Vous êtes sur la page 1sur 31

Consultor en Infraestructura de Servidores

CENTRO DE CERTIFICACIN EN TI
/neangeles
Introduccin a la Seguridad
Avances en Redes con R2
Rendimiento y Diagnstico en Cloud Scale
Comprehensive SDN
Core Infrastructure Enhancements
CENTRO DE CERTIFICACIN EN TI
CENTRO DE CERTIFICACIN EN TI


























CENTRO DE CERTIFICACIN EN TI
Buenas
Prcticas
Seguridad
Fundamentos
CENTRO DE CERTIFICACIN EN TI
Confidencialidad: garantizar que slo los usuarios y aplicaciones
autorizados acceden a la informacin
Integridad: asegurar que la informacin no ha sido modificada
Disponibilidad: garantizar que la informacin est accesible a
usuarios y aplicaciones
I
n
t
e
g
r
i
d
a
d

C
o
n
f
i
d
e
n
c
i
a
l
i
d
a
d

D
i
s
p
o
n
i
b
i
l
i
d
a
d

CENTRO DE CERTIFICACIN EN TI
Directivas, procedimientos,
formacin y concienciacin
Seguridad fsica
Datos y Recursos
Defensas de Aplicacin
Defensas de Host
Defensas de Red
Defensas de Permetro
A
s
u
m
e

f
a
l
l
o

d
e

l
a

c
a
p
a

a
n
t
e
r
i
o
r

Cada capa establece sus
defensas:
Datos y Recursos: ACLs, Cifrado
Defensas de Aplicacin:
Validacin de las entradas,
Antivirus
Defensas de Host: Asegurar el
SO, aplicar revisiones y SP,
Auditoria
Defensas de red:
Segmentacin, VLAN ACLs, IPSec
Defensas de permetro:
Filrado de paquetes, IDS,
Cuarentena en VPN
CENTRO DE CERTIFICACIN EN TI
NIC Teaming
DHCP failover
Private virtual local area
network (PVLAN)
Hyper-V Network
Virtualization
SIMPLIFICA LA INFRAESTRUCTURA CON MULTITENANT
OPERATIONAL EFFICIENCY ECOSYSTEMA FUNCIONAL DISPONIBILIDAD CONTINUA DE APLICACIONES
Cross-premises
connectivity
Hyper-V Extensible
Switch
Hardware partners
SMB 3.0 Multichannel
Quality of Service
(QoS)
HIGH-PERFORMANCE
NETWORKING
SMB Direct
Single Root I/O
Virtualization (SR-IOV)
Receive-Side scaling
(RSS)
Receive Segment
Coalescing (RSC)
Dynamic Virtual
Machine Queue
(D-VMQ)
IP Address Management
(IPAM)
Resource Metering
Microsoft Windows
PowerShell
BranchCache
DirectAccess
DHCP failover
CENTRO DE CERTIFICACIN EN TI
Cloud Scale Performance &
Diagnosability
Comprehensive SDN
Core Infrastructure
Enhancements
vRSS
Remote Live
Monitoring
NIC Teaming
Hyper-V Network
Virtualization
Hyper-V Switch
Hybrid Forwarding
Standards based
Switch Management
Cloud Gateways
IPAM for Virtualized
Datacenters
DNS Enhancements
for Service Providers
Extended ACLs Test-NetConnection
Enhanced HNV
Diagnostics
CENTRO DE CERTIFICACIN EN TI
Host VP3 Host VP1 Host VP2 Host VP0
vProc
vProc vProc vProc
Windows Server 2012
VMs restringido a 1 procesador para procesar el
trfico de la red
Windows Server 2012 R2
vRSS maximiza la utilizacin de los recursos por
el trfico de red que se separa a travs de
mltiples procesadores virtuales
Ahora es posible virtualizar tradicionalmente una
red con cargas de trabajo fsicas intensivas
No requiere ninguna actualizacin de hardware y
funciona con cualquier NIC que soportan VMQ

