined setup, organizations can use Windows Deployment Services (WDS), a revised version of Remote Installation Services designed to be used with Windows Server 2008 and Window Vista, that provide a simplified, secure means of rapidly deploying Windows operating systems to computers over networks without requiring that administrators visit each computer or install directly from CD or DVD media. This reduces the time and work involved in deploying operating systems on servers and workstations and the costs associated with deploying new computers. Microsoft has a published Microsoft Deployment, the next version of Business Desktop Deployment (BDD) It is the recommended process and toolset to automate desktop and server deployment. Microsoft Deployment provides detailed guidance and job aids for every organizational role involved with large-scale deployment projects. It unifies the tools and processes required for desktop and server deployment into a common deployment console and collection of guidance. Microsoft Deployment’s tools and end-to-end guidance reduce deployment time, standardize desktop and server images, limit service disruptions, reduce post-deployment help desk costs, and improve security and ongoing configuration management. Simplified Administration The Server Manager Console in Windows Server 2008 makes the task of managing and securing servers easier. The interface of the Server Manager Console is a single window that contains all of the information necessary for managing a server’s configuration and system information. It incorporates the functionality of several management tools, enabling administrators to go directly to consoles for managing specific roles, troubleshooting tools, or finding backup and disaster recovery options. Roles and features installed by using Server Manager are secure by default. Administrators don’t need to run the Security Configuration Wizard following role installation or removal unless they want to change the default settings. Most common administration tasks in Windows Server 2008 can be performed with the assistance of wizards. Wizards in Server Manager streamline server deployment tasks in an enterprise by cutting deployment time. Most common configuration tasks, such as configuring or removing roles, defining multiple roles, and role services can now be completed in a single session using Server Manager Wizards. Dependency checks are performed as the user progresses through Server Manager wizards, ensuring that all of the prerequisite role services that a selected role needed are installed, and none are removed that remaining roles or role services might still require . Server Manager consolidates a variety of management interfaces and tools into a unified management console, enabling administrators to complete common management tasks without having to navigate between multiple interfaces, tools, and dialog boxes reducing the time it takes to perform administration tasks, reducing configuration errors, and reducing server management costs. Powerful Automation of IT Administration Tasks Microsoft Windows PowerShell is a new command-line shell and scripting language that helps IT Professionals achieve greater productivity and control system administration more easily. Windows PowerShell does not require that you to migrate your existing scripts, and it is ideally suited for automation of new Windows Server 2008 features. Windows Powershell has more than 130 standard command-line tools, a new admin-focused scripting language, and consistent syntax and utilities. It allows administrators to efficiently complete server administration tasks that are common across all Windows Server 2008 roles, such as services, processes, and storage. Windows PowerShell also allows administrators to manage specific Windows Server 2008 roles, such as IIS 7.0 and Terminal Server, as well as Microsoft Exchange Server 2007 and Microsoft Operations Manager Also, a number of partners have provided Windows PowerShell commands that improve network management and provide rich charting and gauge capabilities. Using the configuration scripts, refinery administrators can simply run a script rather than trying to follow written instructions, reducing the time spent on installation, deployment, and maintenance as well as the potential for configuration errors. Windows PowerShell is easy to adopt, learn, and use, because it does not require a background in programming, and it works with your existing IT infrastructure, existing scripts, and existing command-line tools. With PowerShell, organizations can more easily automate administration tasks, reducing effort and saving costs. Enterprise Class Print Management A substantial part of an organization’s IT resources is usually devoted to configuring and maintaining network attached printers that require constant maintenance and administration. The techniques for configuring one printer model usually do not translate to other models, so IT personnel must devote substantial time and effort in becoming familiar with many different printer configuration methods. In addition, on previous versions of Windows, printers had to be managed on a per-server basis -there was no centralized printer management tool. This resulted in high costs in time and resources for the organization. Windows Server 2008 addresses these issues with Print Management, an MMC snap-in that enables administrators to manage, monitor, and troubleshoot all of the printers within the enterprise network from a single interface, even those printers that are remotely connected to the network. When responding to remote printer issues, IT personnel do not have to rely on users at the remote site to check the printer and provide diagnostic information; the administrator can use Print Management’s easy-to-use console interface to access this information directly. It can also send notifications and run maintenance scripts when a printer or print server needs attention. Print Management can also access the Web interfaces of printers that support them. Print Management can be used with Group Policy to automatically one or many desktop computers to network printers. IT administrators do not have to install and configure printers on each desktop computer, and this optimizes IT resources and saves the organization time and money. Print Management simplifies printer management duties, optimizing IT resources and reducing time and cost for the organization. Increased Infrastructure Reliability with Server Core Infrastructure servers perform tasks critical to the day-to-day operation of Windows Server-based enterprise networks, such as supporting the Domain Name Service (DNS), Active Directory, and the Dynamic Host Configuration Protocol (DHCP) service. Enterprise networks depend on the stability and optimal performance of infrastructure servers. To meet these needs, Windows Server 2008 includes a new installation option called Server Core. Server Core installations contain only the functionality needed for the server’s task in the enterprise network. Functionality that is not strictly required for the server task is not included. The Server Core installation option is available for the following roles: Hyper-V IIS 7.0 Dynamic Host Configuration Protocol (DHCP) server Domain Name System (DNS) server File server Active Directory Domain Services (AD DS) Active Directory Lightweight Directory Services (AD LDS) Windows Media Services Print Server Because Server Core runs with a minimal set of installed functionality, less maintenance, fewer software updates, and fewer restarts are needed. Server security is enhanced as running less code reduces the attack profile of the server. Server Core’s minimal server implementations increase network security and performance, reducing an organization’s maintenance and support costs and allowing organizations to run critical infrastructure servers in their most reliable configuration. Customer Evidence: Valero Energy Corporation is North America’s largest refiner of oil and gas products has started to deploy Windows Server 2008. One of the compelling reasons to deploy is scriptability. “On the refinery side, one of the big benefits of Windows Server 2008 is scriptability and ease of configuration,” says Scott Mock, Lead I/S Specialist. Valero plans to use Windows PowerShell to create configuration scripts that automate basic server management tasks. Valero Energy Corporation is North America’s largest refiner of oil and gas products. By using the Server Core installation option, Valero is anticipating significantly reduced downtime for maintenance at the refineries. “Server Core goes a long way in reducing the amount of security updates we have to apply, by reducing the number of components that need updating on a regular basis,” says I/S Project Manager Shawn Crow. Valero Energy Corporation Case Study Additional Information: Powerful Automation of IT Administration Tasks with Windows PowerShell Enterprise Class Print Management with Print Management Console Increased Infrastructure Reliability with Server Core

