Windows Server 2012 Overview Omer Palo, Readiness Specialist October, 2012

Windows Server 2012 Overview

Omer Palo, Readiness SpecialistOctober, 2012

• Deployment and Management Changes

• Active Directory Domain Services

• Hyper-V

• Remote Desktop Services

• Failover Clusters

• Networking Features

• IIS Features

Agenda

Deployment and Management

Citrix Confidential - Do Not Distribute

Server Editions

Windows Server 2012Windows 2008 R2

• Foundation

• Essentials

• Standard

• Enterprise

• Foundation

• Standard

• Web

• HPC

• Enterprise

• Datacenter

• Itanium


• Windows 8

• Windows 8 Pro

• Windows 8 Enterprise

• Windows RT

Windows 8 Editions


Deployment Options

Windows 2008 R2 Windows 2012

• Windows Server Core

• Windows Server Full

• Server Core

• Minimal GUI Server

• Full Server UI

• Desktop Experience


• Remote PowerShell is not new in Windows 2012

• WinRM 2.0 and PowerShell 2.0 could be used for remote PS execution

• WinRM was not enabled by default

• Windows Server 2012 enables WinRM by default

• It is the preferred management tools.

Remote PowerShell


New Server Manager


• Adding additional servers

Multi-Server Management


• Management tools can be launched on any server.

Multi-Server Management: GUI


Multi-Server Management: PowerShell


• Server Core is the preferred deployment option

• PowerShell and RSAT should be the management tools

• Reducing the attack surface and footprint

• Reliability and less patching

New Server Management

New Features in ADDS


• ADDS Server role installation is built on PowerShell

• Prerequisite validation is part of configuration wizard

• Adprep.exe is now part of ADDS Installation

• Configuration options can be exported

ADDS: Simplified Deployment


• Forest Functional Level• Windows Server 2012

• Domain Functional Level• Windows Server 2012

ADDS: Functional Levels

• No more DCPROMO

ADDS: No more DCPROMO


ADDS: Promoting a DC


ADDS: Forest /Domain Functional Levels


• Exporting Configuration

ADDS: Exporting Configuration


• Off-Premises Domain Join now supports DirectAccess

ADDS: Simplified Management


• Controlling access with standard ACL is difficult

• New claim-based authorization platform

• Claims can be both user and device based

• Requirements• Windows Server 2012 domain controller(s)• Windows Server 2012 file server(s)• A domain policy enabling clams-policy• Windows Server 2012 AD Administrative Center

ADDS: Dynamic Access Control Lists


• PowerShell History



• Recycle bin UI



• Password Settings UI



• AD-based Activation



• Service Accounts

• Group Managed Service Accounts



• Rolling snapshots back could cause replication issues

ADDS: Virtualizing Domain Controllers


• VM-Generated IDs provide safe restore of snapshots

ADDS: Virtualizing Domain Controllers


ADDS: Cloning Virtualizing Domain Controllers

Win2012PDC/GC

vDC1

• Add source to AD group• Execute Get-ADDClonningApplication• Execute new-ADDCCloneConfigFile

vDC2Clone


• Remote Group Policy Update– Invoke-gpupdate –computer pc1 -

force

ADDS: Group Policy


• Improved GPresult

ADDS: Group Policy


• Group Policy Infrastructure Status

• No more GPOtool.exe

ADDS: Group Policy


• What Else?– Local Group Policy Option for

WinRT Devices (BYOD)– Group Policy Client Service Idle

State– Group Policy Settings /

Preferences Support for IE10– Increased Size of Registry.pol

ADDS: Group Policy


• Global RID space per domain is now 2 billion

• Deferred Index Creation• Forest administrators can now decide when to build db indexes following

schema updates

• Kerberos Enhancements• Constrained Delegations across domains• Flexible Authentication Secure Tunneling (Kerberos Armoring)

• AD DS Claims in AD FS• AD FS v2.1 can populate SAML tokens from Kerberos Ticket directly

ADDS: Other Notable Changes

Hyper-V


System Resource Hyper-v (2008 R2) Hyper-v 2012 Imp. Factor

Host Logical Processors 64 320 5x

Physical Memory 1TB 4TB 4x

vCPU per Host 512 2048 4x

Active VMs per Host 384 1024 2.7x

VM vCPU per VM 4 64 16x

Memory per VM 64GB 1TB 16x

Guest NUMA No Yes -

Cluster Maximum Nodes 16 64 4x

Maximum VMs per Cluster 1000 4000 4x

Hyper-V: Scalability Comparison


Resource Hyper-v XenServer 6.1 vSphere /ESXi vSphere Ent.

