My battery is running flat (lesson: switch to "power saver mode" when running on batter you idiot!) so I’ll probably finish this one tomorrow – some of us Irish folks are meeting up tonight for a couple of drinks\/dinner.<\/p>\n
As you should know, the next generation TCP stack in Vista was a big change for the better.\u00a0 It offers solutions to serious productivity issues when teamed with Windows 2008.\u00a0 Reminder: the Tolley Group Study.<\/p>\n
Personal story: I’ve tried this with Vista accessing an SSL W2008 SharePoint server this week from Barcelona.\u00a0 The server is on the net in Dublin and I was on a crowded WiFi LAN.\u00a0 It was like being on the same LAN as the SharePoint server.\u00a0 I know that XP could not have had the same performance over this (very) latent link.<\/p>\n
The presenter is a woman from MS Turkey.\u00a0 Needs for now: IT Pros need flexibility, mobility and performance.\u00a0 Users want seamless networking.\u00a0 They don’t care about wifi, broadband, LAN, VPN, etc.\u00a0 Windows 7 offers:<\/p>\n
Mobile Access: Had to patch them now.\u00a0 Hard to manage.\u00a0 We have some functionality with native installs of SCCM 2007.\u00a0 Difficult for users to access internal resource remotely.\u00a0 Windows 7 offers a "corporate network boundary" to include assets no matter where they are.\u00a0 Easier to service remote PC’s. <\/p>\n
Direct Access<\/u><\/strong><\/p>\n We now get a demo of the seamless remote access to internal resources.\u00a0 It works as if she was on the LAN in MS.\u00a0 It works over IPv6 … IPv6 addresses are unique across all machines in the world.\u00a0 A DirectAccess server monitors traffic on the border.\u00a0 The PC has a client.\u00a0 It scans the destination address.\u00a0 If it’s a corporate internal address the client traffic is directed to the DirectAccess server running on Windows Serve r0208 R2 – "Split Tunnelling".\u00a0 You can use a proxy if you don’t like this process.\u00a0 This entire solution allows tunnelling over IPv4 UDP, TLS, etc.\u00a0 NAP can sit in here to ensure that the client only gains access if it is compliant with corporate policies.\u00a0 W2003 can be remotely accesses using IPv6 addresses – there’s a patch.\u00a0 IPSec is used to secure the session between the client and the DirectAccess server.\u00a0 It is not required within the corporate intranet but recommended (as usual – but rarely done).\u00a0 The solution assumes the client is on an insecure network.\u00a0 NAP assumes the client is non-complaint and must prove itself.<\/p>\n Strategy:<\/p>\n Windows 7 clients:<\/p>\n During deployment:<\/p>\n VPN Reconnect<\/u><\/strong><\/p>\n Mobile broadband is unreliable.\u00a0 Windows 7 will persist network connectivity to automatically reconnect the VPN tunnel when the underlying network is back online.\u00a0 Seamless for the user.\u00a0 The policy defines how long of an outage is tolerated.\u00a0 Default is 30 minutes.<\/p>\n Mobile Broadband<\/u><\/strong><\/p>\n Bad experience for user.\u00a0 Requires dodgy 3rd party software.\u00a0 More management.\u00a0 Windows 7 provides PNP for mobile broadband devices.\u00a0 End users just plug and connect.\u00a0 Better for network providers, admins and users.<\/p>\n Branch Office<\/u><\/strong><\/p>\n There’s two optimised networking solutions, one for a deployment with a server and one without:<\/p>\n Either way, sessions\/locks are maintained.\u00a0 Read is optimised, a write uploads the entire file \ud83d\ude41\u00a0 GPO manages things.\u00a0 There is no current policy for aging\/retention of cached blocks.\u00a0\u00a0 We want to get rid of servers from the branch office but the best solution is host based (requiring W2008 R2 for cache and server).\u00a0 The services supported are file share (SMB) and web (HTTP\/HTTPS).\u00a0 SSL and signing supported.\u00a0 <\/p>\n Deployment: Distributed – GPO, Host – Role installation.<\/p>\n SMB Enhancements<\/u><\/strong><\/p>\n Transport Caching: The Win7 client caches open file share files locally.\u00a0 Reads are local.\u00a0 Writes are written to the server.\u00a0 User transparent.\u00a0 Better WAN performance for the user.<\/p>\n Example.\u00a0 Client 1 downloads a file.\u00a0 Client 2 requests a download. Caching (distributed or host BranchCache) makes the blocks available to client 2 from client 1 or a server.\u00a0 Client 2 request a new open – it’s loaded from a local cache on client 2.<\/p>\n Improved Office Experience<\/u><\/strong><\/p>\n Office is very chatty; constantly reading open file content.\u00a0 New optimisations consolidate this to a single stream of traffic.\u00a0 <\/p>\n Offline Files<\/u><\/strong><\/p>\n We now get regularly admin controlled 2 way synchronisation of files – with windows for busy periods.\u00a0 This allows corporate data synchronisation and user experience optimisation over the WAN.<\/p>\n DNS Security<\/u><\/strong><\/p>\n DNSSEC secures DNS against man-in-the-middle attacks.<\/p>\n URL QoS<\/u><\/strong><\/p>\n QoS policies can be defined for specific URL’s.\u00a0 Consider a single web server with many web sites.\u00a0 Should all web sites be tarred with the same brush: some are more important than others.<\/p>\n Green IT<\/u><\/strong><\/p>\n Wake on Wireless LAN: Wake up a host, perform maintenance, put it to sleep.<\/p>\n Smart network Power: idle NIC’s are put to sleep.\u00a0 DON’T USE FOR "SERVERS".\u00a0 Consider distributed BranchCache where clients rely on other clients for WAN optimisation.<\/p>\n Q&A<\/u><\/strong><\/p>\n BranchCache is based on block level tech. Similar to DFS-R but new code.<\/p>\n Remote management via Direct Access gives seamless access for the IT Pro and user.\u00a0 Consider remote admin for ConfigMgr.\u00a0 It might now be dead.\u00a0 You can even ping a remote machine with this technology.<\/p>\n BrachCache: Any<\/em> write activity sends the entire file over the WAN, not just the changed blocks.\u00a0 BOO! Riverbed and Citrix still have a window, even if you only care about SMB and HTTP(S).<\/p>\n The BranchCache is ACL’d and encrypted.\u00a0 Pre0-staging is possible but only via scripted download.\u00a0 MS provides a clever API for their or partner later use for direct media pre-staging (ideal solution).\u00a0 <\/p>\n BranchCache generated the most questions and interest from this session.<\/p>\n","protected":false},"excerpt":{"rendered":" My battery is running flat (lesson: switch to "power saver mode" when running on batter you idiot!) so I’ll probably finish this one tomorrow – some of us Irish folks are meeting up tonight for a couple of drinks\/dinner. As you should know, the next generation TCP stack in Vista was a big change for … Continue reading “Day 1: Windows Networking – From Windows Vista to Windows 7”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[42],"tags":[],"class_list":["post-9233","post","type-post","status-publish","format-standard","hentry","category-teched-emea-it-pro"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9233"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9233\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\n
\n