4 Updated Event Viewer

5 Terminal Services RemoteApp
4/1/2017 9:19 PM Terminal Services RemoteApp Only supported by Remote Desktop client 6.0, or newer Programs look like they are running locally RemoteApp console used to make application available Also used to make programs available via TS Web Access Remote programs integrated with local computer Centrally configure a terminal server with the Terminal Server Configuration console Title: Terminal Services RemoteApp Talking Points: Windows Server 2008 Terminal Services RemoteApp (TS RemoteApp) provides the ability to run both local and remotely-hosted programs on a Windows desktop. Windows Server 2008 Terminal Services RemoteApp (TS RemoteApp) provides the ability to run both local and remotely-hosted programs on a Windows desktop. These programs will be fully integrated with the local computer, having their own resizable windows and taskbar entries. The remote program is completely integrated with the user's desktop, and appears to the user as if it is running on the user's local computer. Users can run programs from a remote location side-by-side with their local programs. If the program uses a notification area icon, this icon appears in the client's notification area. Popup windows are redirected to the local desktop. Local drives and printers can be redirected to appear in the remote program. Many users might not be aware that the remote program is any different than a local program. The Terminal Server Configuration console is the central location from which administrators configure a terminal server to host remote programs. [BUILD1] RemoteApp Console: From the RemoteApp console, you can select which applications on the terminal server to make available as remote programs as well as deciding whether or not such programs should also be made available by means of Terminal Services Web Access. [BUILD2] Programs Look Like They Are Running Locally: This image demonstrates TS RemoteApp. Microsoft Office Outlook 2007 is running on a terminal server, and yet the launch-tray icon and the reminder tabs have migrated over to the client desktop as if it were running locally. Compare this to the Internet Explorer window, also open on the desktop, in which applications accessed using TS Web Access would operate. [BUILD3] Remote Desktop Client: Remote Programs are only supported by the Remote Desktop client 6.0, or later. This client is available for Windows XP SP2, Windows Server 2003 SP1, and Windows Vista, and is distributed free through Windows Update. Additional Information: Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn)  Remote Desktop client required Terminal Services Gateway Server 5