vRSS, proporciona velocidad a una VM en hardware
existente, lo que permite virtualizar tradicionalmente
intensas cargas de trabajo fsico de red
VMNIC
Physical NIC
CENTRO DE CERTIFICACIN EN TI
Windows Server 2012
Proporciona tolerancia a fallos y
disponibilidad continua en la red
Agregados de ancho de banda de varios
adaptadores de red
Windows Server 2012 R2
Introduce un nuevo modo, Dynamic
mode.
Balances based on flowlets
Optimizado la utilizacin de un
hardware existente en el equipo
Virtual
adapters
Virtual
adapters
Team network
adapter
Team network
adapter
Operating system
Dynamic NIC Teaming optimiza la utilizacin de un
equipo en el hardware existente, de tal modo
maximizar el ROI
CENTRO DE CERTIFICACIN EN TI
NIC Team
Windows Server 2012
TCP/IP Stack
Windows Server 2012 R2
TCP/IP Stack
E
NIC Team
CENTRO DE CERTIFICACIN EN TI
ACLs
Windows Server 2012
Trfico habilitado para permitir/bloquear
VM basado en origen y destino
Windows Server 2012 R2
Permite o bloquea el trfico de cargas de
trabajo especficos

Filter traffic based on:
Network address
Application port
Protocol type

Inspeccin profunda de paquetes
Parent Partition
Extension C
Extension D
Extension A
Virtual Switch
Capture Extensions
Filtering Extensions
Forwarding Extension
Physical NIC
VMNIC
Virtual Machine
Extension Miniport
Extension Protocol
CENTRO DE CERTIFICACIN EN TI
Remote Live Monitoring proporciona paquetes remotos y
eventos ETW capturados desde cualquier host en el
datacenter, permitiendo diagnsticos a gran escala.

Server or client with
Microsoft Message
Analyzer
Windows Server
2012 R2
WMI to configure the filters and truncation
WMI starts/stops the session
Truncated network traffic redirected
ETW events
Windows Server 2012
Monitoreo remoto de trfico de red no
es simple Windows Server 2012 R2
Espejo y capturar trfico de red para
visualizacin local y remota
GUI experience with Message Analyzer
Suporta captura de trfico remote offline
Filtro basado en IP addresses yVMs
CENTRO DE CERTIFICACIN EN TI
Hyper-V Network
Virtualization
Hyper-V Extensible
Switch
Partner extensions
System Center 2012 Virtual Machine Manager
Partner extensions

















Hyper-V Extensible
Switch
Hyper-V Network
Virtualization
Network switch
management
Built-in Software
gateways
System Center 2012 R2 Virtual Machine
Manager

Open, extensible &
standards-based Built-in and production ready
Innovation in software and
hardware
CENTRO DE CERTIFICACIN EN TI
Cmo trabaja la red de
virtualizacin
Overlays physical network
Encapsulation using NVGRE protocol
Problema resuelto
VM mobility across datacenter, hoster
cloud or Azure
Ability to import customer IP addresses
and network topology

Physical server Physical network
Contoso virtual
machine
Fabrikam virtual
machine Contoso network Fabrikam network
Flexibility Control Automation
CENTRO DE CERTIFICACIN EN TI
SQL Server Web
Fabrikam sees
SQL Server Web
Contoso sees
SQL Server SQL Server Web Web
192.168.2.12

192.168.1.10

10.1.1.2 192.168.1.10
10.1.1.3 192.168.2.12
192.168.n.n

PROVIDER ADDRESS SPACE (PA)
10.1.1.2 192.168.1.10
10.1.1.3 192.168.2.12
10.1.1.2 10.1.1.1
10.1.1.2 10.1.1.3
CUSTOMER ADDRESS SPACE
10.1.1.2 192.168.1.10
10.1.1.3 192.168.2.12
10.1.1.2 192.168.1.10
10.1.1.3 192.168.2.12
10.1.1.2 192.168.1.10
10.1.1.3 192.168.2.12
10.1.1.2 192.168.1.10
10.1.1.3 192.168.2.12
10.1.1.1 10.1.1.2
10.1.1.2 10.1.1.3
Dynamically Learned Customer
Addresses
Highly available Windows gateways, hosts, VMs

Performance Improvements
NIC Teaming Integration
NVGRE Task Offload Enabled NICs

Enhanced diagnostics of virtual
networks
CENTRO DE CERTIFICACIN EN TI
Host NIC
Parent Partition
Extension C
Extension D
Extension A
Extension Miniport
Extension Protocol
Virtual Switch
Capture Extensions
Filtering Extensions
Forwarding Extension
VM NIC
Virtual Machine
Physical NIC
Benefits
Open platform to fuel plug-ins
Free core services
Reliability and quality
Unified management
Easier to support

