vista preview

Views:
 
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

Microsoft Windows Vista:Beta Preview: 

Microsoft Windows Vista: Beta Preview Rob Bergin Senior Systems Engineer Emerging Technologies rbergin@gmail.com

Session Outline: 

Session Outline Many Faces of Vista (7 versions) Bill Gates WinHEC presentation Quick history of Windows 64-bit architecture Computing for Everyone Longhorn (next-gen Windows) Windows Vista Preview Virtual Server 2005 SP1 Overview of enhancements Windows virtualization futures

Ars Technica’s Versions 1-6: 

Ars Technica’s Versions 1-6 Starter Edition 'It will limit users to three concurrent applications, and provide only basic TCP/IP networking, and won't be suitable for most games.' Home Basic Edition See Windows XP - Home Home Premium Edition 'the next-generation of Media Center capabilities, including support for HDTV, DVD authoring, and even DVD ripping backed up (of course) by Windows DRM' Windows Vista Professional Edition 'support for non-Microsoft networking protocols and AD Domains' Small Business Edition 'includes a networked backup solution' Enterprise Edition 'Virtual PC integration, encrypt an entire volume of information'

Ars Technica’s Versions #7: 

Ars Technica’s Versions #7 Ultimate Edition (per Paul Thurrott) 'The best operating system ever offered for a personal PC, optimized for the individual. Windows Vista Ultimate Edition is a superset of both Vista Home Premium and Vista Pro Edition, so it includes all of the features of both of those product versions, Game Performance Tweaker with integrated gaming experiences, Podcast-like creation utility (under consideration, may be cut), online 'Club' services (exclusive access to music, movies, services and preferred customer care) Microsoft is still investigating how to position its most impressive Windows release yet, and is looking into offering Ultimate Edition owners such services extended A1 (anti-virus/anti-spyware ) subscription free music downloads free movie downloads Online Spotlight entertainment software preferred product support custom themes

John Dvorak’s Versions: 

John Dvorak’s Versions Vista Kiddie Edition 'Bringing back Microsoft Bob' Microsoft Vista—Porn Edition 'All the great porn sites would be pre-bookmarked. The screen savers and wallpaper would be all porn all the time. For users at work, there would be a built-in 'boss' key capability that would switch the machine to a faux Enterprise edition.' Microsoft Vista—Kitchen Edition 'a rugged kitchen edition with a file system specifically suited to storing recipes and videos of Jacques Pepin cooking his way' Microsoft Vista Gamer Case-Mod Edition 'the OS could control flashing lights inside the machine or make the disk-drive light blink wildly. It can be ultraoptimized for games. Perhaps Microsoft could return to the efficient DOS code for that! 64-bit architecture'

John Dvorak’s Versions: 

John Dvorak’s Versions Microsoft Vista for Desperate Housewives 'Hey, wait--that's a TV show. There would be a copyright problem.' Not if it's a test–marketed, licensed product and sold specifically to fans of the show, not to mention actual desperate housewives.' Microsoft Vista for Costco Customers For the multi-PC house, an eight-pack! Microsoft Vista Linux Distro Edition 'Actually be MS-Linux with the same GUI as Vista' Microsoft Vista OS-X Special Edition This would be a version that looked and felt exactly like OS-X, in case OS-X for the x86 gets into the wild and starts spreading. Microsoft can say it's already been there and done that with OS-XP.

Slide7: 


Slide8: 


Slide9: 


Slide10: 


Slide11: 


Slide12: 


Slide13: 


Slide14: 


Slide15: 


Slide16: 


Slide17: 


Slide18: 


Slide19: 


Slide20: 


Slide21: 


Windows Vista: 

Windows Vista Brief overview

Longhorn: 

Longhorn Codename for the next major version of Windows Major release (although most technologies have been seen before) Currently in alpha technical previews Due for release 2006? (when ready!) Interim updates e.g. Windows XP Service Pack 2 Windows 2003 Server 'SE'

Longhorn Architecture: 

Longhorn Architecture Presentation Storage Communication Base Operating System Services Avalon WinFS Indigo Location Service

WinFX: 

