Windows Server 2003 R2 的简介 Mark Harris 项目经理 Microsoft Corporation
目标 解释 Windows Server 的新发布周期和更新版本 (Update Release) 的角色 概述 Windows Server 2003 R2 的新特性及其情境 问答讨论
Windows Server 发布周期 The goals and philosophies of our Windows Server Roadmap are to deliver best of breed functionality with greater consistency and more predictability following a ‘major and update’ release cycle for our customers. Examples of major releases are Windows Server 2003 and Longhorn. Windows Server 2003 “R2” is our first “update release.” It will be followed by future update releases, such as a Longhorn “R2.” Update Releases allow Windows Server to deliver mid-cycle incremental value to customers in a manner which makes it very easy for them to consume.
更新版本是… 为当前一代的 OS 提供新的特性半周期 预先展示一些可能在下一个主版本上出现的特性 在目前的 Server OS 引入新的特性 结合以前在 Web 发布的一些特性包 预先展示一些可能在下一个主版本上出现的特性 例如,所有的 WS03 R2 特性都将结合到 LH 中 帮助适应和过渡到新一代的 OS 允许当前一代的客户轻松地将新的 R2 特性集成到他们的环境中 构建在最新的主版本和最新的服务包基础上 不必再次进行 OS 评估/认证测试 相同的应用程序兼容性、质量、可靠性和性能 可以选择安装几乎全部的 R2 组件 使用与最新主版本相同的服务树 WS02 和 R2 的补丁和服务包相同 WS03 SP2,…,SPn 将都适用于 WS03 和 R2
更新版本不是… 不是“主版本” 不是“服务包” 不是“特性包”或“累积包” 没有核心更改(例如,内核、网络堆栈、AD、驱动程序等) 没有新增支持的设备 没有更新现有 Windows Server 组件 不是“服务包” R2 提供新的特性,而不是服务于现有特性 实际上,R2 在更改主版本和服务包已有特性方面的能力有限 不是“特性包”或“累积包” R2 的特性被集成到新的内部 OS 组件中 R2 只包含少数以前发布的特性
Windows SharePoint Services 集中文件和打印的备份和管理 高度可用性 有效的发布和协作 Windows SharePoint Services UNIX 互操作 Web 单点登录 B2B/B2C 商业和协作 分散的应用程序目录 UNIX 身份管理 SP1 & x64 为 IT 一般人员提供的简单 SAN 管理 文件服务器资源管理器 UNIX NFS 连接 .NET Framework 2.0
简化的分支机构服务器管理 身份和访问管理 有效的存储管理
简化的分支机构 服务器管理 广域网 (WAN) 管理成本 分支机构的难题 WAN 成本巨大 WAN 延迟问题 分支机构缺乏现场的网络管理员 磁带备份昂贵、不可靠 需要扩展工具来适应大量的分支机构 策略 委派 用户界面 Lead-in: The two broad challenges that the branch market faces are WAN costs/latency, and local manageability. This is due to their rather paradoxical requirements – local application performance with easy manageability. Simultaneously, many customers are in the process of or have already consolidated their central servers – they are now looking to branch servers as the next big consolidation gain. However, branch servers pose a unique challenge, particularly where additional bandwidth is expensive or unavailable. The productivity losses that occur when servers are centralized is usually not acceptable, and the possibility of losing connectivity altogether is normally too much of a risk. With these broad trends converging, the solution is to keep the servers in the branch, but treat the management of them much like disposable appliances. This provides a nice balance of productivity for the branch office workers and reduced administrative burden for IT.
简化的分支机构 服务器管理 可替代 无需管理 加速器 Microsoft 分支机构服务器的远见 容易部署和替代 分支机构不需要管理员 从中央位置进行简单配置 加速器 有效地使用 WAN 资源——仅传输文件差异 依靠本地缓存来处理本地请求 在可以使用 WAN 时,转发到中央服务器 The branch server functionality of Windows Server 2003 R2 is the most recent step in Microsoft’s roadmap to more effective branch server management. The specific features of Windows Server 2003 R2 that further this vision.
