Presentation is loading. Please wait.

Presentation is loading. Please wait.

John Pritchard Ramprabhu Rathnam CLI314 Provide an overview of activation and validation Provide guidance for common scenarios Share learning’s Activation.

Published byCharity Haynes Modified over 8 years ago

Similar presentations

Presentation on theme: "John Pritchard Ramprabhu Rathnam CLI314 Provide an overview of activation and validation Provide guidance for common scenarios Share learning’s Activation."— Presentation transcript:

1

2 John Pritchard Ramprabhu Rathnam CLI314

3 Provide an overview of activation and validation Provide guidance for common scenarios Share learning’s Activation requirement in volume is here and real Planning is crucial for successful deployment Prescriptive guidance is available now to help with your deployment

4 Activation Common Scenarios Best Practices Validation Reduced Functionality Mode Q&A

5 22 Non-genuine Windows are growing nearly 100 PCs every minute 33 Compromised volume keys attribute to ~20% of Windows validation failures Source: 2006 Global Software Piracy Study by Business Software Alliance 11 Worldwide PC software piracy for 2006 estimated at 35%

6 Online Phone BIOS-bound Online Phone Proxy

7 Multiple Activation Key (MAK) Key Management Service (KMS) Key MAK Independent Activation (Online, Phone) Individually connect and activate with Microsoft MAK Proxy Activation Activate multiple systems with one connection to Microsoft KMS Activation Activate periodically using customer-hosted service Enable installation and usage of the product during grace period without need for any product key

8 Customer hosted activation enablement service Eliminates the need for each system to activate with Microsoft KMS key used on designated host(s) to enable the service KMS host(s) activate with Microsoft using online or phone one-time Each KMS key, by default, can activate six different hosts Each KMS host can activate unlimited # of systems running volume editions of Windows Vista and Windows Server 2008 Requires a threshold of min. physical machines established and maintained (25 for Windows Vista and 5 for Windows Server 2008) KMS host maintains a single count of last 50 systems contacted in the last 30 days KMS clients activates itself based on response from the KMS host and the local business rules KMS client must connect with KMS host anonymously at least once every 180 days KMS client uses DNS or registry info to discover the KMS host

9 One time activation with Microsoft Two methods of activation using a MAK: MAK Independent Activation: Each system individually connects and activates with Microsoft MAK Proxy Activation: One centralized activation request on behalf of multiple systems with one online connection to Microsoft MAK Keys have an activation limit that depends on customer’s license agreement Each activation counts towards activation limit Keys are distributed either through WMI script, during OS installation, or Volume Activation Management Tool Uses SSL in the case of MAK independent and SSL & WMI in the case of MAK proxy Reactivation may be required if there is significant change in the underlying hardware

10 Performs both MAK Proxy and MAK Independent activation Provides activation status of all machines in the environment Supports discovery of machines in the environment: Active Directory (AD) Workgroup, and Individual machines by IP address or Machine Name Allows for Import/Export of data using XML Enables local reactivation and monitoring of MAK usage

11

12 New - KMS host will be able to run in virtual machines when Windows Server 2008 RTMs KMS host can run on Windows Vista VM now Support for Windows Server 2003 and Windows Server 2008 will be available when Windows Server 2008 RTMs Install KMS host on a virtual instance that is least likely to be moved to avoid reactivation KMS host does not contribute to the n-count however the VM host does contribute to the n-count Virtual instances of OS can be activated using KMS Addresses issue of virtual images moving from one physical to another that could force a reactivation request

13 Activation must be a part of the Windows deployment planning process Establish activation ownership and accountability Determine the use and mix of MAK/KMS activations Enumerate target environments based on number of systems and user network connectivity Evaluate impact of upcoming KMS releases Windows Server 2008 KMS

14 Basic connectivity characteristics LAN-connected machines (core networked) Roaming/remote machines w/ regular connectivity Roaming/remote machines w/ sporadic connectivity Isolated (never connected) machines Build sources OEM Preinstalled machines (new machines) Customer-specific image Generic image that customer modifies/replaces OEM rebuilds Customer-built machines (rebuilds, virtual, test) Number of systems

15 Unless there is a specific (political/ procedural/ architectural) barrier, use KMS Configure KMS for access by users from remote/branch locations Place KMS in hub location(s), but don’t overuse- each KMS must have a rolling n-count of 25+ Remember that one KMS key activates up to 6 KMS hosts Consider placing KMS on a virtual host Remember that significant hardware change of underlying physical machine may still trigger reactivation

