Defense Communications as a Scarce Resource

Sandeep K. Singhal, Ph.DDirector, Windows Networking

Microsoft Corporation

Agenda

• Trends in enterprise networking• Windows networking vision and roadmap• Windows Vista and Windows Server 2008:

Features at a glance• Collaboration with MoD• Looking into the future• Summary

Trends in Enterprise Networking

Trends in Enterprise Networking

Trends in Enterprise Networking

Trends in Enterprise Networking

Windows Networking Vision: Secure Seamless Network

IPsec Isolation

Elements of a Secure, Seamless Network

• End to end connectivity over the Internet using IPv6• All communications authenticated using end to end IPsec

– Connection-by-connection – Access controlled by identity

• Trust boundaries defined by policy instead of topology – Traffic management at the edges

• Network access protection (NAP) systems keeps systems healthy and protected from unhealthy systems

• Existing applications just work

Policy-based secure access to resources from anywhere

Windows Networking Roadmap

Windows Vista and Windows Server 2008: Networking Features At A Glance

Trend Problem Vista/WS08 Impact

Server consolidation and growth of data centers

Slow data replication between data centers despite high speed connectivity

Compound TCP enables data transfers at multi-gigabit speeds

200% increase in replication speed between Microsoft Redmond and Bay Area data centers

Increasing network load limiting server scalability

Built-in hardware offload and CPU load balancing for network traffic

50% increase in web requests/sec on same hardware (as measured by webbench)

Windows Vista and Windows Server 2008: Networking Features At A Glance

Trend Problem Vista/WS08 Impact

Remote andMobile workforce

High latency limits network performance in branch offices

Automatic tuning to optimize for WAN links

• File copy speed from US to Microsoft Australia increased by 1000%

• DCE* testing showed 200% improvement over 2Mbps satellite links

Network losses limit throughput on WLAN, WWAN

Loss detection and automatic recovery

• Loss recovery time reduced by 40% over satellite links in DCE testing

Mobile PCs expose enterprise networks to viruses as they roam between networks

Network access protection (NAP) solutions

• IT security compliance increased by 80% after deploying NAP on Microsoft network

*Defense Communications Efficiency: Joint project between Microsoft and UK MoD

Windows Vista and Windows Server 2008: Networking Features At A Glance

Trend Problem Vista/WS08 Impact

Remote andMobile workforce

Overlapping private addresses make remote management hard

Full IPv6 support enabled end to end connectivity

• IPv6 enabled throughout Microsoft by deploying only few new servers

Ad-hoc collaboration in war zones, conferences hard in absence of infrastructure setup

Windows Meeting Space allows sharing presentations, files, notes

• Windows Meeting Space widely used within Microsoft for ad-hoc collaboration

Hard to deploy quality of service solutions to manage expensive WAN resources

Policy based enterprise QoS (eQoS)

• eQoS deployed on Microsoft WAN links with existing router hardware to prefer certain app traffic

Windows Vista and Windows Server 2008: Networking Features At A Glance

Trend Problem Vista/WS08 Impact

Security Mobility and de-perimeterization increasing threat surface

Server and domain isolation (SDI) solutions enable policy based security solutions

Universidade de Vila Velha (UVV) deployed SDI to increase security and simplify management

Security policy management hard to deploy and manage

-Group policy based SDI deployment solution-IPsec management integrated with Windows Firewall

City of Sopporo, Japan deployed SDI with Nil cost for 12000 users across 870 different departments

Case Study:Defense Communication Efficiency

Case Study:Defense Communication Efficiency

•Engagement continuing beyond Windows Server 2008/Windows Vista

•Several areas identified such as IPv6, compression, QoS•Framework for managing IP: Facilitates free flow of ideas and testing results

Looking into the Future• Remote work

– Easy and reliable network access from anywhere– Better manageability of mobile PCs– Extend Intranet NAP and isolation to remote worker

• Branch offices– Further efficiency in fetching data over WAN links– Preserve end to end security solutions

• Security domains– Easier deployment– Easier management– Easier support

Summary

QUESTIONS

Sandeep K. Singhal, Ph.DDirector, Windows NetworkingSandeep.Singhal@microsoft.com+1 (425) 706-6570

Backup

LabGuest

Windows Networking Vision: Secure Seamless Networks

• Internet IS your network• Applications just work• All communications authenticated

– Connection-by-connection – Access controlled by identity

• Trust boundaries defined by policy instead of topology

– Traffic management at the edges– Network Immune Systems

IPsec isolationIPsec isolation