Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 117 views

    W2K8 Remote Infrastructure PPT

    Uploaded by

    api-27448143
    Remote office server performs as a service cache that does not hold a unique state and does not require system backup. If the remote office server fails, it can be replaced, reprovisioned, or redeployed. Server roles are well-adapted for remote offices and varying roles can be deployed as one.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd

    W2K8 Remote Infrastructure PPT

    Uploaded by

    api-27448143
    117 views36 pages
    Remote office server performs as a service cache that does not hold a unique state and does not require system backup. If the remote office server fails, it can be replaced, reprovisioned, or redeployed. Server roles are well-adapted for remote offices and varying roles can be deployed as one.

    Original Title

    W2K8_Remote_Infrastructure_PPT

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Remote office server performs as a service cache that does not hold a unique state and does not require system backup. If the remote office server fails, it can be replaced, reprovisioned, or redeployed. Server roles are well-adapted for remote offices and varying roles can be deployed as one.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    117 views36 pages

    W2K8 Remote Infrastructure PPT

    Uploaded by

    api-27448143
    Remote office server performs as a service cache that does not hold a unique state and does not require system backup. If the remote office server fails, it can be replaced, reprovisioned, or redeployed. Server roles are well-adapted for remote offices and varying roles can be deployed as one.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    of 36

    Clinic

    Windows Server®
    2008:
    Remote Infrastructure
    Clinic Outline

    Remote Infrastructure Server


    Deployment and Administration
    Remote Infrastructure Security
    Remote
    Location
    RODC
    Corp
    Spend Less Hardens the OS Quickly Respond
    Time on and Protects to Changing
    Everyday Tasks Your Business Needs
    Environment
    Enhanced Better Security Centralized
    Scripting and and Application and
    Task Compliance Remote Access
    Automation Solutions
    Network
    Role Based Access Integrated
    Installation Server
    and Protection
    Management Virtualization
    Remote
    Infrastructure
    Server
    Deployment and
    Administration
    Overview

    Remote Infrastructure Integration


    Strategies

    Remote Infrastructure Framework


    Core
    Infrastructure
    Optimization
    Improved Server
    Deployment
    New Advanced
    Management
    Tools
    Remote Infrastructure Integration
    Strategies

    Server Architecture
    Distributed
    Centralized
    Converging

    Infrastructure Topologies
    Satellite
    Accelerated
    Autonomous
    Remote Infrastructure Framework

    Optional
    Remote clients can fail over from the local
    remote office server to another server (by
    closest site selection) if local services become
    unavailable. When services are restored, they
    automatically fail back to a preferred server.
    Disposable
    The remote office server performs as a service
    cache that does not hold a unique state and
    does not require system backup. If the server
    fails, there is no impact on remote office
    functionality.
    Replaceable
    If the remote server fails, it can be replaced,
    reprovisioned, or redeployed. Server roles are
    well-adapted for remote offices and varying roles
    can be deployed as one. The recovery of data is
    automated.
    Improved Server Deployment (Modular
    Design)

    Modular deployment of server roles,


    including:
    AD Domain Services
    DNS Server
    File Server
    Print Server
    Terminal Services
    Improved Server Deployment (Server
    Core)
    Supported Server Benefits
    Roles: Increased server
    Active Directory stability
    Domain Services Reduced
    Active Directory management
    Lightweight Reduced attack
    Directory Services surface
    DHCP Server Reduced software
    DNS Server maintenance
    File Server Reduced hardware
    requirements
    Print
    Windows Media
    Services Server
    Core
    Windows
    Virtualization
    Services
    Improved Server Deployment (Windows
    Server Virtualization)

    64-bit Next Generation technology

    Addresses the following challenges:


    Server Consolidation
    Development and Testing
    Business Continuity/Disaster Recovery

    Server Core as a host system


    New Advanced Management Tools

    Server Manager

    ServerManagerCmd.exe

    Windows PowerShell

    Remote Management

    Event Subscriptions

    Task Scheduling based on Events


    Technical Background

    Domain Name System (DNS) Server Role


    AD Domain Services User Interface
    Improvements
    Restartable AD Domain Services
    AD Lightweight Domain Services Server
    Role
    AD Domain Services Backup and Recovery
    File Service Improvements
    • SMB 2.0
    • DFS
    • Print Management Improvements
    • Networking Improvements
    Domain Name System (DNS) Server Role

    Background zone loading


    Read-only domain controller support
    Global Names zone
    DNS client changes
    Link-Local multicast name resolution
    (LLMNR)
    Domain controller location
    AD Domain Services

    New AD MMC Snap-In Features


    • Find Command
    • New Options for Unattended Installs
    Restartable AD Domain Services (AD DS)

    3 Possible
    States:
    AD DS
    Started
    AD DS
    Stopped
    Active
    Directory
    Restore Mode
    AD Domain Services Backup and
    Recovery

    What’s New? Considerations


    General
    Requirements
    File Services

    Server Message Block (SMB) 2.0

    DFS
    Names Spaces
    Replication
    SYSVOL
    SMB 2.0

    Support for sending multiple


    commands within the same packet
    Larger buffer sizes
    Greater scalability
    Support for durable handles
    Support for symbolic links

    Reduces network traffic and provides


    greater resiliency to network outages
    DFS

    DFS Namespaces
    DFS Replication (DFSR)

    Together they provide solutions for:


    Data collection
    Data Distribution
    Sharing files across remote offices

    DFS Management Tools


    DFS Replication

    Simplified process for replicating


    discrete folders to the same set of
    servers
    • Multipurpose replication group
    • Replication group for data collection
    • Differential replication of changes
    • Reduced bandwidth usage
    • Efficient and scalable
    • Flexible scheduling and bandwidth
    throttling
    • Supported in stand-alone and domain-
    based namespaces and on individual
    folders
    DFS Replication (cont.)

