Microsoft Windows Server 2008 R1802926 User Manual

APPLICATION READY NETWORK GUIDE  
MICROSOFT WINDOWS SERVER 2008  
Comprehensive Application Ready infrastructure that enhances the security,  
availability, and performance of Microsoft Windows Server 2008 deployments  
F5 APPLICATION READY NETWORK GUIDE: MICROSOFT WINDOWS SERVER 2008  
Benefits and F5 Value  
are ready for this inevitable change. With  
control of Windows Server 2008. This takes  
the workload off of the Windows Server 2008  
devices for increased server efficiency. By  
reducing unnecessary protocol communication  
across the network, F5 improves application  
response times and utilization for Windows  
Server 2008 deployments and other  
User Experience and  
Application Performance  
F5’s IPv6 support, organizations have a clear  
strategy for staging network migration as IPv6  
traffic grows, without wholesale network and  
application upgrades. Additionally, F5 devices  
can perform IPv6/IPv4 translation, translating  
traffic for consumption by either IPv4 or IPv6  
end points. This allows organizations to stage  
their migration gradually as demand for IPv6  
increases. F5 enables you to freely intermingle  
IPv4 and IPv6 services on Windows Server  
2008; for example, F5 can serve as an IPv4  
front end to Windows Server 2008 Web  
Access servers that only use IPv6. With F5,  
organizations have a strong solution for today  
and well into the future.  
Microsoft Windows Server 2008 gives  
organizations a powerful new platform that  
is designed to power the next-generation of  
networks, applications, and Web services.  
Windows Server 2008 includes some exciting  
new components such as Microsoft’s new  
TCP/IP stack, Secure Socket Tunneling Protocol  
(SSTP), and new versions of industry standard  
applications like Windows Terminal Services  
and Internet Information Services. F5 has been  
working closely with Microsoft to ensure that  
F5’s Application Ready Network for Microsoft  
Windows Server 2008 provides the highest level  
of application availability, performance, and end  
user satisfaction.  
applications on the network.  
Even high-powered and efficient applications  
and servers, like Windows Server 2008, as well  
as other devices on the local area network  
(LAN), are not much help over the wide area  
network (WAN). Network latency across the  
WAN is one of the biggest challenges facing  
IT departments around the world, and is a  
major concern for organizations deploying  
applications like Windows Terminal Services  
where users can access applications from  
anywhere. Simply increasing bandwidth  
Windows Server 2008 is extremely effective  
at what it was designed to do: provide a solid  
foundation for server workload and application  
requirements. One of F5’s core strengths is the  
ability to enhance end-user experience while  
increasing application and server performance.  
We do this by taking on many of the duties  
that servers traditionally have to perform. If  
each server has to carry out processor-intensive  
tasks such as compression, caching, and SSL  
processing and certificate management, the  
amount of processing power these devices  
have left to perform core tasks is reduced.  
By offloading these types of tasks onto F5’s  
centralized and high powered network devices,  
F5 greatly improves Windows Server 2008  
server efficiency and enables organizations to  
reduce the amount of hardware. This applies to  
all the major components of Windows Server  
2008, including Windows Terminal Services,  
Internet Information Servers, and SSTP.  
One of the highlights of Microsoft Windows  
Server 2008 is a next generation TCP/IP stack  
that has been completely redesigned from  
the ground up. F5 solutions include a host  
of TCP/IP optimization technologies that are  
compatible with Microsoft’s new stack. These  
optimizations, which combine session-level  
application awareness, persistent tunnels,  
selective acknowledgements, error correction,  
and optimized TCP windows, enable F5 devices  
and Microsoft Server 2008 installations to fully  
utilize available bandwidth. This enables F5  
devices to adapt, in real time, to the latency,  
packet loss, and congestion characteristics  
of WAN links, and accelerate virtually all  
application traffic. And F5 isolates, controls,  
and independently optimizes user and server  
connections, enabling both the server and end  
user to maximize productivity.  
does nothing to solve the problem. F5 helps  
drastically reduce the impact of latency in a  
number of ways. In addition to the benefits  
from TMOS, F5 solves latency problems with a  
group of capabilities that eliminates the need  
for the browser to download repetitive or  
duplicate data, as well as ensuring the best use  
of bandwidth by controlling browser behavior.  
By reducing the extra conditional requests  
and excess data (re)transmitted between the  
Windows Server is one of  
the most popular application  
platforms that we see within  
our enterprise customer  
base. As such, F5 has put  
substantial resources into  
testing its application delivery  
portfolio with the Windows  
Server platform technologies  
through every step of the  
beta to maintain a high level  
of interoperability.”  
