Windows Server 2012 Overview Omer Palo, Readiness Specialist October, 2012

Preview:

Citation preview

Windows Server 2012 Overview

Omer Palo, Readiness SpecialistOctober, 2012

• Deployment and Management Changes

• Active Directory Domain Services

• Hyper-V

• Remote Desktop Services

• Failover Clusters

• Networking Features

• IIS Features

Agenda

Deployment and Management

Citrix Confidential - Do Not Distribute

Server Editions

Windows Server 2012Windows 2008 R2

• Foundation

• Essentials

• Standard

• Enterprise

• Foundation

• Standard

• Web

• HPC

• Enterprise

• Datacenter

• Itanium

Citrix Confidential - Do Not Distribute

• Windows 8

• Windows 8 Pro

• Windows 8 Enterprise

• Windows RT

Windows 8 Editions

Citrix Confidential - Do Not Distribute

Deployment Options

Windows 2008 R2 Windows 2012

• Windows Server Core

• Windows Server Full

• Server Core

• Minimal GUI Server

• Full Server UI

• Desktop Experience

Citrix Confidential - Do Not Distribute

• Remote PowerShell is not new in Windows 2012

• WinRM 2.0 and PowerShell 2.0 could be used for remote PS execution

• WinRM was not enabled by default

• Windows Server 2012 enables WinRM by default

• It is the preferred management tools.

Remote PowerShell

Citrix Confidential - Do Not Distribute

New Server Manager

Citrix Confidential - Do Not Distribute

• Adding additional servers

Multi-Server Management

Citrix Confidential - Do Not Distribute

• Management tools can be launched on any server.

Multi-Server Management: GUI

Citrix Confidential - Do Not Distribute

Multi-Server Management: PowerShell

Citrix Confidential - Do Not Distribute

• Server Core is the preferred deployment option

• PowerShell and RSAT should be the management tools

• Reducing the attack surface and footprint

• Reliability and less patching

New Server Management

New Features in ADDS

Citrix Confidential - Do Not Distribute

• ADDS Server role installation is built on PowerShell

• Prerequisite validation is part of configuration wizard

• Adprep.exe is now part of ADDS Installation

• Configuration options can be exported

ADDS: Simplified Deployment

Citrix Confidential - Do Not Distribute

• Forest Functional Level• Windows Server 2012

• Domain Functional Level• Windows Server 2012

ADDS: Functional Levels

• No more DCPROMO

ADDS: No more DCPROMO

Citrix Confidential - Do Not Distribute

ADDS: Promoting a DC

Citrix Confidential - Do Not Distribute

ADDS: Forest /Domain Functional Levels

Citrix Confidential - Do Not Distribute

• Exporting Configuration

ADDS: Exporting Configuration

Citrix Confidential - Do Not Distribute

• Off-Premises Domain Join now supports DirectAccess

ADDS: Simplified Management

Citrix Confidential - Do Not Distribute

• Controlling access with standard ACL is difficult

• New claim-based authorization platform

• Claims can be both user and device based

• Requirements• Windows Server 2012 domain controller(s)• Windows Server 2012 file server(s)• A domain policy enabling clams-policy• Windows Server 2012 AD Administrative Center

ADDS: Dynamic Access Control Lists

Citrix Confidential - Do Not Distribute

• PowerShell History

ADDS: Simplified Management

Citrix Confidential - Do Not Distribute

• Recycle bin UI

ADDS: Simplified Management

Citrix Confidential - Do Not Distribute

• Password Settings UI

ADDS: Simplified Management

Citrix Confidential - Do Not Distribute

• AD-based Activation

ADDS: Simplified Management

Citrix Confidential - Do Not Distribute

• Service Accounts

• Group Managed Service Accounts

ADDS: Simplified Management

Citrix Confidential - Do Not Distribute

• Rolling snapshots back could cause replication issues

ADDS: Virtualizing Domain Controllers

Citrix Confidential - Do Not Distribute

• VM-Generated IDs provide safe restore of snapshots

ADDS: Virtualizing Domain Controllers

Citrix Confidential - Do Not Distribute

ADDS: Cloning Virtualizing Domain Controllers

Win2012PDC/GC

vDC1

• Add source to AD group• Execute Get-ADDClonningApplication• Execute new-ADDCCloneConfigFile