WinFX Client Application Model Avalon Windows Forms Web andamp; Service Application Model ASP.NET / Indigo Win FS Compact Framework Yukon Mobile PC Optimized System.Help System.Drawing System.NaturalLanguageServices Data Systems Application Model Presentation Data Mobile PC andamp; Devices Application Model Communication Command Line NT Service DataSet Mapping ObjectSpaces ObjectSpace Query Schema Item Relationship Media Audio Video Images System.Messaging System. Discovery System.DirectoryServices System.Remoting System.Runtime.Remoting Active Directory Uddi System.Web.Services Web.Service Description Discovery Protocols System.MessageBus Transport Port Channel Service Queue PubSub Router System.Timers System.Globalization System.Serialization System.Threading System.Text Base andamp; Application Services Fundamentals System.ComponentModel System.CodeDom System.Reflection System.EnterpriseServices System.Transactions Security System.Windows. TrustManagement System.Web. Security System.Message Bus.Security Authorization AccessControl Credentials Cryptography System.Web.Configuration System.MessageBus.Configuration System.Configuration System.Resources System.Management System.Deployment System.Diagnostics Configuration Deployment/Management System.Windows System.Windows System.Windows.Forms System.Console System.ServiceProcess System.Windows.Forms System.Web System.Storage System.Data.SqlServer Animation Controls Control Design Panel Controls Dialogs SideBar Notification System.Windows Documents Text Element Shapes Shape Ink UI Element Explorer Media System.Windows.Forms Forms Control Print Dialog Design System.Web.UI Page Control HtmlControls MobileControls WebControls Adaptors Design Extension InteropServices System.Runtime System.Location System.Collections Generic System.Search Annotations Monitoring Logging Relevance System.Data SqlClient SqlTypes SqlXML OdbcClient OleDbClient OracleClient Core Contact Location Message Document Event System.Storage System.Web Personalization Caching SessionState System.Xml Schema Serialization Xpath Query Permissions Policy Principal Token System.Security System.Collaboration RealTimeEndpoint TransientDataSession SignalingSession Media Activities HttpWebRequest FtpWebListener SslClientStream WebClient System.Net NetworkInformation Sockets Cache System.Web Administration Management Navigation Peer Group Policy Serialization CompilerServices Recognition System.Speech Synthesis Management

Windows Vista: 

Windows Vista Aero Interface/Shell/GUI

Slide27: 


Slide28: 


Slide29: 


Windows Vista: 

Windows Vista WinFS

WinFS Is: 

WinFS Is All end-user data lives in Longhorn New user experience in Longhorn Shell A trustworthy place to store data Data model built on relational database technology Filesystem capabilities built on NTFS Everyday Information - domain-specific schemas Services that make data active

WinFS Data Model : 

WinFS Data Model Items The new atomic unit of data Items have subsumed Files Copy, put in Folders, etc. A group of simple and complex types that represent data Defined in a schema, arranged in types Structured, Semi-Structured, and, Opaque Persisted Relationships Explicitly relate Items together E.g.; Author binds Document to Contact Schema can model complex items Containment, reference, embedding, categories, etc. Extensions Provide ability to add new data to existing Item types Core WinFS Items Relationships Extensions Filesystem Srvcs (Handlers, …) Operations Data Model NTFS Relational Engine Services People Documents … InfoAgent (Rules, …) Synchronization (WinFS, …) Schemas XML APIs T/SQL Objects

WinFS Schemas : 

WinFS Schemas Windows Everyday Information Documents, Messages, Annotations, Notes Media, Audio, Video, Images Events, Appointments, Locations, UserTask Windows System SystemTasks, Config, Programs Explorer, Help, Security New Schemas Developers can define own data shape Comprised of Scalars Complex Types XML Binary/Filestream Core WinFS Items Relationships Extensions Filesystem Srvcs (Handlers, …) Operations Data Model NTFS Relational Engine Services People Documents … InfoAgent (Rules, …) Synchronization (WinFS, …) Schemas XML APIs T/SQL Objects

Example: 

Example Example

Longhorn And Filesystems: 

Longhorn And Filesystems Files can live solely in an NTFS volume Available for boot E.g., C:\Windows is in NTFS Volume can be mounted on down level machine E.g., Firewire drive on both XP and Longhorn Items can live solely in WinFS File-backed Items Accessible through standard Win32 APIs Metadata Handlers get data in and out of file streams User data moved into WinFS I.e., C:\Documents and Settings Has Import/Export utilities