简化的分支机构 服务器管理 使用集中的管理工具,轻松地管理基础结构 利用更快速的数据复制,保持公司平稳运行 Windows Server 2003 R2 中针对分支机构的特性 使用集中的管理工具,轻松地管理基础结构 DFS 管理控制台和具有故障恢复的故障转移 打印管理控制台 利用更快速的数据复制,保持公司平稳运行 DFS:远程差量压缩和按需复制 通过取消本地管理和本地备份,减少管理成本 Remote server hardware management entails: Hardware management makes Windows Server aware of IPMI instrumentation in the motherboard with a new driver Events raised in the hardware’s system event log (SEL) are also displayed in the Windows event log Sensor values and probes can be read and set through a new WMI provider (e.g., fan speed and temperature) This makes IPMI accessible to all management tools and scripts that use WMI R2 server also introduces the new Web Services for Management (WS-Management) protocol Enables cross-firewall remote management of servers using WMI via HTTP and SOAP Enables management of remote servers (with BMCs supporting WS-Management) when the operating system is not running e.g., pre-boot and post-crash (power-cycle, change boot order)
简化的分支机构 服务器管理 关键收益 关键因素 文件和打印服务的集中管理 高度可用性 有效的发布和协作 DFS 打印管理控制台 远程差量压缩 具有故障恢复的故障转移 打印管理控制台 KEY TAKEAWAY: The branch office value proposition in R2 is: “Windows Server 2003 R2 is the most efficient way to provide more effective management & operation of branch office environments” Scenarios: The key scenario that we needed to enable is the ability to centrally backup the contents of locally generated file data in a WAN-friendly way, without the need for local backup devices or administration. Additionally, making sure that file data is highly available if the branch server is out of commission is also a key requirement, especially if it might take a day or two to get the local server backup and running. Lastly, providing a WAN-friendly mechanism of allowing branch office staff to access centrally published documents and collaborate with each other, including those in different branches. Technology Enablers: The key technology enablers in R2 are a new version of FRS called DFS (Distributed File System, which consists of two parts – replication (DFS-R) & namespaces (DFS-N)) that provides incredible efficiency gains over the WAN with a new compression technology called Remote Differential Compression (RDC). RDC provides the ability for just the changes to files to be shipped over the wire – for example, a change to a couple of words in a 3.5MB PPT will now only require 16KB to be shipped over the wire. RDC is a key component of DFS-R. (Incidentally, RDC is being implemented as a library that other file replication technologies can use, so you can expect to see future versions of robocopy, client side caching etc make use of it.) Furthermore, the DFS Management console has been rewritten for R2. The highlights of the new console include a hierarchical namespace view, the ability to rename links and “projects” (not possible in the current console) and making it easier to delegate DFS administration tasks to non-domain admins (create and manage domain roots and individual roots). DFS will be manageable from the same console, but the distinctions are being made clearer. Clients can now failback to a preferred server when its availability is restored, rather than being stuck to the hub server that they failed over to. (requires a client slide update (hotfix). We are also providing a long time overdue print management console (PMC) that makes it so much easier to manage print servers & print queues, including forms & drivers, as well as making it easier to push new printer connections and drivers to client PCs. The PMC allows you to create consolidated views of printers across print servers based on parameters you specify, for instance only showing printers that are not ready and with jobs. It also provides a much easy mechanism for managing forms and drivers. Other technologies revolving around management include the new Web Services for Management (WS-Management) protocol (which enables cross-firewall remote management of servers via HTTP and SOAP by taking advantage of WMI scripting) and the Intelligent Platform Management Interface (IPMI), which enables you to have more granular hardware management (moving hardware system event log events into the Windows event log, for example). Using a new WMI provider in R2, all WMI scripts & tools can access IPMI. Futures: In the short-term, you can expect to see guidance from Microsoft (in the way of a Windows Server System Reference Architecture (WSSRA), called the Branch Office Infrastructure Solution (BOIS)) that will provide prescriptive architectural guidance on how to design, build, deploy & manage a branch office infrastructure using Microsoft technologies. This guidance will span across Microsoft products, and so while including Windows Server 2003 for DNS/WINS, DHCP & File/print roles, will also recommend SMS (for secondary Site configuration), a MOM agent, and ISA for web caching. Thus, Windows Server 2003 R2 can be viewed as just a step on our road to delivering an end-to-end branch solution. With respect to Longhorn Server, cached domain controlling, patch distribution and other technologies are on our radar, as well as even deeper integration with the Microsoft technology stack. Note: While DFS is an essential enabling technology for the simplified branch server management scenario, it also plays an integral part in Efficient Storage Management.