    Self-healing after USN journal wraps


    and database corruption
    Easy member recovery
    Simple and flexible prestaging of new
    servers
    Delegation of management tasks
    Built-in health metrics and diagnostics
    events
    Support for SYSVOL replication
    Print Services

    Print
    Server
    Role

    Benefits

    Requireme
    nts
    Next Generation TCP/IP Stack

    Changes in PTMU
    Receive Windows
    Black Hole Router
    Auto-Tuning
    Detection
    Compound TCP
    Routing
    Throughput Compartments
    Optimization in
    ESTATS Support
    High-Loss
    Environments Network
    Diagnostics
    Neighbor
    Framework
    Unreachability
    Support
    Detection
    New Packet
    Changes in Dead
    Filtering Model
    Gateway
    with Windows
    Detection
    Filtering Platform
    Implementation/Usage Scenarios

    Improve security of remote office servers


    Enable remote administration, reduce
    administrative burden, and eliminate the
    need for onsite administrators
    Mitigate the limited bandwidth and high-
    latency of WANs
    Ensure fast service and continuity to
    remote office employees
    Recommendations

    Deploy Windows Server 2008 Server Core


    with RODC in the remote office
    Implement DFS replication, especially for
    SYSVOL
    Use event subscriptions to centrally collect
    events from remote office servers

    Implement AD DS auditing

    Maintain a critical-volume backup of


    system files for recovery of AD DS only
    Summary
    The modular, distributed nature of AD DS allows you to
    centralize and better control the management and
    security of domain controllers located in the remote office.
    Restartable AD mitigates the need for a remote
    administrator.
    A RODC is ideal for providing domain services in remote
    offices where physical security cannot be guaranteed.
    With Windows Server 2008, you can remotely backup and
    restore data, including Active Directory Domain Services
    using the new Windows Server Backup tool.
    The DNS Server Role includes new changes which help to
    mitigate low-bandwidth issues and support the new AD
    Domain service features.
    Improvements to SMB and DFS will assist you in better
    managing file services for your remote offices.
    Print Server improvements provide centralized printer
    control to streamline remote administration of printers at
    the remote office.
    Terminal Services in Windows Server 2008 is enhanced to
    improve security, reduce management overhead and
    mitigate bandwidth issues.
    The Next Generation TCP/IP Stack will help you meet the
    connectivity and performance needs of today's remote
    Remote
    Infrastructure
    Security
    Overview

    Read-Only Domain
    Server
    Controller (RODC) Core
    Improved security - RODC

    Faster logon
    VPN
    More efficient network
    BDE
    access

    BitLocker Drive SSTP


    Encryption (BDE)
    Operating system and
    data protection
    C:\
    Secure Socket
    Tunneling Protocol
    (SSTP) VPN
    Transport-level security
    Technical Background

    Server
    Read-Only Core
    Domain - RODC
    Controller
    (RODC) VPN
    Secure Socket
    Tunneling
    Protocol (SSTP) SSTP
    VPN
    Read-Only Domain Controller (RODC)

    New Functionality
    RODC
    AD Database
    Unidirectional Replication
    Credential Caching
    Password Replication Policy
    Administrator Role Separation
    Read-Only DNS

    Requirements/Special Considerations
    Secure Socket Tunneling Protocol (SSTP)
    VPN
    Uses HTTPS over Port 43 to pass traffic
    through firewalls that might block PPTP
    and L2TP
    Flexible network configuration
    Support for NAP
    Support for IPv6
    Better network utilization and load
    balancing
    Full integration with OS components and
    RRAS
    Configuration
    Server: Windows Server 2008 with RRAS
    and a Server Authentication Certificate
    Client: Windows Vista or Windows Server
    2008 with a copy of the Server certificate
    installed
    Implementation/Usage Scenarios

    Maintain physical security of servers at


    the remote office
    Maintain physical security of data at
    the remote office
    Improve security on VPN connections to
    remote offices at a lower cost
    Recommendations

    Deploy a Read-Only Domain Controller


    at the remote office
    Implement a Password Replication
    Policy
    Implement administrator role
    separation
    Implement BitLocker Drive Encryption;
    do not require a PIN or USB device if
    no local admin
    Implement an SSTP VPN
    Summary

    Windows Server 2008 adds new technologies which


    help to improve the security in remote office
    environments
    A RODC hosts a read-only replica of the database in
    Active Directory Domain Services
    BitLocker Drive Encryption provides data security on
    lost or stolen PC devices and remotely located
    servers
    An SSTP VPN provides a mechanism to encapsulate
    PPP traffice over the SSL channel or the HTTPS
    protocol, improving security and reducing remote
    access costs
    Thank You

    Dhivakar N
    Dhivakar.Natarajan@Symphonysv.com

    You might also like