Scribd
Upload
204 views36 pages

W2K8 Remote Infrastructure PPT

Remote office server performs as a service cache that does not hold a unique state and does not require system backup. If the remote office server fails, it can be replaced, reprovisioned, or redeployed. Server roles are well-adapted for remote offices and varying roles can be deployed as one.

Uploaded by

api-27448143
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
204 views36 pages

W2K8 Remote Infrastructure PPT

Remote office server performs as a service cache that does not hold a unique state and does not require system backup. If the remote office server fails, it can be replaced, reprovisioned, or redeployed. Server roles are well-adapted for remote offices and varying roles can be deployed as one.

Uploaded by

api-27448143
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Clinic

Windows Server®
2008:
Remote Infrastructure
Clinic Outline

Remote Infrastructure Server


Deployment and Administration
Remote Infrastructure Security
Remote
Location
RODC
Corp
Spend Less Hardens the OS Quickly Respond
Time on and Protects to Changing
Everyday Tasks Your Business Needs
Environment
Enhanced Better Security Centralized
Scripting and and Application and
Task Compliance Remote Access
Automation Solutions
Network
Role Based Access Integrated
Installation Server
and Protection
Management Virtualization
Remote
Infrastructure
Server
Deployment and
Administration
Overview

Remote Infrastructure Integration


Strategies

Remote Infrastructure Framework


Core
Infrastructure
Optimization
Improved Server
Deployment
New Advanced
Management
Tools
Remote Infrastructure Integration
Strategies

Server Architecture
Distributed
Centralized
Converging

Infrastructure Topologies
Satellite
Accelerated
Autonomous
Remote Infrastructure Framework

Optional
Remote clients can fail over from the local
remote office server to another server (by
closest site selection) if local services become
unavailable. When services are restored, they
automatically fail back to a preferred server.
Disposable
The remote office server performs as a service
cache that does not hold a unique state and
does not require system backup. If the server
fails, there is no impact on remote office
functionality.
Replaceable
If the remote server fails, it can be replaced,
reprovisioned, or redeployed. Server roles are
well-adapted for remote offices and varying roles
can be deployed as one. The recovery of data is
automated.
Improved Server Deployment (Modular
Design)

Modular deployment of server roles,


including:
AD Domain Services
DNS Server
File Server
Print Server
Terminal Services
Improved Server Deployment (Server
Core)
Supported Server Benefits
Roles: Increased server
Active Directory stability
Domain Services Reduced
Active Directory management
Lightweight Reduced attack
Directory Services surface
DHCP Server Reduced software
DNS Server maintenance
File Server Reduced hardware
requirements
Print
Windows Media
Services Server
Core
Windows
Virtualization
Services
Improved Server Deployment (Windows
Server Virtualization)

64-bit Next Generation technology

Addresses the following challenges:


Server Consolidation
Development and Testing
Business Continuity/Disaster Recovery

Server Core as a host system


New Advanced Management Tools

Server Manager

[Link]

Windows PowerShell

Remote Management

Event Subscriptions

Task Scheduling based on Events


Technical Background

Domain Name System (DNS) Server Role


AD Domain Services User Interface
Improvements
Restartable AD Domain Services
AD Lightweight Domain Services Server
Role
AD Domain Services Backup and Recovery
File Service Improvements
• SMB 2.0
• DFS
• Print Management Improvements
• Networking Improvements
Domain Name System (DNS) Server Role

Background zone loading


Read-only domain controller support
Global Names zone
DNS client changes
Link-Local multicast name resolution
(LLMNR)
Domain controller location
AD Domain Services

New AD MMC Snap-In Features


• Find Command
• New Options for Unattended Installs
Restartable AD Domain Services (AD DS)

3 Possible
States:
AD DS
Started
AD DS
Stopped
Active
Directory
Restore Mode
AD Domain Services Backup and
Recovery

What’s New? Considerations


General
Requirements
File Services

Server Message Block (SMB) 2.0

DFS
Names Spaces
Replication
SYSVOL
SMB 2.0

Support for sending multiple


commands within the same packet
Larger buffer sizes
Greater scalability
Support for durable handles
Support for symbolic links

Reduces network traffic and provides


greater resiliency to network outages
DFS

DFS Namespaces
DFS Replication (DFSR)

Together they provide solutions for:


Data collection
Data Distribution
Sharing files across remote offices

DFS Management Tools


DFS Replication

Simplified process for replicating


discrete folders to the same set of
servers
• Multipurpose replication group
• Replication group for data collection
• Differential replication of changes
• Reduced bandwidth usage
• Efficient and scalable
• Flexible scheduling and bandwidth
throttling
• Supported in stand-alone and domain-
based namespaces and on individual
folders
DFS Replication (cont.)

