Windows 7 Overview

Windows 7 Builds on Windows Vista Deployment, Testing, and Pilots Today Will Continue to Pay Off Similar Compatibility: Most software that runs on Windows Vista will run on Windows 7. Exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware that runs Windows Vista well will run Windows 7 well. Few Changes: Focus on quality and reliability improvements Deep Changes: New models for security, drivers, deployment, and networking

Windows 7 for the Enterprise Make Users Productive Anywhere Enhance Security & Control Streamline PC Management At their desk In a branch On the road Protect data & PCs Built on Windows Vista foundation Easy migration Keep PCs running Virtualization

Remote Access for Mobile Workers Make Users Productive Anywhere Microsoft Confiential: Preliminary Information: NDA Only Remote Access for Mobile Workers Make Users Productive Anywhere Windows 7 Solution Situation Today DirectAccess Office Home Office Home Difficult for users to access corporate resources from outside the office Challenging for IT to manage, update, patch mobile PCs while disconnected from company network New network paradigm enables same experience inside & outside the office Seamless access to network resources increases productivity of mobile users Infrastructure investments also make it easy to service mobile PCs and distribute updates and polices

AD Group Policy, NAP, software updates DirectAccess Support IPv4 via 6to4 transition services or NAT-PT IPv6 Devices IPv4 Devices IT desktop management DirectAccess provides transparent, secured access to intranet resources without a VPN Allows desktop management of DirectAccess clients Native IPv6 with IPSec AD Group Policy, NAP, software updates IPv6 Transition Services Internet Supports direct connectivity to IPv6- based intranet resources DirectAccess Server Supports variety of remote network protocols Allows IPSec encryption and authentication Windows 7 Client

Name Resolution: DNS and the NRPT DirectAccess Connection Internet Connection Remote DirectAccess clients utilize smart routing by default The Name Resolution Policy Table allows this to happen efficiently and securely Sends name queries to internal DNS servers based on pre-configured DNS namespace

NRPT Client side only Requires a leading dot .ad.contoso.com 2001:db8:b90a:c7d8::178 2001:db8:b90a:c7d8::183 .lab.contoso.com 2001:db8:b90a:c7a8::202 *.sql.contoso.com 2001:db8:b90a:c7e4::801 NRPT Client side only Requires a leading dot Static table that defines which DNS servers the client will use for the listed names Configurable via GPO at Computer Configuration |Policies|Windows Settings|Name Resolution Policy Can be viewed with NETSH name show policy

Two Factor Authentication (TFA) Not required; fully supported Edge based enforcement: a smarter way to enforce TFA User is assigned a well- known SID when they log on with a smartcard S-1-5-65-1 User may logon to laptop without TFA When user accesses corporate resources, IPsec authorization policy checks for this SID If SID is not present…

Branch Office Network Performance Make Users Productive Anywhere Microsoft Confiential: Preliminary Information: NDA Only Branch Office Network Performance Make Users Productive Anywhere Windows 7 Solution Situation Today BranchCache™ Application and data access over WAN is slow in branch offices Slow connections hurt user productivity Improving network performance is expensive and difficult to implement Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache Frees up network bandwidth for other uses

Distributed Cache Get Get Get Get Main Office Branch Office Data Data ID ID Get Get Get Branch Office Get Data

Hosted Cache Get Get Get Search Get Search Offer Request Put Main Office Get Data Data ID ID Get Get ID Get Search Search ID Data Offer ID Request ID Data Put Branch Office

Hosted cache vs Distributed Microsoft Confiential: Preliminary Information: NDA Only Hosted cache vs Distributed Enterprise Hosted Cache Data cached at the host server Recommended for larger branches Cache stored centrally: can use existing server in the branch Cache availability is high Enables branch-wide caching Distributed Cache Distributed Cache Data cached amongst clients Recommended for branches without any infrastructure Easy to deploy: enabled on clients through Group Policy Cache availability decreases with laptops that go offline

Deployment Group Policy to enable clients Branch Office Branch Office Install BranchCache™ feature R2 content servers Hosted Cache Branch Office IIS File Server Optionally, install a hosted cache in your branch. Group Policy Management Main Office

