1 / 36

Enhancing the Branch Office Experience with Windows Server 2008 R2

Enhancing the Branch Office Experience with Windows Server 2008 R2. John Savill Solutions Architect EMC Session Code: WSV403 . Who am I?. Technical Evangelist for EMC Consulting Ten Time Microsoft MVP Author of the Windows FAQ Written numerous books

nora
Download Presentation

Enhancing the Branch Office Experience with Windows Server 2008 R2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enhancing the Branch Office Experience with Windows Server 2008 R2 John Savill Solutions Architect EMC Session Code: WSV403

  2. Who am I? • Technical Evangelist for EMC Consulting • Ten Time Microsoft MVP • Author of the Windows FAQ • Written numerous books • Latest book available“Complete Guide to WindowsServer 2008” • Speaker at Tech Ed 2006-2009

  3. Agenda • Challenges with a branch office • Overview of security solutions used with Windows 2008 • Virtualization in branch offices • Enhancing User Experience and Productivity • Branch Access • Read-only Distributed File System Replicas

  4. Branch Office Challenge Focus for Windows 2008 • Offices often require local servers for both performance and resiliency to unavailable links • A local domain controller is one of the common services provided which contains a complete copy of the entire organizations domain • Remote offices rarely have dedicated server infrastructure areas that are secured nor local support personnel to manage the systems • Remote office hardware is susceptible to compromise • A way is needed to protect the data on branch office servers, lower maintenance overhead and counteract risk

  5. Protected Branch Office Server BitLocker Server Core RODC

  6. 2008 R2 Improvements for Security • Server Core had limitations in Windows Server 2008 • We had no virtualization “in-box” for Windows 2008 that was RTM • BitLocker only worked for internal fixed drives • Management had limitations • So where are we now?

  7. Server Core Enhancements • Subset of .NET 2.0, 3.0 and 3.5 Framework now available • Enables more role services such as ASP.Net with IIS • Enables PowerShell scripting • Active Directory Certificate Services and File Server Resource Manager available • WoW64 optionally installable for 32bit application support

  8. Management Changes • Remotable Server Manager • Enhancements in PowerShell (2.0) which combined with WS-Mgmt gives us fan-out capability • Best Practice wizards • New version of the Remote Server Administration Tools will be available for Windows 7 to manager 2008 R2

  9. BitLocker to Go • Allows USB storage devices to be protected with BitLocker • Policy can be used to control complexity and length of passphrase required to unlock drive • Possible to configure USB device to auto unlock on specific servers through passphrase caching however this is risky if server is compromised

  10. demo Server Core and Manageability

  11. Hyper-V 2008 R2 • Hyper-V is now included in-box • Includes a number of new capabilities including: • Support for 32 logical processors • Hot add/remove of VHD and pass-through disks on SCSI controller (not IDE) • Second Level Address Translation (SLAT) • Live Migration and Cluster Shared Volumes • Dynamic memory did not make this release

  12. Boot from VHD • Can now boot a Windows 7 or Windows 2008 R2 OS from a VHD file • Best performance use static VHD file however dynamic VHD supported • Few extra steps during the OS install process to create and mount the VHD file to allow installation • Shift-F10 to open command window • Create, Select and Attach vdisk • Partition

  13. Virtualization in the Branch Office • Server hardware is often limited in branch offices • Multiple roles are run under a single OS instance which is generally not optimal • With virtualization we can run the various roles in separate virtualized OS instances • We still use BitLocker on the host OS to protect the drives containing the VHD files • Can now also protect USB storage devices

  14. 2008 R2 Branch Office Server BitLocker Server Core RODC

  15. Improving the End User Experience • All of the previous focus was around securing the branch office • What about the actual users and their ability to work • Most branch locations have slow, high latency links • Users consume different types of data • Data is typically stored in hub locations for easier management and central backup

  16. Branch Cache • Most branches have poor or high latency connections • Users download same information from hub locations multiple times • Branch cache works in a peer-to-peer or hosted server model to cache information over HTTP (including SharePoint) and SMB • Branch computers can then retrieve information from a peer or the hosted server • Works using a hash value for each file so data has to be stored on a 2008 R2 server

