Windows Server 2012:New Features

Administering Servers with Server Manager

Using Server Manager, you can:

• Manage multiple servers from one instance of Server Manager

• Deploy roles and features to remote servers

• Generate Windows PowerShell scripts for actions performed in Server Manager

• Group servers

• View the status of all servers from a single location

• Determine whether roles on the network are functioning efficiently

Adding and Removing Roles and Features

• Remotely deploy roles and features

• Add roles and features to virtual hard disks even if the virtual machine is turned off

Using Windows PowerShell in Windows Server 2012

The new PowerShell Integrated Scripting Engine provides:

• Integrated help – enables you to search for Windows PowerShell cmdlets if you know a few characters in their name.

• IntelliSense - which suggests values as you type and prompts you for parameter values.

Removing and Restoring the Graphical Interface

• Benefits of Using Server Core Reduced update requirements.

Reduced hardware footprint.

• Graphical shell is now a feature. Can be turned off and back on again

• Server Core Installation Options Server Core. The standard deployment of Server Core. It is possible to convert

to the full version of Windows Server 2012.

Server Core with Management. This works the same as a deployment of Windows Server 2012 with the graphical component, except that the graphical components are not installed.

Important New FeaturesNew features of AD DS:

• New deployment methods

• Simplified administration

• Virtualized domain controllers

• Active Directory module for PowerShell

• Windows PowerShell History Viewer

• Active Directory Based Activation

Active Directory Recycle BinThe Active Directory Recycle Bin:

• Cannot be disabled once it is enabled• Now has a user interface to simplify restoration of objects

• Is enabled and accessed through the Active Directory Administration Center

• Cannot restore sub-trees of object in a single operation

• Requires the forest level be at least Windows Server 2008 R2

• Requires Enterprise Admins • Increases the size of the Active Directory database• Objects are preserved in the recycle bin for a configurable period, which is 180 days by default

• Deleted objects can be viewed in the Active Directory Administrative Center console

• Objects can be restored by selecting them and choosing Restore

Improvements to Domain Controller Virtualization

You can safely clone existing virtual domain controllers by:

• Creating a DcCloneConfig.xml file and storing it in the AD DS database location.

• Taking the VDC offline and exporting it.

• Creating a new virtual machine by importing the exported VDC.

DcCloneConfig.xml to AD DS database location

Export the VDC

Import the VDC

Group Managed Service AccountsGroup Managed Service Accounts provide:

• Automatic password and SPN management to multiple servers in a farm

• A single identity for services running on a farm

Group managed service account

Farm server1

Farm server2

Farm server3

Introduction to Dynamic Access Control• Dynamic Access Control provides :

Data classification

Access control to files

Auditing of access to files

Optional RMS protection integration

• Give users access to file system objects based on their attributes in AD DS and the Classification of the file system object

Finance Finance

What are Identity, Claims, and Central Access Policy?

• Identity is information provided from a trusted source about an entity

• Claims are statements made by AD DS about specific user or computer objects

• Central Access Policy contains one or more Central Access Policy rules which determine applicability and permissions

Overview of How to Implement Dynamic Access Control

Task Purpose

Enable support in AD DS To enable AD DS to apply Dynamic Access Control

Create and configure user and device claims

To identify attributes that will be used in Dynamic Access Control

Create resource property definitions To identify resource properties that will be used in conditional expression

Classify files To automatically set values on properties

Create Central Access Rules To define scope and conditional expressions

Create Central Access Policy To group Central Access Rules and act as a safety net over resources

New Storage Features in Windows Server 2012

• Multi-terabyte volumes

• Data deduplication

• Storage Spaces and Storage Pools

• Unified remote management of File and Storage Services in Server Manager.

