Introducing

Recommendations

Info

You can use the Web and MSOFBA option to preauthenticate clients by using the Microsoft Office Forms Based Authentication (MSOFBA) protocol. MSOFBA provides form-based authentication instead of basic or NTLM authentication when you use Office client applications. The second option is the well-known HTTP basic authentication that you can use in scenarios such as Exchange Active Sync (ActiveSync). This is a new capability included in this release of Web Application Proxy. For the ActiveSync scenario, the authentication process includes four core steps: 1. WAP stops the request and passes all credentials to AD FS. 2. AD FS validates, applies policy, and replies with a token. 3. Upon success, Web Application Proxy allows the request to pass to the Exchange server. 4. Web Application Proxy caches the token for future use. The third option is OAuth2, which is an authorization framework that many vendors use, including Microsoft. Web Application Proxy has supported OAuth2 since Windows Server 2012 R2; however, the option was not available in the user interface (UI). More info To learn more about OAuth2, go to http://tools.ietf.org/html/rfc6749. You can find additional information about AD FS support for OAuth2 at http://technet.microsoft.com/ library/dn383640.aspx. After you select the appropriate client for the publication, click Next. The Publishing Settings page includes one new option with which you can turn on HTTP-to-HTTPS redirection, as illustrated in Figure 2-75. Figure 2-75: Publishing settings This is a great addition because to turn on HTTP-to-HTTPs redirection in Windows Server 2012 R2, you were required to install and configure Internet Information Services (IIS). Notice that this option is selected by default, but ensure that it is selected for your app before clicking Next and moving on to the Confirmation page. Remote Desktop Gateway scenario The changes that were first introduced in the Windows Server 2012 R2 August 2014 update package regarding the way Web Application Proxy handles Remote Desktop Gateway publication is incorporated in this release. This change simplifies the deployment experience for IT administrators who are planning to publish RDP via Web Application Proxy and makes it possible for Remote Desktop Gateway to pick up the session cookie that was used by Remote Desktop Web Access to authenticate the RDP over HTTP traffic. 74 CHAPTER 2 | Software-defined datacenter
Auditing access to resources Windows Server 2016 introduces a new capability that gives IT administrators better audit access to published resources. Web Application Proxy now adds to every request an X-Forwarded-For (XFF) header to verify whether the header already exists. If so, Web Application Proxy concatenates the client IP to this header. Note XFF is a nonstandard HTTP header that became the de facto standard. It is used extensively by proxy servers to identify the IP of an originated request. For more information about this, read the RFC at http://tools.ietf.org/html/rfc7239. Another important aspect of Web Application Proxy auditing capabilities are the events that are logged in the Event Viewer. In this release, the Event Viewer includes many more events, such as analytics and debug logs. You will review some examples of these events in the section "Web Application Proxy troubleshooting" later in this chapter. Taking application proxies to the modern IT world A few years ago, our team had a big dilemma. We had two products in the market: Forefront Threat Management Gateway and Forefront Unified Access Gateway. Both of these products had been around for many years and had been deployed by tens of thousands of customers. Both of them had evolved since they were first introduced during the 1990s. However, both products had similar issues: They were very complex products that were difficult to deploy, troubleshoot, and maintain. This was partly because over the years they accumulated many capabilities that became irrelevant. At the same time, they lacked or had limited support for modern technologies such as federation and OAuth2. On top of it all, they were expensive products that had their own licenses. It was a tough decision, but we decided to start from a blank page, to examine all the functionality of reverse proxy, to pick and choose only the technologies that matter today, and to implement them by using a fresh code base built on the most modern standards. A big part of this decision was that we wanted to embed the reverse proxy into Windows Server. We wanted to make it just like any other role service available to install from Server Manager. For us, this meant adhering to the strictest standards regarding code and management. Microsoft customers expect that all Windows Server role services are managed the same way, including in Windows PowerShell, the administrator UI, the remote administrator UI, performance counters, the System Center Operations Manager pack, event logs, and so on. This is how Web Application Proxy was born in Windows Server 2012 R2. We made no compromise on code security, management, and standardization. And, we were happy that customers got it. Companies were able to deploy and integrate Web Application Proxy into their infrastructure very easily. The downside of this approach is that we were not able to include all of the functionality we wanted to have—functionality that would make it possible for all customers to move from Threat Management Gateway and Unified Access Gateway to the new solution. However, now that we have built a solid foundation, it is easier to add more functionality to make Web Application Proxy the obvious choice to publish on-premises resources such as Microsoft SharePoint, Lync, and Exchange to remote users. This version marks an important milestone in the journey we began quite a few years ago. Now, it is time for us to begin another journey to bring remote access to the cloud era. We have created Azure Active Directory Application Proxy as another tool for customers to publish applications in cloud-based solutions. Fortunately, Web Application Proxy in Windows Server and Azure Active Directory Application Proxy share a lot of code. More than that, they share the same concepts and perception of remote access and how to make it simple to deploy and easy to maintain. 75 CHAPTER 2 | Software-defined datacenter
