Professional Documents
Culture Documents
Web
Virtualization
Security
Reduces costs, increases hardware utilization, optimizes your infrastructure, and improves server availability
Provides unprecedented levels of protection for your network, your data, and your business
Security
Security
Development Process Secure Startup and shield up at install Code integrity Windows service hardening Inbound and outbound firewall Restart Manager
Compliance
Improved auditing Network Access Protection Event Forwarding Policy Based Networking Server and Domain Isolation Removable Device Installation Control Active Directory Rights Management Services
Security
Defense In Depth
Reduce size of high risk layers Segment the services D Increase # D D of layers
Service 1 Service 2 Service 3 Service B
Service
Service A
Service
LocalSystem
Network Service
Local Service
Network Service
Network Restricted
Local Service
No Network Access
Local Service
Fully Restricted
Firewall firewall andnetworking Policy-based IPsec management Combinedrules become more intelligent
Only a subset of the executable files and DLLs installed No GUI interface installed 9 available Server Roles Can be managed with remote tools
Customization Troubleshooting Administration True application deployment Application and health management
Secure HTTPS
Internet
XML
Administrator
AppHost.config
Manage Remotely
Better Tools
Shared Config
Intuitive, Task Oriented GUI .NET Management API Unified WMI Provider for IIS/ASP.NET Powerful Command Line Support Rich Runtime State Information Automatic Failure Tracing & Logging Shared App Hosting XML
Site Owner
App Web.config
Web Farm
Encryption Policy
Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage
AD RMS protects access to an organizations digital files AD RMS in Windows Server 2008 includes several new features Improved installation and administration experience Self-enrollment of the AD RMS cluster Integration with AD Federation Services New AD RMS administrative roles
Information Author The Recipient
Contoso
Adatum
Federation Trust
Web Server
AD FS provides an identity access solution Deploy federation servers in multiple organizations to facilitate business-tobusiness (B2B) transactions AD FS provides a Webbased, SSO solution AD FS interoperates with other security products that support the Web Services Architecture AD FS improved in Windows Server 2008
RODC
Main Office
Features
Branch Office
Web Enrollment
Internet
Tunnels RDP over HTTPs
Perimeter Network
Strips off RDP / HTTPs
Corporate Network
RDP traffic passed to TS
Terminal Servers and other RDP Hosts
Internet
Policy Servers
Policy compliant
Enhanced Security
Corporate Network
Policy Servers
such as: Patch, AV
Windows Client
Remediation Servers
Example: Patch
NPS
Policy compliant
5
Restricted Network
Corporate Network
5 4 3 2 1
If not policy compliant, client is put in a restricted Client and given access network and access If policy Policy access tois granted full against Networkcompliant, client to fix up resources status DHCP, VPN or Server (NPS) validates presentsITVLAN requests Switch/Router relays health to to current health policy corporate patches, defined health state configurations, (RADIUS) to Microsoft Network Policy Server signatures download network (Repeat 1 - 4)
Terminal Services
http://www.microsoft.com/windowsserver2008 /terminal-services/default.mspx
2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.