• Server Message Block 3.0

• iSCSI Target server

• Resilient System

• Scale-Out File Server

• Windows PowerShell cmdlets for File and Storage Services

Storage Spaces

To create a virtual disk, you need the following:• One or more physical disks• Storage pool that includes the disks• Virtual drives (or storage spaces) that are created with disks from the storage pool

• Disk drives that are based on virtual drives

You can use storage spaces to add physical disks of any type and size to a storage pool and create highly-available virtual disks from it

Virtual drives are not virtual hard disks; they should be considered as a drive in Disk Manager

Physical Disks

Storage Pool

Virtual Disk

Disk Drive

What is SMB 3.0?High SpeedHigh Speed

SMB Multi-ChannelSMB Multi-Channel

SMB DirectSMB Direct

SMB EncryptionSMB Encryption

iSCSI TargetThe iSCSI initiator:

• Runs as a service in the operating system

• Installed by default on Windows 8 and Windows Server 2012; just needs to be started

The iSCSI target server:• Is available as role service in Windows Server

2012

• Provides the following features:

Network/diskless boot

Server application storage

Heterogeneous storage

Lab environments

Data DeduplicationData deduplication identifies and removes duplications within data without compromising its integrity or fidelity with the ultimate goal to store more data on less space

You should consider using deduplication for the following areas:

File Shares Software Deployment Shares

VHD Libraries

BranchCache Improvements• BranchCache caches data from head office to branch office, reducing network bandwidth and improving performance at the branch office

• BranchCache improvements in Windows Server 2012 include:• Performance

• Performance is improved through chunking improvements and caching starting sooner.

• Manageability• Manageability is improved through more

straightforward deployment and PowerShell integration.

• Scalability• Scalability is improved by supporting multi-terabyte

caches

Windows Azure Online Backup• Back up to the cloud• Uses Windows Server Backup• Extensible to enable third-party providers

What Is DirectAccess? Connects automatically to the corporate network over the

public network Uses various protocols, including HTTPS, to establish IPv6

connectivity Supports selected server access and IPSec authentication Supports end-to-end authentication and encryption Supports management of remote client computers Allows remote users to connect directly to intranet servers

Features of DirectAccess

Always-on connectivity Seamless connectivity Bidirectional access Manage-out Support Improved security Integrated solution

Benefits of DirectAccess

Improved ManagementImproved DirectAccess management includes: Rich monitoring of client computers DirectAccess and RRAS coexistence Accounting and reporting Windows PowerShell and Server Core support Unified management wizard and tools

Simplified Deployment

Express setup for small and medium deployment

Works with existing infrastructure IPv6 for internal network is not

required Single NIC adapter Single IP address

Simplified DirectAccess deployment:

Performance and Scalability Improvements

Performance and scalability improvements: Support for high availability and

external load balancers Improved support for RSS running in

virtual machines IP-HTTPS interoperability and

performance improvements Lower bandwidth utilization Streamlined encryption

New Deployment ScenariosNew deployment scenarios:

Deploy multiple endpoints through the world

Global unified management through single console

Deploy a server behind a NAT Support for one-time password and

virtual smart cards Off premise provisioning

Overview of Networking Changes

• DNSSEC

• DHCP

• Data Center Bridging

• NIC Teaming

• IIS

DNSSEC Improvements• New Resource records defined in Windows Server 2012

DNSKEY

DS

RRSIG

NSEC3

• Trusted Anchor In DNS it is the DNSKEY resource record or DS resource record hash of DNSKEY

resource record. Clients use these records to build trust chains.

• Name Resolution Policy Table Contains rules that control how DNS clients validate responses.

DHCP Improvements• DHCP name protection can be configured in properties at the IP

level or scope level

DHCP Limitations WS 2012 solution

Failure of DHCP will result in loss of network connectivity for clients

DHCP failover

Windows systems can have their DNS name registrations overwritten by non-Microsoft systems bearing the same system name

DHCP name protection

Data Center Bridging• Reserves bandwidth by the type of network traffic

• Requires DCB-capable NICs

Bandwidth Reservation: Live Migration Media Streaming Video Conferencing

NIC Improvements

NIC Teaming NIC Teaming

Consistent Device Naming Consistent Device NamingNIC 1

IIS 8• Application Initialization

• Centralized SSL Certificate Support: SSL Scalability and Manageability

• CPU Throttling: Sand-boxing Sites and Applications

• Dynamic IP Address Restrictions

• FTP Logon Attempt Restrictions

• Multicore Scaling on NUMA Hardware

• Server Name Indication (SNI): SSL Scalability

• WebSocket Protocol Support

What Is IPAM?