Page 1 and 2:
Introducing Windows Server 2016 Joh
Page 3 and 4:
Visit us today at microsoftpresssto
Page 5 and 6:
Creating a cloud witness by using A
Page 7 and 8:
DSC Local Configuration Manager ...
Page 9 and 10:
Ramnish Singh Ritesh Modi Jason M.
Page 11 and 12:
C H A P T E R 1 Introduction to Mic
Page 13 and 14:
The following subsections dive deep
Page 15 and 16:
Offer greater service availability
Page 17 and 18:
Self-Service In the area of self-se
Page 19 and 20:
C H A P T E R 2 Software-defined da
Page 21 and 22:
Each nested guest VM needs to have
Page 23 and 24:
A VM collection group is a logical
Page 25 and 26:
Using the Get-VM cmdlet, you can se
Page 27 and 28:
Figure 2-5: Multitier management gr
Page 29 and 30:
Windows Server 2012 R2 took live mi
Page 31 and 32:
Figure 2-12: VM shortcut menu To do
Page 33 and 34: You can confirm this by using Windo
Page 35 and 36: ParentSnapshotName : MemoryStartup
Page 37 and 38: Figure 2-19: Message indicating tha
Page 39 and 40: Figure 2-23: VM Task Manager showin
Page 41 and 42: Failover cluster By John Marlin and
Page 43 and 44: Figure 2-30: Entering storage accou
Page 45 and 46: Figure 2-34: Extending a volume in
Page 47 and 48: [=== Microsoft-Windows-ClusterAware
Page 49 and 50: Troubleshooting an event such as th
Page 51 and 52: Figure 2-40: Pausing cluster node N
Page 53 and 54: -IncludeAllSubFeature 5. Add the Wi
Page 55 and 56: Figure 2-50: VM Configuration Versi
Page 57 and 58: As Figure 2-51 illustrates, when ap
Page 59 and 60: There is no need for schema updates
Page 61 and 62: In the Configure Storage Replica Wi
Page 63 and 64: There are many options for the New-
Page 65 and 66: Deployment Choice Storage Spaces Di
Page 67 and 68: Figure 2-60: The Storage Spaces Dir
Page 69 and 70: on node A, B, and C, and the extent
Page 71 and 72: Figure 2-63: Old mapping versus the
Page 73 and 74: Multi-instance With multi-instance
Page 75 and 76: Figure 2-66 Network virtualization
Page 77 and 78: Figure 2-68: NVGRE Network Controll
Page 79 and 80: More info In this book, we cannot p
Page 81 and 82: When you have a service that requir
Page 83: Figure 2-72: Post deployment config
Page 87 and 88: Figure 2-77: Published web applicat
Page 89 and 90: Figure 2-81: Relying party options
Page 91 and 92: Figure 2-85: The Edit Claim Rules d
Page 93 and 94: This will provide you with the toke
Page 95 and 96: Figure 2-92: Viewing details from t
Page 97 and 98: Hear about it first. Get the latest
Page 99 and 100: Figure 3-1: Diagram showing the thr
Page 101 and 102: DNS server Web server running IIS A
Page 103 and 104: Figure 3-5: Architecture of differe
Page 105 and 106: Remotely managing Nano Server Nano
Page 107 and 108: Monitoring Nano Server You can now
Page 109 and 110: Figure 3-6: Conceptual container la
Page 111 and 112: Figure 3-7: Windows Server 2016 con
Page 113 and 114: Figure 3-10: Containers can write o
Page 115 and 116: Firewalls Every container host has
Page 117 and 118: C H A P T E R 4 Security and identi
Page 119 and 120: At this point, it might be self-def
Page 121 and 122: UEFI BIOS configured to prevent an
Page 123 and 124: Better protection against advanced
Page 125 and 126: When a user attempts to remote desk
Page 127 and 128: New fields in the process creation
Page 129 and 130: The core areas of interest to chang
Page 131 and 132: credentials for this account with s
Page 133 and 134: Long-term plan The long-term goals
Page 135 and 136:
A REST Endpoint Windows PowerShell
Page 137 and 138:
Bring Your Own Device (BYOD) equipm
Page 139 and 140:
Users can add their personal Micros
Page 141 and 142:
More info For further information,
Page 143 and 144:
C H A P T E R 5 Systems management
Page 145 and 146:
Like Linux, we have some common ter
Page 147 and 148:
Name InstallationPolicy SourceLocat
Page 149 and 150:
uri='https://www.powershellgallery.
Page 151 and 152:
Figure 5-1: Sample code in the Wind
Page 153 and 154:
The first runspace, ID 1, is always
Page 155 and 156:
ConfigurationRepositoryShare This r
Page 157 and 158:
IISInstall is responsible for downl
Page 159 and 160:
DSC partial configurations One of t
Page 161 and 162:
You also need to provide the pull s
Page 163 and 164:
The .mof file is generated on the p
Page 165 and 166:
this information. Figure 5-9 shows
Page 167 and 168:
Backup and recovery Security and co
Page 169 and 170:
Figure 5-15: Connecting a storage a
Page 171 and 172:
Figure 5-19 depicts the first step
Page 173 and 174:
Figure 5-23: Adding logs From here
Page 175 and 176:
Figure 5-26: Sample deployment for
Page 177 and 178:
Figure 5-28: The Windows PowerShell
Page 179 and 180:
Deployment Deployment of SMT is rel
Page 181:
Free ebooks From technical overview
show all

Introducing

Create successful ePaper yourself

Delete template?

Save as template?