Windows 2000 Ian Blyth Senior System Engineer Microsoft Ltd
Agenda u u Overview Active Directory Interoperability with Unix and DNS Security
Windows 2000 Professional u u Mainstream business desktop Full featured: Ø Ø Ø Ø u Easiest Windows Yet ! Industrial Strength Reliability Standards-based Security State-of-the-art mobile support Plug and Play, USB, IR, Hot Docking Higher performance Increased Manageability Lowest TCO Desktop System
Windows 2000 Server u u Mainstream Business Server Full featured: Ø Ø Ø u Active Directory Windows Management Tools Kerberos and PKI Security Windows Terminal Support COM+ Enhanced Internet Services Up to 4 -way SMP
Windows 2000 Advanced Server u u Powerful Mid-range Solution Full featured: Ø Ø Ø u u Windows 2000 Server Features TCP/IP Load Balancing Enhanced MSCS Clustering Up to 8 GB Main Memory Up to 8 -way SMP
Windows 2000 Datacenter Server u u Highest Performance Full Featured: Ø Ø u Optimized for: Ø Ø u All Windows 2000 Advanced Server Features Up to 16 -way SMP Up to 64 GB Main Memory 4 node clustering OLTP, Data Warehousing Technical Computing and Modeling Tested for the Data Center
Active Directory and Security Active Directory Windows 2000 Server
What is Active Directory? u Active Directory is an integral part of Windows 2000 Server that delivers essential network operating system services: Ø Focal point for management of network elements (users, applications, devices, etc. ) Ø Trusted repository of security data for authentication and authorization Ø Open platform for application development and integration with other systems
Start with the data store u u u Evolved from Exchange DS Indexed storage technology Supports well over 1 Million objects (tested with much more!) Data Store
Add An Object Model u u u Native LDAP support Extensible schema Integrated security Data Store
Replicate for availability u Highly optimized replication Ø Ø Ø Multi-master Per attribute Loosely consistent
Add more domains u Link domains into trees Ø u u Kerberos transitive trusts Or into forests Fast lookup via Global Catalog Service msn. com microsoft. com
Global Data Availability Windows 2000 Forest acme. com asia. acme. com u europe. acme. com xyx. com = Global Catalog Replica Active Directory Catalogs Ø Are replicated within a forest Ø Uses same replication and storage mechanisms as domain replicas Ø Each catalog holds selectable attributes from all objects in the forest Ø Enables efficient cross-domain data sharing
Combining DNS and LDAP Domain Name System Server xyz. com 192. 23. 14. 5 rose. com 194. 49. 94. 2 tulip. com 10. 91. 77. 6 . . . LDAP Server . . . 1) Find xyz. com AD Client 2) Access directory data 192. 23. 14. 5
Hook to the Internet u Takes advantage Internet naming Ø Ø DNS = namespace root Global namespace = DNS + LDAP DNS com microsoft students Domain: microsoft. com bizpart Windows NT Domain: bizpart. com dsys Vera Kark Margret. J sarahj thorj CN=Sarahj, OU=dsys, OU=Windows NT, DC=microsoft, DC=com
Available Replication Topologies u u u Intra-Site Replication: AD replication between DCs within a Site Intersite Replication: AD replication between Sites Site is an area of fast connectivity
Example Domains and Sites ROOT Site London CHILD ROOT-DC 1 ROOT-DC 2 CHILD-DC 1 ROOT-DC 3 Site Aberdeen Site Manchester
Predictability Of Intra-Site Replication Bytes 25, 000 Users 20, 000 Global Groups Universal Groups Volumes 15, 000 10, 000 5, 000 0 0 2000 4000 # of Objects 6000
Replication Bytes Intra-Site And Inter-Site Replication Bytes Comparison 4, 500, 000 4, 000 3, 500, 000 3, 000 2, 500, 000 2, 000 1, 500, 000 1, 000 500, 000 0 Users (Inter. Site) Users (Intra. Site) 0 500 # of Objects 1000
Simplifies Management Delegate Management Tasks to Office Admins Users Marketing Root Machines Personnel Devices Applications Color Printer in Building 6 Give ‘Personnel’ Members the HR Application u Active Directory organizes users and network resources hierarchically to simplify management
Strengthens Security Kerberos X. 509 Smart Card Users Marketing Root Machines Extranet Devices Applications Restrict Access Rights of Extranet Users PKI Certificates u Active Directory provides Internet-ready security services to protect data while facilitating access
Extends Interoperability Application: Exchange mailbox information Users Finance Root Machines Policy: Give Personnel access to ‘Change Salary’ Menu Options Devices Applications Personnel Policy: Give Finance more bandwidth at the end of the month u Active Directory provides a platform for integrating and extending systems through open interfaces, connectors and synchronization mechanisms
Directory Enabled Apps u Infrastructure by Active Directory Ø Ø Ø Extend schema and UI Program via ADSI/ADO Publish service binding information Configure via Group Policy Just In Time application download Change notification