WinFS ServicesSynchronization: 

WinFS Services Synchronization Synchronize one WinFS with another Keep My Contacts and My Files in sync across my home machines Peer to Peer sharing Synchronize WinFS with other data sources Keep My Contacts in sync with online email contacts, enterprise CRM, etc. Core WinFS Items Relationships Extensions Filesystem Srvcs (Handlers, …) Operations Data Model NTFS Relational Engine Services People Documents … InfoAgent (Rules, …) Synchronization (WinFS, …) Schemas XML APIs T/SQL Objects

Synchronization Overview: 

Synchronization Overview Approach Multi-master replication Replicas make changes independently Net-change synchronization Looking at cumulative changes, not logs A set of common services for all data sources and all schemas Change tracking, change enumeration, conflict handling, etc. Extending Schema design Granularity of change units is declared in the WinFS schemas Custom conflict resolution handlers Extend the system conflict policies with code Synchronization Adaptors Outside datasources for one way or bidirectional synchronization

Synchronization Manager: 

Synchronization Manager

WinFS ServicesInfoAgent : 

WinFS Services InfoAgent Users want to control how their PCs behave It’s called a personal computer after all Every aspect of the system can be personalized InfoAgent enables rich, flexible customization 'When I receive a high priority email from a customer, show me a popup message if I’m at my desk, otherwise forward it to my cell phone' 'When I download new photos from my camera, relates them to the events on my calendar' Core WinFS Items Relationships Extensions Filesystem Srvcs (Handlers, …) Operations Data Model NTFS Relational Engine Services People Documents … InfoAgent (Rules, …) Synchronization (WinFS, …) Schemas XML APIs T/SQL Objects

Notifications And InfoAgent: 

Notifications And InfoAgent ‘Active Data’ – Subscribe to WinFS changes Item change subscriptions Item Domain containment/query subscriptions InfoAgent Integration Inclusive set of events, contexts, and actions Preferences stored as WinFS items Unified management of notification rules

Longhorn: 

Longhorn Microsoft Shell

Microsoft Shell: 

Microsoft Shell Weak cmd shell Weak language spotty coverage GUI focus Hard to automate SDK Focus Programmers Foundation for task-based management Focused on power users and admins Provides: Interactive shell Cmdlets Utilities Scripting language Remote scripting Solution: MSH Problem

Longhorn: 

Longhorn Deployment

ClickOnce Vision: 

ClickOnce Vision Bring the ease andamp; reliability of web application deployment to client applications.

The Best of the Client & Web: 

The Best of the Client andamp; Web

Install Goals: 

Install Goals Reduce install fragility Allow what’s low impact Ex. App file copy, start menu integration, etc… Can always undo what was installed Disallow what’s not low impact Apps never run with admin rights (LUA) Driver registration, COM objects, etc.. Custom actions; large source of install uncertainty Expand the definition of 'low impact' Requires OS Changes. Starts with Longhorn

Deployment Options: 

Deployment Options ‘Installed’ Applications From Web, UNC or CD Start Menu, Add/Remove Programs Varied update options ‘Launched' Applications App launches but doesn’t 'install' No Start Menu, Add/Remove Programs Always update on launch

Update Options: 

Update Options On App Startup If found, ask user to update app After App Startup If found, ask user to update on next run Programmatic Integrate update experience into app Required Update can specify minimum version required Background Updates Updates drizzle in silently – like Windows Updates 'Longhorn' only

Secure Updates: 

Secure Updates Only the original deployer can update No auto-deployment of viruses Manifests are signed XMLDSIG Deployer key needed to publish updates

“Longhorn Web” Apps: 

'Longhorn Web' Apps Integrated with Browser Install UI built into browser Best possible user experience Leverages Avalon app/navigation model No shell presence (ex. Start Menu shortcut) Runs in semi-trust Progressive Install App automatically installs as it’s used File level install

When Should I Use The Windows Installer (MSI) ?: 

When Should I Use The Windows Installer (MSI) ? ClickOnce is the solution for new self-contained applications Low System Impact No Touch Deployment Install / Run Per-User Rich Interactive applications Use Windows Installer if you need to Install Shared Resources Install Win32 Applications Perform custom actions during installation

ClickOnce And Windows Installer (MSI): 

ClickOnce And Windows Installer (MSI) * MSI applications can be authored for 'low system impact'

Windows Installer Basics.MSI : 

Windows Installer Basics .MSI Features Components Shortcuts Action Files Optional Internal CAB Summary Information Assemblies Pointers to source files MSI database Populated by setup developer .MSI file extension One per product Described in relational tables Products have Features Components Installable resources Entry points Other Tables...