  17. Branch Cache in ActionPeer to peer Cache ? Hash

  18. Branch Cache in ActionHosted cache Cache ? Hash

  19. Branch Cache Requirements • For peer to peer (distributed caching) clients must be in the same subnet • Hosted cache does not require same subnet • 1 Hosted cache per branch • Windows 7 and Windows 2008 R2 Only • Both solutions require connectivity to the original server • If you want resiliency against connectivity failure you should look at DFSR instead

  20. So What Exactly is Cached and When? • Any file that has a hash is cached on the client • When cache is full the least recently accessed item is removed to make room • Only files over 64KB cached • Designed for slow changing files • Hashing is configured on a per-share level on the server • For web content a script is used to create hashes for files and not done automatically • Does not care about transport (supports IPSEC, HTTPS etc)

  21. Branch Cache Storage • Cache files are stored in chunks under the Network Service profile • The cached chunks are not encrypted but protected by ACLs • Only the Network Service has access

  22. Monitoring and Controlling How Branch Cache is Used • Performance Counters • Group Policy and commands to enable distributed cache and to point to hosted cache • Group Policy control cache % use of drive • Entire cache can be cleared on client through PowerShell and netsh commands ??????

  23. demo Branch Cache in Action

  24. Distributed File System Replication • Branch Cache requires the network for users to obtain file hash values • If access to information is required without network connectivity Branch Cache does not work • Distributed File System Replication is a good solution using delta based replication • Available as part of 2003 R2 and above • DFSR only replicates closed files • In a multi-writer situation last writer wins (no check-in/check-out, this is SharePoint functionality)

  25. Traditional DFSR Documents Legal Presentations Documents Legal Presentations Sales Sales DFSR Replica DFSR Replica DFSR Replica DFSR Replica Documents Legal Presentations Documents Legal Presentations Sales Sales

  26. Read-Only DFSR Replica Documents Legal Presentations Documents Legal Presentations Sales Sales DFSR Replica R-DFSR Replica R-DFSR Replica R-DFSR Replica Documents Legal Presentations Documents Legal Presentations ACCESS DENIED Sales PHEW! Sales

  27. Making a Read-Only Replica • Must have 2008 RTM schema extensions • Only one check box different • During wizard to create replication group on a non-authoritative server check the read-only box • This is per folder on the server • Can switch between being read-write and read-only with a click

  28. Read-Only DFSR Usage • Must have Windows 2008 R2 at the branch only • Other replication partners can be Windows 2008 or Windows 2008 R2 • R/O Replica can only replicate from a R/W Replica, R/O Replica cannot replicate from another R/O Replica • Must use 2008 R2 DFS Management MMC snap-in • End-user experience is to simply have read-only access. Acts like read-only media • User will get File Access Denied if they try and write • If users need to write then they would need to access a writable replica directly via SMB UNC path

  29. Branch Cache vs. Read-Only DFSR • So both technologies deal with publication type data • For personal data you should be looking at folder re-direction with client side caching • For collaboration type data we should be looking at SharePoint • If you need data accessed without network connection you need Read-only DFSR • If want to save bandwidth but not provide link resiliency Branch Cache is good solution • Use Hosted cache over distributed cache if have server at branch • Branch Cache requires Windows 7 clients

  30. Summary • Windows 2008 was great for securing branch office locations • Windows 2008 R2 builds on this secure foundation and adds a great branch office user experience through various technologies • Some of the major feature wins require Windows 7

  31. question & answer

  32. Windows Server Resources Make sure you pick up your copy of Windows Server 2008 R2 RC from the Materials Distribution Counter Learn More about Windows Server 2008 R2: www.microsoft.com/WindowsServer2008R2 Technical Learning Center (Orange Section): Highlighting Windows Server 2008 and R2 technologies Over 15 booths and experts from Microsoft and our partners

  33. Resources • www.microsoft.com/teched Sessions On-Demand & Community • www.microsoft.com/learning • Microsoft Certification & Training Resources • http://microsoft.com/technet • Resources for IT Professionals • http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources

  34. Complete an evaluation on CommNet and enter to win!

  35. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related