6 Windows SharePoint Services
4/1/2017 9:19 PM Windows SharePoint Services WSS Title: Windows SharePoint Services Talking Points: Windows SharePoint Services contain a variety of enhanced features. Microsoft Windows SharePoint® Services 3.0 is a collaboration technology that helps organizations improve business processes and enhance team productivity. With a rich set of features and tools that give people browser-based access to workspaces and shared documents, Windows SharePoint Services helps people connect to and work with others across organizational and geographic boundaries. Windows SharePoint Services also provides a foundation platform for building Web-based business applications that are flexible and scale easily to meet the changing and growing needs of your business. In addition, robust administrative controls for managing storage and Web infrastructure give IT departments a cost-effective way to implement and manage a high-performance collaboration environment. Windows SharePoint Services 3.0 has many new features and enhancements that can help IT Professionals deploy and maintain Windows SharePoint Services solutions. Together, these new features and enhancements provide IT organizations with better control over information resources; individually these new features and enhancements provide functional benefits that help reduce administrative overhead. [BUILD1] Administration model enhancements - Windows SharePoint Services includes several enhancements to the administration model that help IT organizations implement management plans and perform administrative tasks more effectively and efficiently. Centralized configuration and management: Windows SharePoint Services now has a centralized configuration and management model, which includes a centralized configuration database and two new services that automatically propagate and synchronize the centrally-stored configuration settings across all of the servers in your server farm. The new configuration and management model allows you to centrally manage your server farm without having to manage farm settings on a server-by-server basis. For example, if you create a Web application on one of your Web servers, the Web application is automatically propagated to all of your Web servers. You no longer have to create and configure individual Web applications on each of your Web servers. Two-tier administration model: Windows SharePoint Services has an enhanced two-tier administration model that makes it easier for IT organizations to differentiate administrative roles and assign administrative responsibilities. Farm-based Central Administration user interface: The SharePoint Central Administration Web pages have been redesigned and reorganized, allowing easier implementation of administrative tasks and procedures. Delegation of administrative responsibilities and roles: Because the multi-tier administration model provides a clear delineation of administrative tasks, IT managers can better delegate administrative responsibilities to the appropriate users and administrators within an organization. [BUILD2] New and improved compliance features and capabilities - Windows SharePoint Services includes new and enhanced features that provide IT organizations with better control over information resources. Policy management: You can now configure policies for Web applications based on the domain or the server authentication zone. For example, you can create intranet and extranet authentication zones to restrict access to information based on how users access information. You can also use authentication zones to create access control lists (ACLs) that include a group of users from different authentication providers. Diagnostic logging: Diagnostic logging can now be configured for all actions on sites, content, and workflows. Item-level access control: Windows SharePoint Services provides item-level access control and security settings that allow site administrators and IT administrators to control which people or groups have access to sites, document libraries, lists, folders, documents, and list items. In addition, Windows SharePoint Services provides security trimming of UI elements. Security trimming controls which UI elements are visible or actionable based on a user's permissions, thereby reducing Web page clutter and making Web pages easier to navigate. Administrator access control: Windows SharePoint Services now prohibits IT administrators from viewing site content unless the IT administrator is granted site collection administrator privileges. In addition, an event is written to the Event Viewer Application log whenever an IT administrator changes site collection administrator privileges. [BUILD3] New and improved operational tools and capabilities: Windows SharePoint Services includes several new and improved tools and capabilities that help IT organizations implement operational plans and tasks. Backup and Recovery Support: Several new and improved features make it easier to perform backup and recovery tasks. A multi-stage recycle bin allows users to retrieve inadvertently deleted documents, reducing dependence on IT departments for document retrieval functions. The recycle bin also allows administrators to manage the lifecycle of deleted items in the recycle bin. The backup and restore functionality is also enhanced, providing support for Volume Shadow Copy Service (VSS), which allows better integration with non-Microsoft backup and recovery programs. In addition, the backup and restore functionality in Windows SharePoint Services allows IT staff to back up and restore the data that is stored in a SQL Server database, such as your configuration database, content and configuration data for Web applications, and search databases. Upgrade and migration support: The following features have been added to make upgrades faster and easier: Gradual upgrade support: By performing a gradual upgrade, you can incrementally upgrade data and functionality on a server that is running Microsoft Windows SharePoint Services version 2 and Windows SharePoint Services 3.0. This is particularly useful if you are upgrading a complex environment and you do not want to interrupt business processes. Migration support: Windows SharePoint Services provides support for migrating content. You can migrate content for an entire Web site or you can migrate content on a more specific basis, such as lists and documents. You can also migrate content incrementally. Reparenting. This allows you to dynamically rearrange a hierarchy of SharePoint sites, and is typically used during a migration. Previously, in Windows SharePoint Services version 2, to move a site, you needed to back up and then delete it from its current location, and then restore the site in the new location. Monitoring support: Improved instrumentation is provided through Microsoft Operations Manager (MOM) management packs. MOM packages support centralized monitoring and management of configurations ranging from single server and small server farms to very large server farms. Host header mode: Host header mode, a new feature in Windows SharePoint Services, allows you to create multiple domain-named sites in a single Web application. In Windows SharePoint Services version 2, when scalable hosting mode was enabled, you could extend only one IIS Web site. Now, with host header mode, you can have host header-based site collections on multiple Web applications, so you are no longer limited to extending just one IIS Web site. Server renaming: Windows SharePoint Services now has the Stsadm renameserver command that makes it easier to rename your Web servers and your database servers. When you run Stsadm renameserver, the configuration database for your farm is updated, so that any URLs or references to the old server name are now mapped to the new server name. Credential management: You can now manage service account credentials, such as the application pool identity for your application pools, through the SharePoint Central Administration site. [BUILD4] Improved support for network configuration: Windows SharePoint Services includes enhanced support for network configuration. Alternate access mapping: Alternate access mapping (AAM) provides a mechanism for mapping newly-added Web servers to your Web application. For example, if you install and configure Windows SharePoint Services on a single Web server, and a user browses to your server, the server will render the content that is in your Web application. However, if you add subsequent Web servers to your server farm, the newly-added servers will not have alternate access mappings configured to your Web application. Pluggable authentication: Windows SharePoint Services adds support for non-Windows-based identity systems by integrating with the pluggable Microsoft ASP.NET forms authentication system. ASP.NET authentication allows Windows SharePoint Services to work with identity management systems that implement the Membership Provider interface. [BUILD5] Extensibility enhancements: Windows SharePoint Services has several extensibility enhancements that make it easier to create custom applications that are well integrated with Windows SharePoint Services features, functionality, and user interface elements. Site definitions have been enhanced so that sites are no longer locked or bound to your original template choice. Administration tasks and functionality can be extended to custom applications. Enhancements to the Windows SharePoint Services Timer service make it easier to create and manage timer jobs that control custom services. Windows SharePoint Services hosts the Windows Workflow Foundation, which allows the creation of customized workflow solutions and the use of structured workflows on document library and list items. In conjunction with the Windows SharePoint Services application templates, the Windows Workflow Foundation allows you to create robust workflow-enabled business applications. Additional Information: Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn) Administration model enhancements New and improved compliance features and capabilities New and improved operational tools and capabilities Improved support for network configuration Extensibility enhancements

7 Windows Firewall Advanced Security
4/1/2017 9:19 PM Windows Firewall Advanced Security Title: Windows Firewall with Advanced Security Talking Points: Windows Firewall with Advanced Security provides a number of security enhancements. Windows Server SP1 was the first release to contain a server firewall, and it only did port filtering. Many enhancements have been made to Windows Firewall with Advanced Security as described below. The Windows Firewall with Advanced Security in Windows Server 2008 is a host-based firewall that allows or blocks network traffic according to its configuration and the applications that are currently running, to provide a level of protection from malicious users and programs on a network. A feature of the advanced security functionality in Windows Server 2008 is ability to support firewall interception of both incoming and outgoing traffic by means of policy-based networking. For example, administrators can configure the new Windows Firewall with a set of exceptions to block all traffic sent to specific ports, such as the well-known ports used by viruses, or to specific addresses containing either sensitive or undesirable content. Combined firewall and IPsec management: In previous versions of Windows, the IPsec and Firewall configuration were performed in two places. IPsec and firewall configuration can now be done from one location which helps to prevent customers from accidentally setting up conflicts. The new Windows Firewall can be configured with an MMC snap-in, Windows Firewall with Advanced Security. With the new Windows Firewall with Advanced Security snap-in, network administrators can configure settings for Windows Firewall on remote computers, which is not currently possible for the current Windows Firewall without a remote desktop connection. [BUILD1] Firewall rules become more intelligent: The advanced security functionality in Windows Server 2008 allows administrators to configure firewall exceptions in a number of new ways. For example, exceptions can be configured for IP protocol number, by source and destination, for all or multiple ports, and so on. Policy-based network rules give administrators control to better protect their environment. [BUILD2] Policy-based networking: The policy-based networking feature, also called outbound filtering, is designed for enterprise management only. This feature can block either traffic sent in response to a request of the computer—solicited traffic—or unsolicited traffic that has been specified as allowed—excepted traffic. This is a crucial component of firewall functionality as it helps prevent the infection of computers by network-level viruses and worms that spread through unsolicited incoming traffic. Simplified protection policy: The new simplified protection policy makes it easier for administrators to manage the Windows firewall. For example, administrators can specify which users, groups, or application are allowed to use a specific port, or can turn off access to a specific port enterprise-wide in the case of a virus attack. Additional Information: Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn)  Firewall rules become more intelligent Combined firewall and IPsec management Policy-based networking