简化的分支机构服务器管理 身份和访问管理 有效的存储管理
身份和访问管理 难题:扩展跨用户、应用程序和平台的访问 您的提供商 他们的应用程序 您的客户 您的职员 您的应用程序 您的平台 您的合作伙伴 IT administrators today face exponential growth in service requests involving identity and access management. Organizations need to both manage how users access applications on a variety of application platforms and to extend their IT infrastructure to provide partners, suppliers, customers, and remote employees access to an increasing number of applications. At the same time, IT organizations are expected to positively impact their business by improving customer loyalty and retention, reducing operational costs, and responding quickly and efficiently to change. Managing many applications on multiple platforms for a growing number of internal and external users presents the following administrative and security challenges: • Providing business partners access to applications and collaboration tools without sacrificing security to the applications or to the internal network. • Limiting the number of passwords users need to get secure access to applications. Having too many passwords often leads users to employ poor security practices, such as writing passwords on sticky notes. • Managing the administrative burden of keeping duplicate user data in multiple application directories, while not overloading a centralized directory with application-specific data. • Leveraging existing administrative tools across a larger set of application environments. 您的职员 您的应用程序 您的平台 您的合作伙伴 他们的应用程序 您的远程和虚拟职员
身份和访问管理 Active Directory 联合服务 (ADFS) Active Directory 应用程序模式 (ADAM) Windows Server 2003 R2 特性 Active Directory 联合服务 (ADFS) Active Directory 应用程序模式 (ADAM) 用于应用程序目录情境的轻量级、独立于域的 Active Directory 模式 能够与域模式进行互操作,以实现身份验证 收益:根据本地控制/自主或共享的服务,调整目录服务的基础结构 UNIX 身份管理 用于网络信息服务 (NIS) 的服务器帮助集成 Windows 和 UNIX 域 密码同步简化了跨平台的密码维护 收益:有效的多平台身份管理 Windows Server 2003 R2 offers functionality that extends connectivity and control of identity management for internal and external collaboration. The following Windows Server 2003 R2 features deliver distinct advantages for identity and access management: • UNIX Identity Management: Windows Server 2003 R2 provides Windows and UNIX integration, which helps to establish uninterrupted user access and efficient management of network resources across operating systems, through the following updated identity management solutions: • Server for NIS helps integrate Windows and UNIX-based Network Information Service (NIS) servers by enabling an Active Directory domain controller to act as a master NIS server for one or more NIS domains. Identity Management for UNIX includes an easy-to-use wizard that a Windows domain administrator can use to export NIS domain maps to Active Directory entries. • Password Synchronization helps integrate Windows and UNIX servers by simplifying the process of maintaining secure passwords. With Password Synchronization, users do not need to maintain separate passwords for their Windows and UNIX accounts or remember to change the password in multiple locations. Password Synchronization automatically changes a user password on both UNIX and Windows networks whenever the user changes his or her password. • Active Directory Application Mode (ADAM): ADAM, an independent mode of Active Directory without infrastructure features, provides directory services for applications. Operating as a stand-alone data store or interacting with an Active Directory domain controller, ADAM's flexibility enables administrators to tailor their directory services infrastructure to varying degrees of local control/autonomy or shared services. ADAM provides a data store and services for accessing that data store, uses standard application programming interfaces (APIs) for accessing application data, and works with ADFS to provide a user store for extranet application authentication. • Active Directory Federation Services (ADFS): ADFS provides Web-based extranet authentication/authorization, single sign-on (SSO), and federated identity services for Windows Server environments, which increases the value of existing Active Directory deployments to B2C extranet, intra-company (multi-forest) federation, and B2B internet federation scenarios. Extranet authentication and SSO services extend the strong authentication and distributed session capabilities Windows has for internal networks to internet-facing perimeter networks. Identity federation makes it possible for two organizations to share a user's Active Directory identity information securely over federation trusts, facilitating collaboration with partners and delegating user management.