IP administration area Description

Planning Reduces the time and expense of the planning process when changes occur in the network

ManagingProvides a single point of management and assists in optimizing utilization and capacity planning for DHCP and DNS

Tracking Enables tracking and forecasting of IP address utilization

AuditingAssists with compliance requirements and provides reporting for forensics and change management

IPAM facilitates IP management in organizations with complex networks by enabling administration and monitoring of DHCP and DNS

IPAM Functions and Architecture• IPAM discovery

• IPAM address space management

• Multiserver management and monitoring

• Operational auditing and IP address tracking

IPAM provides four main functions:

• Distributed

• Centralized

• Hybrid

You can deploy IPAM in the following topologies:

Address Space Management

• IP address blocks

• IP address ranges

• IP addresses

• IP inventory

• IP address range groups

You can view and manage the IP address space using the following views:

• DNS and DHCP servers

• DHCP scopes

• DNS zone monitoring

• Server groups

You can monitor the IP address space using the following views:

Features of VHDX File Format• Virtual hard disks can be as large as 64 terabyte

• File structure minimizes the chance that the disk will become corrupt if the host server experiences a power outage

• VHDX supports better alignment when deployed to a large sector disk

• Allows larger block size for dynamic and differencing disks, which provides better performance for these workloads

VHDX

Hyper-V over SMB

SMB 3.0:• Configuration files

• Snapshot files

• Virtual hard disk files (in VHD or VHDX format)

Windows Server 2012 introduces SMB 3.0

Offloaded Data TransferODX functionality benefits Hyper-V operations such as:

• Secure offload data transfer

• Fixed VHD/VHDX creation

• Dynamic VHD/VHDX expansion

• VHD/VHDX merge

• Live Storage migration

Changes in Hyper-V Networking• Network virtualization

• Bandwidth management

• DHCP guard

• Router guard

• Port mirroring

• NIC teaming

• Virtual Machine Queue

• IPsec task offloading

• SR-IOV

Virtual SwitchesVirtual switches are virtual devices that you can manage through the Virtual Switch Manager

Hyper-V Network Virtualization

Physical server

Blue VM Red VMVirtualization

Physical network

Servers

Switches

Blue network Red network

Network virtualization runs multiple virtual networks on a physical network

Server virtualization runs multiple virtual servers on a physical server

Choosing Between Host and Guest Clustering

High availability options

Description

Host clustering • Virtual machines are highly available

• Does not require virtual machine operating system or application to be cluster aware

Guest clustering

• Virtual machines are failover cluster nodes

• Virtual machine applications must be cluster aware

• Requires iSCSI or virtual fiber channel interface for shared storage connections

NLB • Virtual machines are NLB cluster nodes

• Use for web-based applications

What Is New in Failover Clustering?

• Support for up to 4,000 virtual machines per cluster

• Multi select virtual machines for Live Migration

• Virtual machine priority attribute• CSV improvements• Virtual machine application monitoring• Storing virtual machines on highly available SMB file share

VM Monitoring

VM Monitoring Guest Clustering

Application health monitoring

Proactive application monitoring

Application mobility

Simplified configuration

Event monitoring

Options for Virtual Machine MigrationAvailable options for moving virtual machines are:• Virtual machine and storage migration• Quick Migration• Export/Import of a virtual machine

How Does Virtual Machine and Storage Migration Work?

Storage Migration technology enables you to move a virtual machine and its storage to another location without downtime.

• During migration the virtual machine hard drive is copied from one location to another

• Changes are written to both source and destination drives

• You can move virtual machine storage to same host, another host, or server message block share

• Storage and virtual machine configuration can be in different locations

How Live Migration WorksThe Live Migration process consists of four steps:1. Migration setup2. Guest-memory transfer3. State transfer4. Clean up

Overview of Hyper-V ReplicaHyper-V Replica enables you to replicate a single virtual machine over WAN or LAN network to another hostHyper-V Replica components:• Replication Engine• Change Tracking• Network Module• Hyper-V Replica Broker role