16 Each system must be activated by MAK when there are not enough system for a KMS infrastructure If occasional Internet connectivity is available, machine can activate against Microsoft directly or against the Core KMS Host

17 “Regular connectivity” = client can be reasonably expected to connect via LAN or VPN at least once every 180 days Typically far shorter than the common user password expiration interval policy Often have existing mechanisms in place to ensure that users periodically connect If it can be expected to connect, use KMS Requires planning for users who “miss the window”- customize the sample web page for self-servicing Should a client exceed 180 days w/out connectivity, grace period and rearm still provides time to activate May consider switching that user’s machine to MAK activation

18 Machines that are built, leave the company’s premises and are not seen again for very long or indeterminate periods of time Machines in ships/submarines/deserts Corporate machines provided for home use Student laptops Professors on sabbatical Activate the system as part of system provisioning using Independent MAK or Proxy MAK

19 Where lack of connectivity is due to nature of lab rather than explicit prohibition on connectivity Provide connectivity to KMS May use switch/router/FW/IPsec filtering for traffic Deploy a local KMS Be conscious of n-count and # of KMS hosts Virtual machines activate, but don’t increment n-count To reach n-count, build 25 physical machines or one machine 25 times, etc.- buys 30 days until n-count starts to drop Activate using MAK through phone or VAMT (sneakernet) For frequently rebuilt systems consider not activating Machines will have to be activated or rebuilt after 120 days (can re-arm grace period three times)

20 Ensure KMS keys are used only on machines that will serve as KMS host Generalize images using Sysprep to reset activation related values Use VAMT for any activation involving MAK Increases protection of MAK keys Provides remaining activation count Enables local reactivation Leverage IPSec infrastructure in filtering KMS communication In the case of MAK activation do activation after connecting all necessary hardware

21 LicensedLicensed Grace (30 days) Reduced Functionality Mode (RFM) Initial Installation Out of Tolerance: Hardware Modification or Activation Expiry (KMS) Successful Activation Initial, Expiration, or Modification Failure to (Re)Activate

22 Use Volume Activation Management Tool (VAMT) or SMS 2003 SP3 to monitor license states Initial installation grace Out of tolerance grace Monitor the health of KMS using MOM 2005 KMS MP KMS activation only works on legacy machine (no ACPI SLIC table) or Marked machine (ACPI SLIC table exists and is complete)

23 Activation Count Summary KMS Activity History Licensing Status Summary Machine Expiration Chart Machine Expiration Detail Virtual Machine Summary

24 Conditions that cause validation failure: Failure to activate the product properly within the grace period Using a compromised or non-MS issued key Tampering to circumvent product activation or validation features System response varies depending on activation status Genuine features disabled Reduced functionality mode Once determined to be non-genuine resolution requires reactivation and revalidation

25 Interactive logon limited to 1hr sessions Access to default Web browser only after logon No start menu or task manager Limited access to files and folders Treated as non-genuine Aero TM, ReadyBoost TM are disabled Only critical security updates are available and not optional updates Windows Defender removes only critical and severe threats

26 Activation is a required for all editions of Windows Vista & Windows Server 2008 Enables protection and management of customer specific volume keys Eliminates handling of product keys at the time of system installation Helps differentiate genuine installations Multiple activation options exist for volume customers MAK independent, MAK proxy and KMS Prescriptive guidance available for integrated deployment and management

27 We are looking for customer/partner feedback on Volume Activation 2.0, please take a moment to provide your feedback Customer/Partner Feedback www.opinionguru.com/activationsurvey The password is: 1301 OEM/System Builder Feedback www.opinionguru.com/OEMsurvey The password is: 1301

28 Business Desktop Deployment Solution Accelerator: http://www.microsoft.com/technet/desktopdeploymen t/bdd Volume Activation 2.0 on TechNet: http://go.microsoft.com/fwlink/?LinkID=75673 Volume Activation 2.0 on Download Center: http://go.microsoft.com/fwlink/?LinkID=75674 For product key information and call center numbers: http://www.microsoft.com/licensing/resources/vol/def ault.mspx

29

30

31 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 DatacenterItanium StandardEnterprise Storage Enterprise** Web Compute Cluster Storage* BusinessEnterprise Hierarchical KMS Keys Lateral MAKs

33 Volume Licensing is upgrade only KMS keys are assigned per applicable enrollment(s) or licenses purchased per product pool (client, server) Open License customers will only receive MAK and KMS keys specific to product licenses purchased Customers w/ Select or EA or CASA licenses receive additional Windows Server 2008 edition keys for evaluation MAK are issued at customer request Partners and MSDN subscribers receive only MAK and/or retail keys

