Vito Konopelec Microsoft Slovakia Building The Optimized Desktop Infrastructure with Windows 7 and Windows Server 2008 R2

Branch offices Remote work Mobile and distributed workforce Central office

IT professional needs: Secure and flexible infrastructure for working anywhere Reduce costs Mobile and remote workforce needs: Work anywhere Fast access

Optimized Desktop Compliance Costs Contingency Carbon-Neutral(“Green”) Consumerization

Increase user productivity by enabling access to applications and data quickly, from anywhere Enable faster, more scalable, and efficient access to network resources Implement policy-based network access and security Update and manage mobile PCs even when not on the corporate the network Publish server-based applications directly to users’ desktops Centrally aggregate important client and server events Enhance User Productivity Protect Sensitive Data Reduce Costs with Enhanced Manageability Fundamentals Security | Reliability | Application Compatibility | Device Compatibility | Performance | Power Management Enable faster, more scalable, and efficient access to network resources Implement policy-based network security Centrally aggregate important client and server events

Combined value to deliver the optimized desktop Key Scenario BenefitsFeatures Enhance User Productivity Provide faster, more scalable, and efficient access to network resources Provide users with seamless access to applications and data from anywhere, helping to increase their productivity Provide users with a rich desktop experience from unmanaged or thin clients Receive Window auto-tuning SMB 2.0 IPv6 DirectAccess BranchCache™ VDI enhancements Protect Sensitive Data Enable policy-based network security by allowing only healthy PCs to access network resources Network access protection Server and domain isolation Reduce Costs with Enhanced Manageability Update and manage mobile PCs even when not on the corporate the network Publish server-based applications directly to users’ desktops Centrally aggregate important client and server events to help desk DirectAccess Remote Desktop Services (RDS) Event forwarding

Enhancing User Productivity

IPv6 All services within Windows Vista are IPv6-enabled Seamless cost-optimized transitional approach Receive-side auto-tuning Automatically senses the network environment and adjusts important performance settings Allows increase in the size of the TCP/IP send/receive window SMB 2.0 protocol improvements Number of open files and shares on the server Packet compounding reduces “chattiness” Message signing settings have been improved Client-side encryption is supported Durable handles are supported

Situation Today DirectAccess Office Home Challenging for IT to manage, update, and patch mobile PCs while disconnected from the company network Difficult for users to access corporate resources from outside the office Corporate network boundary includes managed assets no matter where they are on the Internet Easy to service mobile PCs and distribute updates and polices New network paradigm increases mobile user productivity by providing the same experience inside and outside the office HomeOffice

ClientServer Runs on Windows 7 Domain-joined Initial configuration done on the corporate network or over VPN Runs on Windows Server 2008 R2 Sits on the network edge Single box by default Services can be split up for scalability

IT Pro Benefits Improved manageability of remote users IT simplification and cost reduction Consistent security for all access scenarios End-User Benefits Seamless and secure access to corporate resources Consistent connectivity experience inside and outside the office Enhances the end-to-end IW experience when combined with other Windows 7 features

IPv6 Devices IPv4 Devices DirectAccess Server Windows 7 Client Native IPv6 with IPSec IPv6 Transition Services Supports variety of remote network protocols DirectAccess provides transparent, secured access to intranet resources without a VPN Allows desktop management of DirectAccess clients Allows IPSec encryption and authentication Supports direct connectivity to IPv6- based intranet resources Support IPv4 via 6to4 transition services or NAT-PT IT desktop management AD Group Policy, NAP, software updates Internet

Situation Today BranchCache™ Application and data access over WAN is slow in branch offices Slow connections hurt user productivity Improving network performance is expensive and difficult to implement Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache Frees up network bandwidth for other uses

IT Pro Benefits Helps reduce WAN utilization and cost Data encryption is enforced across the network Simple to deploy End User Benefits Less waiting for downloads = more productivity Combined with other Windows 7 features enhances the end to end IW experience

1. First client downloads data from main office server Main Office Client 1 Client 2 2. Second client downloads identifiers from main office server 3. Second client searches local network for data and downloads from first client Branch Office Distributed mode

1. First client downloads data from main office server Client 1 Client 2 Branch Office 2. Content pushed to hosted cache from first client 3. Second client downloads identifiers from main office server 4. Second client downloads from hosted cache Main Office Hosted caching

