Jason Leznek, Group Product Manager, Windows Client Justin Graham, Senior Product Manager, Windows Server

uptightexampleΔίκτυα και Επικοινωνίες

24 Οκτ 2013 (πριν από 3 χρόνια και 7 μήνες)

105 εμφανίσεις


Jason Leznek, Group Product Manager, Windows Client

Justin Graham, Senior Product Manager, Windows Server


Information Workers’ World Has Been Changing





The Evolving Needs of Organizations

Mobile & Remote Work
-
Force needs:

Work anywhere

Fast access

IT Professional needs:

Secure and flexible infrastructure for

“work anywhere”

Reduce costs

Consumeriz
ation

Costs

Complianc
e

Contingenc
y

Carbon
-
Neutral

(“Green”)

Optimized Desktop

Enhance

User Productivity

Protect Sensitive Data

Reduce Costs with Greater
Manageability


Policy
-
based Network Access and
Security



caster, M潲e p捡la扬e a湤n
bffi捩e湴 䅣Aess t漠ketw潲k
Resources



P潬i捹
-
扡se搠湥tw潲k se捵city


Ce湴rally 䅧杲e条te Im灯pta湴
Clie湴 a湤nperver bve湴s


Enhance

User Productivity

Protect Sensitive Data

Reduce Costs with Greater
Manageability


Increase user productivity by
enabling users to access their
applications and data quickly,
from anywhere



r灤pte a湤nma湡来 m潢ole PCs
eve渠w桥渠湯n 潮ot桥 捯r灯pate
t桥 湥tw潲k


P畢uis栠server
-
扡sed

applications directly to users’
desktops


Fundamentals

Security, Reliability, Application Compatibility, Device Compatibility, Performance, Power Management

Infrastructure for the Optimized Desktop

Enhance

User Productivity

Protect Sensitive Data

Reduce Costs with Enhanced

Manageability


Increase user productivity by
enabling users to access their
applications and data quickly,
from anywhere



Policy
-
based Network Access
and Security



Faster, More Scalable and
Efficient Access to Network
Resources




P潬i捹
-
扡se搠湥tw潲k se捵city



r灤pte a湤nma湡来 m潢ole PCs
eve渠w桥渠湯n 潮ot桥 捯r灯pate
t桥 湥tw潲k



P畢uis栠server
-
扡sed

applications directly to users’
desktops



Centrally Aggregate Important
Client and Server Events



Fundamentals

Security, Reliability, Application Compatibility, Device Compatibility, Performance, Power Management

Windows 7 and
Windows Server 2008 R2

Key Scenario

Benefits

Features

Enhance User
Productivity

Provide Faster, More Scalable and Efficient Access to Network
Resources



Provide users with

seamless access to applications and data from
anywhere, hence increasing their productivity

Provide users a rich desktop experience from unmanaged or thin
clients

Receive Window Auto
-
tuning

SMB 2.0

IPv6


DirectAccess

BranchCache™


VDI enhancements


Protect Sensitive
Data

Enable policy
-
based network security by allowing only healthy PCs
from accessing network resources

Network Access Protection

Server and Domain
Isolation

Reduce Costs with
Enhanced
Manageability

Update and manage mobile PCs even when not on the corporate
the network

Publish server
-
based applications directly to users’ desktops

Centrally Aggregate Important Client and Server Events to Help
Desk

DirectAccess


Remote Desktop Services
(RDS)

Event Forwarding

Combined Value to Deliver the Optimized Desktop

Enhancing User
Productivity

Faster, More Scalable and Efficient Access to
Network Resources

IPv6

All Services Within Windows Vista are IPv6
-
enabled

Seamless Cost
-
Optimized Transitional Approach

Receive
-
Side
Auto
-
tuning

Automatically senses network environment and adjusts important
performance settings

Allows increase of the size of the TCP/IP
send/receive
window

SMB 2.0 protocol improvements

Number
of open files
and shares on
the server

Packet
compounding reduces “chattiness”

Message
signing settings have been improved

Client
-
side encryption is supported

Durable handles are
supported









Challenging
for IT to manage, update,
patch mobile PCs while disconnected
from company network

Difficult for users to access corporate
resources from outside the office








Corporate
network boundary
includes managed assets no matter
where they are on the Internet

Easy to service mobile PCs and
distribute updates and polices

New network paradigm increases
mobile user productivity by providing
same experience inside & outside

the office

Situation Today

Remote Access for Mobile Workers

Home

Office

Home

Office

DirectAccess

Microsoft Confidential.

DirectAccess Components

Runs on Windows 7

Domain
-
joined

Initial configuration done on
Corpnet or over VPN

Runs on Windows Server
2008 R2

Sits on network edge

Single box by default

Services can be split up
for scalability

Server

Client

Microsoft Confidential.

IT Pro Benefits

DirectAccess Benefits

Improved manageability of remote users

IT simplification and cost reduction

Consistent security for all access scenarios



Seamless & secure access to corporate resources

Consistent connectivity experience in / out office

Combined with other Windows 7 features enhances
the end to end IW experience



End User Benefits

IPv6 Devices

IPv4 Devices

DirectAccess

Server

Windows 7
Client

Native IPv6
with IPSec

IPv6 Transition
Services

Supports variety of
remote network
protocols

DirectAccess

DirectAccess

provides
transparent, secured
access to intranet
resources without a VPN

Allows desktop
management of
DirectAccess

clients

Allows IPSec encryption and
authentication

Supports direct
connectivity to IPv6
-
based
intranet resources

Support IPv4 via
6to4 transition
services or NAT
-
PT

IT desktop
management

AD Group Policy,
NAP, software
updates

Internet

Branch Office Enhancements





Caches content downloaded from file
and Web servers

Users in the branch can quickly open
files stored in the cache

Frees up network bandwidth for other
uses

Application and data access over WAN
is slow in branch offices

Slow connections hurt user
productivity

Improving network performance is
expensive and difficult to implement

BranchCache™

Situation Today

Microsoft Confidential.

