180 likes | 334 Views
Windows 7 Networking. Clyde G. Johnson. Agenda. Libraries Network power changes DNSSec Support and Multi-home firewall TCP and SMB 2 Direct Access BranchCache Network Access Protection Applocker Read-Only DFS. Libraries. Aggregates data from multiple sources into a single folder view
E N D
Windows 7 Networking Clyde G. Johnson
Agenda • Libraries • Network power changes • DNSSec Support and Multi-home firewall • TCP and SMB 2 • Direct Access • BranchCache • Network Access Protection • Applocker • Read-Only DFS
Libraries • Aggregates data from multiple sources into a single folder view • default Libraries in Windows 7 are: • Documents • Music: • Pictures: • Videos: • In explorer view, just go to your Libraries, right-click, then click on New - Library.
HomeGroup • Easy way to share documents, music pics videos and printers. • Windows 7 only – no XP or Vista • Wireless=yes • One homegroup at a time. • Domain-joined CAN join a homegroup
Network Power changes • Smart Network Power • turns off the power to your Ethernet jack when there is no cable connected • Wake on LAN for wireless • bring the well-known? wired Ethernet feature to wireless networks.
Multi-Home Firewall Profiles • Each connection can have it’s own profile • DNSSEC Support • Ability to indicate knowledge of DNSSEC in queries. • Ability to process the DNSKEY, RRSIG, NSEC, and DS resource records. • Ability to check whether the DNS server with which it communicated has performed validation on the client’s behalf.
TCP Receive Window Size Windows XP & Windows Server 2003 • Default TCP windows size of 64KB • NO AUTO TUNING • Severely limits round trip times • Sender transmits are limited to advertised receive window size • Window size backs off by 50% with packet loss • Windows size increased slightly with every ACK • Manual tuning of receive window size does not offer ideal results Windows Vista/Win7 and Windows Server 2008 and R2 • Auto-tune enabled by default • Max receive window determined by: • Application consumption capacity • Network capacity and conditions
Redesigned TCP/IP Stack Dual-IP layer architecture for native IPv4 and IPv6 support Seamless security through expanded IPsec integration Improved performance via hardware acceleration Network auto-tuning and optimization algorithms Greater extensibility and reliability through rich APIs Winsock User Mode Kernel Mode AFD TDI Clients WSK Clients TDI WSK TDX Next Generation TCP/IP Stack (tcpip.sys) RAW TCP UDP Windows Filtering Platform API IPv6 IPv4 802.3 WLAN Loop-back IPv4 Tunnel IPv6 Tunnel NDIS
Server Message Block 2.0 • Multiple command in a single packet • Reduced wait time and connection overhead • Much larger buffer size • Network stack is no longer the bottleneck • Application & disk are now the bottleneck • Parallel Write, Parallel Response • Durable handles allow recover from brief network disruptions • Symlink support
Direct Access • Experience of being seamlessly connected to their corporate network any time they have Internet access • Computer is joined to the network, Group policy applies. • Uses IPv6-over-IPv4 tunnel if no IPV6 connection available. • Sends only corporate traffic, web traffic stays local. • Authentication. DirectAccess authenticates the computer • Access Control. IT professionals can configure which intranet resources different users can access using DirectAccess, granting DirectAccess users unlimited access to the intranet or only allowing them to use specific applications and access specific servers or subnets. DC/DNS App Servers DirectAccess Server Bi-directional Connection Using IPSec and IPv6
Branch Cache Group Policy to enable clients Branch Office BranchOffice Install BranchCache™ feature on an R2 server Hosted Cache Branch Office IIS • Optionally, install a hosted cache in your branch File Server Group Policy Management Main Office
Hosted Cache • Centralized cache of data downloaded by the branch • A centralized cache for • Protocols: HTTP, SMB • E2E encrypted/signed traffic: SSL, IPsec, SMB signing etc • Does not “modify” protocols; benefits from protocol optimizations • Configurable size/location/persisted across reboots/flush-able • Works across multiple subnets • Admins can seed content by writing custom scripts • Can be a virtual workload in an appliance • Easy to deploy; clients are configured via policy
Remediation Servers Example: Update Corporate Network Network Access Protection Policy Servers such as: Update, AV • Health Policy validation and remediation • Reduces risk of Unauthorized systems on the network • Helps keep mobile and/or Desktop devices in compliance Restricted Network Not policy compliant DHCP, VPN Switch/Router NPS Server Policy compliant VPN Switch/Router Windows Client
Applocker • Eliminate unknown or unwelcome applications on your network • Enforce application standardization within your org • Easily create and manage rules using Group Policy • Only works on ultimate and enterprise – NOT pro
Applocker • Simple Rule Structure: Allow, Exception & Deny • Publisher Rules • Product Publisher, Name, Filename & Version • Multiple Policies • Executables, installers, scripts & DLLs • Rule creation tools & wizard • Including PowerShell cmdlets • Audit only mode
New in Win7 and WS08R2 Introducing ReadOnly DFS Replica Publication data that should never be changed at branch locations Any open or create requesting WRITE access will be failed by a new filter driver In case the filter is not running, other Win7 Replication Group members will refuse updates from a read-only replication partner
Learn more about Windows 7 • The New Efficiency Virtual Launch Experience www.thenewefficiency.com • Windows 7 Springboard www.microsoft.com/springboard • Windows 7 Webcasts and Podcasts http://go.microsoft.com/?linkid=9681312 • Training Offers—Exclusive for Launch Attendees • Windows Team Blog www.windowsteamblog.com • Talking About Windowswww.talkingaboutwindows.com • Windows Client Forumshttp://go.microsoft.com/?linkid=9681314.5 • Dan’s Bloghttp://blogs.technet.com/danstolts • Windows Server User Group http://www.windowsboston.org
DNSSEC • http://technet.microsoft.com/en-us/library/dd378952(WS.10).aspx • Deploying DNS Security Extensions (DNSSEC) • http://technet.microsoft.com/en-us/library/ee649268(WS.10).aspx • Power management for network devices • http://technet.microsoft.com/en-us/library/ee617165(WS.10).aspx • HomeGroup • http://technet.microsoft.com/en-us/library/ee449421(WS.10).aspx • BranchCache • http://www.branchcache.com • http://technet.microsoft.com/en-us/network/dd425028.aspx