F5 provides technology that guarantees the  
most efficient network possible. Because  
F5’s unique TMOS™ operating system is a  
full proxy, it can optimize any end point that  
connects through the system. As a full broker  
of communications, the system optimizes  
communication for every single end-device  
communicating through it. This optimization  
can take place up and down the entire stack  
— from the transport layer to the protocol  
and application layer — functions outside the  
With the rapid expansion of the Internet  
and the quickly diminishing number of IPv4  
addresses available, organizations are looking  
to ensure their network infrastructure is  
adequately prepared for the future. Internet  
Protocol version 6 (IPv6) support is no longer  
a luxury, it is a necessity. IPv6, a new suite  
of standard protocols for the network layer  
of the Internet, is built into both Windows  
Server 2008, as well as F5 devices, ensuring  
that your network and Microsoft applications  
Jim Ritchings, VP of Business  
Development at F5  
3
F5 APPLICATION READY NETWORK GUIDE: MICROSOFT WINDOWS SERVER 2008  
Benefits and F5 Value  
browser and the web application, F5 mitigates  
the effects of WAN latency, networking errors,  
and packet loss.  
security model. However, IPS/IDS systems could  
stateful applications and a higher level of user  
identity trust.  
only protect against a known list of attacks  
and signatures, and soon attacks became more  
sophisticated, with zero-day attacks that would  
bypass these systems as their signatures were  
previously unknown. Recently, hackers are  
shifting their focus to applications themselves  
with attacks that look harmless to both network  
firewalls and intrusion protection/detection  
systems. More than 50 percent of all new  
vulnerabilities being identified on a weekly basis  
are attributed to web applications2.. Devices  
relying solely on a known list of signature attacks  
cannot defend against targeted attacks involving  
a malicious user seeking vulnerabilities unique to  
a particular application. F5 detects and mitigates  
patternless exploits in real time, adding accurate,  
complementary protection to existing firewalls  
and IDS devices, which do not efficiently address  
HTTP and HTTPS-borne threats.  
F5 includes extremely granular endpoint security  
for remote users connecting to the network  
and to Windows Server 2008 servers and  
applications. Before a remote user can even  
log on to the F5 devices to gain access to the  
network, F5 can determine if an antivirus or  
personal firewall is running on their PC and if  
it is up-to-date, or enforce a specific operating  
system patch level, among a host of other  
pre-logon checks. F5 can direct the user to a  
remediation page for further instructions or  
even turn on antivirus or firewalls for the user.  
F5 remote access also supports two-factor  
authentication from leading vendors for those  
organizations that require more than just a user  
name and password for access to the network.  
And F5’s remote access solution can be easily  
integrated with Active Directory, providing  
centralized authentication.  
One of the strengths of the F5’s Application  
Ready Network is the wide variety of materials  
that ease the burden of configuring and  
optimizing our devices, freeing valuable IT  
resources to work on other projects. As part of  
the Application Ready Network for Microsoft  
Windows 2008, F5 has configured, tested, and  
tuned our devices with the major components  
of Windows Server 2008 and carefully  
documented the procedures in our Deployment  
Guide. F5 also provides configuration Profiles  
and Policies to make configuration incredibly  
simple yet powerful and flexible, with some  
policies including prebuilt drop-downs for  
components like Microsoft Internet Information  
Services and Windows Terminal Services.  
And now with our management devices,  
the deployment guide configuration files are  
available as a template, which can be easily  
uploaded and pushed to F5 devices. With the  
power of Microsoft PowerShell, the command  
line shell and scripting language included  
with Windows Server 2008, and F5’s iControl  
PowerShell Cmdlets and scripts, developers  
have a unique way to control and manage F5  
devices in one location1.  
In addition to analyzing and blocking known  
attack signatures, F5 can strip out identifying  
operating system and web server information  
(such as version strings, signatures, and  
fingerprinting) from message headers, conceal  
any HTTP error messages from users, and  
remove application error messages from pages  
sent to users while checking to ensure no server  
code or private HTML comments leak onto public  
web pages.  
When the remote user is finished working with  
their remote access session, F5 includes a cache  
cleanup control that removes cookies, browser  
history, auto-complete information, browser  
cache, temp files, and all ActiveX controls  
installed during the remote access session  
from the client PC. This makes ensures that no  
information is left behind, which is critical for  
users connecting from public computers, such  
as a kiosk.  
