The Dynamic Duo
Simon and I are the IT Pro Technical evangelists in the UK and although we are a dynamic duo you won’t find us wearing our underpants outside our trousers. Simon is passionate about the value of the optimised desktop while I like my optimisation in the data centre and that means windows server 2008 R2 running in a virtual machine on Windows Server 2008 R2. What Simon and I forget to do occasionally is to call out the power of running all of this together i.e. what do you get if you have Windows 7 on the client and Windows Server 2008 R2 in the datacentre?
The answer is quite a lot but if you pressed my to name one thing it would be DirectAccess, essentially a VPN without a VPN. If I look at my wife’s setup compared with mine you get the idea:
| Mrs Fryer’s VPN | Mr Fryer’s DirectAccess |
| Extra login required | Works as soon as I have a wireless connection, my certificates are securely stored on the Trusted Protection Module on my laptop with BitLocker |
| Needs special ports so only works if the router she’s attached to has these open | Works anywhere over https (port 443) which is open everywhere, in hotels in coffee shops and on clients’ sites |
| Extra software needed | Built into Windows 7 and no client configuration is required just an update to group policy. |
| No check to see if the PC is healthy during the connection process | If the machine isn’t patched and AV is upto date I can’t get in even if I am authenticated |
Note: the last part of this is down to Network Access Protection that came in with Windows server 2008 & Vista. Direct Access uses ipv6, but has clever tunnelling built in so it works over ipv4 and is encrypted end to end.
My nominations for runners up would be:
- Branch Cache to allow local secure saving of files where multiple users request the same files form head office and the network connection between them is poor
- App Locker prevents users running applications you don’t want them too by applying group policy. This might not seem like anything new but in this incarnation it’s easy to setup and you can block specific versions of an application, all versions or even everything from a given vendor.
If you want to see some of this in action Simon and I recorded a Dynamic Duo session on exactly this for Tech.Days Online.
There is another completely different better together scenario which applies to VDI by combining Hyper-V, running Windows 7 virtual machines alongside Windows Server 2008 R2 sp1 Remote Desktop Servers as a sort of Windows cubed solution. The SP1 bit is important as this introduces dynamic memory and RemoteFX which means that you can not only have the best possible virtual machine to physical server density you can the more demanding users who use graphic intensive tools by virtualising graphics cards in your server. There’s also a VDI Tech.Days Online session here.
Finally there also more on TechNet On.