Windows Installer Basics.MSP : 

Windows Installer Basics .MSP MSP is a Windows Installer patch package Patches make changes to the configuration information database and resources (files, registry) Patch package (MSP) contains Summary Information Stream Transforms Cabinet file

Windows Installer v4.0MSI 40: 

Windows Installer v4.0 MSI 40 Longhorn extensions MSI will support new Longhorn shell extension manifest No-Reboot support for setup / updates MSI detects processes holding files in use Sends notification to processes Design your applications to save state, shutdown and resume

Windows Installer v4.0Image Based Setup: 

Windows Installer v4.0 Image Based Setup Longhorn uses a new Image Based Setup model Minimizes number of images Deployment of Windows + Applications is faster Images can be maintained, serviced andamp;modified offline/online MSI applications can be deployed with Images FASTOEM property is used by major OEMs to speed up factory floor setup Files copied with the OS image Installation and configuration are done on first boot

Longhorn: 

Longhorn Identity

The Identity System: 

The Identity System Ubiquitous store, development platform for applications that consume identity Built on 'WinFS' storage subsystem (CLI201) Schema for unified representation of identity API with specialized types, methods for principals Provides recognition between principals Bootstrap and manage recognition between people, computers, groups, organizations Extends Windows security services, can be used by existing applications Principals can be serialized, exchanged using document we call an'Information Card'

What is an Information Card?: 

What is an Information Card? Exchangeable identity statement allowing verification of signature Display name Identity claims Disclosed information Certificate Use policy

How Are Information Cards Used?: 

How Are Information Cards Used? Information Cards are used to manage secure digital relationships with people and organizations When an Information Card is imported, it becomes a contact in the contact explorer Can be recognized using Windows security services (SSPI) Can be granted access to shared spaces Will seek broad adoption of Information Card, encourage others to implement

Slide61: 


Identity-Based Host Firewall: 

Identity-Based Host Firewall Only people you recognize and to whom granted access can make inbound connections to your computer Other callers see IPSEC negotiation port, nothing else Greatly reduces exposed attack surface of a Windows computer on a network

Authentication Versus Authorization: 

Authentication Versus Authorization Accepting an Information Card does not grant a contact access to the computer Recognition only – clear separation of authentication, authorization A contact must have no implicit access To revoke someone’s access to computer Remove from access policies on resources Optionally, delete contact object, no longer recognize that person E.g. Person to Person - WinFS Sync with 'Castle's Person to Organisation Organisation to Organisation

Tracking Disclosed Information: 

Tracking Disclosed Information Identity system tracks Information Card disclosure To whom Information Cards were sent What information was sent If information changes, can selectively or automatically send updates Updates signed thus known to be from you, can process automatically at destination For example: your mailing address changes – automatically update magazine subscriptions

Roaming: 

Roaming Within home: 'Castle' replicates data Within organization Credentials, data stored in Active Directory Download to Identity System on clients To arbitrary other computers Identity system data can be backed up, encrypted, and stored in vault in 'cloud' Can also use combination smartcard storage 'dongle' for any of the above

Identity Loss and Recovery: 

Identity Loss and Recovery What happens if your computer dies? If a 'Castle', data is on other computer(s) Or, restore from system backup Mechanisms used for roaming can also apply to recovery Upload from smart dongle Download from vault in cloud or from Active Directory

Identity Theft: 

Identity Theft What if computer, smart dongle is stolen? Send signed revocation message to people you have sent an Information Card If backup in cloud vault, service could send revocation for you, like canceling credit card Bootstrap replacement identity using disclosure information from backup How know if identity has been stolen? How discover this today? For example, by checking credit card statement May need similar mechanisms online