身份和访问管理 Active Directory 联合服务 (ADFS) 扩展 Active Directory 部署的价值,促进职员、合作伙伴以及客户安全地访问 Web 应用程序 Web SSO:外部网身份验证和单点登录 身份联盟:跨域的分布式 Web SSO 提高 IT 效率、最终用户生产力和安全性 能与已有的 Active Directory 部署兼容 能与第三方安全解决方案和多种应用程序平台实现互操作 Key Message – ADFS helps customers do more with less by providing seamless access across organization and security boundaries. Our solution to this problem in R2 is Active Directory Federation Services. (note that this name is subject to change) Customers have been enjoying the benefits of intranet single sign-on using Active Directory, and ADFS will allow customers to extend this capability across security and organizational boundaries to partners and suppliers – a combined Web SSO and Federation solution that makes it easier to do business with each other. Customers will be able to reduce costs and effort when implementing Web SSO for internal systems or across security boundaries with multiple partners. With ADFS, userid & passwords will be managed by organizations that owns them and not the hosting company. This reduces the cost of IT management, by reducing the number of directories required, help desk calls for password reset, and also improves security as organizations can internally enforce strong authentication as well as automatically restrict access to partner sites upon disabling a user’s local AD account. Since ADFS is integrated with other Microsoft identity management technologies, it rounds out a complete set of tools for internal and external authentication and authorization management. In particular, ADFS is built to integrate with new technologies like ADAM (use Windows Server for extranet web apps without literally adding the users to the external domain), Authorization Manager (roles-based access control to operation-level app capabilities, with roles membership managed by the account partner) and Windows SharePoint Services (bring strong auth, SSO and federation to internet-facing SharePoint sites). Since this technology is based on industry standard, organizations will not have to dictate specific products on partner/suppliers in order to interoperate. This results in a faster time to market and greatly reduced deployment and development costs. IBM, Netegrity, Oblix, OpenNetwork, RSA, and Ping Identity have all shown interop with this product. Promotes IT efficiency, end user productivity, and better security IT efficiency: Centralized user administration, “native” delegated administration, lower password reset costs End-user productivity: SSO to internal & partner web applications, fewer passwords for users to forget Security: Automated de-provisioning, strong authentication, auditing/logging of access to partner applications AD IIS 公司 A 公司 B
ADFS 情境:Web SSO 在应用程序中使用在 Active Directory/ADAM 中进行管理的用户凭证及属性 收益: 客户 商业合作伙伴 在应用程序中使用在 Active Directory/ADAM 中进行管理的用户凭证及属性 收益: 单点登录到 IIS v6 Web 应用程序群 通过表单、客户端证书实现的更强身份验证 ADAM 支持:周边网络中的 LDAP 用户存储 支持“road warrior”应用程序 用于内部用户的 Windows 集成身份验证 用户外部用户的 ADFS 身份验证 职员 Key Idea: ADFS extends its set of platform-level authentication services to support the extranet-located, non-domain web application scenario with ADFS. Now when you use Windows Server and IIS for an extranet application, you can use forms auth, and give users a SSO session cookie so they don’t have to logon for access to any other web applications in a trusted domain. This is important since so many web apps are in fact a collection of apps – you don’t want users being challenged over and over for credentials (think online banking, and the separate-but-colocated checking, credit card and loan applications). An interesting variation on this scenario is the B2E (business to employee) scenario, where an organization has web applications that it would like employees to access from both inside the firewall and when traveling or at home – without requiring VPN access, and without requiring a separate, duplicate identity in the extranet (think OWA, but for any web application). ADFS’ integration with Windows Integrated Auth means that employees get Kerberos single sign-on from their work desktops, and authenticate against the same Active Directory account (using forms-based auth and a one-way forest trust from the DMZ into the internal network) when away from the office.
ADFS 情境:身份联盟 用户凭证和属性由合作伙伴在“家庭领域”中管理 收益: 单点登录到内部和合作伙伴 Web 应用程序 商业 跨组织的名称空间管理: 信任 – 密钥 安全性 – 要求声明 隐私 – 允许声明 审核 – 身份、认证中心 商业 合作伙伴 用户凭证和属性由合作伙伴在“家庭领域”中管理 收益: 单点登录到内部和合作伙伴 Web 应用程序 用户所使用的密码减少 密码重设成本降低 集中管理,委派给合作伙伴 自动限制对合作伙伴应用程序的访问 记录入站和出站的访问请求 Key Idea: In addition, ADFS enables the federation scenario, which is fundamentally different in that it breaks out authentication from the access control decision, and places it at the user/account side of the relationship. Instead of a user authenticating to an extranet site by typing her credentials, the user’s corporate network and AD environment (“home realm”) automatically generates a SAML (security Assertion Markup Language) security token for the end user that, when presented to the resource/application, is used to grant access rights. The key to enabling this sort of distributed access control is the federated trust the two partners set up – which includes a key exchange, and negotiation on the types of data about users the application will require (“claims”). Through federation, the end user gets SSO to all of their internal network applications (through standard Windows integrate auth), plus SSO to partner applications through federation. Federated SSO works with two types of applications: claims-based applications – written specifically to consume ADFS claims through ASP.Net Roles or Authorization Manager (a particularly elegant solution in that it provides a simple user interface for administrators to define user roles and map them to operations in a web application – abstracting user management from the application development process, and reducing the amount of application rework required). “traditional” windows-based web applications – which use local Active Directory accounts, like SharePoint – ADFS can automatically map a security token to a local AD account, instantly enabling SSO for these applications, even outside the firewall