vDC2Clone

Citrix Confidential - Do Not Distribute

• Remote Group Policy Update– Invoke-gpupdate –computer pc1 -

force

ADDS: Group Policy

Citrix Confidential - Do Not Distribute

• Improved GPresult

ADDS: Group Policy

Citrix Confidential - Do Not Distribute

• Group Policy Infrastructure Status

• No more GPOtool.exe

ADDS: Group Policy

Citrix Confidential - Do Not Distribute

• What Else?– Local Group Policy Option for

WinRT Devices (BYOD)– Group Policy Client Service Idle

State– Group Policy Settings /

Preferences Support for IE10– Increased Size of Registry.pol

ADDS: Group Policy

Citrix Confidential - Do Not Distribute

• Global RID space per domain is now 2 billion

• Deferred Index Creation• Forest administrators can now decide when to build db indexes following

schema updates

• Kerberos Enhancements• Constrained Delegations across domains• Flexible Authentication Secure Tunneling (Kerberos Armoring)

• AD DS Claims in AD FS• AD FS v2.1 can populate SAML tokens from Kerberos Ticket directly

ADDS: Other Notable Changes

Hyper-V

Citrix Confidential - Do Not Distribute

System Resource Hyper-v (2008 R2) Hyper-v 2012 Imp. Factor

Host Logical Processors 64 320 5x

Physical Memory 1TB 4TB 4x

vCPU per Host 512 2048 4x

Active VMs per Host 384 1024 2.7x

VM vCPU per VM 4 64 16x

Memory per VM 64GB 1TB 16x

Guest NUMA No Yes -

Cluster Maximum Nodes 16 64 4x

Maximum VMs per Cluster 1000 4000 4x

Hyper-V: Scalability Comparison

Citrix Confidential - Do Not Distribute

Resource Hyper-v XenServer 6.1 vSphere /ESXi vSphere Ent.

Host Logical Processors 320 160 160 160

Physical Memory 4TB 1TB 32GB 2TB

vCPU per Host 2048 900 2048 2048

Active VMs per Host 1024 150 / 50 512 512

VM vCPU per VM 64 16 8 32

Memory per VM 1TB 128GB 32GB 1TB

Guest NUMA Yes Host Only Yes Yes

Cluster Maximum Nodes 64 16 N/A 32

Maximum VMs per Cluster

4000 800-960 N/A 3000

Hyper-V: Scalability Comparison

Citrix Confidential - Do Not Distribute

• Windows 8 Pro supports Hyper-V

• Minimum 4 GB RAM required

• Storage Live Migration is supported

• No guest VM license is provided

• Unsupported features:• RemoteFX• Live Migration• Hyper-V Replica• SR-IOV• Syntetic Fiber Channel

Hyper-V: Client Hyper-V

Citrix Confidential - Do Not Distribute

• Can utilize higher network bandwidth up 10 gigabits

• Multiple simultaneous migrations

• Clustered or standalone Hyper-v Servers (Shared Nothing Live migration)

• VMs can be stored on shared, local or SMB storage

Hyper-V: Live Migrations

Citrix Confidential - Do Not Distribute

• Processor on Hyper-V servers must be from same vendor

• Physical disks are not supported

• Cluster Live Migrations require cluster service and CSV configured

• SMB live migrations require permissions on SMB shares

• Shared Nothing Live Migrations require Kerberos or CredSSP

Hyper-V: Live Migration Requirements

Citrix Confidential - Do Not Distribute

1. If Kerberos will be used, configure constrained delegation in AD

• CIFS and Microsoft Virtual System Migration Service

2. if CredSSP will be used login to source server• Migration will fail if initiated from destination server