Longhorn: 

Longhorn Trustworthiness and Security User Account Protection

Trustworthy Commitment: 

Trustworthy Commitment Microsoft Cultural Shift Thousands of hours spent in security reviews on .NET Framework to date Foundstone, @Stake security reviews 'Hardening' the .NET Framework Making Security Easier for Customers Prescriptive Architectural Guidance Feature changes in .NET Framework SECSYM: Security Symposium ARC340: CLR Under the Covers: .Net Framework Application Security

User Account Protection: 

User Account Protection Users will be least-privilege Any activity will prompt for credentials OS X currently using this Admin accounts will be exempt Limited User Account (LUA)

Other features: 

Other features Virtual registry (no changes to registry) Firewall shuts down when not patched No inbound traffic Hardened Windows Services Can be restricted from replacing system files Can be restricted from touching registry Network Access Protection Quarantine until patched or AV protected Move away from passwords toward Smart Cards, PINs, biometrics

Right Privilege At The Right Time: 

Right Privilege At The Right Time User accounts (Only two account types) Normal users runs with least-privileged Admin users runs with least-privileged Admin applications need privilege elevation Only trusted applications get to run with elevated privilege

What Is The Secure Execution Environment?: 

What Is The Secure Execution Environment? A new platform for secure applications Code written to the SEE is inherently more secure because only safe operations are possible within it Security restrictions are enforced by CLR Permission Elevation is possible in a declarative and predictable way, and there is a user experience. The SEE is simply a default grant set of Code Access Security permissions

Why Code To The SEE?: 

Why Code To The SEE? Deploy without Trust Dialogs! Reduce test surface You know that your code cannot harm users machine Reduce TCO Business: admin doesn’t have to worry about what the code might do. Home: SEE app cannot harm your machine

Limited User Account(LUA)Protected Admin (PA)Application Impact Management: 

Limited User Account(LUA) Protected Admin (PA) Application Impact Management

LUA Problem Statement: 

LUA Problem Statement Running with elevated privilege leads to disasters One reason why viruses can cause damaged is because too many people run with full privilege Wash Post even is telling us to run without privilege Every Admin tells us they want to limit users, but… Most people demand to run as admin because: Rich web experience, dependant on ActiveX installation, currently requires admin privilege 'If we don’t run as admin, stuff breaks' Testing is really easy when everyone’s an admin! Everything works including malicious code! Customers want tools and help 'Please help us to get applications that run with Least Privilege' Win98 andamp; XP users are admin, so apps are built for admin This is the vicious circle that we must break

LUA – The Good And The Bad: 

LUA – The Good And The Bad Long term: we will greatly improve the TCO and 'Secure by Deployment' story with Limited User LUA apps have no legitimate reason to ask for admin privilege Good LUA apps do not try to change system or domain state – they work on XP today as LUA Bad LUA apps (the majority) inadvertently change system state Short term: some LUA apps will not be fixable by Application Impact Management The target is to have only 20% of apps in this category The expected behavior is that these apps will fail for Longhorn

Three Customers For LUA: 

Three Customers For LUA Fully locked down corporations Lots of research shows that the enterprise admin wants this feature Reduce security threats Reduce number of apps loaded Reduce TCO Admins that need a safe place to run apps Should have the least privilege needed by app At Home where the admin wants to increase security Parental controls, so that the child uses only age-appropriate apps User self lockdown to protect PC from security problems

LUA In Longhorn: 

LUA In Longhorn All applications will have a manifest listing the application parts Enabling Windows to provide a safe environment for the application to run. All applications will undergo a Trust Evaluation Contain applications to limit potential damage Create Compartments where code can run Least-privileged User Account (LUA) Most apps can run with user privileges in user space Apps run in LUA space by default in LH Admin Privilege (Protected Admin) Only trusted applications will run with admin privilege in admin space Admins will not enable PA if LUA is not useful

App Operations: 

App Operations Full Admin Apps SEE Apps Built for LUA Apps Fixable Admin  LUA Apps (AIM)

Code Validation Process: 