通过 Web 服务规范实现的多厂商、多平台间的互操作性 ADFS:基于标准的解决方案 AD 用户 .Net 应用程序 Java、Unix, Linux 用户 Java、Unix, Linux 应用程序 通过 Web 服务规范实现的多厂商、多平台间的互操作性 WS-联盟 Key Idea: Federation sounds like a great concept, but if it only worked between Microsoft environments, it wouldn’e get very far. For federation to be a successful concept, it needs to be standards-based, and that’s what WS-Federation is for. Part of the WS-* set of web services specifications designed by Microsoft and other technology companies, WS-Federation enables distinct security solutions to share identity information in a common format. This means, for example, that if a company managing users in Active Directory wanted to federate its users with an application provider that enabled access control with Netegrity SiteMinder, that would be possible using WS-Federation. A number of leading identity management companies have either been involved in the writing of the specs or pledged their support for the specification in their products. Important to note there are two major components to WS-Federation – the Passive Requestor Profile and the Active Requestor Profile. The Passive profile supports federation between browser-based applications using HTTPS, and is supported in ADFS v1 in R2. Active Profile is a more advanced spec that supports rich client applications that speak SOAP instead of proprietary protocols like RPC – which is the future direction of Windows-based application development with technologies like Indigo. Active client support will be available in ADFS v2 in the Longhorn timeframe. IBM PingID BMC Oracle CA Quest RSA Centrify + 其他… Active Directory 联合服务
身份和访问管理 收益 特性 跨越安全性边界,为职员、合作伙伴和客户提供安全的 Web 应用程序 使得职员能够单点登录到内部和合作伙伴应用程序 跨 Windows 和 UNIX 系统集中管理身份 调整目录服务基础结构,满足分散或控制的不同要求 特性 ADFS、ADAM、Unix 身份管理 Web 服务体系结构 (WS-*) 的互操作规范 其他 Windows Server 工具: Windows SharePoint® Services 身份验证管理器 (AzMan) Key Message – ADFS helps customers do more with less by providing seamless access across organization and security boundaries. Our solution to this problem in R2 is Active Directory Federation Services. (note that this name is subject to change) Customers have been enjoying the benefits of intranet single sign-on using Active Directory, and ADFS will allow customers to extend this capability across security and organizational boundaries to partners and suppliers – a combined Web SSO and Federation solution that makes it easier to do business with each other. Customers will be able to reduce costs and effort when implementing Web SSO for internal systems or across security boundaries with multiple partners. With ADFS, userid & passwords will be managed by organizations that owns them and not the hosting company. This reduces the cost of IT management, by reducing the number of directories required, help desk calls for password reset, and also improves security as organizations can internally enforce strong authentication as well as automatically restrict access to partner sites upon disabling a user’s local AD account. Since ADFS is integrated with other Microsoft identity management technologies, it rounds out a complete set of tools for internal and external authentication and authorization management. In particular, ADFS is built to integrate with new technologies like ADAM (use Windows Server for extranet web apps without literally adding the users to the external domain), Authorization Manager (roles-based access control to operation-level app capabilities, with roles membership managed by the account partner) and Windows SharePoint Services (bring strong auth, SSO and federation to internet-facing SharePoint sites). Since this technology is based on industry standard, organizations will not have to dictate specific products on partner/suppliers in order to interoperate. This results in a faster time to market and greatly reduced deployment and development costs. IBM, Netegrity, Oblix, OpenNetwork, RSA, and Ping Identity have all shown interop with this product. Extends value of AD infrastructure for extranet scenarios Classic SSO: Extranet authentication and single sign-on Identity Federation: B2B/B2C Commerce and Collaboration Promotes IT efficiency, end user productivity, and better security IT efficiency: Simplified delegated administration, lower password reset costs End-user productivity: SSO to internal & partner web applications, fewer passwords for users to forget Security: Stronger authentication via forms & client-side certs, automatic de-provisioning Tight integration with Windows Server technologies AD: profile-based access management to external partner applications ADAM: extranet application user store Authorization Manager: extranet role-based access control (RBAC) Windows SharePoint Services: Extranet WSS, federated WSS WS-* specification support for interoperability with 3rd party security solutions