8 Windows Deployment Services
4/1/2017 9:19 PM Windows Deployment Services WDS Rapidly deploys Windows operating systems Updated and redesigned version of Remote Installation Services (RIS) Server components Client components Management components Windows Deployment Services provides several enhancements to RIS Title: Windows Deployment Services Talking Points: Windows Deployment Services (WDS) is a suite of components that work together on Windows Server 2008 to provide a simplified, secure means of rapidly deploying Windows operating systems to computers by using network-based installation, without the need for an administrator to work directly on each computer, or install Windows components from CD or DVD media. It contains a number of new or enhanced features that will save IT staff time. The Windows Deployment Services Process: Windows Deployment Services allow IT staff to rapidly deploy the Windows operating systems to computers by using network-based installation, without the need for an administrator to work directly on each computer, or install Windows components from CD or DVD media. WDS can also be used to quickly repurpose existing computers. [BUILD1] Windows Deployment Services: Windows Deployment Services, the updated and redesigned version of Remote Installation Services (RIS), is the feature name for a suite of components that work together on Windows Server 2008 to enable the deployment of Windows operating systems, particularly Windows Vista. These components are organized by the following three categories: server, client and management components. [BUILD2] Server components: These components include a Pre-Boot Execution Environment (PXE) server and Trivial File Transfer Protocol (TFTP) server for network booting a client to load and install an operating system. Also included is a shared folder and image repository that contains boot images, installation images, and files that you need specifically for network boot. [BUILD3] Client components: These components include a graphical user interface that runs within the Windows Pre-Installation Environment (Windows PE) and communicates with the server components to select and install an operating system image. [BUILD4] Management components: These components are a set of tools that you use to manage the server, operating system images, and client computer accounts. [BUILD5] Enhancements to Windows Deployment Services: Windows Deployment Services includes the Windows Deployment Services MMC snap-in, which provides rich management of all Windows Deployment Services features. Windows Deployment Services also provides several enhancements to the RIS feature set. These enhancements support the deployment of the Windows Vista and Windows Server 2008 operating systems. With Windows Deployment Services, IT staff can: Use the Windows Deployment Services snap-in to create a "capture image" that can create a custom image from a computer that has been prepared with Sysprep.exe Use the Windows Deployment Services Capture Wizard to create and add an image prepared with Sysprep.exe Use the Windows Deployment Services snap-in to associate unattended installation files with Windows images Associate one or more language packs with an image, eliminating your need for unique images for each language your organization supports Use the Windows Deployment Services snap-in to create a "discover image" for use with computers that do not support PXE boot Additional Information: SVR322_Niehaus.ppt Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn)  Windows Server Windows Client

9 BitLocker™ Drive Encryption
4/1/2017 9:19 PM BitLocker™ Drive Encryption Full Volume Encryption Key (FVEK) Encryption Policy Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Title: BitLocker Drive Encryption Talking points: BitLocker Drive Encryption is an integral new security feature in Windows Server 2008 to protect servers at locations, such as in a branch office, and mobile computers for roaming users. Information loss can be very costly. As more businesses and services are moving into an online mode, data has become more vulnerable. At the same time, there is a growing need among consumers that this data be protected. New rules and regulations at state and national levels such as Sarbanes-Oxley and HIPAA help drive the need for data protection. BitLocker provides enterprise solutions to protect sensitive data for a variety of applications to meet these standards. Allows central encryption policy and provides Branch Office protection: The Group Policy feature of Windows Server 2008 allows administrators to set a corporate encryption policy. When combined with BitLocker encryption, this provides additional security for branch offices, sites with limited IT support, or sites at risk for security breaches. [BUILD1] Group Policy allows central encryption policy and provides Branch Office protection: BitLocker is configurable through Group Policy. What this means is that with Windows Server 2008, administrators have the ability to implement an enterprise-wide BitLocker policy. Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System: BitLocker provides off-line data and operating system protection by ensuring that data stored on the computer is not revealed if the machine is tampered with when the installed operating system is offline. BitLocker Drive Encryption optionally uses a Trusted Platform Module, or TPM, to provide enhanced protection for data and to assure early boot component integrity. This helps protect data from theft or unauthorized viewing by encrypting the entire Windows volume. How BitLocker Works: BitLocker prevents a thief who boots another operating system or runs a malicious software tool from breaking Windows file and system protections, or performing offline viewing of the files stored on the protected drive. BitLocker Drive Encryption protects data while the system is offline because it encrypts the entire Windows volume, including both user data and system files, the hibernation file, the page file, and temporary files. This provides umbrella protection for third-party applications because they receive the benefits of BitLocker automatically when they are installed on an encrypted volume. [BUILD2] Using BitLocker with a TPM: The TPM is a chip available with newer motherboards. BitLocker is designed to work the TPM 1.2 or later models, which enhance data protection by bringing together two major sub-functions: full drive encryption, and the integrity checking of early boot components. Qualified systems will have v1.2 Trusted Computing Group, or TCG-compliant BIOS. The BIOS establishes chain of trust for pre-operating system boot, and the system must include support for TCG specified Static Root Trust Measurement (SRTM). The TPM validates that early boot components are correct. Ideally, BitLocker uses a Trusted Platform Module, or TPM, to protect user data and to ensure that a PC running has not been tampered with while the system was offline. BitLocker Drive Encryption can use a USB flash drive for key storage if no TPM is available. BitLocker is designed to offer the most integrated end-user experience with systems that have a compatible TPM microchip and BIOS. BitLocker provides a wizard for setup and management, as well as extensibility and manageability through a Windows Management Instrumentation (WMI) interface with scripting support. BitLocker is tightly integrated into Windows, and provides a secure and easily manageable data protection solution for the enterprise. For example, BitLocker optionally leverages an enterprise’s existing Active Directory Domain Services infrastructure to remotely escrow recovery keys. BitLocker also has a disaster recovery console integrated into the early boot components to provide for ‘in the field’ data retrieval. IT Professionals can choose one of several authentication modes when they initially configure BitLocker. Each time a BitLocker-protected operating system volume boots, Windows boot code performs a sequence of steps based on the volume protections set. These steps can include code integrity checks and other authentication steps that must be verified before the protected volume is unlocked. Volume contents are encrypted with a Full Volume Encryption Key (FVEK), which in turn is encrypted with a Volume Master Key (VMK). Securing the VMK is an indirect way of protecting data on the disk volume: the addition of the volume master key allows the system to be re-keyed easily when keys upstream in the trust chain are lost or compromised. This saves the expense of decrypting and re-encrypting the entire disk volume. BitLocker Recovery and Active Directory Integration: BitLocker also provides recovery and Active Directory integration. For example, an administrator could have a BitLocker password recovery in Active Directory, allowing Group Policy to manage BitLocker settings for Windows Server 2008 and Windows Vista. Additional Information: Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn)  Add-305.ppt

