Networking in windows 8, part 2

In the first post, I went trough alot of the powershell commands avaliable in Windows 8, in this post ill write about whats new of features and such.

Lets start with the obvious new features.

NIC TEAMING ( Which I also went trough in my previous post)
Allows you to team 2 Network interface cards for higher bandwitdh and with a failover solution. Before you had to have vendor spesific software to do this, now it is implemented in the operating system

DNSSEC
Dnssec is not something new to windows, it was also in Windows 2008 R2. But the implementation was a bit uneven. In order to sign it you had to take it offline and running some dnscmd commands.In Windows 8 Its new DNS does NSEC3 and can be configured to automatically sign your zones as they change.

DHCP Failover clustering
In the previous version you needed to setup a san based solution in order to setup the cluster. Now the DHCP server share the configuration between them directly.

IPAM
Ip adress management is included as a role in windows 8. It allowes you to manage and tracking the use of ip adressing space. It is aware of DNS and DHCP and combines the knowledge from these. Quote from Microsoft. «Automatic IP address infrastructure discovery: IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM.»

Hyper-V

  • Single Root I/O Virtualization (SR-IOV)  SR-IOV enables network traffic to bypass the software switch layer of the Hyper-V virtualization stack.  As a result, the I/O overhead in the software emulation layer is diminished and achieves network performance that is nearly the same performance as in nonvirtualized environments.
  • ARP/ND Poisoning (spoofing) protection: Provides protection against a malicious VM using Address Resolution Protocol (ARP) spoofing to steal IP addresses from other VMs. Provides protection against attacks that can be launched for IPv6 using Neighbor Discovery (ND) spoofing.
  • DHCP Guard protection: Protects against a malicious VM representing itself as a Dynamic Host Configuration Protocol (DHCP) server for man-in-the-middle attacks.
  • Port ACLs: Provides traffic filtering based on Media Access Control (MAC) or Internet Protocol (IP) addresses/ranges, which enables you to set up virtual network isolation
  • Trunk mode to a VM: Enables administrators to set up a specific VM as a virtual appliance, and then direct traffic from various VLANs to that VM. Using the standard trunking protocol 802.1q
  • Network traffic monitoring: Enables administrators to review traffic that is traversing the network switch
  • Isolated (private) VLAN: Enables administrators to segregate traffic on multiple vlans, to more easily establish isolated tenant communities.
  • QoS: More features allows you to specify bandwitdh for virtual machines.