Additional configuration options Enable / disable distributed cache mode Enable / disable hosted cache mode Set the cache size Set the location of the hosted cache Clear the cache Create and replicate a shared key for use in a server cluster And more … Works in domains and workgroups

Monitoring Event logs - Operational logs & Audit logs Perfmon counters - Client, hosted cache and Content Server netsh for querying the infrastructure for potential problems Cache size too small, firewall issues, certificate problems etc SCOM Management Pack - for rolling all the information up

Security of Data at Rest Clients Cache only contains content requested by the client Data in cache ACL’d so that it is only accessible if authorized by the server If data leakage is a concern, then use BitLocker or EFS Hosted Cache Cache contains content requested by all branch clients Use BitLocker or EFS to encrypt cache as necessary All data can be purged from the cache using netsh

Scale and Performance Scale MSIT pilot in Belgium Distributed cache scales well to approximately 100 users per branch WS-Discovery traffic is a key consideration Results may vary Highly dependant on content, workload and usage patterns Hosted Cache scalability is comparable to standard file server workloads MSIT pilot in Belgium Approximately 70% reduction in \\products\public related SMB traffic

BitLocker - Data Protection Enhance Security & Control Microsoft : Preliminary Information: NDA Only BitLocker - Data Protection Enhance Security & Control Users store increasing volumes of data, including sensitive or data on the removable storage devices Removable storage devices are easy to lose and, unlike PC, the loss may go unnoticed for a while Windows 7 Solution Situation Today BitLocker To Go™ + Protect data on internal and removable drives Mandate the use of encryption with Group Policies Store recovery information in Active Directory for manageability Simplify BitLocker setup and configuration of primary hard drive

Application Control Enhance Security and Control Microsoft : Preliminary Information: NDA Only Application Control Enhance Security and Control Windows 7 Solution Situation Today AppLocker™ Users can install and run unapproved applications Even standard users can install some types of software Unauthorized applications may: Introduce malware Increase helpdesk calls Reduce user productivity Undermine compliance efforts Eliminate unwanted/unknown applications in your network Enforce application standardization within your organization Easily create and manage flexible rules using Group Policy

Microsoft : Preliminary Information: NDA Only AppLockerTM Technical Details Simple Rule Structure: Allow, Exception & Deny Publisher Rules Product Publisher, Name, Filename & Version Multiple Policies Executables, installers, scripts & DLLs Rule creation tools & wizard Audit only mode

Publisher Rules Rules based upon application digital signatures Can specify application attributes Allow for rules that survive application updates “Allow all versions greater than 12 of the Office Suite to run if it is signed by the software publisher Microsoft.”

Simple Rule Structure Allow Deny Exception Limit execution to “known good” and block everything else Deny Deny “known bad” and allow execution of everything else Exception Exclude files from allow/deny rule that would normally be included “Allow all versions greater than 12 of the Office Suite to run if it is signed by the software publisher Microsoft EXCEPT Microsoft Access.”

Rule Targeting Per User Rules can be associated with any user or group Provides granular control of specific applications Supports compliance by enforcing who can run specific applications “Allow users in the Finance Department to run…”

Multiple Rule Sets Rule Types Executable Installer Script DLL Allows construction of rules beyond executable only solutions Provides greater flexibility and enhanced protection “Allow users to install updates for Office as long as it is signed by Microsoft and is for version 12.*”

Full Fidelity RemoteApp and Remote Desktop RemoteApp and Remote Desktop connections RemoteApp and Remote Desktop icons integrate into the Start menu Icons refresh and update automatically Multimedia support and audio input Experience rich multimedia redirection Use VoIP applications and speech recognition True multiple monitor support Use up to 10 monitors of any size or layout with RemoteApp and Remote Desktop Applications behave like users expect – e.g. PowerPoint installing them locally Aero Glass for Remote Desktop Server Uses have the same new Windows 7 look and feel when using Remote Desktop Server RemoteApp language bar support Configure applications that use different language settings than the local language (such as right-to-left languages)

