jason leznek, group product manager, windows client justin graham, senior product manager, windows...
Post on 15-Jan-2016
225 views
TRANSCRIPT
Building The Optimized Desktop Infrastructure with
Windows 7 and Windows Server 2008 R2
Jason Leznek, Group Product Manager, Windows Client
Justin Graham, Senior Product Manager, Windows Server
Information Workers’ World Has Been Changing
BRANCH OFFICES
MOBILE & DISTRIBUTED WORKFORCE
CENTRAL OFFICE
REMOTE WORK
The Evolving Needs of Organizations
Mobile & Remote Work-Force needs:Work anywhereFast access
IT Professional needs:Secure and flexible infrastructure for“work anywhere”Reduce costs
Client Computing Trends and Choices
Consumerization
Costs
Compliance
ContingencyCarbon-
Neutral(“Green”)
Optimized Desktop
Enhance User Productivity Protect Sensitive Data Reduce Costs with Greater Manageability
• Policy-based Network Access and Security
• Faster, More Scalable and Efficient Access to Network Resources
• Policy-based network security • Centrally Aggregate Important Client and Server Events
Enhance User Productivity Protect Sensitive Data Reduce Costs with Greater Manageability
• Increase user productivity by enabling users to access their applications and data quickly, from anywhere
• Update and manage mobile PCs even when not on the corporate the network• Publish server-based applications
directly to users’ desktops
FundamentalsSecurity, Reliability, Application Compatibility, Device Compatibility, Performance, Power Management
Infrastructure for the Optimized Desktop
Enhance User Productivity Protect Sensitive Data Reduce Costs with Enhanced Manageability
• Increase user productivity by enabling users to access their applications and data quickly, from anywhere
• Policy-based Network Access and Security
• Faster, More Scalable and Efficient Access to Network Resources
• Policy-based network security • Update and manage mobile PCs even when not on the corporate the network
• Publish server-based applications directly to users’ desktops
• Centrally Aggregate Important Client and Server Events
FundamentalsSecurity, Reliability, Application Compatibility, Device Compatibility, Performance, Power Management
Windows 7 and Windows Server 2008 R2 Key Scenario Benefits Features
Enhance User Productivity
Provide Faster, More Scalable and Efficient Access to Network Resources
Provide users with seamless access to applications and data from anywhere, hence increasing their productivity
Provide users a rich desktop experience from unmanaged or thin clients
Receive Window Auto-tuning SMB 2.0 IPv6
DirectAccessBranchCache™
VDI enhancements
Protect Sensitive Data
Enable policy-based network security by allowing only healthy PCs from accessing network resources
Network Access ProtectionServer and Domain Isolation
Reduce Costs with Enhanced Manageability
Update and manage mobile PCs even when not on the corporate the network
Publish server-based applications directly to users’ desktops
Centrally Aggregate Important Client and Server Events to Help Desk
DirectAccess
Remote Desktop Services (RDS)Event Forwarding
Combined Value to Deliver the Optimized Desktop
Enhancing User Productivity
Faster, More Scalable and Efficient Access to Network Resources
IPv6All Services Within Windows Vista are IPv6-enabledSeamless Cost-Optimized Transitional Approach
Receive-Side Auto-tuningAutomatically senses network environment and adjusts important performance settingsAllows increase of the size of the TCP/IP send/receive window
SMB 2.0 protocol improvementsNumber of open files and shares on the serverPacket compounding reduces “chattiness”Message signing settings have been improvedClient-side encryption is supportedDurable handles are supported
Challenging for IT to manage, update, patch mobile PCs while disconnected from company networkDifficult for users to access corporate resources from outside the office
Corporate network boundary includes managed assets no matter where they are on the InternetEasy to service mobile PCs and distribute updates and policesNew network paradigm increases mobile user productivity by providing same experience inside & outsidethe office
Situation TodayRemote Access for Mobile Workers
HomeOffice Home Office
DirectAccess
Microsoft Confidential.
DirectAccess Components
Runs on Windows 7Domain-joinedInitial configuration done on Corpnet or over VPN
Runs on Windows Server 2008 R2Sits on network edgeSingle box by defaultServices can be split up for scalability
Server Client
Microsoft Confidential.
IT Pro Benefits
DirectAccess Benefits
Improved manageability of remote users
IT simplification and cost reduction
Consistent security for all access scenarios
Seamless & secure access to corporate resources
Consistent connectivity experience in / out office
Combined with other Windows 7 features enhances the end to end IW experience
End User Benefits
IPv6 Devices IPv4 Devices
DirectAccessServer
Windows 7 Client
Native IPv6 with IPSec
IPv6 Transition Services
Supports variety of remote network protocols
DirectAccess
DirectAccess provides transparent, secured
access to intranet resources without a
VPN
Allows desktop management of
DirectAccess clients
Allows IPSec encryption and authentication
Supports direct connectivity to IPv6-
based intranet resources
Support IPv4 via 6to4 transition
services or NAT-PTIT desktop manageme
nt
AD Group Policy, NAP,
software updates
Internet
Branch Office Enhancements
Caches content downloaded from file and Web serversUsers in the branch can quickly open files stored in the cacheFrees up network bandwidth for other uses
Application and data access over WAN is slow in branch officesSlow connections hurt user productivity Improving network performance is expensive and difficult to implement
BranchCache™Situation Today
Microsoft Confidential.
