Multihoming What Is Multihoming?
Multihoming (in this document) refers to a machine or a device that has connectivity to one or more networks via two or more interfaces (regardless if they are wired or wireless). Multihoming scenarios are becoming more widely deployed, especially with the wide deployment of wireless devices (Pocket PC, wireless connectivity on laptops). This feature facilitates the best performance for a multihomed host by selecting the route with best performance for a particular data transfer. Each route has a corresponding interface, therefore the selection of the best route also implies an interface selection for an outgoing connection.
What’s New in Multihoming
The goal of this feature is to improve the selection of wireless over wired networks when both interfaces are present.
Scenario:
A user has a laptop with two interfaces: a 100Mbps wired Ethernet interface and an 802.11g wireless network adapter that supports Turbo mode and advertises a maximum speed of 108Mbps. The laptop is connected to the same network (let us say an enterprise network) using both the wired and the wireless interfaces, each with their own default gateways.
With the current TCP/IP implementation, the interface metric is computed based on the link speed advertised by the miniport driver (the higher the interface speed, the lower the interface metric). Wireless links are normally half duplex as compared to wired links which are typically now full duplex. Therefore, the same interface speed for wired and wireless network adapters does not necessarily mean the same throughput.
Due to the above behavior, in this scenario, the wireless network adapter may be preferred even though the wired network adapter may provide much better throughput. Another example of the same scenario is 10Mbps Ethernet and 802.11b network adapter where 802.11b network adapter may be preferred.
The result of this new feature is that Windows Vista SP1 records the actual linkspeed of the wireless network adapter to be 1/2x (the advertised link speed). This means that there is a lower probability that the Ethernet network will have a higher metric and thus resulting in the wireless network adapter being selected.
Note: The actual interface speed for wireless network adapters is updated by network adapter drivers using proprietary algorithms. The Broadcom driver updates interface speed every 10s while other drivers do not update interface speeds at regular intervals. There are other drivers that do not update interface speed at all after the initial negotiation. However, each of these drivers has some dampening implemented so that interface speed change notifications do not get generated too often.
Known Issues for scenarios
None
What Is BitLocker Data Volume Support?
A data volume is any locally created internal volume exposed by Plug-and-Play in the context of a booted operating system that isn’t the volume that was booted. Any non-active volume exposed by Plug-and-Play that contains only data or a different instance of an operating system other than the currently booted operating system is considered a data volume from the BitLocker perspective.
BitLocker in Windows Vista only supports the encryption of the operating system (boot) volume. BitLocker in Windows Vista SP1 will extend the functionality to support the encryption of both operating system and data volume based on customer’s feedback, thus adding additional protection for the customer’s sensitive data stored on data volumes.
For more information on BitLocker please refer to :
http://technet.microsoft.com/en-us/windowsvista/aa905065.aspx
What’s New in BitLocker Data Volume Support?
New BitLocker Control Panel UI to enable BitLocker on data volumes
A new link to turn on/off BitLocker on a data volume (non-booted volume) has been added. The customer can use this new GUI or the existing command-line tool manage-bde.wsf to manage BitLocker on data volumes.
Auto-unlock of data volume is set automatically
The customer has to turn on BitLocker on the operating system (boot) volume first before he can turn on BitLocker on data volumes. By default, the encrypted data volume will be automatically unlocked when the system boots into the encrypted operating system volume.
Who Should Use BitLocker Data Volume Support feature enhancements?
This feature is targeted at the following audiences, who are interested in BitLocker feature and have data stored on a separate volume than the operating system volume:
IT planners and analysts who are evaluating the product.
Enterprise IT planners and designers.
Early adopters.
Security architects who are responsible for implementing trustworthy computing.
Benefits of new features in BitLocker Data Volume Support
New BitLocker Control Panel UI to enable BitLocker on data volumes
The customer can add BitLocker protection on his data volumes if needed now.
Auto-unlock of data volume is set automatically
The customer does not need to enter any key information before accessing the data volumes. The unlock operation is transparent to the customer and secure. It adds more protection for the customer without losing convenience.
Key Scenarios Goal
A customer installs Windows Vista and wants to use BitLocker. Once the customer enables BitLocker on the operating system volume, he will have the opportunity to use BitLocker to protect all fixed (internal) data volumes on the system.
BitLocker-ready computer, which passes BitLocker logo tests.
The customer has a data volume (in addition to the operating system volume) configured on the machine.
1. Turn on BitLocker on the operating system (boot) volume using any of the protection (TPM, or TPM+USB, etc) of his choice.
2. Use the BitLocker Control Panel UI to turn on BitLocker on all data volumes.
3. Reboot the machine while the data volumes are in the process of encryption.
4. Reboot the machine after the encryption is finished.
Expected results
The reboot in Step 3 should succeed. After reboot, the encryption still continues.
The reboot in Step 4 should succeed. After reboot, the customer still can access all data volumes.
Scenario 2 – Protect one particular data volume Goal
A Windows Vista customer wants to use BitLocker to protect a particular data volume out of all the volumes on his machine that are not boot volumes. He uses a custom BitLocker setup and only enables protection for the volume he wants protected, leaving the others unencrypted. (e.g. only encrypt e: and leave f: alone).
Specific hardware requirement
BitLocker-ready computer, which passes BitLocker logo tests.
Prerequisites or specific configuration for the scenario
The customer has more than one data volumes (in addition to the operating system volume) configured on the machine.
Step-by-step scenario description
1. Turn on BitLocker on the operating system (boot) volume using any of the protection (TPM, or TPM+USB, etc) of his choice.
2. Use the BitLocker Control Panel UI to turn on BitLocker on one specific data volume.
3. Reboot the machine while the data volume is in the process of encryption.
4. Reboot the machine after the encryption is finished.
Expected results
The reboot in Step 3 should succeed. After reboot, the encryption still continues.
The reboot in Step 4 should succeed. After reboot, the customer still can access all data volumes.
Scenario 3 – Data volume is automatically unlocked Goal
When rebooting a machine, all data volumes are automatically unlocked so that the customer has immediate and convenient access to his data.
Specific hardware requirement
BitLocker-ready computer, which passes BitLocker logo tests.
Prerequisites or specific configuration for the scenario
The customer has at least 2 data volumes (in addition to the operating system volume) configured on the machine.
Step-by-step scenario description
While doing Scenarios 1 and 2 tests, verify that after reboot, the customer is still able to access the encrypted data volumes and he does not need to provide any keys for them.
Expected results
No action is needed by the customer in order to access the encrypted data volume.
Known Issues for scenarios
None.
| 