Overview of Networking in Windows Vista

1
Overview of Networking in Windows Vista
Simon Martyn Infrastructure Specialist The IQ
Business Group Technology Services Division
2
Session Objectives

• Key Takeaways
• Windows Vista and Windows Server Longhorn
  represents the most significant update to Windows
  networking since the 1990s
• These innovations focus on improving security,
  reliability and scalability
• This will result in a better Windows experience

3
Session Agenda

• Introduction to the Next Generation TCP/IP
  Stack
• Drill-down Performance and Scalability
• Drill-down IPv6 and Collaboration
• Drill-down Network Isolation
• Tips for getting ready for Windows Vista and
  Windows Server Longhorn
• Additional Resources

4
The Next Generation of TCP/IP

• Motivations and Focus
• Provide more efficient, scalable, high-speed,
  secure and manageable networking
• Integrate new capabilities and functionality to
  meet customer needs
• Giving IT more control over connectivity
• Reduce cost of ownership and operations
• Improve reliability and servicing

5
The Next Generation of TCP/IP

• Benefits to Windows administrators and users
• Greater reliability for a more resilient, easy to
  use and manage networking experience
• Better scalability to meet growing connectivity
  demands and maximize server resources in a
  cost-effective manner
• Fewer connectivity headaches which leads to fewer
  helpdesk calls

6
Complete Redesign of TCP/IP
Winsock
User Mode
Kernel Mode
TDI Clients
AFD
WSK Clients
TDI
WSK
TDX
Next Generation TCP/IP Stack (tcpip.sys)
RAW
UDP
TCP
Windows Filtering Platform API
IPv4
IPv6
802.3
WLAN
Loop-back
IPv4 Tunnel
IPv6 Tunnel
NDIS

• Dual-IP layer architecture for native IPv4 and
  IPv6 support
• Seamless security through expanded IPsec
  integration
• Improved performance via hardware acceleration
• Network auto-tuning and optimization algorithms
• Greater extensibility and reliability through
  rich APIs

7
A Short List of New Features
8
Drill-down Performance

• The Challenge
• Transfer large amount of data over the WAN
  quickly
• Common Scenarios
• Limited by Windows TCP/IP system-wide settings
• TCP Receive Window Size on high-latency links
• Packet loss results in congestion control slow
  down
• Network bandwidth is not used efficiently
• For example gt5mbps on 100ms latent network
• The Solution
• Automatically tune each network connection based
  on its specific conditions (e.g. latency,
  available bandwidth, congestion, connection type)

9
Drill-down Performance

• Automatically adjusts for maximum efficiency
• Faster network transfers, especially across WAN
  links
• Optimized use of available network bandwidth
• Reduced packet loss resulting in fewer retransmits

• Optimized performance without loss
• Intelligent, automated tuning of TCP receive
  window size
• Better packet loss resiliency (e.g. wireless
  connectivity)
• Advanced congestion control for better throughput

10
The Receive Window Limitation
North America
Satellite
IntercontinentalFiber
11
Receive Window Auto-Tuning
Application performance with Windows Vista
between Redmond and Sydney
12
Advanced Congestion Control
TCP data transfer using Compound-TCP (green) and
vanilla TCP (red) between Bay Area, CA and
Tukwila, WA data centers
13
Microsoft.com and Auto-Tuning

• Replicating data between Tukwila andBay Area
• Default configurations
• On Windows ServerTM 2003 SP1
• 100Mbps NICs, 10Mbps throughput
• On Windows Vista Beta 1
• 100Mbps NICs, 80Mbps throughput
• 1000Mbps NICs, 400Mbps throughput

40X
14
Optimized networking TCP Auto-tuning
15
Drill-down Scalability and QoS

• The Challenge
• Run more applications on fewer servers and ensure
  mission critical applications receive the right
  network priority
• Common Scenarios
• High CPU utilization due to TCP/IP processing
• Multi-processor servers not efficiently used
• Limited ability to classify and manage network
  apps
• The Solution
• Enable highly scalable networking through
  hardware offloading and host-based, policy-driven
  quality of service

16
Drill-down Scalability and QoS

• Cost-effectively scale networking up and out
• Specialized hardware frees CPU(s) for
  applications
• Ease consolidation with support for multiple Gbps
• More efficient use of large server resources

• Adopt hardware acceleration and offloading
• Receive-side scaling optimizes multi-processor
  systems
• Architected to support latest TCP offload
  hardware
• Offload hardware less expensive than new high-end
  PCs

• Centralized management of host bandwidth use
• New Group Policy provides QoS markings at the
  host
• Leverage standard DSCP settings and/or Throttle
  rates
• Rich policy targeting and support for IPsec
  encapsulation

17
Policy-based QoS Example

• Desktop Finance-Bulk-traffic

• Problem Congestion over WAN
• Customer-facing Finance users
• Mission critical LOB application

Finance users (Windows Vista)