10 Read-Only Domain Controller
4/1/2017 9:19 PM Read-Only Domain Controller RODC Main Office Branch Office Features Read Only Active Directory Database Only allowed user passwords are stored on RODC Unidirectional Replication Role Separation Benefits Increases security for remote Domain Controllers where physical security cannot be guaranteed Title: Read-Only Domain Controller (RODC) Talking Points: The Read-Only Domain Controller (RODC) provides increased security for locations such as Branch Offices. A read-only domain controller (RODC) is a new type of domain controller in the Windows Server 2008 operating system. The Read-Only Domain Controller (RODC) is primarily targeted toward branch offices or edge sites. RODC doesn’t store any passwords, by default. That way, if the RODC is compromised, then an administrator doesn’t have to worry about someone gaining access to the entire network using the information stored on that server. This addresses the lack of security that can occur at branch offices. So the threat to the Active Directory is drastically reduced. [BUILD1] RODC Features: RODC are read-only state with unidirectional (read-only) replication for Active Directory and FRS\DFSR. Each RODC has its own KDC KrbTGT account—this is the account that issues tickets. This provides cryptographic isolation. RODC uses workstation accounts, so it has very limited rights to write in Active Directory, to minimize unauthorized access. And since RODCs have workstation accounts, they have no EDC or Display Data Channel (DDC) group membership. Because no changes are written directly to the RODC, and therefore do not originate locally, writable domain controllers that are replication partners do not have to pull changes from the RODC. This reduces the workload of bridgehead servers in the hub site, and the effort required to monitor replication. RODC unidirectional replication applies to both AD DS and Distributed File System Replication. The RODC performs normal inbound replication for AD DS and Distributed File System Replication changes. RODC also uses credential caching. Credential caching is the storage of user or computer credentials. Credentials consist of a small set of approximately 10 passwords that are associated with security principals. With Role Separation you can delegate the local administrator role of an RODC to any domain user without granting that user any user rights for the domain, or other domain controllers. This permits a local branch user to log on to an RODC and perform maintenance work on the server, such as upgrading a driver. However, the branch user cannot log on to any other domain controller or perform any other administrative task in the domain. In this way, the branch user can be delegated the ability to effectively manage the RODC in the branch office without compromising the security of the rest of the domain. [BUILD2] RODC Benefits: RODCs provide a way to deploy a domain controller more securely in a branch office location, extranet, or an application-facing role. RODCs are designed to be placed in locations that require rapid, reliable, and robust authentication services but that might also have a security limitation that prevents deployment of a writable domain controller. With an RODC, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed. [BUILD3] RODC Support: RODCs provide support for: ADFS, DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, and MOM. We provide more detailed information on how RODC works and what is required to implement RODC in Windows Server 2008 in the next two slides. Additional Information: Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn) 