Aero Glass for Remote Desktop Server Uses have the same new Windows 7 look and feel when using Remote Desktop Server Aero Glass for Remote Desktop Server Uses have the same new Windows 7 look and feel when using Remote Desktop Server RemoteApp and Remote Desktop connections RemoteApp and Remote Desktop icons integrate into the Start menu Icons refresh and update automatically RemoteApp and Remote Desktop connections RemoteApp and Remote Desktop icons integrate into the Start menu Icons refresh and update automatically Multimedia support and audio input Experience rich multimedia redirection Use VoIP applications and speech recognition Multimedia support and audio input Experience rich multimedia redirection Use VoIP applications and speech recognition True multiple monitor support Use up to 10 monitors of any size or layout with RemoteApp and Remote Desktop Applications behave like users expect – e.g. PowerPoint installing them locally True multiple monitor support Use up to 10 monitors of any size or layout with RemoteApp and Remote Desktop Applications behave like users expect – e.g. PowerPoint installing them locally RemoteApp language bar support Configure applications that use different language settings than the local language (such as right-to-left languages) RemoteApp language bar support Configure applications that use different language settings than the local language (such as right-to-left languages)

Protect Sensitive Data

Today’s Challenges Unprotected network taps within an organization’s buildings Administrators have limited control over the health of systems joining the network Result: hardware/network upgrades and increased operational costs, reduced productivity Solution: end-to-end, authenticated, tamper-resistant communication Improved isolation using IPsec Network access protection across IPsec, 802.1X, DHCP, VPN Increased manageability

1 1 Remediation Servers Example: Patch Restricted Network 1 Windows Client DHCP, VPN, or switch/router relays health status to Microsoft Network Policy Server (RADIUS) Network Policy Server (NPS) validates against IT-defined health policy 4 4 If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, and signatures (Repeat 1-4) Not policy compliant 5 If policy compliant, client is granted full access to corporate network Policy compliant NPS DHCP, VPN switch/router 4 Policy Servers Example: Patch, AV Corporate Network 5 Client requests access to network and presents current health state

Untrusted Unmanaged/rogue computer Domain Isolation Active Directory Domain Controller X Server Isolation Servers with Sensitive Data HR Workstation Managed Computer X Trusted Resource Server Corporate Network Define the logical isolation boundaries Distribute policies and credentials Managed computers can communicate Block inbound connections from untrusted Enable tiered-access to sensitive resources

Reduce the risk of network security threats An additional layer of defense-in-depth Reduced attack surface area Increased manageability and more healthy clients Safeguard sensitive data and intellectual property Authenticated, end-to-end network communications Scalable, tiered access to trusted networked resources Protect the confidentiality and integrity of data Extend the value of existing investments No additional hardware or software required Get more value from Active Directory and group policy Complements existing third-party network security solutions

Enhanced Manageability

DirectAccess Enables “always-on” management of remote machines to support a fully manageable environment Scenarios include: Group policy updates Folder redirection/client-side caching Software/update distribution Event Subscriptions Proactive management of key issues Pull/forward events to and from multiple machines and search/collate Does not require loading entire log from remote machine

Improved management toolset Reduce repetitive tasks with RDS Powershell support, improved application installation, connection broker installation and profile management Improved management toolset Reduce repetitive tasks with RDS Powershell support, improved application installation, connection broker installation and profile management RDS and VDI – an integrated solution Single broker to connect users to sessions or virtual machines, out-of-the-box solution for VDI scenarios with Hyper-V RDS and VDI – an integrated solution Single broker to connect users to sessions or virtual machines, out-of-the-box solution for VDI scenarios with Hyper-V RemoteApp and Remote Desktop connections Centrally hosted applications integrated into the Start menu and desktop, can personalize a non-work PC with work applications without installing them locally RemoteApp and Remote Desktop connections Centrally hosted applications integrated into the Start menu and desktop, can personalize a non-work PC with work applications without installing them locally Platform investments Multiple levels of extensibility for custom partner solutions for RDS- and VDI-based solutions Platform investments Multiple levels of extensibility for custom partner solutions for RDS- and VDI-based solutions

© 2009 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.