Host Logical Processors 320 160 160 160

Physical Memory 4TB 1TB 32GB 2TB

vCPU per Host 2048 900 2048 2048

Active VMs per Host 1024 150 / 50 512 512

VM vCPU per VM 64 16 8 32

Memory per VM 1TB 128GB 32GB 1TB

Guest NUMA Yes Host Only Yes Yes

Cluster Maximum Nodes 64 16 N/A 32

Maximum VMs per Cluster

4000 800-960 N/A 3000

Hyper-V: Scalability Comparison


• Windows 8 Pro supports Hyper-V

• Minimum 4 GB RAM required

• Storage Live Migration is supported

• No guest VM license is provided

• Unsupported features:• RemoteFX• Live Migration• Hyper-V Replica• SR-IOV• Syntetic Fiber Channel

Hyper-V: Client Hyper-V


• Can utilize higher network bandwidth up 10 gigabits

• Multiple simultaneous migrations

• Clustered or standalone Hyper-v Servers (Shared Nothing Live migration)

• VMs can be stored on shared, local or SMB storage

Hyper-V: Live Migrations


• Processor on Hyper-V servers must be from same vendor

• Physical disks are not supported

• Cluster Live Migrations require cluster service and CSV configured

• SMB live migrations require permissions on SMB shares

• Shared Nothing Live Migrations require Kerberos or CredSSP

Hyper-V: Live Migration Requirements


1. If Kerberos will be used, configure constrained delegation in AD

• CIFS and Microsoft Virtual System Migration Service

2. if CredSSP will be used login to source server• Migration will fail if initiated from destination server

3. Configure Live Migration option Hyper-V Servers

4. Perform the live migration

Hyper-V: Live Migration Process (shared nothing LM)


• Allows mission critical workloads to be replicated across clusters, storage systems and sites

Hyper-V Replica

Production Site DR Site

Hyper1 Hyper2VM1VM1


• Hyper-V replica configuration options on replica server

Hyper-V Replica


• Don’t forget the Windows Firewall rules!

Hyper-V Replica


• Enabling VM replication

Hyper-V Replica


• Replica enabled VM

Hyper-V Replica


• IP settings on replica enabled VM

Hyper-V Replica


• Startup memory and memory weight are the visible features

Hyper-V: Dynamic Memory


• Smart Paging utilizes disk space as memory for VMs in case of:• VM is being restarted• There is not enough physical memory on server• No memory can be reclaimed from running VMs

• The use of paging file is temporary for about 10 minutes

• Memory over subscription relies on Windows Memory Manager, not Hyper-V

Hyper-V: Dynamic Memory


• What is SR-IOV?• It’s a technology that allows multiple operating systems to share PCI Express devices

• VMs can be directly attached to fiber or Ethernet based HBA

• Bypassing hypervisor, VMs leverage the hardware directly

Hyper-V: SR-IOV Support


• Hyper-V can utilize SMB 3.0 based shares for storage

• Advantage of SMB based shared storage•Flexible•Easier management•Cheaper!!

Hyper-V: SMB 3.0 File Share


Hyper-V: SMB 3.0 File Shares

Share

SMB Server/Cluster

Server1

Hyper-V Cluster

\\Server1\share

V M

V M


• Windows Server 2012 computer(s) with File and Storage Services

• Windows Server 2012 Hyper-V Server Role

• A common Active Directory structure.

Hyper-V: SMB 3.0 File Shares Requirements


• A solution to help provide charge back and billing options

• Network Metering• Provides fine grained metering capable of differentiating internet and intranet

traffic

• VM Metrics• Average CPU and memory usage over a period of time• Minimum and maximum memory usage• Disk space• Total incoming / outgoing per virtual NIC

Hyper-V: Resource Metering


• Enables direct fiber channel storage access from VMs

Hyper-V: Virtual Fiber Channel


• New VHDX formats allows 64 TB virtual disks

Hyper-V: VHDX Disk Format


• Protection against data corruption due to power failures• Logging updates to VHDX metadata structures

• Ability to store custom metadata

• Support for Trim functions• Requires physical disk access and Trim capable hardware

Hyper-V: VHDX Disk Format


• What is NUMA?• Non-Unified Memory Access allows applications to utilize memory in an efficient

way on multi-processor systems

• The topology of memory configuration is passed on to VMs

• Virtual workloads that can be optimized with NUMA can take advantage (i.e. SQL Server)

Hyper-V: Virtual NUMA


• Is an extensible, managed L2 switch providing network access to VMs

• Can provide tenant isolation, traffic shaping, policing and IDS/IDP solutions

• Provides built-in support for NDIS filter drivers

Hyper-V: Virtual Switch


• Built-in features•ARP /ND poisoning protection•DHCP guard protection•Port ACLs•Trunk mode to VM•Network traffic monitoring•VLANs•Bandwidth and burst limits•ENC (Explicit Congestion Notification)

