Windows Server 2012 Overview Omer Palo, Readiness Specialist October, 2012.
-
Upload
evelyn-tobias-spencer -
Category
Documents
-
view
225 -
download
4
Transcript of Windows Server 2012 Overview Omer Palo, Readiness Specialist October, 2012.
Windows Server 2012 Overview
Omer Palo, Readiness SpecialistOctober, 2012
• Deployment and Management Changes
• Active Directory Domain Services
• Hyper-V
• Remote Desktop Services
• Failover Clusters
• Networking Features
• IIS Features
Agenda
Deployment and Management
Citrix Confidential - Do Not Distribute
Server Editions
Windows Server 2012Windows 2008 R2
• Foundation
• Essentials
• Standard
• Enterprise
• Foundation
• Standard
• Web
• HPC
• Enterprise
• Datacenter
• Itanium
Citrix Confidential - Do Not Distribute
• Windows 8
• Windows 8 Pro
• Windows 8 Enterprise
• Windows RT
Windows 8 Editions
Citrix Confidential - Do Not Distribute
Deployment Options
Windows 2008 R2 Windows 2012
• Windows Server Core
• Windows Server Full
• Server Core
• Minimal GUI Server
• Full Server UI
• Desktop Experience
Citrix Confidential - Do Not Distribute
• Remote PowerShell is not new in Windows 2012
• WinRM 2.0 and PowerShell 2.0 could be used for remote PS execution
• WinRM was not enabled by default
• Windows Server 2012 enables WinRM by default
• It is the preferred management tools.
Remote PowerShell
Citrix Confidential - Do Not Distribute
New Server Manager
Citrix Confidential - Do Not Distribute
• Adding additional servers
Multi-Server Management
Citrix Confidential - Do Not Distribute
• Management tools can be launched on any server.
Multi-Server Management: GUI
Citrix Confidential - Do Not Distribute
Multi-Server Management: PowerShell
Citrix Confidential - Do Not Distribute
• Server Core is the preferred deployment option
• PowerShell and RSAT should be the management tools
• Reducing the attack surface and footprint
• Reliability and less patching
New Server Management
New Features in ADDS
Citrix Confidential - Do Not Distribute
• ADDS Server role installation is built on PowerShell
• Prerequisite validation is part of configuration wizard
• Adprep.exe is now part of ADDS Installation
• Configuration options can be exported
ADDS: Simplified Deployment
Citrix Confidential - Do Not Distribute
• Forest Functional Level• Windows Server 2012
• Domain Functional Level• Windows Server 2012
ADDS: Functional Levels
• No more DCPROMO
ADDS: No more DCPROMO
Citrix Confidential - Do Not Distribute
ADDS: Promoting a DC
Citrix Confidential - Do Not Distribute
ADDS: Forest /Domain Functional Levels
Citrix Confidential - Do Not Distribute
• Exporting Configuration
ADDS: Exporting Configuration
Citrix Confidential - Do Not Distribute
• Off-Premises Domain Join now supports DirectAccess
ADDS: Simplified Management
Citrix Confidential - Do Not Distribute
• Controlling access with standard ACL is difficult
• New claim-based authorization platform
• Claims can be both user and device based
• Requirements• Windows Server 2012 domain controller(s)• Windows Server 2012 file server(s)• A domain policy enabling clams-policy• Windows Server 2012 AD Administrative Center
ADDS: Dynamic Access Control Lists
Citrix Confidential - Do Not Distribute
• PowerShell History
ADDS: Simplified Management
Citrix Confidential - Do Not Distribute
• Recycle bin UI
ADDS: Simplified Management
Citrix Confidential - Do Not Distribute
• Password Settings UI
ADDS: Simplified Management
Citrix Confidential - Do Not Distribute
• AD-based Activation
ADDS: Simplified Management
Citrix Confidential - Do Not Distribute
• Service Accounts
• Group Managed Service Accounts
ADDS: Simplified Management
Citrix Confidential - Do Not Distribute
• Rolling snapshots back could cause replication issues
ADDS: Virtualizing Domain Controllers
Citrix Confidential - Do Not Distribute
• VM-Generated IDs provide safe restore of snapshots
ADDS: Virtualizing Domain Controllers
Citrix Confidential - Do Not Distribute
ADDS: Cloning Virtualizing Domain Controllers
Win2012PDC/GC
vDC1
• Add source to AD group• Execute Get-ADDClonningApplication• Execute new-ADDCCloneConfigFile
vDC2Clone
Citrix Confidential - Do Not Distribute
• Remote Group Policy Update– Invoke-gpupdate –computer pc1 -
force
ADDS: Group Policy
Citrix Confidential - Do Not Distribute
• Improved GPresult
ADDS: Group Policy
Citrix Confidential - Do Not Distribute
• Group Policy Infrastructure Status
• No more GPOtool.exe
ADDS: Group Policy
Citrix Confidential - Do Not Distribute
• What Else?– Local Group Policy Option for
WinRT Devices (BYOD)– Group Policy Client Service Idle
State– Group Policy Settings /
Preferences Support for IE10– Increased Size of Registry.pol
ADDS: Group Policy
Citrix Confidential - Do Not Distribute
• Global RID space per domain is now 2 billion
• Deferred Index Creation• Forest administrators can now decide when to build db indexes following
schema updates
• Kerberos Enhancements• Constrained Delegations across domains• Flexible Authentication Secure Tunneling (Kerberos Armoring)
• AD DS Claims in AD FS• AD FS v2.1 can populate SAML tokens from Kerberos Ticket directly
ADDS: Other Notable Changes
Hyper-V
Citrix Confidential - Do Not Distribute
System Resource Hyper-v (2008 R2) Hyper-v 2012 Imp. Factor
Host Logical Processors 64 320 5x
Physical Memory 1TB 4TB 4x
vCPU per Host 512 2048 4x
Active VMs per Host 384 1024 2.7x
VM vCPU per VM 4 64 16x
Memory per VM 64GB 1TB 16x
Guest NUMA No Yes -
Cluster Maximum Nodes 16 64 4x
Maximum VMs per Cluster 1000 4000 4x
Hyper-V: Scalability Comparison
Citrix Confidential - Do Not Distribute
Resource Hyper-v XenServer 6.1 vSphere /ESXi vSphere Ent.