IT Pro Benefits

BranchCache Benefits

Helps reduce WAN utilization and cost

Data encryption is enforced across the network

Simple to deploy



Less waiting for downloads = more productivity

Combined
with other
Windows
7 features
enhances the end to end IW experience



End User Benefits

1.
First client downloads
data from main office
server

Improving Branch Performance

Distributed Mode

Main
Office

Client 1

Client 2

2.
Second client
downloads identifiers
from main office server

3.
Second client searches
local network for data and
downloads from first client

Branch Office

1.
First client downloads
data from main office
server

Client 1

Client 2

Branch Office

Improving Branch Performance

Hosted Caching

2.
Content pushed to hosted
cache from first client

3.
Second client
downloads identifiers
from main office server

4.
Second client
downloads from
hosted cache

Main
Office

Microsoft Confidential.

Aero Glass for Remote Desktop Server

Uses have the same new Windows 7 look and feel when using Remote

Desktop Server

RemoteApp

& Desktop Connections

RemoteApp

& Desktops icons integrated into start menu etc

Icons refreshed & updated automatically

Multimedia Support & Audio Input

Experience rich multimedia redirection

Use VoIP applications and speech recognition.

True multiple monitor support

Use up to 10 monitors of any size or layout with
RemoteApp

and Desktops

Applications behave like users expect


e.g. PowerPoint installing them locally

RemoteApp
™ Language Bar Support

Configure applications that use alternate language settings (e.g. right to left
languages) from the local language

Full Fidelity
RemoteApp

& Desktops

Protect Sensitive
Data

Network Access Protection

Unprotected Network Taps Within An Organization’s Buildings

Administrators Have Limited Control About Health Of Systems Joining
Network

Result: Hardware/Network Upgrades And Increased Operational Costs,
Reduced Productivity

Today’s Challenges

Solution


End
-
to
-
End, Authenticated, Tamper
-
resistant Communication

Improved Isolation Using
IPsec

Network Access Protection Across
IPsec
, 802.1X, DHCP, VPN

Increased Manageability


Microsoft Confidential.

1

Remediation

Servers

Example: Patch

Network Access Protection

Restricted

Network

1

Windows

Client

2

2

DHCP, VPN or Switch/Router relays health status to
Microsoft Network Policy Server (RADIUS)

3

3

Network Policy Server (NPS) validates against IT
-
defined health policy

4

If not policy compliant, client is put in a restricted
VLAN and given access to fix up resources to
download patches, configurations, signatures (Repeat
1
-
4)

Not policy
compliant

5

If policy compliant, client is granted full access to
corporate network

Policy
compliant

NPS

DHCP, VPN

Switch/Router

4

Policy Servers

such as: Patch, AV

Corporate Network

5

Client requests access to network and presents
current health state

Policy
-
based Dynamic Segmentation

Untrusted

Unmanaged/Rogue
Computer

Domain
Isolation

Active Directory
Domain Controller

X

Server
Isolation

Servers with
Sensitive Data

HR Workstation

Managed
Computer

X

Managed
Computer

Trusted Resource
Server

Corporate
Network

Define the logical isolation boundaries

Distribute policies and credentials

Managed computers can communicate

Block inbound connections from untrusted

Enable tiered
-
access to sensitive resources

Business and Technical Benefits

Extend the value of existing investments

No additional hardware or software required

Get more value from Active Directory and Group Policy

Complements existing 3rd network security solutions

Safeguard sensitive data and intellectual property

Authenticated, end
-
to
-
end network communications

Scalable, tiered access to trusted networked resources

Protect the confidentiality and integrity of data

Reduce the risk of network security threats

An additional layer of defense
-
in
-
depth

Reduced attack surface area

Increased manageability and more healthy clients

Enhanced
Manageability

Microsoft Confidential.

Manageability Beyond The Office

Enables “always
-
on” management of remote machines to support a fully
-
manageable environment

Scenarios include:

Group Policy Updates

Folder Redirection/Client
-
side Caching

Software/Update Distribution

DirectAccess

Event
Subscriptions

Proactive management of key
issues

Pull/Forward
events to/from multiple machines and search/collate

Does not require loading entire log from remote machine

Microsoft Confidential.


Improved Management Toolset

Reduce repetitive task with RDS
Powershell

support, improved
application install, connection broker install & profile management

RDS and VDI


An Integrated Solution

Single broker to connect users to sessions or virtual machines, out of
the box solution for VDI scenarios with Hyper
-
V

RemoteApp

& Desktop Connections

Centrally hosted applications integrated into
Start Menu
, desktop, etc. Can
personalize a non
-
work PC with work applications without installing them
locally

Platform Investments

Multiple levels of extensibility for custom partner solutions for Remote
Desktop Services & VDI based solutions

Remote Desktop Services Manageability

Questions and
Answers

©
2009
Microsoft Corporation. All rights reserved.

This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.