简化的分支机构服务器管理 身份和访问管理 有效的存储管理
有效的存储管理 近日存储的难题 存储的预计增长:每年 60-100% 有效地管理存储增长始终是个难题 添加更多直接附属存储 (DAS) 增加复杂性 网络存储解决方案可能十分复杂 几乎没有 IT 专业人员是存储方面的专家: 35% 的中小型公司已经从 DAS 迁移到了网络存储 40% 的中小型公司正在考虑迁移到网络存储 管理存储的成本可以是存储本身成本的 10 倍 涉及到文件服务器/存储的整合 复杂且容易出错 可能给最终用户造成中断
有效的存储管理 文件服务器资源管理器 SAN 的存储管理器 (FSRM) (SMFS) Windows Server 2003 R2 的存储管理 文件服务器资源管理器 (FSRM) 容量管理 策略管理 文件屏蔽 配额管理 SAN 的存储管理器 (SMFS) Windows Server 2003 R2 storage management has two components. (click) The first one is the File Server Resource Manager (FSRM), which handles: (click) Capacity Management – This deals with disk and volume space information; (click) Policy Management – This sets and enforces policies for systems and users, particularly screening for particular types of files users attempt to save in storage folders; (click) Quota Management – This manages storage usage. (click) The second component is Storage Manager for SANs (SMFS). It handles: (click) Configuration Management – This configures and manages physical storage systems; (click) this includes disk provisioning and disk management. 配置管理 磁盘供应 磁盘管理
有效的存储管理 容量管理 策略管理 配额管理 FSRM:管理员的难题 确定组织中现有的存储容量使用情况 确定使用情况是否有效地支持组织的目标 定义和实施存储策略 随着容量需求的增长和组织需要的改变,调整策略 策略管理 无法方便地控制存储在文件服务器上的数据类型 需要手动确定不希望的内容 配额管理 用户的家庭目录经常快速增长,导致服务器没有存储空间 部门共享也会出现意外地增长 管理员只有在服务器已经没有空间时才能注意到存储问题
有效的存储管理 容量管理 策略管理 配额管理 FSRM:用户情境和收益 确定哪些存储容量没有被有效地使用 确定合适的方法,避免将来出现容量误用 监视使用规律和利用等级 策略管理 删除非业务文件,改善存储的利用,同时降低管理成本 实施合适的策略来限制未经授权的文件,以限制法律暴露 促进责任制 配额管理 控制用于某个文件夹或共享的空间数量,限制它们对服务器利用的影响 监视下列每卷、文件夹或共享的磁盘空间使用增长 减慢存储的增长
有效的存储管理 管理员的挑战 用户情境和收益 中小型市场希望从 SAN 中收益,但是 提供基本 SAN 管理功能,包括 能够实现 SMFS:SAN 管理和供应 管理员的挑战 中小型市场希望从 SAN 中收益,但是 现有的工具过于复杂和昂贵 管理员对 SAN 技术的经验有限 需要基本的功能,使得管理员能够轻松地在服务器间共享存储 用户情境和收益 提供基本 SAN 管理功能,包括 设备发现 LUN 创建 存储分配 能够实现 共享的存储解决方案 群集
有效的存储管理 基本 功能 SMFS:SAN 管理和供应 利用虚拟磁盘服务 (VDS) 基础结构 允许 Windows® 管理员执行基本的阵列和 LUN 管理 针对由简单硬件构建的小型 SAN MMC 管理单元 功能 发现光纤通道或 iSCSI SAN 中的存储阵列,包括存储阵列属性(例如固件信息) 存储阵列 LUN 的创建、删除和扩展 LUN 选项的指定,例如 RAID 等级 将 LUN 分配给 SAN 中的特定服务器 监视 LUN,包括状态/简况和服务器的分配 使用 VDS,集成 iSCSI、iSNS、MPIO、HBA API 本地存储管理
有效的存储管理 关键的存储技术 领先的文件系统虚拟化产品 – 虚拟化文件服务器和网络附加存储设备 提供物理存储和统一全局名称空间的逻辑视图 分布式文件系统 (DFS) 关键的存储技术 领先的文件系统虚拟化产品 – 虚拟化文件服务器和网络附加存储设备 提供物理存储和统一全局名称空间的逻辑视图 用户无需记住服务器名称即可连接到共享 将逻辑名称转换为物理共享 可以移动共享,而对客户端不产生影响 – 共享位置对客户端是透明的 故障转移 √ 最近站点索引 根可伸缩性 多根 故障恢复支持 管理员委派 目标优先级 DFS is not solely a feature of the simplified branch server management capability of Windows Server 2003 R2: it is an integral part of Efficient Storage Management. The same features that make it so effective in local file server management have found a natural use in managing branch server as well.
有效的存储管理 关键收益 关键因素 简单 SAN 供应 文件配额管理、文件屏蔽和文件存储报告 UNIX NFS 连接 适用于一般 IT 人员的简单 SAN 管理 文件服务器资源管理 Virtual Disk Services (VDS) 1.1 UNIX/Windows 互操作性,简化跨平台的文件服务器管理 硬件兼容性测试 (HCT) 12.1 SIMPLE SAN MANAGEMENT: R2 will include a new SAN Management tools that makes it easy to deploy a small SAN hosted (front-ended) by Windows. This GUI based interface will guide the user on how to create LUNs and how to make them available for the application servers. This tool works for both Fibre Channel and for iSCSI and it also works for any storage arrays that have a VDS provider. Once LUNs are created, the tools also provide simple commands to delete and grow these LUNS so that applications can scale with demand FSMT: We’re also integrating the File Server Migration Toolkit. This will allow IT pros to easily consolidate data from multiple Windows Servers (to their newly created SAN), while preserving the old UNCs so shortcuts and users favorites continue to work. (requires DFS) STORAGE RESOURCE MANAGEMENT: Now all of the data is in one place, R2 also includes a new native Storage Resource Management tool specifically to do quota management. This gives administrators the ability to optimize how they want their disk storage to be used. The administrator can manage the size of storage made available to different users and also manage the types of files that can be stored to maximize the utilization of disks. In order to better plan, storage reports are also made available so that the administrator can monitor usage and distribution of storage to that he can easily re-assign storage to different groups before a critical situation occurs. NFS Support: R2 also includes the ability to serve this newly consolidated data out to UNIX clients using their native protocols, Network File System. It also includes a client so Windows IT admins can connect to NFS Servers to copy data. File Server Role Management Console: A new console is provided which pulls all of this functionality together.