Self-healing after USN journal wraps


and database corruption
Easy member recovery
Simple and flexible prestaging of new
servers
Delegation of management tasks
Built-in health metrics and diagnostics
events
Support for SYSVOL replication
Print Services

Print
Server
Role

Benefits

Requireme
nts
Next Generation TCP/IP Stack

Changes in PTMU
Receive Windows
Black Hole Router
Auto-Tuning
Detection
Compound TCP
Routing
Throughput Compartments
Optimization in
ESTATS Support
High-Loss
Environments Network
Diagnostics
Neighbor
Framework
Unreachability
Support
Detection
New Packet
Changes in Dead
Filtering Model
Gateway
with Windows
Detection
Filtering Platform
Implementation/Usage Scenarios

Improve security of remote office servers


Enable remote administration, reduce
administrative burden, and eliminate the
need for onsite administrators
Mitigate the limited bandwidth and high-
latency of WANs
Ensure fast service and continuity to
remote office employees
Recommendations

Deploy Windows Server 2008 Server Core


with RODC in the remote office
Implement DFS replication, especially for
SYSVOL
Use event subscriptions to centrally collect
events from remote office servers

Implement AD DS auditing

Maintain a critical-volume backup of


system files for recovery of AD DS only
Summary
The modular, distributed nature of AD DS allows you to
centralize and better control the management and
security of domain controllers located in the remote office.
Restartable AD mitigates the need for a remote
administrator.
A RODC is ideal for providing domain services in remote
offices where physical security cannot be guaranteed.
With Windows Server 2008, you can remotely backup and
restore data, including Active Directory Domain Services
using the new Windows Server Backup tool.
The DNS Server Role includes new changes which help to
mitigate low-bandwidth issues and support the new AD
Domain service features.
Improvements to SMB and DFS will assist you in better
managing file services for your remote offices.
Print Server improvements provide centralized printer
control to streamline remote administration of printers at
the remote office.
Terminal Services in Windows Server 2008 is enhanced to
improve security, reduce management overhead and
mitigate bandwidth issues.
The Next Generation TCP/IP Stack will help you meet the
connectivity and performance needs of today's remote
Remote
Infrastructure
Security
Overview

Read-Only Domain
Server
Controller (RODC) Core
Improved security - RODC

Faster logon
VPN
More efficient network
BDE
access

BitLocker Drive SSTP


Encryption (BDE)
Operating system and
data protection
C:\
Secure Socket
Tunneling Protocol
(SSTP) VPN
Transport-level security
Technical Background

Server
Read-Only Core
Domain - RODC
Controller
(RODC) VPN
Secure Socket
Tunneling
Protocol (SSTP) SSTP
VPN
Read-Only Domain Controller (RODC)

New Functionality
RODC
AD Database
Unidirectional Replication
Credential Caching
Password Replication Policy
Administrator Role Separation
Read-Only DNS

Requirements/Special Considerations
Secure Socket Tunneling Protocol (SSTP)
VPN
Uses HTTPS over Port 43 to pass traffic
through firewalls that might block PPTP
and L2TP
Flexible network configuration
Support for NAP
Support for IPv6
Better network utilization and load
balancing
Full integration with OS components and
RRAS
Configuration
Server: Windows Server 2008 with RRAS
and a Server Authentication Certificate
Client: Windows Vista or Windows Server
2008 with a copy of the Server certificate
installed
Implementation/Usage Scenarios

Maintain physical security of servers at


the remote office
Maintain physical security of data at
the remote office
Improve security on VPN connections to
remote offices at a lower cost
Recommendations

Deploy a Read-Only Domain Controller


at the remote office
Implement a Password Replication
Policy
Implement administrator role
separation
Implement BitLocker Drive Encryption;
do not require a PIN or USB device if
no local admin
Implement an SSTP VPN
Summary

Windows Server 2008 adds new technologies which


help to improve the security in remote office
environments
A RODC hosts a read-only replica of the database in
Active Directory Domain Services
BitLocker Drive Encryption provides data security on
lost or stolen PC devices and remotely located
servers
An SSTP VPN provides a mechanism to encapsulate
PPP traffice over the SSL channel or the HTTPS
protocol, improving security and reducing remote
access costs
Thank You

Dhivakar N
[Link]@[Link]

You might also like