And attacks do not always come from the  
outside of the network; internal users can gain  
sensitive information or sabotage applications  
with greater ease than external users. Because  
F5 devices can offload SSL encryption duties,  
organizations can encrypt traffic for entire  
transactions, without affecting performance for  
the end user. This prevents information from  
being sent in clear text over the internal network,  
mitigating risks associated with internal users  
as well as complying with state and federal  
regulations related to privacy.  
Application Security  
Not only does F5 provide comprehensive  
application security, but we produce extremely  
secure devices. We ensure your Windows  
Server 2008 deployment, and the information it  
contains, remains completely secure.  
While performance and end-user experience  
are vital to a successful deployment of Windows  
Server 2008, ensuring application security  
can be even more crucial. Because of the  
sensitive nature of data stored in applications  
and databases, coupled with new compliance  
initiatives and government regulations on data  
protection, securing your applications is more  
important than ever before. F5 security solutions  
provide comprehensive protection for Windows  
Server 2008, ensuring your data and applications  
are secure.  
Unified Security Enforcement  
and Access Control  
Another integral piece of a complete security  
platform is security enforcement and access  
control. The number of employees requiring  
access to corporate resources from outside  
the network is growing every year. And it’s  
not only employees who need access to the  
network. With more business-to-business  
F5 devices also protect against attacks that use  
cookies and other tokens that are transparently  
distributed for their entry point. F5 devices can  
be easily configured to encrypt cookies used  
by Windows Server 2008, preventing cookie  
tampering and other cookie-based attacks.  
This gives organizations superior security for all  
Years ago, merely having network firewalls in  
front of the LAN was considered an adequate  
level of security. Next came intrusion protection/  
detection systems, which added another level  
of security, albeit one that provided a negative  
1 For more information on iControl and Microsoft PowerShell integration, see http://devcentral.f5.com/Default.aspx?tabid=71  
2 SANS@RISK, “The Consensus Security Vulnerability Report”  
4
F5 APPLICATION READY NETWORK GUIDE: MICROSOFT WINDOWS SERVER 2008  
Benefits and F5 Value  
transactions, and partners, contractors, and  
suppliers all clamoring for access to different  
internal applications, organizations are struggling  
with access control and enforcement issues.  
F5 provides a complete approach to security  
enforcement and providing access control for  
Windows Server 2008, regardless of end user,  
client type, application, access network, or  
network resources.  
down appropriate administrative personnel,  
is still up, business can continue. F5 remote  
access devices support Microsoft Vista and  
access to Windows Server 2008 devices,  
and even provide secure application access  
from Windows Mobile® 5/6 PocketPC and  
Smartphones.  
and improves the ability of application  
administrations to manage applications when  
it’s necessary. F5 helps streamline the business  
process and improve the productivity and  
efficiency of operational personnel.  
One scenario often neglected in a disaster  
recovery plan is when the event doesn’t  
happen to your organization, but to your  
ISP. While many organizations do have  
Business Continuity and  
Disaster Recovery  
In the past, remote access was provided by IPsec  
VPN solutions — a complicated deployment  
which required software installation and  
maintenance on every client, and was difficult  
to enforce and control. IPSec has shown it is  
unable to keep up with the growing demands  
of remote access required by today’s enterprise  
organizations. F5’s remote access solution  
enables you to easily grant remote access to  
anyone from any device, while ensuring this  
access is carefully controlled and restricted on a  
granular basis.  
multiple links, they have to contend with  
complicated BGP configurations. F5 simplifies  
multi-homed deployments so you no longer  
need ISP cooperation, designated IP address  
blocks, ASNs, or reliance on complex BGP  
configurations to protect your network from ISP  
failures. With F5 technology, an organization  
also has the choice of aggregating multiple  
small connections together rather than having  
to invest in a single high bandwidth connection.  
This frees businesses to expand their service  
as they grow. F5 seamlessly monitors  
Disaster recovery and business continuity are  
vital to the success of an organization. Merely  
having a solid security platform cannot protect  
against unexpected events and disasters that  
create a wide range of obstacles, ranging from  
knocking out the power to wiping out entire  
data centers. These disruptive events not only  
cost organizations thousands or even millions of  
dollars, but can bring about legal ramifications  
with industry and government rules concerning  
data protection and disaster recovery. With  
the amount of irreplaceable, business critical  
information stored on the network and in  
applications like those found in Windows Server  
2008, having an effective disaster recovery plan  
is essential.  
