Windows 7 Networking
Clyde G. Johnson
Agenda Libraries Network power changes DNSSec Support and Multi-home firewall TCP and SMB 2 Direct Access BranchCache Network Access Protection Applocker Read-Only DFS
Libraries Aggregates data from multiple sources into
a single folder view default Libraries in Windows 7 are:
◦ Documents◦ Music:◦ Pictures:◦ Videos:
In explorer view, just go to your Libraries, right-click, then click on New - Library.
HomeGroup Easy way to share documents, music pics
videos and printers. Windows 7 only – no XP or Vista Wireless=yes One homegroup at a time. Domain-joined CAN join a homegroup
Network Power changes Smart Network Power
◦ turns off the power to your Ethernet jack when there is no cable connected
Wake on LAN for wireless◦ bring the well-known? wired Ethernet feature to
wireless networks.
Multi-Home Firewall Profiles◦ Each connection can have it’s own profile
DNSSEC Support◦ Ability to indicate knowledge of DNSSEC in
queries.◦ Ability to process the DNSKEY, RRSIG, NSEC, and
DS resource records.◦ Ability to check whether the DNS server with
which it communicated has performed validation on the client’s behalf.
TCP Receive Window Size
Default TCP windows size of 64KB ◦ NO AUTO TUNING◦ Severely limits round trip times◦ Sender transmits are limited to advertised receive window size◦ Window size backs off by 50% with packet loss
Windows size increased slightly with every ACK Manual tuning of receive window size does not offer ideal
results
Windows XP & Windows Server 2003
Auto-tune enabled by defaultMax receive window determined by:
Application consumption capacityNetwork capacity and conditions
Windows Vista/Win7 and Windows Server 2008 and R2
Redesigned TCP/IP Stack
Dual-IP layer architecture for native IPv4 and IPv6 support Seamless security through expanded IPsec integration Improved performance via hardware acceleration Network auto-tuning and optimization algorithms Greater extensibility and reliability through rich APIs
Window
s Filtering
Platform API
IPv4
802.3
WSK
WSK Clients TDI Clients
NDIS
WLAN Loop-back
IPv4 Tunnel
IPv6 Tunnel
IPv6
RAWUDPTCPNext Generation TCP/IP Stack (tcpip.sys)
AFDTDXTDI
Winsock User ModeKernel Mode
Server Message Block 2.0
Multiple command in a single packet◦ Reduced wait time and connection overhead
Much larger buffer size◦ Network stack is no longer the bottleneck◦ Application & disk are now the bottleneck
Parallel Write, Parallel Response Durable handles allow recover from brief
network disruptions Symlink support
Direct Access Experience of being seamlessly connected to their corporate network any
time they have Internet access Computer is joined to the network, Group policy applies. Uses IPv6-over-IPv4 tunnel if no IPV6 connection available. Sends only corporate traffic, web traffic stays local. Authentication. DirectAccess authenticates the computer Access Control. IT professionals can configure which intranet resources
different users can access using DirectAccess, granting DirectAccess users unlimited access to the intranet or only allowing them to use specific applications and access specific servers or subnets.
DC/DNS DirectAccessServer
Bi-directional Connection
Using IPSec and IPv6
App Servers
IISFile Server
Group PolicyManagement
Install BranchCache™ feature on an R2 server
Group Policy to enable clients
HostedCache
Optionally, install a hosted cache in your branch
Branch Cache
Hosted Cache Centralized cache of data downloaded by the
branch◦ A centralized cache for
Protocols: HTTP, SMB E2E encrypted/signed traffic: SSL, IPsec, SMB signing etc
◦ Does not “modify” protocols; benefits from protocol optimizations
◦ Configurable size/location/persisted across reboots/flush-able
◦ Works across multiple subnets◦ Admins can seed content by writing custom scripts◦ Can be a virtual workload in an appliance
Easy to deploy; clients are configured via policy
Network Access Protection Health Policy validation and remediation Reduces risk of Unauthorized systems on the
network Helps keep mobile and/or Desktop devices in
compliance
DHCP, VPNSwitch/Router
Remediation
ServersExample: Update
WindowsClient
Policy complia
ntVPN
Switch/Router
Policy Serverssuch as: Update, AV
Corporate Network
Not policy
compliant
RestrictedNetwork
NPS Server
Applocker Eliminate unknown or unwelcome
applications on your network Enforce application standardization within
your org Easily create and manage rules using Group
Policy Only works on ultimate and enterprise –
NOT pro
Applocker Simple Rule Structure: Allow, Exception &
Deny Publisher Rules
◦ Product Publisher, Name, Filename & Version Multiple Policies
◦ Executables, installers, scripts & DLLs Rule creation tools & wizard
◦ Including PowerShell cmdlets Audit only mode
16
IntroducingPublication data that should never be changed at branch locationsAny open or create requesting WRITE access will be failed by a new filter driverIn case the filter is not running, other Win7 Replication Group members will refuse updates from a read-only replication partner
ReadOnly DFS Replica
New in Win7 and WS08R2
Learn more about Windows 7
The New Efficiency Virtual Launch Experience www.thenewefficiency.com Windows 7 Springboard www.microsoft.com/springboard Windows 7 Webcasts and Podcasts
http://go.microsoft.com/?linkid=9681312 Training Offers—Exclusive for Launch Attendees Windows Team Blog www.windowsteamblog.com Talking About Windowswww.talkingaboutwindows.com Windows Client Forumshttp://go.microsoft.com/?linkid=9681314.5 Dan’s Bloghttp://blogs.technet.com/danstolts Windows Server User Group http://www.windowsboston.org
DNSSEC◦ http://technet.microsoft.com/en-us/library/dd378952(WS.10).aspx
Deploying DNS Security Extensions (DNSSEC) ◦ http://technet.microsoft.com/en-us/library/ee649268(WS.10).aspx
Power management for network devices◦ http://technet.microsoft.com/en-us/library/ee617165(WS.10).aspx
HomeGroup◦ http://technet.microsoft.com/en-us/library/ee449421(WS.10).aspx
BranchCache◦ http://www.branchcache.com ◦ http://technet.microsoft.com/en-us/network/dd425028.aspx