3. Configure Live Migration option Hyper-V Servers

4. Perform the live migration

Hyper-V: Live Migration Process (shared nothing LM)

Citrix Confidential - Do Not Distribute

• Allows mission critical workloads to be replicated across clusters, storage systems and sites

Hyper-V Replica

Production Site DR Site

Hyper1 Hyper2VM1VM1

Citrix Confidential - Do Not Distribute

• Hyper-V replica configuration options on replica server

Hyper-V Replica

Citrix Confidential - Do Not Distribute

• Don’t forget the Windows Firewall rules!

Hyper-V Replica

Citrix Confidential - Do Not Distribute

• Enabling VM replication

Hyper-V Replica

Citrix Confidential - Do Not Distribute

• Replica enabled VM

Hyper-V Replica

Citrix Confidential - Do Not Distribute

• IP settings on replica enabled VM

Hyper-V Replica

Citrix Confidential - Do Not Distribute

• Startup memory and memory weight are the visible features

Hyper-V: Dynamic Memory

Citrix Confidential - Do Not Distribute

• Smart Paging utilizes disk space as memory for VMs in case of:• VM is being restarted• There is not enough physical memory on server• No memory can be reclaimed from running VMs

• The use of paging file is temporary for about 10 minutes

• Memory over subscription relies on Windows Memory Manager, not Hyper-V

Hyper-V: Dynamic Memory

Citrix Confidential - Do Not Distribute

• What is SR-IOV?• It’s a technology that allows multiple operating systems to share PCI Express devices

• VMs can be directly attached to fiber or Ethernet based HBA

• Bypassing hypervisor, VMs leverage the hardware directly

Hyper-V: SR-IOV Support

Citrix Confidential - Do Not Distribute

• Hyper-V can utilize SMB 3.0 based shares for storage

• Advantage of SMB based shared storage•Flexible•Easier management•Cheaper!!

Hyper-V: SMB 3.0 File Share

Citrix Confidential - Do Not Distribute

Hyper-V: SMB 3.0 File Shares

Share

SMB Server/Cluster

Server1

Hyper-V Cluster

\\Server1\share

V M

V M

Citrix Confidential - Do Not Distribute

• Windows Server 2012 computer(s) with File and Storage Services

• Windows Server 2012 Hyper-V Server Role

• A common Active Directory structure.

Hyper-V: SMB 3.0 File Shares Requirements

Citrix Confidential - Do Not Distribute

• A solution to help provide charge back and billing options

• Network Metering• Provides fine grained metering capable of differentiating internet and intranet

traffic

• VM Metrics• Average CPU and memory usage over a period of time• Minimum and maximum memory usage• Disk space• Total incoming / outgoing per virtual NIC

Hyper-V: Resource Metering

Citrix Confidential - Do Not Distribute

• Enables direct fiber channel storage access from VMs

Hyper-V: Virtual Fiber Channel

Citrix Confidential - Do Not Distribute

• New VHDX formats allows 64 TB virtual disks

Hyper-V: VHDX Disk Format

Citrix Confidential - Do Not Distribute

• Protection against data corruption due to power failures• Logging updates to VHDX metadata structures

• Ability to store custom metadata

• Support for Trim functions• Requires physical disk access and Trim capable hardware

Hyper-V: VHDX Disk Format

Citrix Confidential - Do Not Distribute

• What is NUMA?• Non-Unified Memory Access allows applications to utilize memory in an efficient

way on multi-processor systems

• The topology of memory configuration is passed on to VMs

• Virtual workloads that can be optimized with NUMA can take advantage (i.e. SQL Server)