Virtual Desktop Infrastructure Streamline PC Management Microsoft : Preliminary Information: NDA Only Virtual Desktop Infrastructure Streamline PC Management Windows 7 Solution Situation Today Richer Remote Experience Richer graphics with improved multi-monitor support Use voice for telephony & applications with microphone support Improved printing What is Virtual Desktop Infrastructure? Do More With VHDs Maintain VHD: Offline servicing of VHD images with same tools used for WIM Boot from VHD: Reuse VHD files for deployment to managed desktop PCs Deploying desktops in virtual machines on server hardware Centralized management & security Users can access their desktop and applications wherever they are * Using Windows for VDI scenarios requires additional VECD license

Search in the Enterprise Make Users Productive Anywhere Microsoft Confiential: Preliminary Information: NDA Only Search in the Enterprise Make Users Productive Anywhere Windows 7 Solution Situation Today Search Federation Consistent experience to find data from multiple locations, including SharePoint sites Users and IT can pre-populate Favorites in Windows Explorer to remote search sites that support OpenSearch protocol IT can point users to select search sites w/Enterprise Search Scopes    Current desktop and Enterprise search solutions are good, but not integrated Users need to take different steps to find data on PC and data on servers Data sources are hard to discover

Windows 7 Manageability Increased Automation to Reduce Costs Reduce Help Desk Calls and Keep Users Productive Flexible Administrative Control Windows PowerShell 2.0 Integrated Scripting Environment Windows Troubleshooting Platform Remoteable Reliability Data Problem Steps Recorder Enhanced Group Policy Scenarios Group Policy Scripting Group Policy Preferences

What is Windows PowerShell? Console Interactive commands Query and configure Run jobs Scripting language Automate everything Sharable and reusable

PowerShell Remoting To use Local and remote computer need: Windows PowerShell 2.0 Microsoft .NET Framework 2.0 or later Windows Remote Management 2.0 To configure PowerShell remoting: start PowerShell as admin Use enable-psremoting cmdlet Configures firewall and Winrm Service

Windows PowerShell Remoting Use the ComputerName parameter with select cmdlets Get-Process –ComputerName Berlin Run a command on remote computer Invoke-Command –ComputerName Berlin ` -ScriptBlock { HostName} Open a PowerShell session on remote computer Enter-PSSession –ComputerName Berlin [berlin]: PS C:\> HostName [berlin]: PS C:\> Exit-PSSession

Deployment Enhancements 4/20/2017 1:04 PM Deployment Enhancements IMAGING DELIVERY MIGRATION Deployment Image Servicing and Management Add/Remove Drivers and Packages WIM and VHD Image Management Windows Deployment Services Multiple Stream Transfer Dynamic Driver Provisioning VHD and WIM Support User State Migration Tool Hardlink Migration Offline File Gather Improved user file detection INTEGRATED SOLUTIONS CONTINUE Microsoft Assessment and Planning Application Compatibility Toolkit Microsoft Deployment Toolkit © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Optimized Desktop Core PC Platform Unique Value with SA+MDOP

Windows Optimized Desktop: Windows 7 & MDOP Investment areas 4/20/2017 1:04 PM Windows Optimized Desktop: Windows 7 & MDOP Investment areas Make Users Productive Anywhere Improve Security and Control Streamline PC Management to Save Costs Direct Access BranchCache Federated Search Navigation App-V MED-V BitLocker BitLocker To Go AppLocker Security development lifecycle AIS PowerShell Windows Troubleshooting Platform Deployment Tools VDI Enhancements DEM DART AGPM MDOP Fundamentals Performance | Reliability | Compatibility © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Why my customers need MED-V Why my customers need MED-V? The challenge of upgrading to a new operating system First upgrade – then migrate! Test Migrate Upgrade Test compatibility of all applications with the new OS Migrate or replace incompatible applications Upgrade the organization to the new OS

Introducing Windows Virtual PC Primary Audience: Developers / IT Typical guest OS: Multiple Guest OS Scenario: Windows XP Compatibility for small businesses with no IT Cost: None. Virtual Windows XP is included with Windows 7 Pro Features: Seamless integration, USB device support

