![Page 1: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/1.jpg)
![Page 2: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/2.jpg)
Getting Started with the Microsoft Forefront Code Name "Stirling" Virtual Machines in Hyper-V
Ronald BeekelaarBeekelaar ConsultancyVIR301
![Page 3: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/3.jpg)
Objectives
Goals of this session:Using and configuring Hyper-V for testingHow to adapt the Hyper-V VMs to your network environmentHow to get started with the Forefront Stirling VMs
Forefront Stirling (beta 2) Hyper-V VMs are downloadable at www.microsoft.com/stirling
![Page 4: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/4.jpg)
About the PresenterPresenter - Ronald Beekelaar
MVP Windows SecurityMVP Virtual Machine Technology
WorkSecurity consultancyVirtualization consultancyCreate many VM-based labs and demos
Including Forefront Stirling Lab
ContactBeekelaar [email protected]
![Page 5: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/5.jpg)
Lab and VM Environment
SpecificationsTotal 7 VMsHyper-V only (x64)Need 8 GB memoryIncludes: Stirling, FCSv2, FSE, FSSP, TMG
Plus AD, NAP, Exchange, SharePoint, Outlook
Available:Download at www.microsoft.com/stirling
![Page 6: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/6.jpg)
Hyper-V VersionsNeed:
Win2008 x64 with Hyper-VBios supports NX and hardware VT
Use securable.exe to verify
Win2008 RTM has Hyper-V betahvix64.exe - build 17101 - Jan 2008
Install Hyper-V RTM - KB 950050hvix64.exe - build 18016 - Jun 2008
Install Hyper-V 24-core update - KB 956710hvix64.exe - build 22263 - Sep 2008
Win2008 R2 beta 1hvix64.exe - build 6.1.7000 - Dec 2008
Win2008 R2 RChvix64.exe - build 6.1.7100 - Apr 2009
![Page 7: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/7.jpg)
Install, Register and Run VMs
Run install-script to unpack and register VMsRun start-page to start VMs
![Page 8: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/8.jpg)
SnapshotsPrinciples
Now = vhd-file in Snapshots folder When VM is running, changes go into this vhd-file
Snapshot = Point-in-time, so that you can go back laterWhile VM is off, or while VM is running (includes saved state)Snapshot files and settings will never change later
Apply = Attach new empty Now vhd-file to this snapshotDeletes contents of existing Now vhd-file
Delete = "I don't want to go back to this snapshot, please merge"Merges content into parent, and removes snapshot from UIBut when snapshot is not in Now vhd-file tree, then just delete content
Revert = Re-attach new empty Now vhd-file to current snapshotIs same as: Apply on current snapshot
![Page 9: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/9.jpg)
Snapshots
Snapshot
Apply (= delete Now)
Delete (= merge)
Apply (create branch)
Delete (= delete)
.vhd.avhd
![Page 10: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/10.jpg)
Delete and Merge Snapshots
When deleting a Snapshot:Is snapshot within Now-tree?
Yes - merge snapshot (A or C) with parent fileNo - delete snapshot (B or D)
When deleting a VM:Are there non-empty snapshots in Now-tree?
Yes - merge snapshots (Now+C+A) into vhd-file, before removing VMNo - delete snapshots, and remove VM
![Page 11: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/11.jpg)
Snapshot Data InconsistencyRunning snapshotsNon-running snapshots
Problem:- When restoring snapshot for VM-1 only, VM-1 misses communication B
Solution:- Always restore related snapshots for all VMs
VM-1:
VM-2:BA
VM-1:
VM-2:BA
VM-1:
VM-2:BA C
Problem:- Even when restoring snapshots for all VMs, VM-1 misses communication B
Solution:- Pause* all VMs before taking (and restoring) snapshots
* Note: - You must temporarily un-pause (resume) each VM, when taking a snapshot
VM-1:
VM-2:A C
![Page 12: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/12.jpg)
Hyper-V Data TransferProblem:
How to get data or files in or out of a VM?