强健的应用程序平台 客户的难题 目标 特性 具有多种不同系统的客户希望在 Windows 环境中使用 UNIX 应用程序 开发人员希望利用强健的新开放环境 目标 在运行 Windows 服务器级操作系统的计算机上编辑和运行定制的 UNIX 应用程序 集成最新的开发人员工具 特性 用于 UNIX 应用程序的子系统 (SUA) 针对 Visual Studio® 2005 和 .NET Framework 2.0 的版本 UNIX 到 Windows 的应用程序的可移植性 (Visual Studio 和 .NET) Subsystem for UNIX-based Applications (SUA) is a source-compatibility subsystem for compiling and running custom UNIX-based applications on a computer running a Windows server-class operating system. Administrators can perfect their applications in SUA with little or no change to their original source code. Subsystem for UNIX-based Applications provides an operating system for POSIX processes. SUA, along with its package of support utilities (such as shells and a Telnet client) available for download on the Microsoft Beta website, provides a complete UNIX environment. The download package includes a comprehensive set of scripting utilities and a software development kit (SDK) designed to fully support the development capabilities of SUA while providing a complete UNIX-based application development experience. SUA also supports case-sensitive file names, job control, compilation tools, and the use of over 300 UNIX commands, utilities, and shell scripts. Because the subsystem installs separately from the Windows kernel, it offers true UNIX functionality without any emulation. New features in this release include: Database (OCI/ODBC) library connectivity. SUA supports connectivity to Oracle and Microsoft SQL Server™ from database applications, through the Oracle Call Interface (OCI) and the Open Database Connectivity (ODBC) standard. Microsoft Visual Studio Debugger Extension for debugging POSIX applications. SUA includes support for debugging the POSIX processes using the Visual Studio IDE. Utilities based on SVR-5 and BSD UNIX environments. The SUA download package supports two different UNIX environments: SVR-5 and BSD.
Windows Server 2003 家族 Windows Server 2003 Windows Server 2003 R2 Available in H2 of 2005, both in 32-bit and 64-bit (x64) versions Windows Server 2003 R2 Standard Edition Windows Server 2003 R2 Enterprise Edition Windows Server 2003 R2 Datacenter Edition Will replace Windows Server 2003 in all channels No charge for servers covered by Software Assurance or Enterprise Agreement No new CALs for R2 - uses Windows Server 2003 CALs Same support lifecycle as WS03 Windows Small Business Server 2003 R2 We will have an sbs release at about the same time as WS r2 It will have a small number of targeted for Small Business features (very different from the WS R2 optional components) Windows Storage Server 2003 R2 Includes all the storage specific features found in Windows Server 2003 plus some additional features that are specific to Storage Server, only available through the OEM channel. No Windows Server 2003 R2 Web Edition R2 features are targeted towards other workloads than Web Edition No Windows Server 2003 R2 Itanium Edition We just RTM’d Windows Server 2003 SP1 for Itanium-based systems. Windows on Itanium is a leading alternative to expensive RISC/UNIX servers specifically targeting scale-up database and line-of-business applications. Windows Server 2003 R2 is focused on scale-out workloads. There are no Windows on Itanium-focused workloads in Windows Server 2003 R2. We are both supporting and selling these editions but have decided not to release R2 editions because the R2 features do not relate to these specific workloads. Windows Server 2003 Windows Server 2003 R2
版本和特性 特性 Standard Edition Enterprise Edition Datacenter Edition 服务器资源管理器 √ 简单 SAN 管理 Active Directory Federation Services ADAM 分布式文件系统 – 复制 分布式文件系统 – 跨文件的远程差量压缩* √* 打印管理控制台 MMC 3.0 Windows SharePoint Services V2 SP2 .NET Framework 2.0 用于 UNIX 应用程序的子系统 UNIX 互操作(NIS Server、密码同步、NFS 管理等) x64 可用性 WS-管理 只要求复制合作伙伴中有一个是 Enterprise Edition 或 Datacenter Edition
总结 Windows Server 2003 R2 主要情境 强健的应用程序平台 简化的分支机构服务器管理 身份和访问管理 有效的存储管理 Windows Server 2003 R2 extends Windows Severs 2003 providing the most efficient way to manage and control access to local and remote resources while easily integrating into your existing Windows Server 2003 environment. Windows Server 2003 R2 enables new scenarios including simplified branch server management, efficient storage management and streamlined collaboration with partners, building upon the increased security, reliability and performance provided by SP1. Windows Server 2003 R2 demonstrates Microsoft’s commitment to Windows Server roadmap and allows customers to confidently plan server operating system purchasing and adoption. Windows Server 2003 R2 can be slipstreamed into existing Windows Server 2003 environments without retesting/recertifying existing roles or applications, or upgrading to new Client Access Licenses.