IT Pro Benefits
BranchCache Benefits
Helps reduce WAN utilization and cost
Data encryption is enforced across the network
Simple to deploy
Less waiting for downloads = more productivity
Combined with other Windows 7 features enhances the end to end IW experience
End User Benefits
1.First client downloads data from main office server
Improving Branch PerformanceDistributed Mode
Main Office
Client 1
Client 2
2.Second client downloads identifiers from main office server
3.Second client searches local network for data and downloads from first client
Branch Office
1.First client downloads data from main office server
Client 1
Client 2
Branch Office
Improving Branch PerformanceHosted Caching
2.Content pushed to hosted cache from first client
3.Second client downloads identifiers from main office server
4.Second client downloads from hosted cache
Main Office
Microsoft Confidential.
Aero Glass for Remote Desktop ServerUses have the same new Windows 7 look and feel when using Remote Desktop Server
RemoteApp & Desktop ConnectionsRemoteApp & Desktops icons integrated into start menu etcIcons refreshed & updated automatically
Multimedia Support & Audio InputExperience rich multimedia redirection Use VoIP applications and speech recognition.
True multiple monitor supportUse up to 10 monitors of any size or layout with RemoteApp and DesktopsApplications behave like users expect – e.g. PowerPoint installing them locally
RemoteApp™ Language Bar SupportConfigure applications that use alternate language settings (e.g. right to left languages) from the local language
Full Fidelity RemoteApp & Desktops
Protect Sensitive Data
Network Access Protection
Unprotected Network Taps Within An Organization’s BuildingsAdministrators Have Limited Control About Health Of Systems Joining NetworkResult: Hardware/Network Upgrades And Increased Operational Costs, Reduced Productivity
Today’s Challenges
Solution – End-to-End, Authenticated, Tamper-resistant Communication
Improved Isolation Using IPsecNetwork Access Protection Across IPsec, 802.1X, DHCP, VPNIncreased Manageability
Microsoft Confidential.
1
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient
2
2DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
3
3Network Policy Server (NPS) validates against IT-defined health policy
4
If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4)
Not policy compliant
5If policy compliant, client is granted full access to corporate network
Policy compliant
NPSDHCP, VPNSwitch/Router
4
Policy Serverssuch as: Patch, AV
Corporate Network5
Client requests access to network and presents current health state
Policy-based Dynamic Segmentation
Untrusted
Unmanaged/Rogue Computer
Domain Isolation
Active Directory Domain Controller
X
Server Isolation
Servers with Sensitive DataHR Workstation
Managed Compute
r
X
Managed Compute
r
Trusted Resource Server
Corporate Network
Define the logical isolation boundariesDistribute policies and credentialsManaged computers can communicateBlock inbound connections from untrustedEnable tiered-access to sensitive resources
Business and Technical Benefits
Extend the value of existing investmentsNo additional hardware or software requiredGet more value from Active Directory and Group PolicyComplements existing 3rd network security solutions
Safeguard sensitive data and intellectual property
Authenticated, end-to-end network communicationsScalable, tiered access to trusted networked resourcesProtect the confidentiality and integrity of data
Reduce the risk of network security threatsAn additional layer of defense-in-depthReduced attack surface areaIncreased manageability and more healthy clients
Enhanced Manageability
Microsoft Confidential.
Manageability Beyond The Office
Enables “always-on” management of remote machines to support a fully-manageable environment
Scenarios include:Group Policy UpdatesFolder Redirection/Client-side CachingSoftware/Update Distribution
DirectAccess
Event SubscriptionsProactive management of key issues
Pull/Forward events to/from multiple machines and search/collateDoes not require loading entire log from remote machine
Microsoft Confidential.
Improved Management ToolsetReduce repetitive task with RDS Powershell support, improved application install, connection broker install & profile management
RDS and VDI – An Integrated SolutionSingle broker to connect users to sessions or virtual machines, out of the box solution for VDI scenarios with Hyper-V
RemoteApp & Desktop ConnectionsCentrally hosted applications integrated into Start Menu, desktop, etc. Can personalize a non-work PC with work applications without installing them locally
Platform InvestmentsMultiple levels of extensibility for custom partner solutions for Remote Desktop Services & VDI based solutions
Remote Desktop Services Manageability
Questions and Answers
© 2009 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.