How MED-V Relates to Windows XP Mode Windows Virtual PC (“XP Mode”) Provides the Ease of Use for End Users A preconfigured virtual Windows XP SP3 (32bit) environment Easy to install your applications on Windows XP and run from Windows 7 desktop Well integrated into Windows 7 Designed for small businesses and consumers MED-V – Application-OS compatibility for the Enterprise Deploy virtual Windows XP images and customize per user Provision and define applications and websites to users Control Virtual PC settings Maintain and Support endpoints through monitoring and troubleshooting MED-V will not require PCs to have hardware assisted virtualization (e.g. Intel VT, AMD-V) © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MED-V – Deploying Virtual PCs in the Enterprise MED-V* Centrally Manages Virtual Windows Environments Deploy – deliver virtual Windows images and customize per user Provision – define which applications and websites are available Control – set usage permissions and Virtual PC settings Maintain and Support - monitor and troubleshoot end points MED-V will provide a solution for enterprise devices without hardware assisted virtualization (e.g. VT) Windows Virtual PC Provides the Ease of Use for End Users Run Windows XP or other Windows environments on Windows 7 Install and launch Windows XP applications from Win7 Desktop

Architecture and Features

Architecture

Software Distribution MED-V v1 Architecture Software Distribution

Increased Value in Optimized Desktop Make Users Productive Anywhere DirectAccess BranchCache™ Enterprise Search Scopes Enhance Security and Protect Data BitLocker & BitLocker To Go AppLocker Streamline PC Management MUI Language Packs VDI Enhancements (VDI requires VECD license) Boot from VHD Subsystem for UNIX 4 Virtual Operating Systems Network Boot License

MED-V v1 Key Capabilities Deploy and provision Deploy IT-managed virtual XP environment to end users Enable customization in heterogeneous desktop environments Automate first-time virtual PC setup (e.g. initial network setup, computer name, domain join) Application provisioning based on Microsoft Active-Directory® users/groups Assign a virtual image and define which applications are available to the user End users seamlessly use Windows XP applications on their Windows 7 desktop End users automatically see Websites that require Internet Explorer 6 in the virtual environment Enable incompatible applications Centrally define Virtual PC settings (e.g. Adjust virtual PC memory allocation based on available RAM on host) Centrally monitor endpoint clients Provide helpdesk tools to diagnose and troubleshoot virtual PCs Control and Monitor

Typical Virtual Image life-cycle Create a master image Include common software, security and management tools Package the image and distribute Via existing software distribution (e.g. System Center) Image is customized and joined to domain Unique name is assigned for identification Remotely manage as any Windows XP desktop Install applications Apply patches and updates

MED-V v1 System Requirements Windows Vista SP1/2 – 32-bit (2GB RAM Recommended) Windows XP SP2/3 - 32bit (1GB RAM Recommended) Support for Windows 7 (32bit + 64bit) will be added in Q1 CY2010 via MED-V 1.0 SP1 Client Microsoft Virtual PC 2007 SP1 (+QFE) MED-V does not require hardware assisted virtualization (e.g. Intel VT, AMD-V) Guest OS: Windows XP Pro SP2/3, Win2000 SP4 Guest browsers: Internet Explorer 7 or 6 SP2 Virtual machine : Windows Server 2008 (Standard/Enterprise). (SP1 will add support for Windows Server 2008 R2) IIS web server for image delivery (Optional) Optional - SQL Server 2008 (any edition) or SQL Server 2005(SP2 Enterprise ) for reporting Server English UI , with support for localized OS: French, German, Italian, Dutch, Spanish, Portuguese (Brazil) Languages

Summary - MED-V Customers Say… “MED-V will be very beneficial as we upgrade more machines to Windows Vista, and eventually to Windows 7, because we’ll be able to run legacy applications that require a previous operating system in Virtual PC images on the new desktops.” TUEV Nord (8,000 employees)* “We found that MED-V really solved our application compatibility problems. It allowed us to deploy the applications, where third party vendors were not providing a supported version. Where we used to have hundreds of images, we were able to move to one [Windows] Vista image, and use MED-V to deploy [legacy] applications on top of that” Belfast Health and Social Care Trust (22,000 staff)** “MED-V saves us time in standardizing our desktop across the multiple entities of the Belgacom group… With thousands of users in our environment, MED-V will significantly reduce the time required for testing and migrating the applications we have.” Belgacom Group * Microsoft case study, http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000004386 ** Excerpt from EMA Brief: “Introduction to the Benefits of Local Desktop Virtualization” April 2009