Code Validation Process All code validation is a human decision Publishers can get signed app manifest (need to be in cert store) Domain admins can sign deployment manifest (enterprise store) Local admins can 'bless' apps By policy user can decide to change default behavior All local validation decisions are preserved in App Context Code Integrity is assured by checking every .EXE and .DLL for validity Application trust is assured at Runtime

Application Impact Management And LUA/PA: 

Application Impact Management And LUA/PA All system impact changes are logged for potential rollback on uninstall LUA andamp; Admin apps will have their impactful registry writes monitored as well Apps are given their own view of certain files andamp; regkeys

User Experience Goals: 

User Experience Goals Longhorn is Secure by Default yet the system is as flexible and easy to use as Windows XP Users know when they are about to do something potentially unsafe and are able to make an informed decision Longhorn always gives strong Security recommendations Users can undo damaging changes Users feel confident they can install or run any program without compromising their data or their PCs They feel that, compared to previous versions of Windows, Longhorn is much safer. They trust Longhorn more than any other OS Users do not need to learn any major new concepts or procedures to be protected

Other Big Changes: 

Other Big Changes Winlogon is being rewritten for Longhorn Addressing reliability issues - too many unnecessary processes in Winlogon Addressing performance issues - too many unnecessary components loaded in Winlogon Winlogon in Longhorn will no longer support replaceable GINAs, new mechanisms provide existing functionality New, simpler Credential Provider model Eventing mechanism Stacking/chaining

Longhorn: 

Longhorn Next Generation Secure Computing Base

Next Generation Secure Computing Base Defined: 

Next Generation Secure Computing Base Defined Microsoft’s Next-Generation Secure Computing Base (NGSCB) is a new security technology for the Microsoft Windows platform Uses both hardware and software to protect data Offers new kinds of security and privacy protections in an interconnected world

Threats Mitigated in V1: 

Threats Mitigated in V1 Tampering with Data Strong process isolation prevents rogue applications from changing our data or code while it is running Sealed storage verifies the integrity of data when unsealing it Information Disclosure Sealed storage prevents rogue applications from getting at your encrypted data Repudiation Attestation enables you to verify that you are dealing with an application and machine configuration you trust Spoofing Identity Secure path enables you to be sure that you’re dealing with the real user, not an application spoofing the user

Version 1 Details: 

Version 1 Details Fully aligned with Longhorn Ships as part of Longhorn Betas and other releases in synch with and delivered with Longhorn’s Focused on enterprise applications Example opportunities: Document signing Secure IM Internal applications for viewing secure data Secure email plug-in Hardware based on Trusted Computer Group (https://www.trustedcomputinggroup.org/home) Memory protection (AMD and Intel Prescott CPUs)

Slide89: 

TPM 1.2 User Kernel Hardware Secure Input Chipset CPU Secure Video NGSCB

Nexus Mode Environment: 

Nexus Mode Environment Basic Operating System Functions Process and Thread Loader/Manager Memory Manager I/O Manager Security Reference Monitor Interrupt handling/Hardware abstraction But not a complete Operating System No File System No Networking No Kernel Mode/Privileged Device Drivers No Direct X No Scheduling No… Kernel mode has no pluggables All of the kernel loaded at boot and in the PCR

NGSCB Features: 

NGSCB Features All NGSCB-enabled application capabilities build off of four key features Strong process isolation Sealed storage Secure path Attestation The first three are needed to protect against malicious code Attestation breaks new ground in distributed computing 'Subjects' (software, machines, services) can be securely authenticated This is separate from user authentication

Summary: 

Summary NGSCB ships as part of Longhorn NGSCB is a combination of New hardware which creates a secure environment for… …A new kernel, called the Nexus, which… …Will run agents in a secure memory partition, and which… …Will provide these agents with security services so that they can… …Provide users with trustworthy computing Remember that: When the Nexus is turned off, literally everything runs just like before When the Nexus is on, the LHS runs very close to everything that ever ran The Nexus makes no claims about what runs on the LHS The hardware should run any Nexus, and give full function to any Nexus (with, at most, an admin step by the user) The Nexus will run any software the user tells it to

Longhorn: 

Longhorn Questions

Sources: 

Sources Longhorn Development Centre http://msdn.microsoft.com/longhorn/ Trusted Computer Group https://www.trustedcomputinggroup.org/home

authorStream Live Help