Non-solutions: Drag-and-Drop Shared Folders Copy/Paste through VM Connection (RDP)
Solutions:A (running) Configure host - VM networkingB (offline) Use VHD mounting
Is difficult with snapshot files (avhd)Watch out for NTFS symlinks
C (Hyper-V R2) Hot add-remove vhd-filesD (in-only) Create and mount ISO-fileE (clipboard) Paste text (in), or copy screen (out)F (scripting) Use key-value-pair (KVP) exchange
Read/write VM registry keys from parentIs part of Integration Components
![Page 13: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/13.jpg)
Hyper-V Data TransferOffline VHD Mounting
Exists in:Virtual Server - vhdmount.exeHyper-V - wmi scriptingWin7/Win2008R2 - Native VHD
Issues with offline VHD mountingFile permissions and access controlNTFS Symlink pointers to other drivesDifficult to mount snapshot files (avhd)
![Page 14: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/14.jpg)
NetworkingPrinciples
Parent has physical network adapter(s)Each guest (and parent) has virtual network adapter(s)Each virtual network adapter is connected to a virtual switchType of virtual switch is:
External – connect to physical network adapterInternal – parent and guests connections onlyPrivate – guest connections only
ConfigurationUse Virtual Network Manager to create virtual switchesUse VM Settings to assign virtual network adapter to switch
- physical network adapter- virtual network adapter- virtual switch
![Page 15: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/15.jpg)
NetworkingVirtual switch types
Parent
Application
GuestApp Guest
App
Parent
Application
GuestApp Guest
App
Private
Parent
Application
GuestApp Guest
App
Internal
ExternalParent
Application
GuestApp Guest
App
No IP
IP IP
IP
- physical network adapter- virtual network adapter- virtual switch
ICS
![Page 16: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/16.jpg)
Scripting Hyper-VWMI scripting
Hyper-V uses WMI for scriptingVirtual Server uses COM objectsWMI reference: http://msdn.microsoft.com/en-us/library/aa155190.aspx
Golden tip for WMI scripting: WMI object are copies, not live objects
Difficulty with Hyper-V WMI model: Need to understand what RASDs are Many operation calls are asynchronuos
'pseudo wmi code
dim VM : set VM = wmihv.ExecQuery("select ...")VM.Start 'VM is running
Msgbox VM.Status 'status shows not-running (!)
set objOutParams = computerSystem.ExecMethod_("RequestStateChange", objInParam)if (WMIMethodStarted(objOutParams)) then if (WMIJobCompleted(objOutParams)) then WriteLog Format1("VM {0} was started successfully", computerSystem.ElementName) RequestStateChange = true end ifend if
![Page 17: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/17.jpg)
Scripting Hyper-VExamples
VBScript - example from Ronald BeekelaarSet-known-network-ID.vbs
PowerShell - example from James O'NeillSee http://www.codeplex.com/PSHyperv
... dim i for i = 0 to adapters.Count-1 dim adapter : set adapter = adapters.ItemIndex(i) adapter.VirtualSystemIdentifiers = Array(GetKnownAdapterGuid(i+1)) ModifyRasd vm, adapter next...
..Filter Get-VMNicport{Param ($nic) if ($nic -eq $null) {$nic=$_} if ($nic -is [System.Management.ManagementObject]) { Get-WmiObject -computerName $nic.__server -NameSpace "root\virtualization" -Query "Select * From Msvm_SwitchPort where __Path='$( $nic.connection[0] )'" } $nic=$null }#Example: Get-VMNic $core -legacy -vmbus | get-vmNicPort...
![Page 18: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/18.jpg)
Moving VMs to other computersMethod 1: Export/import
Official method: Export / ImportIssues: Base vhd-file is copied for each VM
Suggestion: delete extra copies, and relink diff-disks Requires same network (switch) name at target
computerSuggestion: use standard network name
Can only import one timeSuggestion: copy configuration file (exp-file) before import
![Page 19: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/19.jpg)
Moving VMs to other computersMethod 2: Recreate VM configuration
Common method with Virtual PC/Virtual Server1 Take vhd-file2 Create new VM, by using vhd-file
Issues: Lose IP configuration inside VM
Due to newly detected virtual network adapterNetwork adapter (synthetic) has random hardware idin configuration xml-file
<?xml version="1.0" encoding="UTF-16" standalone="yes"?><configuration> <_09bbc919-72c8-4100-89fc-1bf856fe8090_> <ChannelInstanceGuid type="string">{07f9fba5-432a-4af3-be59-b299093e15bf}</ChannelInstanceGuid> <FriendlyName type="string">Network Adapter</FriendlyName> <MacAddress type="string">00-15-5D-00-10-00</MacAddress> <MacAddressIsStatic type="bool">False</MacAddressIsStatic> <PortName type="string">137A5DBF-2B3F-447F-BEC4-3E9A5A724D01</PortName> <SwitchName type="string">8e3a359f-559a-4b6a-98a9-1690a6100ed7</SwitchName>...