附录 UNIX 的互操作性
UNIX 的互操作性 客户情况 WS2003R2 提供无缝的 UNIX/Windows 互操作性 客户利用 SAMBA 实现跨平台文件共享,但是对这个解决方案并不满意,因为 性能 安全性 单向身份验证 缺乏支持 WS2003R2 提供无缝的 UNIX/Windows 互操作性 跨平台地对用户进行身份验证 跨多个操作系统进行文件共享 由 Microsoft 进行测试和支持 Seamless UNIX/Windows Interoperability Authenticating users across platforms File sharing across multiple operating systems Tested and supported by Microsoft UNIX/Windows cross-platform management Consolidation of administration and monitoring across platforms Pull NIS schema into Active Directory Bidirectional Password Synchronization and user name mapping Leverage existing UNIX IT skills Similar look and feel for Administrators and Developers in both environments Customers can download or port same utilities they use on UNIX/Linux UNIX to Windows application portability Complete UNIX subsystem on with Windows Kernel Ability to extend UNIX application to Windows via Visual Studio & .NET
UNIX 的互操作性 将 NIS 架构存入到 Active Directory 中 双向密码同步、用户名映射 跨平台管理 客户情况 客户希望拥有一个统一的方法来管理 UNIX 和 Windows 系统,而不用为每个平台维护不同的工具和方法 WS2003R2 提供了 UNIX/Windows 跨平台管理 整合跨平台的管理和监视 使用与 UNIX 系统一样的方法和工具,远程监视和管理基于 Windows 的系统 将 NIS 架构存入到 Active Directory 中 双向密码同步、用户名映射 密码同步 在 Windows 和 UNIX 间双向进行 HP-UX 11i Sun Solaris 8 & 9 IBM AIX 5L 5.2 Red Hat Linux 9.0 映射服务器 将 Windows 用户和组帐户映射到 UNIX Seamless UNIX/Windows Interoperability Authenticating users across platforms File sharing across multiple operating systems Tested and supported by Microsoft UNIX/Windows cross-platform management Consolidation of administration and monitoring across platforms Pull NIS schema into Active Directory Bidirectional Password Synchronization and user name mapping Leverage existing UNIX IT skills Similar look and feel for Administrators and Developers in both environments Customers can download or port same utilities they use on UNIX/Linux UNIX to Windows application portability Complete UNIX subsystem on with Windows Kernel Ability to extend UNIX application to Windows via Visual Studio & .NET
UNIX 的互操作性 客户情况 WS2003R2 允许客户利用已有的 UNIX IT 技术 客户关心在对 UNIX IT 职员进行 Windows 平台培训时所需的资源投资 WS2003R2 允许客户利用已有的 UNIX IT 技术 为两个环境中的管理员和开发人员提供类似的外观和体验 客户可以下载或移植在 UNIX/Linux 中使用的实用程序 BSD 实用程序 GNU 实用程序 SVR-5 实用程序 Seamless UNIX/Windows Interoperability Authenticating users across platforms File sharing across multiple operating systems Tested and supported by Microsoft UNIX/Windows cross-platform management Consolidation of administration and monitoring across platforms Pull NIS schema into Active Directory Bidirectional Password Synchronization and user name mapping Leverage existing UNIX IT skills Similar look and feel for Administrators and Developers in both environments Customers can download or port same utilities they use on UNIX/Linux UNIX to Windows application portability Complete UNIX subsystem on with Windows Kernel Ability to extend UNIX application to Windows via Visual Studio & .NET
UNIX 的互操作性 UNIX 应用程序的可移植性 用户情况 用户无法摆脱“burning 平台”,因为十分依赖自行开发的遗留代码 .NET Framework Windows OS 内核 文件系统 安全性 目录 SUA Win32 子系统 一般服务 应用程序 UNIX Windows 生成的混和应用程序 UNIX 应用程序的可移植性 用户情况 用户无法摆脱“burning 平台”,因为十分依赖自行开发的遗留代码 WS2003R2 提供了从 UNIX 到 Windows 应用程序的可移植性 跨环境的应用程序使用 在 Windows 内核上的完整 UNIX 子系统 Seamless UNIX/Windows Interoperability Authenticating users across platforms File sharing across multiple operating systems Tested and supported by Microsoft UNIX/Windows cross-platform management Consolidation of administration and monitoring across platforms Pull NIS schema into Active Directory Bidirectional Password Synchronization and user name mapping Leverage existing UNIX IT skills Similar look and feel for Administrators and Developers in both environments Customers can download or port same utilities they use on UNIX/Linux UNIX to Windows application portability Complete UNIX subsystem on with Windows Kernel Ability to extend UNIX application to Windows via Visual Studio & .NET 集成方法 直接调用 管道 套接字 共享内存 COM XML web 服务
关键结论 R2 解决了困扰客户的难题 投入了很多工作来使 R2 容易使用 Windows Server 2003 R2 是新 Windows Server 发布周期的开端
© 2005 Microsoft Corporation. 保留所有权利.