11 AD Rights Management Services
4/1/2017 9:19 PM AD Rights Management Services AD RMS protects access to an organization’s digital files AD RMS in Windows Server includes several new features Improved installation and administration experience Self-enrollment of the AD RMS cluster Integration with AD Federation Services New AD RMS administrative roles RMS Server SQL AD Information Author Title: Active Directory Rights Management Services (AD RMS) Talking Points: Windows Server 2008 Active Directory Rights Management Services protects access to an organization’s digital files. It is a security technology that works with applications to help safeguard digital content—no matter where it goes—for people who need to protect sensitive Web content, documents, and messages. In Windows Server 2008, the Active Directory Rights Management Services (AD RMS), a format and application-agnostic technology, provides services to enable the creation of information-protection solutions. It will work with any AD RMS-enabled application to provide persistent usage policies for sensitive information. Content that can be protected by using AD RMS includes intranet Web sites, messages, and documents. AD RMS includes a set of core functions that allow developers to add information protection to the functionality of existing applications. For Windows Server 2008, AD RMS includes several new features that were not available in Microsoft Windows Rights Management Services (RMS). These new features are designed to ease administrative overhead of AD RMS and to extend its use outside of an organization. AD RMS Protects Access to an Organization’s Digital Files Ensuring Privacy and protection of digital files and information is a difficult ongoing task. Traditional solutions in organizations protect initial access using a combination of perimeter-based security technologies to protect sensitive data: network access is protected by firewalls, servers hosting sensitive files can be restricted by Access Control Lists (ACLs), and confidential messages can be encrypted in transit to assure no tampering. However, this may result in information leaks and unauthorized users gaining access to information. These forms of information protection, while immensely valuable, share a common limitation: after the intended (or unintended) recipient gains access to the information, he or she is free to use it in whatever manner they wish. For example, he or she can forward messages around the world in a single click– sometimes to unintended recipients—or save it to a mobile computer or USB drive. What if those get portable devices get stolen? A user can burn a CD to work at home, but then carelessly store the CD, or perhaps lose it. . While this can be done accidentally or on purpose, it happens too often, and the risks are high. In Windows Server 2008, AD RMS can help protect information from unauthorized use. AD RMS is information protection technology that works with AD RMS enabled applications to help safeguard digital information from unauthorized use. Content owners can define exactly how a recipient can use the information, such as who can open, modify, print, forward, or take other actions with the information. Organizations can create custom usage rights templates such as "Confidential—Read Only" that can be applied directly to information such as financial reports, product specifications, customer data, and messages.    [BUILD1] Active Directory Rights Management Services in Windows Server 2008: New features of AD RMS were designed to ease administrative overhead of AD RMS, and to extend its use outside of an organization. These new features include: AD RMS is included with Windows Server 2008, and is installed as a server role. [BUILD2] Improved installation and administration experience: AD RMS administration is done through an MMC, as opposed to the Web site administration presented in the earlier versions. [BUILD3] Self-enrollment of the AD RMS cluster: AD RMS cluster can be enrolled without having to connect to the Microsoft Enrollment Service. Through the use of a server self-enrollment certificate, the enrollment process is done entirely on the local computer. [BUILD4] Integration with AD Federation Services: Enterprises are increasingly feeling the need to collaborate outside their enterprise boundaries, and are looking at federation as a solution. Federation support with AD RMS will allow enterprises to leverage their established federated relationships to enable collaboration with external partners. For example, an organization that has deployed AD RMS can set up federation with an external entity by using AD FS, and can leverage this relationship to share rights-protected content across the two organizations without requiring a deployment of AD RMS in both places. This is covered in more detail in the next 2 slides. [BUILD5] New AD RMS administrative roles: The ability to delegate AD RMS tasks to different administrators is needed in any enterprise environment and is included with this version of AD RMS. Three administrative roles have been created: AD RMS Enterprise Administrators, AD RMS Template Administrators, and AD RMS Auditors. Additional Information: Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn)  The Recipient

12 Active Directory Federation Services
4/1/2017 9:19 PM Active Directory Federation Services Contoso Adatum AD AD AD FS provides an identity access solution Deploy federation servers in multiple organizations to facilitate business-to- business (B2B) transactions AD FS provides a Web- based, SSO solution AD FS interoperates with other security products that support the Web Services Architecture AD FS improved in Windows Server 2008 Federation Trust Resource Federation Server Account Federation Server Title: Active Directory Federation Services (AD FS) Talking Points: Active Directory Federation Services (AD FS) is a feature of the Windows Server 2008 operating system that provides an identity access solution. You can use the AD FS server role to create a highly extensible, Internet-scalable, and secure identity access solution that can operate across multiple platforms, which includes both Windows and non-Windows environments. Active Directory Federation Services (AD FS) is a feature of the Windows Server 2008 operating system that provides an identity access solution. Using AD FS will give browser-based clients, both inside and outside the network, “one prompt” access to protected, Internet-facing applications, even when user accounts and applications are located in different networks or organizations. A typical scenario, occurs when an application is in one network and a user account is in another network, and the user is required to enter secondary credentials when he or she attempts to access the application. However, with AD FS secondary accounts are not necessary. Instead trust relationships can be used to project a user's digital identity and access rights to trusted partners. In this federated environment, each organization continues to manage its own identities, but each organization can securely project and accept identities from other organizations. [BUILD1] Deploy federation servers in multiple organizations to facilitate business-to-business (B2B) transactions: By deploying federation servers in multiple organizations business-to-business (B2B) transactions can be facilitated between trusted partner organizations. Federated B2B partnerships identify both business partners as either of these organization types, resource or account organization. Organizations that own and manage resources that are accessible from the Internet can deploy AD FS federation servers and AD FS–enabled Web servers that manage access to the protected resources for trusted partners only. These trusted partners can include external third parties, other departments, or subsidiaries in the same organization. In addition, organizations that own and manage user accounts can deploy AD FS federation servers that authenticate local users and create security tokens. Federation servers in the resource organization can use these security decisions to make authorization decisions. [BUILD2] AD FS provides a Web-based, SSO solution: The process of authenticating to one network while accessing resources in another network—without the burden of repeated logon actions—is known as single sign-on (SSO). AD FS provides a Web-based, SSO solution that authenticates users to multiple Web applications over the life of a single browser session. [BUILD3] AD FS interoperates with other security products that support the Web Services Architecture: AD FS provides a federated identity management solution that interoperates with other security products that support the WS-* Web Services Architecture. AD FS employs the federation specification of WS-*, called the WS-Federation Passive Requestor Profile (WS-F PRP). This specification makes it possible for environments that do not use the Microsoft Windows® identity model to federate with Windows environments. [BUILD4] AD FS improved in Windows Server 2008: For Windows Server 2008, AD FS includes new functionality that was not available in Windows Server 2003 R2. This new functionality is designed to ease administrative overhead and to further extend support for key applications: • Improved installation—AD FS is included in Windows Server 2008 as a server role, and there are new server validation checks in the installation wizard. • Improved application support—AD FS is more tightly integrated with Microsoft Office SharePoint® Server 2007 and Active Directory Rights Management Services (AD RMS). • A better administrative experience when you establish federated trusts—Improved trust policy import and export functionality helps to minimize partner-based configuration issues that are commonly associated with federated trust establishment. Additional Information: Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn)  Web Server