![Page 20: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/20.jpg)
Info: NetworkingVirtual network adapter types
Two types of virtual network adapters in guestLegacy network adapter
Is common Intel 21140 PCI network adapterNetwork adapter
Is synthetic adapter for VMBusRequires Integration ComponentsUses unique hardware id in xml-file
![Page 21: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/21.jpg)
Moving VMs to other computersMethod 2: Recreate VM configuration (cont'd)
Solution (1) to network adapter issue: Use same hardware id in xml-file
Only possible, if you know original hardware idTip: use well-known hardware id: {1111..}, {2222...}, etc
Because xml-file is locked by Hyper-V,need Hyper-V script to change hardware id in xml-file
Example: Set-known-network-ID.vbs
Solution (2) to network adapter issue: Use legacy network adapter,
instead of (synthetic) network adapter
<?xml version="1.0" encoding="UTF-16" standalone="yes"?><configuration> <_09bbc919-72c8-4100-89fc-1bf856fe8090_> <ChannelInstanceGuid type="string">{11111111-1111-1111-1111-111111111111}</Chan...> ...
![Page 22: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/22.jpg)
Moving VMs to other computersMethod 3: Create symlink to register VM
For each VM, Hyper-V uses "shortcut" to xml-fileIn folder:C:\ProgramData\Microsoft\Windows\Hyper-V\Virtual MachinesShortcut is symbolic link to xml-file
Use mklink guid.xml D:\Lab\Virtual Machines\guid.xml
Issues: Completely unsupported Must have correct file permissions
Uses NT Virtual Machine "domain" Must have all xml-files, disk files (vhd), and snapshot files
(avhd) in correctly named folders
![Page 23: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/23.jpg)
Permissions and AccessVM Accounts
Hyper-V assigns Read/Write permissionsTo certain special VM accountsOn vhd-files and other files and folders
VM accountsEach VM has own guid-named "user" account in"NT VIRTUAL MACHINE" domain
Example: NT VIRTUAL MACHINE\0256A619-112F-.. (guid)Similar to "BUILTIN\Administrators" and "NT AUTHORITY\System"
You can use icacls.exe to list and assign permissions to these VM accounts
![Page 24: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/24.jpg)
Permissions and AccessDelegation of Control (Azman)
Use Azman.msc to assign roles to accountsOpenC:\ProgramData\Microsoft\Windows\Hyper-V\InitialStore.xml
Concept:Operations or Tasks > Role > User or Group account
See- http://blogs.msdn.com/virtual_pc_guy/archive/2008/01/17/allowing-non-administrators-to-control-hyper-v.aspx
![Page 25: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/25.jpg)
Permissions and AccessRemote Management (hvremote)
Issue:Very difficult to configure remote management if not in domain
Steps1 (client/server) Create duplicate user/password
2 (server) Allow WMI through firewall3 (server) Grant DCOM permissions to user - dcomcnfg.exe4 (server) Grant WMI permissions on root\cimv2 and root\virtualization5 (server) Grant Hyper-V permissions to user - azman.msc
6 (client) Allow WMI and mmc.exe through firewall7 (client) Grant DCOM permissions to anonymous (callback) - dcomcnfg.exe 8 (client) Configure "allow default credentials" - gpedit.msc
Or run hvremote.wsf - John HowardSee http://code.msdn.microsoft.com/hvremote
![Page 26: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/26.jpg)
Hyper-V book
Windows Server 2008 Hyper-VWritten by John Kelbley, Mike Sterling, Allen Stewart
Available in conference store
![Page 27: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/27.jpg)
Overview of StirlingForefront Stirling
![Page 28: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/28.jpg)
Forefront Stirling - Versions
Antigen
Client
Server
EdgeISA 2006
Forefrontfor Exchange
Others
Forefrontfor SharePoint
IAG 2007
Stirling v1Forefront
for Exchange
Forefrontfor SharePoint
TMG 2010
Stirling v2
ForefrontClient Security FCS v2
Forefrontfor OCS
Now Future
Forefrontfor OCS v2
UAG UAG v2
. . .