With F5, access to Windows Server 2008  
availability and performance of multiple  
WAN ISP connections to intelligently manage  
bi-directional traffic flows to a site, providing  
fault tolerant and optimized Internet access.  
F5 devices detect errors across an entire link to  
provide end-to-end, reliable WAN connectivity.  
F5 monitors the health and availability of each  
connection, detecting outages to a link or ISP.  
In the event of a failure, traffic is dynamically  
directed across other available links so users  
stay connected.  
resources can be easily controlled on an  
extremely granular level. For example, employees  
can be granted full access to internal resources,  
while a trusted partner group can be restricted  
to a specific subset of applications, and a  
F5 products are uniquely positioned to help  
organizations mitigate disasters and other  
disruptive events. F5 is the only vendor  
to virtualize data centers, VPN access,  
contractor group could be locked down to a  
specific application or port. F5 centralizes this  
access control, and makes configuring and  
enforcing this type of control simple. F5 can even  
gather device information (like IP address or time  
of day) and determine if a resource should be  
offered. The F5 solution also includes control  
for any access network and any device, with no  
need to deploy multiple access control solutions  
for remote users, wireless LANs, and the LAN.  
optimization, and traffic in an integrated  
fashion — ensuring the Windows Server 2008  
devices and applications are always available.  
F5 provides the industry’s most comprehensive  
solution for site failover and business continuity.  
From performing comprehensive site application  
availability checks, to defining the conditions  
for dynamically and transparently shifting all  
traffic to a backup data center, failing over  
an entire site, or controlling only the affected  
applications, F5 has the complete solution.  
F5 supports virtual administration domains,  
allowing a single F5 device to be managed by  
multiple application teams without interference.  
Every user can be assigned to specific  
administrative domains which define which  
objects are visible to that user. Multiple levels of  
access are also definable for each user, with basic  
read-only users who can log on to the devices  
to monitor status of specific objects and traffic  
quantities to full administrative users capable of  
making configuration changes to every object  
on the device. This increases productivity by  
reducing the time spent in meetings, tracking  
When one of these disruptive events does  
happen, even something as simple as a snow  
storm that prevents most employees from  
making it to the office, F5 provides extremely  
secure remote access to the network and  
Windows Server 2008 deployment, ensuring  
that even though the physical office might be  
unavailable, as long as a single data center  
5
F5 APPLICATION READY NETWORK GUIDE: MICROSOFT WINDOWS SERVER 2008  
Global F5 and Windows Server 2008 Deployment  
The following example shows a global configuration, using the F5 suite of products to  
optimize, secure, and deliver Windows Server 2008 installations over the WAN and LAN.  
F5 TMOS  
Branch Office  
FirePass  
WANJet 500  
WANJet  
Routers  
WANJet 500  
WANJet 500  
WANJet  
Enterprise Manager  
BIG-IP  
Link Controller  
DMZ  
Remote Users  
Firewalls  
FirePass  
Internet or WAN  
BIG-IP  
Global Traffic Manager  
BIG-IP Application  
Security Manager  
BIG-IP  
Local Traffic Manager  
WANJet 500  
Routers  
WebAccelerator  
Disaster  
WANJet 500  
WANJet  
Recovery Site  
BIG-IP  
Link Controller  
DMZ  
WTS 2008  
IIS 7.0  
Windows Server  
2008  
FirePass  
Firewalls  
BIG-IP  
Global Traffic Manager  
F5 TMOS  
Headquarters  
BIG-IP  
Local Traffic Manager  
WTS  
2008  
Windows  
Server 2008  
IIS 7.0  
F5 TMOS  
6
F5 APPLICATION READY NETWORK GUIDE: MICROSOFT WINDOWS SERVER 2008  
Additional Information  
GTM: The BIG-IP Global Traffic Manager™  
WANJet  
Deployment Guides  
Deploying the BIG-IP System with Microsoft  
WANJet® is an appliance-based solution that  
delivers LAN-like application performance over  
the WAN. WANJet accelerates applications  
including: file transfer, e-mail, client-server  
applications, data replication, and others,  
resulting in predictable, fast performance for  
all WAN users.  
(GTM) Module provides high availability,  
maximum performance and global management  
for applications running across multiple and  
globally dispersed data centers. Seamlessly  
virtualizes FirePass VPN to automatically provide  
always-on access control.  