Hyper-V: Virtual NUMA

Citrix Confidential - Do Not Distribute

• Is an extensible, managed L2 switch providing network access to VMs

• Can provide tenant isolation, traffic shaping, policing and IDS/IDP solutions

• Provides built-in support for NDIS filter drivers

Hyper-V: Virtual Switch

Citrix Confidential - Do Not Distribute

• Built-in features•ARP /ND poisoning protection•DHCP guard protection•Port ACLs•Trunk mode to VM•Network traffic monitoring•VLANs•Bandwidth and burst limits•ENC (Explicit Congestion Notification)

Hyper-V: Virtual Switch

Remote Desktop Services

Citrix Confidential - Do Not Distribute

• Overhauled Management

RDS: Unified Management

RDS: Session Virtualization Deployment

Citrix Confidential - Do Not Distribute

• RemoteApp Properties

RDS: RemoteApp

Citrix Confidential - Do Not Distribute

• Web based access to RemoteApps and Desktops

RDS: Resource Access

Citrix Confidential - Do Not Distribute

• E-mail or URL-based discovery

RDS: Resource Access

Citrix Confidential - Do Not Distribute

• Users can access remote resources from start screen

RDS: Resource Access

Citrix Confidential - Do Not Distribute

• Remote resource management

RDS: Resource Access

Citrix Confidential - Do Not Distribute

RDS: Desktop Virtualization Deployment

Citrix Confidential - Do Not Distribute

RDS: Creating VDI Collection

Citrix Confidential - Do Not Distribute

RDS: Accessing Virtual Desktops

• Virtual Desktops are available in Start Screen

Citrix Confidential - Do Not Distribute

• Automatic Network Detection

• UDP Transport

• Forward Error Correction

• Fallback to TCP

• Native UDP Support for RemoteFX

RDS: RDP Improvements

Citrix Confidential - Do Not Distribute

• WAN Optimization

• Multi-Touch Support

• Media Streaming

• Adaptive Graphics

• DirectX 11 Support

RDP: RemoteFX Improvements

Failover Clustering

Citrix Confidential - Do Not Distribute

Failover Clusters: Scalability

Windows 2008 R2 Windows Server 2012

• Up to 16 nodes

• 1000 VMs per cluster

• Up to 64 nodes

• 8000 VMs per cluster

• 1024 VMs per host

Citrix Confidential - Do Not Distribute

• Support for BitLocker

• VSS based file backup

• SMB Multichannel and SMB Direct

• Integration with Storage Spaces

• Ability to scan and repair online volumes

Failover Clusters: CSV

Shared Storage

Metadata

Citrix Confidential - Do Not Distribute

Failover Clusters: Scale-Out File Servers

Citrix Confidential - Do Not Distribute

• Scalability

• Availability

• Compatibility

• Proactive Error identification

Failover Clusters: Resilient File System

Citrix Confidential - Do Not Distribute

• Updates the cluster with little or no down time

Failover Clusters: Cluster Aware UpdatesNode is placed in Maintenance

ModeRoles are moved off the Server

Installs the Updates and Restarts the

ServerBrings the Node

out of Maintenance

Mode

Restores clustered roles back to Node

Moves on to the next

Node

Citrix Confidential - Do Not Distribute

• Virtual Machine Monitoring

• Active Directory Integration

• Cluster Upgrade and Migration

• Task Scheduler Integration

• Windows PowerShell Support

Failover Clusters: Other New Features

Networking

Citrix Confidential - Do Not Distribute

• Up to 32 NICs can be bundled

Networking: NIC Teaming

Citrix Confidential - Do Not Distribute

Networking: NIC Teaming

NIC Teaming Modes Load Balancing Modes

• LACP

• Static Teaming

• Switch Independent

• Address Hash

• Hyper-V Port

Citrix Confidential - Do Not Distribute

• DHCP Replication and Failover

Networking: DHCP Server

Citrix Confidential - Do Not Distribute

• DHCP Policies– Vendor Class– MAC Address– Client Identifier– Relay Agent Information

Networking: DHCP Server

Citrix Confidential - Do Not Distribute

• DNS Server•DNSSEC related updates•PowerShell management support

• DNS Client•LLMNR are not sent via mobile or VPN connections•NETBIOS queries are not send to mobile broadband interfaces•LLMNR and NETBIOS queries are sent in parallels•Asynchronous DNS cache

Networking: DNS

Citrix Confidential - Do Not Distribute

• What is BranchCache

• Automatic Hosted Cache Discovery

• File Server integration

• Multiple Hosted Cache Server

Networking: BranchCache

Citrix Confidential - Do Not Distribute

• What is DirectAccess?