APP-V and Windows 7 Overview Microsoft Confiential: Preliminary Information: NDA Only APP-V and Windows 7 Overview

App-V for the Enterprise Package, Stream, Manage App-V for the Enterprise Package, Stream, Manage. Application virtualiization isolates applications to create a conflict free environment with manageability as the cornerstone to successful service delivery. Application Virtualization Made Easy Flexible Management Built-In Proven. Real Business Results. No user learning curve. Click to launch any virtual application anywhere Simplify your next Windows rollout Easily prepare Virtual Applications and Dependencies for Deployment. Flexible deployment and streaming options for all business needs. Readily Accessible Applications for Users, Manageable for IT. Virtual Application Management in the box. Mature and Proven Save Time & Money. Deploy Applications Virtually Partners ready to move you from Proof of Concept to Production

Microsoft Application Virtualization Application Sequencing – The gateway to Microsoft Application Virtualization Windows Application CD Windows Application Installer Unpackaging Streaming Server Linearization Optimization & Compression Virtualized Application MSI Standalone Microsoft Application Virtualization Sequencer The admin has the option to stream the virtual application or create an MSI wrapper for Standalone Mode delivery The Sequencer produces the virtual application package containing the application and its dependencies. Rapidly packages applications through active watch technology including execution dependencies.

Dynamic Application Interaction Dynamic Suite Composition (DSC) Virtual Environment Single application with no dependencies still exist Application known to not conflict may be configured to share the same virtual environment Mandatory/Optional dependency configuration options Virtual applications can share common dependencies Combined Virtual Environment Independent Virtual Environments Application Sharing Using DSC Inter Application Communication App “A” App “A” App “B” App “B” Flexible Package Management Virtualize Middleware once share with many Administrator controls & configures the virtual application separately Create a “one to one” scenario for single applications that are dependant on each other Create a “many to one” scenario where middleware and plug ins components can be reused Reduces the potential package size Data System Services Configurations

Microsoft Application Virtualization Deployment Options Package, Deploy, Manage. Conflict free applications with manageability as the cornerstone to successful service delivery. Enabling Key Scenarios Reduce application conflicts Reduce application compatibility testing Remove application related reboots Dynamic application streaming Always accessible applications Configuration Manager 2007 R2 Manage virtual & physical applications from one PC Lifecycle Management solution Manage, stream and update App-V virtual applications with capabilities in the box Integrate App-V into existing environments and processes Configuration Manager + Application Virtualization Single Management Console Single Software distribution workflow No additional infrastructure required Integrate Virtual applications with automated OS deployment Full status and reporting of virtual applications Inventory and updating of virtual applications User or Machine targeting Scalable to 100’ s of thousands of devices Full Infrastructure Desktop Publishing Service Dynamic Delivery Package/Active Upgrade Requires Active Directory and SQL Server Standalone Mode Standalone execution of virtual applications No server is required MSI wrapper is the configuration control Interoperable with SMS/ SCCM & 3rd party ESD App-V Client, Management Server, Streaming and Sequencing Server Client 3rd Party PC Lifecycle Solution Lightweight Infrastructure Dynamic Delivery Package/Active Upgrade No SQL Server required Allows streaming capability to be added to SMS/SCCM & 3rd party ESD

MED-V and App-V are part of the MDOP subscription Translating software inventory into business intelligence Enhancing group policy through change management Dynamically streaming software as a centrally managed service Proactively managing application and operating system failures Powerful tools to accelerate desktop repair Simplifying deployment and management of Virtual PCs With Software Assurance, customers can run up to 4 virtual OS on each licensed device And what about the Windows XP license for the Virtual PC?