34 KMS Host KMS Client By default, KMS Host is not activated Once activated, KMS Host is ready to activate KMS clients when minimum requirements are met Once a combination of 5 physical KMS Clients are present, Windows Server 2008 machines will be activated by the KMS host Once a combination of 25 physical KMS Clients are present, Windows Vista machines will be activated by the KMS host Windows Vista machines Windows Server 2008 machines

35 11 22 33 44 44 55 66 66 22

36 1. Discover KMS host via registry or DNS SRV RR (_vlmcs._tcp) 2. Send RPC request to KMS host on 1688/TCP by default (~250b) Generate client machine ID (CMID) Assemble and sign request (AES encryption) On failure retry every 2 hours (default) 3. KMS host adds CMID to queue (entries expire after 30 days) and responds with current count (~200b) itself 4. KMS client evaluates count vs. license policy and activates itself Store KMS host Product ID, intervals, and client hardware ID in license store On success renew activation every 7 days (default) 1 2 3 4 0. Activate KMS host(s) using KMS keys with Microsoft

37 2. Apply MAK and collect Installation ID (IID) using WMI optionally export to XML file 1. Find Windows Vista machine(s) from Active Directory (LDAP) or through network discovery APIs NetServerEnum() 4. Activate MAK Proxy client(s) by applying CID optionally import updated XML file first 3. Connect to Microsoft over Internet (SSL) and obtain corresponding Confirmation ID (CID)update XML file with CIDs 1234

38

Download ppt "John Pritchard Ramprabhu Rathnam CLI314 Provide an overview of activation and validation Provide guidance for common scenarios Share learning’s Activation."

Similar presentations

Kalpesh Patel Ramprabhu Rathnam

Kalpesh Patel Ramprabhu Rathnam
Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.

Richard Smith Senior Consultant – Management, Operations and Deployment Microsoft UK Simple Deployments with Windows AIK and Windows DS.
Microsoft Desktop Virtualization Migrating to Windows 7 With MED-V.

Microsoft Desktop Virtualization Migrating to Windows 7 With MED-V.
Windows Vista: Volume Activation 2.0

Windows Vista: Volume Activation 2.0
Using the WDK for Windows Logo and Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.

Using the WDK for Windows Logo and Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.
Future of the Server Room Tour. Ottawa Montreal Calgary Vancouver Toronto Future of Your Server Room Three Pillars of Windows Server 2008 Virtualization.

Future of the Server Room Tour. Ottawa Montreal Calgary Vancouver Toronto Future of Your Server Room Three Pillars of Windows Server 2008 Virtualization.
Shai Tirosh Windows Server Regional Director artNET Experts.

Shai Tirosh Windows Server Regional Director artNET Experts.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Service Pack 2 System Center Configuration Manager 2007.

Service Pack 2 System Center Configuration Manager 2007.
WCL320: Activating Windows in Enterprise Environment Kalpesh Patel Ramprabhu Rathnam Software Protection Platform Microsoft Corporation.

WCL320: Activating Windows in Enterprise Environment Kalpesh Patel Ramprabhu Rathnam Software Protection Platform Microsoft Corporation.
Setting up Remote Access Brent Reeser Technical Product Manager Windows Server Marketing.

Setting up Remote Access Brent Reeser Technical Product Manager Windows Server Marketing.
Microsoft Virtual Academy

Microsoft Virtual Academy
Microsoft Virtual Academy

Microsoft Virtual Academy
1/26/2018 Hosting Windows Desktops and Applications Using Remote Desktop Services and Azure Windows Server 2016 + Azure Resource Manager © 2014 Microsoft.

1/26/2018 Hosting Windows Desktops and Applications Using Remote Desktop Services and Azure Windows Server Azure Resource Manager © 2014 Microsoft.
Windows Server 2012 R2 The Essentials Experience

Windows Server 2012 R2 The Essentials Experience
TechReady 16 5/10/2018 Day 2, Session 4 Reaching the Summit: ITIL-integrated Self-Service in the Hybrid Cloud © 2013 Microsoft Corporation. All rights.

TechReady 16 5/10/2018 Day 2, Session 4 Reaching the Summit: ITIL-integrated Self-Service in the Hybrid Cloud © 2013 Microsoft Corporation. All rights.
Office 365 is cloud-based productivity, hosted by Microsoft.

Office 365 is cloud-based productivity, hosted by Microsoft.
Microsoft Virtual Academy

Microsoft Virtual Academy
Microsoft Virtual Academy

Microsoft Virtual Academy
Enterprise Security in Practice

Enterprise Security in Practice

Similar presentations

Ads by Google