Presentation is loading. Please wait.

Presentation is loading. Please wait.

John Savill Solutions Architect EMC Session Code: WSV403.

Published byAmanda Morris Modified over 8 years ago

Similar presentations

Presentation on theme: "John Savill Solutions Architect EMC Session Code: WSV403."— Presentation transcript:

1

2 John Savill Solutions Architect EMC Session Code: WSV403

3 Who am I? Technical Evangelist for EMC Consulting Ten Time Microsoft MVP Author of the Windows FAQ Written numerous books Latest book available “Complete Guide to Windows Server 2008” Speaker at Tech Ed 2006-2009

4 Agenda Challenges with a branch office Overview of security solutions used with Windows 2008 Virtualization in branch offices Enhancing User Experience and Productivity Branch Access Read-only Distributed File System Replicas

5 Branch Office Challenge Focus for Windows 2008 Offices often require local servers for both performance and resiliency to unavailable links A local domain controller is one of the common services provided which contains a complete copy of the entire organizations domain Remote offices rarely have dedicated server infrastructure areas that are secured nor local support personnel to manage the systems Remote office hardware is susceptible to compromise A way is needed to protect the data on branch office servers, lower maintenance overhead and counteract risk

6 Protected Branch Office Server RODC BitLocker Server Core

7 2008 R2 Improvements for Security Server Core had limitations in Windows Server 2008 We had no virtualization “in-box” for Windows 2008 that was RTM BitLocker only worked for internal fixed drives Management had limitations So where are we now?

8 Server Core Enhancements Subset of.NET 2.0, 3.0 and 3.5 Framework now available Enables more role services such as ASP.Net with IIS Enables PowerShell scripting Active Directory Certificate Services and File Server Resource Manager available WoW64 optionally installable for 32bit application support

9 Management Changes Remotable Server Manager Enhancements in PowerShell (2.0) which combined with WS-Mgmt gives us fan-out capability Best Practice wizards New version of the Remote Server Administration Tools will be available for Windows 7 to manager 2008 R2

10 BitLocker to Go Allows USB storage devices to be protected with BitLocker Policy can be used to control complexity and length of passphrase required to unlock drive Possible to configure USB device to auto unlock on specific servers through passphrase caching however this is risky if server is compromised

11 Server Core and Manageability

12 Hyper-V 2008 R2 Hyper-V is now included in-box Includes a number of new capabilities including: Support for 32 logical processors Hot add/remove of VHD and pass-through disks on SCSI controller (not IDE) Second Level Address Translation (SLAT) Live Migration and Cluster Shared Volumes Dynamic memory did not make this release

13 Boot from VHD Can now boot a Windows 7 or Windows 2008 R2 OS from a VHD file Best performance use static VHD file however dynamic VHD supported Few extra steps during the OS install process to create and mount the VHD file to allow installation Shift-F10 to open command window Create, Select and Attach vdisk Partition

14 Virtualization in the Branch Office Server hardware is often limited in branch offices Multiple roles are run under a single OS instance which is generally not optimal With virtualization we can run the various roles in separate virtualized OS instances We still use BitLocker on the host OS to protect the drives containing the VHD files Can now also protect USB storage devices

15 2008 R2 Branch Office Server RODC BitLocker Server Core

16 Improving the End User Experience All of the previous focus was around securing the branch office What about the actual users and their ability to work Most branch locations have slow, high latency links Users consume different types of data Data is typically stored in hub locations for easier management and central backup

17 Branch Cache Most branches have poor or high latency connections Users download same information from hub locations multiple times Branch cache works in a peer-to-peer or hosted server model to cache information over HTTP (including SharePoint) and SMB Branch computers can then retrieve information from a peer or the hosted server Works using a hash value for each file so data has to be stored on a 2008 R2 server

18 Cache Branch Cache in Action Peer to peer Hash

19 Cache Branch Cache in Action Hosted cache Hash

20 Branch Cache Requirements For peer to peer (distributed caching) clients must be in the same subnet Hosted cache does not require same subnet 1 Hosted cache per branch Windows 7 and Windows 2008 R2 Only Both solutions require connectivity to the original server If you want resiliency against connectivity failure you should look at DFSR instead

21 So What Exactly is Cached and When? Any file that has a hash is cached on the client When cache is full the least recently accessed item is removed to make room Only files over 64KB cached Designed for slow changing files Hashing is configured on a per-share level on the server For web content a script is used to create hashes for files and not done automatically Does not care about transport (supports IPSEC, HTTPS etc)

22 Branch Cache Storage Cache files are stored in chunks under the Network Service profile The cached chunks are not encrypted but protected by ACLs Only the Network Service has access

23 Monitoring and Controlling How Branch Cache is Used Performance Counters Group Policy and commands to enable distributed cache and to point to hosted cache Group Policy control cache % use of drive Entire cache can be cleared on client through PowerShell and netsh commands ??????