• DirectAccess and RRAS Coexistence

• No PKI Prerequisite

• DirectAccess Server Behind NAT

• Manage-out to Clients

• Multisite Support

• Server Core and Windows Server Essentials Support

Networking: DirectAccess

Citrix Confidential - Do Not Distribute

• IP Address Management for Address Space Management• IPAM Discovery• IPAM Address Space Management• IPAM Multi Server Management and Monitoring• IPAM Auditing

• IPAM Architecture•Distributed•Centralized

Networking: IPAM Server

Citrix Confidential - Do Not Distribute

• IPAM Requirements•Windows 2008 DNS, DHCP DCs only•Servers must be domain members•Supports only Windows Internal Database

• Single IPAM Server can support:•150 DHCP Servers and 500 DNS Servers•6000 DHCP Scopes and 150 DNS zones

Networking: IPAM Server

Citrix Confidential - Do Not Distribute

• IPAM Manager

Networking: IPAM Server

Citrix Confidential - Do Not Distribute

• Step 2: Provisioning

Networking: IPAM server

Citrix Confidential - Do Not Distribute

• Step 3: Discovery

Networking: IPAM Server

Citrix Confidential - Do Not Distribute

• Default IP tasks

Networking: IPAM Server

Task Name Description Frequency

DiscoveryTask Discovers DHCP and DNS Servers 1 day

AddressUtilizationCollectionTask Collects space data from DHCPs 2 hours

AuditTask Collects IP lease audit logs 1 day

ConfigurationTask Collects Configuration information 6 hours

ServerAvailabilityTask Verifies status of DHCP and DNS Servers

Citrix Confidential - Do Not Distribute

• Management Interface

Networking: IPAM Server

Internet Information Services

Citrix Confidential - Do Not Distribute

Citrix Confidential - Do Not Distribute

\\Server\share

• Web Servers can access SSL certificates from a common shared folder

IIS8: Centralized SSL Certificates

Load Balanced Web Servers

Citrix Confidential - Do Not Distribute

• We need to install the required component first

IIS: Centralized SSL Certificates

Citrix Confidential - Do Not Distribute

• Enabling centralized Store

IIS: Centralized SSL Certificates

Citrix Confidential - Do Not Distribute

• Creating a web site with central certificate store

IIS: Centralized SSL Certificates

Citrix Confidential - Do Not Distribute

• Dynamically limiting CPU usage of application Pools– NoAction– KillW3wp– Throttle– ThrottleUnderLoad

IIS: CPU Throttling on Application Pools

Citrix Confidential - Do Not Distribute

• IP/Domain based restrictions can be dynamically applied

IIS: Dynamic IP Address Restriction

Citrix Confidential - Do Not Distribute

• IP Restrictions Proxy Mode

IIS: Dynamic IP Address Restriction

Citrix Confidential - Do Not Distribute

• Host Header Support for SSL binding

IIS: Server Name Indication

Citrix Confidential - Do Not Distribute

• FTP Logon Attempt Restrictions

• Application Initialization

• Multicore scaling on NUMA Hardware

IIS: Other New Features

Citrix Confidential - Do Not Distribute

• Citrix Receiver•Already in Windows Store

• VDI-in-a-Box• Virtual Desktop OS• Hypervisor

• Everything else •Project Excalibur•Q1 / Q2 time frame

What About Our Products

Citrix Confidential - Do Not Distribute

Questions?

Recommended