CENTRO DE CERTIFICACIN EN TI
Introduces new hybrid forwarding
HNV forwards HNV traffic
Forwarding Extension forwards non-HNV traffic

Richer switch extensions
Extensions can view CA and PA packets

Enables 3
rd
party network virtualization
Forwarding extensions can modify packet headers on
both ingress and egress

pNIC
NIC Team
vSwitch
Extension
Extension
Extension
I
n
g
r
e
s
s

E
g
r
e
s
s

Native
Policies
Egress
ACL
MS
Forwarding
HNV
I
n
g
r
e
s
s

E
g
r
e
s
s

HNV
pNIC
NIC Team
vSwitch
Extension
Extension
Extension
I
n
g
r
e
s
s

E
g
r
e
s
s

Native
Policies
Egress
ACL
MS Forwarding
I
n
g
r
e
s
s

E
g
r
e
s
s

CENTRO DE CERTIFICACIN EN TI

Communicating using
WS-MAN
Flexibility Control Automation
OMI OMI OMI
How switch management works
Standards-based CIM model
Switches running Open Management
Infrastructure (OMI)
Switch Management PowerShell Cmdlets

Problems solved
Common management interface
across multiple network vendors
Automate common network
management tasks
Logo Program enables customers to
find/buy switches that just work

Challenges
Hoster wants to provide isolated networks for
tenant VMs with integrated S2S VPN and NAT

Enterprises have virtualized networks split across
different datacenters or virtualized networks
communicating to physical networks

Solution
Multitenant aware VPN for Site-to-Site
connectivity

Multitenant aware NAT for Internet access

Forwarding gateway for in datacenter physical
machine access

Host Datacenter
Network Virtualization Fabric
Host Host
Internet
Fabrikam Corp. Contoso Corp.
Multi-tenant VPN
Gateway
Flexibility Control Automation
CENTRO DE CERTIFICACIN EN TI
IP Address Management (IPAM)
27
IPAM distributed architecture
Domain
europe.corp.woodbridge.com
IPAM Server
(UK)
DHCP, DNS, DC,
and NPS servers
IPAM Server
(Bangalore)
DHCP, DNS, DC,
and NPS servers
Domain
fareast.corp.woodbridge.com
IPAM Server
(Hyderabad)
DHCP, DNS, DC,
and NPS servers
Site: Hyderabad
Branch office
Site: Bangalore
Branch office
Site: UK
Branch office
IPAM server
(Redmond)
DHCP, DNS, DC,
and NPS servers
Site: Redmond
Head office
Windows Server 2012
Inbox feature for integrated management
of IP addresses, domain names, and
device identities
Tightly integrates with Microsoft DNS and
DHCP servers
Provides custom IP address space display,
reporting, and management
Audits server configuration changes and
tracks IP address use
Monitors and manages specific scenario-
based DHCP and DNS services
CENTRO DE CERTIFICACIN EN TI
IP Address Management (IPAM)
Windows Server 2012 R2
Manages virtual address space in addition to
physical address space
Imports and exports network configurations
automatically through plugin for System Center
Virtual Machine Manager
Enables synchronization of Active Directory
Sites and subnets information with IPAM
Lets admins define user roles, access scope and
access policy through role-based access control
Hoster friendly DNS monitoring that provides
per zone statistics
Data collection tasks
WCF
PS/WS
Man
Network Administrator

Fabric Administrator

System Administrator

Forensics Investigator
Security Groups
Enable cost-effective connectivity and network automation in
virtualized private, hoster, and hybrid cloud deployments
CENTRO DE CERTIFICACIN EN TI
Cloud Scale Performance &
Diagnosability
Comprehensive SDN
Core Infrastructure
Enhancements
vRSS
Remote Live
Monitoring
NIC Teaming
Hyper-V Network
Virtualization
Hyper-V Switch
Hybrid Forwarding
Standards based
Switch Management
Cloud Gateways
IPAM for Virtualized
Datacenters
DNS Enhancements
for Service Providers
Extended ACLs Test-NetConnection
Enhanced HNV
Diagnostics
CENTRO DE CERTIFICACIN EN TI
http://microsoft.com/msdn
www.microsoft.com/learning http://www.certipro64.com/cursos
http://microsoft.com/technet
CENTRO DE CERTIFICACIN EN TI
Ing. Nelson Angeles Quiones
Consultor en Infraestructura de Servidores
CENTRO DE CERTIFICACIN EN TI
/neangeles neangeles@hotmail.com