![Page 29: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/29.jpg)
Stirling Integration
Desktops, Laptops and Servers
Stirling Core Server
Exchange Servers
SharePoint Servers
Threat Management
Gateway Servers
Microsoft Update
Virus &Spyware Definitions
Events
Settings
Events
Settings
Events
Settings
Stirling Console
Systems Center
Operations
Manager
Windows Server Update Services (WSUS)
Stirling Data Analysis & Collection Servers Events
Settings
Forefront Security Assessment Channel
Reports Policies
![Page 30: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/30.jpg)
Stirling Policies
1. Define Target Groups of computersBased on queries, OU, computer name, etc
2. Centrally configure settingsFor all Forefront productsUse Policy Units within a Stirling Policy
3. Bind each Stirling Policy to a Target Group
Deployed by SCOM 2007 R2 → SCOM AgentNote: does not use Group Policy for deployment
![Page 31: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/31.jpg)
Agents on Clients
SCOM 2007 AgentIs only the "transport" vehicle
Receives policies and tasksSends events to Stirling Server
Stirling AgentIs the "dispatcher"
Communicates with SCOM Agentand with Asset Protection Technology (APT)
APTsDo the "work"
FCS (Host Protection)Forefront for ExchangeTMGUAGWindows FirewallGroup PolicyEtc.
SCOM 2007Agent
StirlingAgent
FCS(Host Protection)
FW GPO . . .
Client
Server
EventLogs
![Page 32: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/32.jpg)
Group Policies vs Stirling PoliciesDifferences:
FCSv1 uses GPO to deploy policiesStirling/FCSv2 use SCOM 2007 agent (management packs)
Reasons for changeSpeed of deploymentReporting successful deploymentSingle "policy unit" UI combined withremediation and network access restriction
Question:What if both Group Policies and Stirling Policies are defined forsimilar settings (example: Windows firewall configuration)?Answer:
Stirling Agent configure Local GPO,and then triggers GPO processing on client
![Page 33: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/33.jpg)
Levels of reaction
Security State Assessment (on the client)Policy specifies "desired" settings
a) Report current setting to StirlingCollect current IE security settings
b) Change setting to desired value (remediate)When FCS service stops, start it againWhen guest is enabled, disable guest
c) Restrict network access (uses NAP)When IE setting is insecure, block network access
Assessment sharing and dynamic responseClient detects vulnerability or compromiseClient sends "assessment" to Stirling serverStirling combines assessments
d) Dynamic response send to other assetsFor currently logged-on user (user) on client computer (client),that performs suspicious port scan (TMG),block outgoing email (FSE), and trigger full AM-scan (client)
![Page 34: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/34.jpg)
Security Assessments ChannelTMG identifies malware on VENICE computer attempting to propagate (PortScan)
Security Admin
Venice (computer) Marco (user)
Malicious Web Site
Web
Forefront TMG
Client Security
CompromisedComputer: VENICEFidelity: HighSeverity: HighExpire: Wed
CompromisedUser: MARCOFidelity: LowSeverity: HighExpire: Wed
Stirling Core
ADNAP
FCS identifies MARCO has logged on to
VENICE
Alert
Scan Computer
Block Email
Reset Account
Quarantine
Security Assessment Sharing ( )With Dynamic Response ( )Responses
![Page 35: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/35.jpg)
Update Signatures
Signatures:FCS – antivirus, antispywareTMG – antivirus (HTTP+SMTP), NISFSE/FSSP – antivirus
Connect VMs to Internet
![Page 36: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/36.jpg)
TMG: Outbound SSL Filtering
For Web publishing, inbound SSL Bridging iswell-known (ISA Server 2000)Issue:
Cannot inspect outbound traffic in encrypted tunnel (SSL)
Solution:Use SSL Bridging on outbound SSL connectionsDifference with Web publishing is that client can go to many different Web sites
![Page 37: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/37.jpg)
TMG: Outbound SSL Filtering
In Web browser:https://www.fabrikam.com
www.fabrikam.com
In TMG request:https://www.fabrikam.com
www.fabrikam.com
SSL
Request
Certificate
SSL
Request
Certificate
![Page 38: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/38.jpg)
question & [email protected]
![Page 39: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/39.jpg)
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learningMicrosoft Certification and Training Resources
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
![Page 40: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/40.jpg)
ResourcesFor more information on Microsoft Virtualization including:
WhitepapersProduct DownloadsCase StudiesROI CalculatorsSolutions with Partners
Visit: www.microsoft.com/virtualization
Be sure to stop by the TLC area to speak with subject-matter-experts and see live product demos
![Page 41: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/41.jpg)
Complete an evaluation on CommNet and enter to win!
![Page 42: Ronald Beekelaar Beekelaar Consultancy VIR301 Objectives Goals of this session: Using and configuring Hyper-V for testing How to adapt the Hyper-V VMs](https://reader033.vdocuments.us/reader033/viewer/2022052701/56649db35503460f94aa350f/html5/thumbnails/42.jpg)
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.