• -Server-Finance
• Bulk-traffic

• Bulk-traffic Policy

Other Desktops (Windows Vista)
Servers hosting ERP application (Windows Server
Longhorn)
18
Creating centralized QoS policies Policy-based
Quality of Service
19
Drill-down IPv6

• The Challenges
• Support a rapidly increasing number of networking
  devices while enabling new ad hoc and
  collaborative work styles
• Common Scenarios
• Public, globally routable IP addresses are scarce
  or costly to manage
• Alternative solutions like Network Address
  Translation (NAT) often prevent peer to peer
  computing (ex. remote administration)
• Corporations and ISVs operating proxies or in
  the cloud relays to restore end-to-end
  connectivity
• The Solution
• Next generation Internet support enables scalable
  IP addressing, restores end-to-end connectivity
  thereby reducing costs while enabling new
  capabilities

20
Drill-down IPv6

• Full support for next generation networking
• On by default facilitates faster deployment
  (IPv4/IPv6)
• Complete management and diagnostic tools
• Ready for IPv6-only networking (AD, DNS, DHCP,
  etc.)

• Enabling seamless networking benefits everyone
• Service providers Improve management lower
  costs
• End users Apps just work on any network, anytime
• Enterprises Employees more productive w/ less
  cost

• Enable new applications and experiences
• Flexibility of direct connectivity or
  peer-to-peer networking
• Increase productivity while improving network
  hygiene
• New applications in Windows (Windows Meeting
  Space)

21
Adhoc Meetings and CollaborationWindows Meeting
Space
22
Transitioning to IPv6

• Deployment happening over next 5 years
• Consumer
• Automatic deployment using Teredo/6to4
• Enterprise
• Application driven deployment
• Transition solutions (ISATAP)
• Full deployments
• Service providers
• Full scale services available now
• Windows platform support available

23
Infrastructure Phase options
Relative cost not based on study
24
Drill-down Network Isolation using IPsec

• The Challenges
• Giving IT more control over network connectivity
  to prevent worms Viruses, to protect
  Intellectual Property and to have additional
  layer of defense
• The Solution
• Server Domain Isolation Network Access
  Protection using IPsec provide rich capability to
  isolate traffic based on health state, user,
  active directory security groups

25
Server and Domain Isolation
Dynamically segment your Windows environment
into more secure and isolated logical
networksbased on policy

• Labs
• Unmanaged guests

Protect specific high-valued servers and data
Server Isolation
Protect managed computers from unmanaged or rogue
computers and users
Domain Isolation
NAP
Gets clients to healthy state, protects network
26
Policy-based Dynamic Segmentation
Corporate Network
Trusted Resource Server
X
Active Directory Domain Controller
Unmanaged/Rogue Computer
X
Untrusted
Define the logical isolation boundaries
Distribute policies and credentials
Enable tiered-access to sensitive resources
Managed computers can communicate
Block inbound connections from untrusted
27
Benefits of Server and Domain Isolation

• Reduce the risk of network security threats
• An additional layer of defense-in-depth
• Reduced attack surface area
• Increased manageability and integration with NAP

• Safeguard sensitive data and intellectual
  property
• Authenticated, end-to-end network communications
• Scalable, tiered access to trusted networked
  resources
• Protect the confidentiality and integrity of data

• Extend the value of existing investments
• No additional hardware or software required
• More value from Active Directory and Group Policy
• Complements existing network security solutions

28
Whats new in Vista
29
Microsoft IT Implementation
Microsoft Corporate Network
SecureNet
Clients, Servers, Home LANs, Trustworthy
Labs (240,000)
Boundary Machines (5,000)
Untrustworthy
ACL Controlled
Permitted Infrastructure
DTaps (no connectivity to CorpNet)
Internet Servers Business Partners Extranet (1,800
)
External Exclusions
30
Session Summary

• Windows Vista and Windows Server Longhorn
  represents the most significant update to Windows
  networking since the 1990s
• Windows Vista and Windows Server Longhorn
  offers more secure, reliable and scalable
  networking than ever before, resulting in a
  better overall experience
• Windows Vista and Windows Server Longhorn
  introduces and supports new and advanced
  networking scenarios (e.g. IPv6)
• For maximize benefit, start planning and
  evaluating the Next Generation TCP/IP stack
  today

31
Additional Resources

• The Cable Guy articles
• http//www.microsoft.com/technet/community/columns
  /cableguy/cgarch.mspx
• Windows Platform Networking whitepapers
• http//www.microsoft.com/networking
• Windows Vista Networking TechNet
  Sitehttp//www.microsoft.com/technet/windowsvist
  a/network/default.mspx
• IPv6 guidance and whitepapers
• http//www.microsoft.com/ipv6
• Security Server and Domain Isolation
• http//www.microsoft.com/sdisolation
• Network Access Protection Information
• http//www.microsoft.com/nap

32
(No Transcript)
33
Thank you to our Partners for their support of
TechDays 2007