Windows 2000 Active Directory Windows Users • Account info • Privileges • Profiles • Policy Other Directories • White pages • E-Commerce Windows Servers • Mgmt profile • Network info • Services • Printers • File shares • Policy Network Devices • Configuration • Qo. S policy • Security policy Active A Focal Point for: Directory • Manageability • Security • Interoperability Other NOS • User registry • Security • Policy E-Mail Servers • Mailbox info • Address book u Windows Clients • Mgmt profile • Network info • Policy Applications • Server config • Single Sign-On • App-specific directory info • Policy Internet Firewall Services • Configuration • Security Policy • VPN policy Active Directory provides a focal point for management, security and interoperability
Windows 2000 Interoperability
Microsoft’s Interoperability Strategy n Make the Windows Platform work well with existing systems n Simplify access to data and applications on existing systems n Develop solutions based on standards Management Applications Data Network
Why Microsoft Cares About Interoperability u u u Customers have told us that they will continue to have mixed environments Significant investment in existing data & applications Interoperability is a key requirement
Designed to Integrate With Existing Systems u Built on latest internet standards Ø u Existing Applications Ø u LDAP, TCP/IP, DHCP & DNS, SSL, HTTP, DEN Full support for Microsoft Exchange Server, Microsoft SQL Server, Back. Office Logo’d apps Existing Operating Systems Ø Ø Ø Windows NT 3. 5 x and 4. 0 Down-level client support for Win 3. x, Win 9 x Apple Macintosh and Apple. Talk Net. Ware: NDS synchronization; Print/file services UNIX: NFS services, telnet, scripting and security S/390 and OS/400: Transaction & Queuing gateway
Terminal Services (Thin Client) u Fully integrated with Windows 2000 Server Family (add/remove service) u Two operating modes Ø Remote Administration Ø Application Serving u Launch and application or desktop u Leverages Multilingual server capability u RDP feature and performance enhancements u Remote Control
Customer Interoperability Requests u u Leverage Existing Network Resources Leverage Existing UNIX Knowledge Simplify Network Administration Simplify Account Management
u Microsoft Windows Services for UNIX 2. 0 Leverage Existing Network Resources Ø u Leverage Existing UNIX Knowledge Ø u Korn Shell, UNIX Utilities Simplify Network Administration Ø u NFS Client, Server, Gateway Telnet Client, Server, PERL, Windows Technology Simplify Account Management Ø NIS Migration Wizard, Server, Password Synch
Leverage Existing Network Resources Management Windows Clients UNIX Server Applications Windows NT Server Data Network UNIX Windows Services for UNIX Net. Ware Server UNIX clients
Leverage Existing UNIX Knowledge
Simplify Network Administration Management u Services Ø Ø Applications Ø for UNIX 2. 0 Telnet Client and Server Scripting – PERL and Shell Command line u Windows Data Ø Ø Ø Network UNIX Ø 2000 Windows Installer Windows Scripting Host Windows Management Instrumentation Microsoft Management Console
Simplify Account Management u Services Ø Ø Applications Ø for UNIX 2. 0 NIS Migration Wizard Server for NIS Password Synch u Windows Data Network UNIX Ø 2000 Active Directory u Supported Ø Ø V 1 – Solaris, HP-UX and DEC/Tru Unix V 2 – Linux, AIX and SGI Unix
Directories and the Internet DNS ? C 1. com C 2. com C 3. com C 4. com C 5. com C 6. com u Active Directory: Ø Uses DNS as the ‘top level’ locator service Ø Object names fully describe their location Ø Dynamic DNS
DNS And Active Directory u u u SRV Records to locate services (req’d. ) DDNS for Dynamic Update (desired) Windows® 2000 DNS also provides: Ø Ø Incremental Zone Transfer Active Directory Integrated Ø Single replication topology Ø Multi-master replication Ø Secure Dynamic update Tip: BIND 8. 1. 2 or higher is sufficient to use with AD
DNS Implementations u No existing DNS infrastructure Ø u u Deploy Microsoft DNS Existing DNS meets requirements Existing DNS not adequate: Ø Ø Ø Choice 1: Update Server Choice 2: Migrate to Microsoft DNS Choice 3: Delegate a subdomain to Microsoft DNS
Windows 2000 Security ®
Security Features u Kerberos v 5 (RFC 1510) u Smart Card u PPTP, L 2 TP and IPSec u PKI X. 509 u SSL 3. 0 u Security Configuration Manager u Auditing u 128 bit encryption u Radius support u Encrypted File System
Integrate Security with AD Account Management u OUs for delegation and policy Ø Ø Groups for access control Per property access setting DC=streetmarket, DC=com OU= Mftg OU= Users OU= Marketing Engineering OU= Printers OU= Groups Feel free to modify your telephone #
Integrate Security Public Key X. 509 u u u Integrated management Certificate services Certificate mapping Smart card logon Code signing Secure applications Reader Cert SC e ctiv A tory c Dire X. 509
Blending Intranets & Extranets Authorization Authentication Kerberos File System Windows 2000 Smart Card X. 509/PKI Active Directory u Certificates Active Directory: Ø Ø Supports Intranet & Extranet authentication One authorization model
Directory Services Active Directory is the Best Long-Term Directory Network Devices Servers u u Users u Scalable without complexity Standards-based Flexible security model Facilitates directory consolidation Broad Industry Support Ø Applications Clients Baan, Cisco, SAP AG
Скачать презентацию Windows 2000 Ian Blyth Senior System Engineer Microsoft
57c8cc94a527aa24f879c8cd2e91d34a.ppt