The usual answers… Q: When will this be made available for Vista? A: It won’t. BranchCache in only supported with Windows 7 Enterprise, Ultimate & Windows 2008 R2 editions. Q: What size content is cached? A: 64 KB and greater. Q: Is there a peer discovery timeout? A: 300 ms Q: What kind of encryption is used? A: Custom scheme based on AES128. Q: Does knowledge of the hash ID grant access? A: No. Access must still be granted by the file server.

The usual answers… (cont’d) Q: Will BranchCache work during WAN outages? A: No. Clients must be able to contact the content server to get content identifiers. Q: Can I pre-populate cached files? A: Sure. Consider using scheduled task , PowerShell Remoting or some other technique. For WSUS & SCCM, consider targeting one client in each remote office before the others. Q: How doesn’t BC avoid discovery storms? A: Responses to search requests are staggered. Additionally, if a client detects that many others on the subnet already have a piece of content, it won’t bother caching it too.

The usual answers… (last one) Q: What happens to the local cache if the BranchCache client mode changes? A: The local cache is unaffected and will still be used by the client: Hosted clients that become Distributed clients will begin responding to WS-D searches, serving data from the same cache. Distributed client that become Hosted clients will stop responding to WS-D searchers, but will continue to use the local cache. Q: How long does data stay in cache? A: Until NetSH is used to flush the cache or until the cache is full and starts to roll. Q: Is BranchCache supported on Server Core? A: Absolutely.

RDS & VDI Overview 4/20/2017 1:04 PM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Remote Desktop Services

Remote Desktop Architecture Overview RD Client RD Web Access RD Session Host RD Connection Broker RD Virtualization Host RD Gateway Active Directory® Licensing Server

Remote Desktop Session Host (RDSH) RD Session Host Server Farm (RemoteApp) RD Session Host Server Farm (Session-based desktops) RD Connection Broker RD Client

RD Virtualization Host App-V for RDS App-V Management Server RD Session Host RD Virtualization Host RD Client

Remote Desktop Virtualization Host (RDVH) Personal Virtual Desktops Pooled Virtual Desktops RD Connection Broker Active Directory RD Client

Personal / Pooled Virtual Desktops Personal Virtual Desktops One OS image per user Administrator access, desktop customizable User state typically part of the image Personal Virtual Desktops Personal Virtual Desktops Shared OS images, identically configured No administrator access User state temporary )discarded at session end) Pooled Virtual Desktops

RDS Roles Explained Role Function RemoteApp Publishes applications with just the application UI, and not a full desktop UI RD Session Host Hosts centralized, session-based applications and remote desktops RD Virtualization Host Hosts centralized, virtual-machine-based (virtual) desktops on top of Hyper-V for VDI environment RD Connection Broker Creates unified administrator experience for session-based and virtual-machine based remote desktops RD Gateway Allows connection from clients outside the firewall, using SSL, and proxies those to internal resources RD Web Access / RemoteApp & Desktop Connections (Windows 7) RD Web Access provides Web-based connection to resources published by RD Connection Broker. Supports traditional web page, as well as new RemoteApp & Desktop Connections RD EasyPrint Simplifies printing to a local printer, and supports legacy and new print drivers without the need to install those on the host

RemoteApp Overview Applications launched from Web Page, RDP files or MSI shortcuts Programs look like they are running locally Make programs available via RD Web Access or RemoteApp & Desktop Connection (Windows 7) Create MSI or RDP files NEW in R2: Per-user RemoteApp filtering RD Client RD Session Host / RD Virtualization Host

RD Gateway – New Features Silent session re-authentication Secure device redirection Idle & session timeout Pluggable authentication Consent signing RD Session Host RD Web Access User browses to RD Web Access RDP over HTTP/S established to RD Gateway RDP 3389 to host RD Virtualization Host User initiates HTTP/S connection to RD Gateway RD Client RD Gateway

RDS User Experience Enhancements Multiple Monitor Support Enhanced Audio Support Windows Media Redirection Windows Aero Glass Support Enhanced Bitmap Acceleration

RD Easy Print Overview Historical Issues Solution ?  TS Easy Print No Match ? Close Match  Bad Match TS Easy Print