Windows Networking from Windows Vista to Windows 7
Devrim A. Iyigun
Senior Product Manager
My first session about Windows 7. Man I am excited! Live blogging from Microsoft Tech-Ed EMEA 2008 in Barcelona. This first day I have been to the mandatory Keynote and a security seminar with Steve Riley. Now I am sitting behind Mark Minasi, one of the best computer book writers that I have been reading.
Networking with Windows Vista
Vista has been the most significant investment in networking since Windows 95, and has brought us easier connectivity, especially wireless reliability.
Just upgrading client PCs to Microsoft’ Vista
Information Worker’s World Has Been Changing
We have indication of people are buying more and more laptops, which means workers are becoming more and more mobile, and we are seeing more and more branch offices popping up.
IT Professional needs secure and flexible infrastructure for “work anywhere” and at the same time mobile and remote workers need fast and reliable access to information at the office.
Windows 7 Addressing Enterprise Needs
VPN Reconnect, DirectAccess and BranchCache are all SMB Enhancements that will reduce costs and provide a more green IT.
Situation today is that IT Professionals have problems patching machines when disconnected from company network. It is at the same time difficult for users to access corporate resources from outside the office. VPN is not trivial to use for endusers. With DirectAccess IT Professionals can reach machines as long as the machines have a network connection. It will be far more easy to service mobile PCs and patch them.
DirectAccess – Technical Details
IPSec / IPv6
You must able to monitor IPv6 network traffic in your network. Is it an intranet address or an internet address? If it is an internet address then your traffic will go through a split tunneling on a DirectAccess Server. This server sits in DMZ. The compliant clients are tunneling their data over IPv4 UDP, TLS, etc. to the DirectAccess Server.
IPSec is an requirement between clients on the Internet to the DirectAccess Server. You should assume the underlying network is always insecure.
Get ready step by step
Determine your strategy
- Be ready to monitor IPv6 traffic
- Choose an Access Model: Full Intranet Access vs. Selected Server Access?
- Assess deployment scale
Get your infrastructure ready
- Improved manageablility of remote users
- IT simplification and cost reduction
- Consistent security for all access scenarios
End User Benefits
- Seamless and secure access
- Problem with VPN is that you must redial the connection when ever it gets lost. That happens a lot when you are working while on the move (for instance on the train). DirectAccess solves this problem. Also no thirdparty software is needed. MS is introducing a plug & play 3G driver.
Branch Office Enhancements
Application and data access over WAN is slow in branch offices. The employees productivity is hurting. Improving network performance is expensive and difficult to implement. Windows 7 will improve/reduce network bandwidth utilization:
- BranchCache – Caches content downloaded from file and Web servers. Users in the branch can quickly open files stored in the cache. Frees up network bandwidth for other users. It supports commonly used protocols (https and smb) and network security protocols (SSL, IPSec) and requires Windows Server 2008 R2
- Applications that can make use of it: Office, Sharepoint, Windows Media Player and so on.
- You have to use Group Policy to enable BranchCaching in Windows 7
- Big enduser benefit: Improve application responstime and download time.
File accessed om SMB shares are automatically cached to disk. Caching policy set through Group Policy. This is transparent for the users. The second user will read it from local cache.
- Full 2-way background sync at fixed intervals
- Sync is transparent for the endusers
- IT admin can configure sync intervals