13 Federated Rights Management
4/1/2017 9:19 PM Federated Rights Management Contoso Adatum AD AD Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities AD RMS is fully claims- aware and can interpret AD FS claims Office SharePoint Server can be configured to accept federated identity claims Federation Trust Resource Federation Server Account Federation Server RMS Title: Federated Rights Management Talking Points: AD RMS and AD FS in Windows Server 2008 provide a new way to protect sensitive information that is both more comprehensive and easier to administer. AD RMS and AD FS in Windows Server 2008 provide a new way to protect sensitive information: Windows Server 2008 enables a new way to protect sensitive information that is both more comprehensive and easier to administer. As in Windows Server 2003, Active Directory Federation Services (AD FS) enables one organization to set up a federated trust with another organization. Users sign on once—to their local domain—and gain access to a partner domain through identity and access federation. Because AD RMS has been integrated with AD FS in Windows Server 2008, a federated trust now allows AD RMS to grant appropriate RMS permissions to an external user without requiring them to sign in locally or have their own AD RMS server. Additionally, Microsoft Office SharePoint Server 2007 can also be configured to use federated trusts to apply RMS permissions without recourse to a local Active Directory profile. [BUILD1] AD RMS is fully claims-aware and can interpret AD FS claims: In Windows Server 2008, AD FS and AD RMS work together to enable users from different domains to securely share documents based on federated identities, rather than local Active Directory profiles. AD RMS in Windows Server 2008 is fully claims-aware. It can interpret AD FS claims to authenticate users and control their access to content. When external users sign on to their local AD domains, they are provided with federation claims that contain their credentials and the access rights they should be granted. When they access the external resource, the resource provider’s AD FS server contacts the requester’s AD FS server to check the validity of the requester’s claims. If the claims are valid, the resource provider’s AD FS server passes the claims on to the application, allowing the external user appropriate access RMS-protected content. This creates a powerful new content sharing scenario—federated document collaboration—that eliminates the need to maintain shadow accounts for external users and provides those users with single sign-on access to RMS-protected content. Once two entities have set up a federated trust, users can share and utilize protected content almost as if they were in the same domain. Administrators at the resource provider can control the fine points of who has what kind of access to what kinds of content without needing to manage identities for individual users. [BUILD2] Office SharePoint Server 2007 can be configured to accept federated identity claims: Microsoft Office SharePoint Server 2007 can also be configured to use identity and access federation to apply RMS permissions without requiring a local Active Directory profile. In a SharePoint repository, RMS permissions are not applied directly to documents. Instead, SharePoint dynamically applies RMS protection to stored documents when they are requested by a user. In previous versions of SharePoint, this was achieved using Windows NT tokens tied to a user’s AD profile. As with earlier iterations of RMS in general, this required administrators to maintain redundant AD profiles for external users if organizations wanted to share content across firewalls, presenting the same challenges to security, management and SSO enablement. Office SharePoint Server 2007, on the other hand, can be configured to accept federated identity claims to enable organizations to control user access to documents and how those documents are used. It, too, applies RMS permissions to resources as they are consumed by the user, but based on the authenticated user’s AD FS claims rather than on a separate identity stored in the AD records associated with the Office SharePoint Server 2007 host. Federated RMS permissions can be managed using the same tools they would be if the users were internal to the company hosting the content. This enables resource-side users to apply claims-based controls rather than relying on user-user or group-group mapping between organizations. No shadow account is needed on the resource AD FS server side. Additional Information: Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn)  Federated Rights Management in Windows Server 2008.doc white paper Web SSO

14 Microsoft's Virtualization Solutions
Presentation Virtualization Server Virtualization Talking Points: Title: Microsoft's Virtualization Solutions [BUILD 1] So, the Microsoft Server Virtualization is really an end to end platform. It’s a suite of products that really come together and come up with this concept of a dynamic data center. So managing not just a server but managing virtual machines, managing applications. So, obviously from the server virtualization platform up in the top right, we have virtual server 2005 R2 which is currently released and then also Windows Server 2008 and the hypervisor or Windows Server Virtualization From the presentation virtualization, that would be where our terminal services and terminal services gateway mode really comes into play. [BUILD 2] That the ability to actually publish applications, publish them to secure sites on a terminal services infrastructure. So, it’s UI rendering on the client and nothings actually getting loaded down to the client. [BUILD 3] Then of course, desktop virtualization and virtual pc’s continuing as part of enterprise and ultimate virtual pc 2007 which is again the same kind of licensing structure as enterprise edition of server, so you would have a before guess? in virtual pc. [BUILD 4] And then of course, the final one would be the application virtualization. We acquired a company called Soft Grid and their product is called Softricity which really allows enterprises to actually publish applications in secure sandbox modes out to their employees. So, based upon group policy, you can actually determine which applications would appear as icons on the desktop. And, based on one of two delivery mechanisms, either streaming or full SMS dial up application delivery, the end user can then click on one of those applications in one of those virtual sandboxes. So, today, we’re going to really focus on the infrastructure piece. So we’re going to talk about the core windows server and in particular Windows Server 2008 and how that’s really the central point. To give you an idea of why this is important to us and to some of our customers thinking about what’s coming by the end of this year we’re talking about eight way servers that would be in a 6 use spot today. 6U rack size, thinking about 8 cores in each of those CPUs. So, think about those 6 use and 64 way with close to 2 terabytes of ram. And think about all the blade servers that are coming. In a 1 use slot, you have dual core and quad core coming, so you have 16 U processing in a 1” blade. Microsoft is actually building on a data centre in Eastern Washington where it’s the size of a Costco. For those of you to know that it’s a pretty large warehouse here in the United States. That Costco would be full of servers and thinking about what we’re going to do to optimize that space. Now virtualization is going to be a key part of that. This is something that has to happen and it’s something that the industry needs and Microsoft needs and this is why the virtualization in WS 2008 is so important to us. Desktop Virtualization Application Virtualization