24 Branch Cache in Action

25 Distributed File System Replication Branch Cache requires the network for users to obtain file hash values If access to information is required without network connectivity Branch Cache does not work Distributed File System Replication is a good solution using delta based replication Available as part of 2003 R2 and above DFSR only replicates closed files In a multi-writer situation last writer wins (no check- in/check-out, this is SharePoint functionality)

26 Traditional DFSR DFSR Replica DFSR Replica DFSR Replica DFSR Replica Documents Legal Presentations Documents Legal Presentations Documents Legal Presentations Documents Legal Presentations Sales

27 Read-Only DFSR Replica DFSR Replica R-DFSR Replica R-DFSR Replica R-DFSR Replica Documents Legal Presentations Documents Legal Presentations Documents Legal Presentations Documents Legal Presentations Sales ACCESS DENIED

28 Making a Read-Only Replica Must have 2008 RTM schema extensions Only one check box different During wizard to create replication group on a non- authoritative server check the read-only box This is per folder on the server Can switch between being read-write and read-only with a click

29 Read-Only DFSR Usage Must have Windows 2008 R2 at the branch only Other replication partners can be Windows 2008 or Windows 2008 R2 R/O Replica can only replicate from a R/W Replica, R/O Replica cannot replicate from another R/O Replica Must use 2008 R2 DFS Management MMC snap-in End-user experience is to simply have read-only access. Acts like read-only media User will get File Access Denied if they try and write If users need to write then they would need to access a writable replica directly via SMB UNC path

30 Branch Cache vs. Read-Only DFSR So both technologies deal with publication type data For personal data you should be looking at folder re-direction with client side caching For collaboration type data we should be looking at SharePoint If you need data accessed without network connection you need Read-only DFSR If want to save bandwidth but not provide link resiliency Branch Cache is good solution Use Hosted cache over distributed cache if have server at branch Branch Cache requires Windows 7 clients

31 Summary Windows 2008 was great for securing branch office locations Windows 2008 R2 builds on this secure foundation and adds a great branch office user experience through various technologies Some of the major feature wins require Windows 7

32

33 Windows Server Resources Make sure you pick up your copy of Windows Server 2008 R2 RC from the Materials Distribution Counter Learn More about Windows Server 2008 R2: www.microsoft.com/WindowsServer2008R2 Technical Learning Center (Orange Section): Highlighting Windows Server 2008 and R2 technologies Over 15 booths and experts from Microsoft and our partners Over 15 booths and experts from Microsoft and our partners

34 www.microsoft.com/teched Sessions On-Demand & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources www.microsoft.com/learning Microsoft Certification & Training Resources Resources

35 Complete an evaluation on CommNet and enter to win!

36 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "John Savill Solutions Architect EMC Session Code: WSV403."

Similar presentations

Faith Allington Program Manager Microsoft Corporation WSV322.

Faith Allington Program Manager Microsoft Corporation WSV322.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.

1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.
Agenda Customer pain points and how data classification can help Ecosystem Windows Server 2008 R2 for file Classification Infrastructure Demos Customer.

Agenda Customer pain points and how data classification can help Ecosystem Windows Server 2008 R2 for file Classification Infrastructure Demos Customer.
Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.

Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
More Control and Flexibility Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

More Control and Flexibility Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Michael Kleef Technology Advisor | Microsoft Australia

Michael Kleef Technology Advisor | Microsoft Australia
Sudhir Rao Technology Specialist | Microsoft Corporation.

Sudhir Rao Technology Specialist | Microsoft Corporation.
Tech·Ed North America /19/2017 7:21 AM

Tech·Ed North America /19/2017 7:21 AM
02 | Install and Configure Team Foundation Server Anthony Borton | ALM Consultant, Enhance ALM Steven Borg | Co-founder & Strategist, Northwest Cadence.

02 | Install and Configure Team Foundation Server Anthony Borton | ALM Consultant, Enhance ALM Steven Borg | Co-founder & Strategist, Northwest Cadence.
Understanding Active Directory

Understanding Active Directory
Johan Arwidmark Chief Technical Architect WCL315.

Johan Arwidmark Chief Technical Architect WCL315.
Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.

Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.
Wally Mead Senior Program Manager Microsoft Corporation.

Wally Mead Senior Program Manager Microsoft Corporation.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
John “JG” Chirapurath Director, Identity & Security BG Microsoft SIA-205 Business Ready Security.

John “JG” Chirapurath Director, Identity & Security BG Microsoft SIA-205 Business Ready Security.
Session objectives Discuss whether or not virtualization makes sense for Exchange 2013 Describe supportability of virtualization features Explain sizing.

Session objectives Discuss whether or not virtualization makes sense for Exchange 2013 Describe supportability of virtualization features Explain sizing.

Similar presentations

Ads by Google