Hyper-V: Virtual Switch

Remote Desktop Services


• Overhauled Management

RDS: Unified Management

RDS: Session Virtualization Deployment


• RemoteApp Properties

RDS: RemoteApp


• Web based access to RemoteApps and Desktops

RDS: Resource Access


• E-mail or URL-based discovery



• Users can access remote resources from start screen



• Remote resource management



RDS: Desktop Virtualization Deployment


RDS: Creating VDI Collection


RDS: Accessing Virtual Desktops

• Virtual Desktops are available in Start Screen


• Automatic Network Detection

• UDP Transport

• Forward Error Correction

• Fallback to TCP

• Native UDP Support for RemoteFX

RDS: RDP Improvements


• WAN Optimization

• Multi-Touch Support

• Media Streaming

• Adaptive Graphics

• DirectX 11 Support

RDP: RemoteFX Improvements

Failover Clustering


Failover Clusters: Scalability

Windows 2008 R2 Windows Server 2012

• Up to 16 nodes

• 1000 VMs per cluster

• Up to 64 nodes

• 8000 VMs per cluster

• 1024 VMs per host


• Support for BitLocker

• VSS based file backup

• SMB Multichannel and SMB Direct

• Integration with Storage Spaces

• Ability to scan and repair online volumes

Failover Clusters: CSV

Shared Storage

Metadata


Failover Clusters: Scale-Out File Servers


• Scalability

• Availability

• Compatibility

• Proactive Error identification

Failover Clusters: Resilient File System


• Updates the cluster with little or no down time

Failover Clusters: Cluster Aware UpdatesNode is placed in Maintenance

ModeRoles are moved off the Server

Installs the Updates and Restarts the

ServerBrings the Node

out of Maintenance

Mode

Restores clustered roles back to Node

Moves on to the next

Node


• Virtual Machine Monitoring

• Active Directory Integration

• Cluster Upgrade and Migration

• Task Scheduler Integration

• Windows PowerShell Support

Failover Clusters: Other New Features

Networking


• Up to 32 NICs can be bundled

Networking: NIC Teaming


Networking: NIC Teaming

NIC Teaming Modes Load Balancing Modes

• LACP

• Static Teaming

• Switch Independent

• Address Hash

• Hyper-V Port


• DHCP Replication and Failover

Networking: DHCP Server


• DHCP Policies– Vendor Class– MAC Address– Client Identifier– Relay Agent Information

Networking: DHCP Server


• DNS Server•DNSSEC related updates•PowerShell management support

• DNS Client•LLMNR are not sent via mobile or VPN connections•NETBIOS queries are not send to mobile broadband interfaces•LLMNR and NETBIOS queries are sent in parallels•Asynchronous DNS cache

Networking: DNS


• What is BranchCache

• Automatic Hosted Cache Discovery

• File Server integration

• Multiple Hosted Cache Server

Networking: BranchCache


• What is DirectAccess?

• DirectAccess and RRAS Coexistence

• No PKI Prerequisite

• DirectAccess Server Behind NAT

• Manage-out to Clients

• Multisite Support

• Server Core and Windows Server Essentials Support

Networking: DirectAccess


• IP Address Management for Address Space Management• IPAM Discovery• IPAM Address Space Management• IPAM Multi Server Management and Monitoring• IPAM Auditing

• IPAM Architecture•Distributed•Centralized

Networking: IPAM Server


• IPAM Requirements•Windows 2008 DNS, DHCP DCs only•Servers must be domain members•Supports only Windows Internal Database

• Single IPAM Server can support:•150 DHCP Servers and 500 DNS Servers•6000 DHCP Scopes and 150 DNS zones



• IPAM Manager



• Step 2: Provisioning

Networking: IPAM server


• Step 3: Discovery



• Default IP tasks


Task Name Description Frequency

DiscoveryTask Discovers DHCP and DNS Servers 1 day

AddressUtilizationCollectionTask Collects space data from DHCPs 2 hours

AuditTask Collects IP lease audit logs 1 day

ConfigurationTask Collects Configuration information 6 hours

ServerAvailabilityTask Verifies status of DHCP and DNS Servers


• Management Interface


Internet Information Services



\\Server\share

• Web Servers can access SSL certificates from a common shared folder

IIS8: Centralized SSL Certificates

Load Balanced Web Servers


• We need to install the required component first

IIS: Centralized SSL Certificates


• Enabling centralized Store



• Creating a web site with central certificate store



• Dynamically limiting CPU usage of application Pools– NoAction– KillW3wp– Throttle– ThrottleUnderLoad

IIS: CPU Throttling on Application Pools


• IP/Domain based restrictions can be dynamically applied

IIS: Dynamic IP Address Restriction


• IP Restrictions Proxy Mode

IIS: Dynamic IP Address Restriction


• Host Header Support for SSL binding

IIS: Server Name Indication


• FTP Logon Attempt Restrictions

• Application Initialization

• Multicore scaling on NUMA Hardware

IIS: Other New Features


• Citrix Receiver•Already in Windows Store

• VDI-in-a-Box• Virtual Desktop OS• Hypervisor

• Everything else •Project Excalibur•Q1 / Q2 time frame

What About Our Products


Questions?

Documents

Windows Server 2012 Overview Omer Palo, Readiness Specialist October, 2012