15 What is Virtualization?
Virtualization is the isolation of one computing resource from the others: Virtual Applications Any application on any computer on-demand Applications installed to Specific hardware and OS Virtual Presentation Presentation layer separate from process Interface bound to process Operating System assigned to specific hardware Virtual Machine OS can be assigned to any desktop or server Storage assigned to specific locations Virtual Storage Storage and backup over the network Network assigned to specific locations Virtualization in an IT environment is essentially the isolation of one computing resource from the others. By separating the different layers in the logic stack, you enable greater flexibility and simplified change management—you no longer need to configure each element for them to all work together. In a traditional hardware/software stack, all of the elements are bound together, required specific configuration to allow the components to properly interact with each other. Creating new capability entails procuring and configuring the hardware, software and interfaces. In a virtualized stack. Each element is logically isolated and independent. Adding new capability can be as simple as replicating an OS and application instance on existing hardware that has excess capacity.  Perhaps the best way to understand Virtualization in a practical application is to look at the most common use, machine virtualization. Machine Virtualization is where an Operating System and Application are packaged together to form a virtual machine, which is then hosted on a physical server running a host operating system or Hypervisor (a thin layer of software that provides the basic interface with the hardware). The most important concept to understand is that this virtual machine (OS+App) is operating independent from the OS on the physical server. In fact, multiple virtual machines can run on a single physical server, while providing the isolation and security as if they were each on their own discrete hardware. Virtual Network Localizing dispersed resources Traditional software stack Component isolation with Virtualization Virtualization results in more efficient resource utilization, and enables greater flexibility and simplified change management

16 Windows Server Virtualization Architecture
Parent Partition Child Partitions Virtualization Stack Applications Applications Applications WMI Provider VM Worker Process User Mode VM Service Windows Server 2008 Windows Server 2003, 2008 Non-Hypervisor Aware OS Xen-enabled Linux Kernel Linux VSCs Windows Kernel VSP Windows Kernel OS Kernel Title: Hypervisor Design Goals Talking Points: VSP = Virtualization Service Providers VSC = Virtualization Service Clients So, this is again, the end to end look, with a little bit more detail [BUILD 1] So, we have again the AMD-V, Intel VT chip set, and then our hypervisor. So, when you install Windows Server Virtualization after Windows Server 2008 ships, then we’ll be able to have this hypervisor role and the first thing we’ll do is we’ll instantiate the hypervisor on top of the hardware. [BUILD 2] And then the next thing we’ll do is it’ll install the parent partition in a windows server core mode. And that can be very key. There are some strong security benefits and patching benefits that you need to talk to the customer about but then after instantiates the core, you can have tools like system center virtual machine manager access the parent then actually start creating your child partitions. [BUILD 3] So, that’s kind of the way it works and then the communications are happening down at this VM Bus level. You can see here, at the end, through the announcement with Novell the then source enabled boxes will plug directly in through a hypercall adapter that is written directly into our VM bus. So, the goal here is to really keep the windows server virtualization as the core platform play and it’ll give companies flexibility to actually plug in the different child, and then also there’s end source. If something goes wrong, and they insert a Linux kernel here, an end source kernel or a VMware kernel we have the chance of losing the platform. We’ll talk a little bit more about that inside the Competitors section. VSC Hypercall Adapter Kernel Mode VMBus VMBus Emulation VMBus Windows Hypervisor “Designed for Windows” Server Hardware AMD-V, Intel VT Chipset OS Windows Server Virtualization MS / XenSource Novell ISV/IHV/OEM

17 Terminal Services RemoteApp
4/1/2017 9:19 PM Terminal Services RemoteApp Only supported by Remote Desktop client 6.0, or newer Programs look like they are running locally RemoteApp console used to make application available Also used to make programs available via TS Web Access Remote programs integrated with local computer Centrally configure a terminal server with the Terminal Server Configuration console Title: Terminal Services RemoteApp Talking Points: Windows Server 2008 Terminal Services RemoteApp (TS RemoteApp) provides the ability to run both local and remotely-hosted programs on a Windows desktop. Windows Server 2008 Terminal Services RemoteApp (TS RemoteApp) provides the ability to run both local and remotely-hosted programs on a Windows desktop. These programs will be fully integrated with the local computer, having their own resizable windows and taskbar entries. The remote program is completely integrated with the user's desktop, and appears to the user as if it is running on the user's local computer. Users can run programs from a remote location side-by-side with their local programs. If the program uses a notification area icon, this icon appears in the client's notification area. Popup windows are redirected to the local desktop. Local drives and printers can be redirected to appear in the remote program. Many users might not be aware that the remote program is any different than a local program. The Terminal Server Configuration console is the central location from which administrators configure a terminal server to host remote programs. [BUILD1] RemoteApp Console: From the RemoteApp console, you can select which applications on the terminal server to make available as remote programs as well as deciding whether or not such programs should also be made available by means of Terminal Services Web Access. [BUILD2] Programs Look Like They Are Running Locally: This image demonstrates TS RemoteApp. Microsoft Office Outlook 2007 is running on a terminal server, and yet the launch-tray icon and the reminder tabs have migrated over to the client desktop as if it were running locally. Compare this to the Internet Explorer window, also open on the desktop, in which applications accessed using TS Web Access would operate. [BUILD3] Remote Desktop Client: Remote Programs are only supported by the Remote Desktop client 6.0, or later. This client is available for Windows XP SP2, Windows Server 2003 SP1, and Windows Vista, and is distributed free through Windows Update. Additional Information: Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn)  Remote Desktop client required Terminal Services Gateway Server 17

18 Terminal Services gateway
4/1/2017 9:19 PM Terminal Services gateway Internet DMZ Corp LAN External Firewall Internal Firewall Terminal Server Home Terminal Server Internet HTTPS / 443 Hotel Terminal Services Gateway Server Server Business Partner/Client Site © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 HVALA NA PAZNJI PITANJA NA :

20

21

22 Server Virtualization Today and Tomorrow
VM 1 “Parent” VM 2 “Child” Hardware Windows Server 2003 Virtual Server 2005 R2 VM 2 VM 3 Virtualization Platform and Management Virtual Hard Disks (VHD) Microsoft Confidential

23


Download ppt "Ljubomir Ivaniš CPU d.o.o."

Similar presentations


Ads by Google