Internet Information Services 7.0  
Provides detailed procedures on how to  
configure the BIG-IP® Local Traffic Manager™  
(LTM) and WebAccelerator™ with Internet  
Information Services 7.0.  
ASM: The Application Security Manager™  
provides application layer protection from both  
targeted and generalized application attacks  
to ensure that applications are always available  
and performing optimally.  
Deploying the BIG-IP System with Microsoft  
Windows Server 2008 Terminal Services  
Enterprise Manager  
F5’s appliance-based Enterprise Manager  
™gives you the power to centrally discover  
and maintain the F5 devices in your network.  
With Enterprise Manager, you can archive and  
safeguard device configurations for contingency  
planning, Configure new devices from a central  
location without manually working on each  
device, easily and quickly roll-out software  
upgrades and security patches and much more.  
Provides detailed procedures on how to  
configure the BIG-IP LTM with the new version  
of Windows Terminal Services.  
WA: F5 WebAccelerator™ is an advanced  
web application delivery solution that provides  
a series of intelligent technologies designed  
to overcome problems with browsers, web  
application platforms, and WAN latency issues  
which impact user performance.  
See the Deployment Guide index on the F5  
Solution Center for more Microsoft Guides.  
For more information about the partnership  
between F5 and Microsoft, see the Microsoft  
Partner Showcase on the F5 Solution Center.  
LC: The BIG-IP Link Controller™ Module  
seamlessly monitors availability and  
performance of multiple WAN connections to  
intelligently manage bi-directional traffic flows  
to a site – providing fault tolerant, optimized  
Internet access.  
F5 Acopia ARX  
F5 Acopia™ award-winning intelligent file  
virtualization solutions decouple file access  
from physical file location. Our ARX® products  
integrate seamlessly into existing Network  
Attached Storage (NAS), Windows®, UNIX®  
and Linux environments. ARX devices provide  
industry-leading scalability, performance and  
reliability, and are specifically designed to meet  
the needs of enterprise storage environments.  
F5 Product offerings  
BIG-IP Product Family  
The BIG-IP products deliver high availability,  
improved performance, application security,  
and access control, all in one unit. A single  
BIG-IP device can do the work of a dozen  
single-purpose products. More importantly,  
it can do that work in an efficient, cohesive  
manner that is easier to manage and adapt as  
business and technology needs change.  
Feature Modules: These are individual  
feature packs that can be added to a BIG-IP  
traffic management platform. The Feature  
Modules include the Message Security,  
Intelligent Compression, L7 Rate Shaping,  
IPv6 Gateway, Advanced Client Authentication,  
SSL Acceleration, Fast Cache, and Advanced  
Routing Modules.  
iControl API  
iControl® is F5’s SOAP API exposed on each  
BIG-IP LTM system. iControl enables automation  
between the application and the network, and  
gives organizations the power and flexibility  
to ensure that applications and the network  
work together for increased reliability, security,  
and performance. F5’s developer community,  
DevCentral, has sample iControl applications  
and code. Visit the Microsoft page on  
DevCentral for Microsoft-specific forums and  
other useful information about F5 integration  
with Microsoft applications.  
Product Modules (These modules can also  
be run as standalone appliances)  
FirePass  
F5’s FirePass® SSL VPN appliance provides secure  
access to corporate applications and data using  
a standard web browser. Delivering outstanding  
performance, scalability, ease-of-use, and  
end-point security, FirePass helps increase the  
productivity of those working from home or on  
the road while keeping corporate data secure.  
LTM: The BIG-IP LTM allows organizations to  
ensure quality of service and manageability,  
apply business policies and rules to content  
delivery, support increasing traffic volumes,  
deliver their applications securely, enjoy  
operational efficiency and cost control,  
and remain flexible to future application  
and infrastructure changes to protect their  
investments.  
© 2008 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, FirePass, Acopia, ARX, WANJet, WebAccelerator are trademarks or registered trademarks of F5 Networks, Inc.  
in the U.S. and certain other countries.  
7

LG Electronics LG Lifes Good Cell Phone AS740 User Manual
IBM DTLA 307060 User Manual
Huawei Technologies Cell Phone U8500 User Manual
Hitachi Travelstar HTS723225A7A365 User Manual
GE ZBD6605 User Manual
Denon DVD 1940CI User Manual
COBY electronic COBY CX CX CD400 User Manual
Black & Decker DCM20WH User Manual
Atlantic 150CD R User Manual
APC Smart UPS 3000 XL User Manual