Host Logical Processors 320 160 160 160
Physical Memory 4TB 1TB 32GB 2TB
vCPU per Host 2048 900 2048 2048
Active VMs per Host 1024 150 / 50 512 512
VM vCPU per VM 64 16 8 32
Memory per VM 1TB 128GB 32GB 1TB
Guest NUMA Yes Host Only Yes Yes
Cluster Maximum Nodes 64 16 N/A 32
Maximum VMs per Cluster
4000 800-960 N/A 3000
Hyper-V: Scalability Comparison
Citrix Confidential - Do Not Distribute
• Windows 8 Pro supports Hyper-V
• Minimum 4 GB RAM required
• Storage Live Migration is supported
• No guest VM license is provided
• Unsupported features:• RemoteFX• Live Migration• Hyper-V Replica• SR-IOV• Syntetic Fiber Channel
Hyper-V: Client Hyper-V
Citrix Confidential - Do Not Distribute
• Can utilize higher network bandwidth up 10 gigabits
• Multiple simultaneous migrations
• Clustered or standalone Hyper-v Servers (Shared Nothing Live migration)
• VMs can be stored on shared, local or SMB storage
Hyper-V: Live Migrations
Citrix Confidential - Do Not Distribute
• Processor on Hyper-V servers must be from same vendor
• Physical disks are not supported
• Cluster Live Migrations require cluster service and CSV configured
• SMB live migrations require permissions on SMB shares
• Shared Nothing Live Migrations require Kerberos or CredSSP
Hyper-V: Live Migration Requirements
Citrix Confidential - Do Not Distribute
1. If Kerberos will be used, configure constrained delegation in AD
• CIFS and Microsoft Virtual System Migration Service
2. if CredSSP will be used login to source server• Migration will fail if initiated from destination server
3. Configure Live Migration option Hyper-V Servers
4. Perform the live migration
Hyper-V: Live Migration Process (shared nothing LM)
Citrix Confidential - Do Not Distribute
• Allows mission critical workloads to be replicated across clusters, storage systems and sites
Hyper-V Replica
Production Site DR Site
Hyper1 Hyper2VM1VM1
Citrix Confidential - Do Not Distribute
• Hyper-V replica configuration options on replica server
Hyper-V Replica
Citrix Confidential - Do Not Distribute
• Don’t forget the Windows Firewall rules!
Hyper-V Replica
Citrix Confidential - Do Not Distribute
• Enabling VM replication
Hyper-V Replica
Citrix Confidential - Do Not Distribute
• Replica enabled VM
Hyper-V Replica
Citrix Confidential - Do Not Distribute
• IP settings on replica enabled VM
Hyper-V Replica
Citrix Confidential - Do Not Distribute
• Startup memory and memory weight are the visible features
Hyper-V: Dynamic Memory
Citrix Confidential - Do Not Distribute
• Smart Paging utilizes disk space as memory for VMs in case of:• VM is being restarted• There is not enough physical memory on server• No memory can be reclaimed from running VMs
• The use of paging file is temporary for about 10 minutes
• Memory over subscription relies on Windows Memory Manager, not Hyper-V
Hyper-V: Dynamic Memory
Citrix Confidential - Do Not Distribute
• What is SR-IOV?• It’s a technology that allows multiple operating systems to share PCI Express devices
• VMs can be directly attached to fiber or Ethernet based HBA
• Bypassing hypervisor, VMs leverage the hardware directly
Hyper-V: SR-IOV Support
Citrix Confidential - Do Not Distribute
• Hyper-V can utilize SMB 3.0 based shares for storage
• Advantage of SMB based shared storage•Flexible•Easier management•Cheaper!!
Hyper-V: SMB 3.0 File Share
Citrix Confidential - Do Not Distribute
Hyper-V: SMB 3.0 File Shares
Share
SMB Server/Cluster
Server1
Hyper-V Cluster
\\Server1\share
V M
V M
Citrix Confidential - Do Not Distribute
• Windows Server 2012 computer(s) with File and Storage Services
• Windows Server 2012 Hyper-V Server Role
• A common Active Directory structure.
Hyper-V: SMB 3.0 File Shares Requirements
Citrix Confidential - Do Not Distribute
• A solution to help provide charge back and billing options
• Network Metering• Provides fine grained metering capable of differentiating internet and intranet
traffic
• VM Metrics• Average CPU and memory usage over a period of time• Minimum and maximum memory usage• Disk space• Total incoming / outgoing per virtual NIC
Hyper-V: Resource Metering
Citrix Confidential - Do Not Distribute
• Enables direct fiber channel storage access from VMs
Hyper-V: Virtual Fiber Channel
Citrix Confidential - Do Not Distribute
• New VHDX formats allows 64 TB virtual disks
Hyper-V: VHDX Disk Format
Citrix Confidential - Do Not Distribute
• Protection against data corruption due to power failures• Logging updates to VHDX metadata structures
• Ability to store custom metadata
• Support for Trim functions• Requires physical disk access and Trim capable hardware
Hyper-V: VHDX Disk Format
Citrix Confidential - Do Not Distribute
• What is NUMA?• Non-Unified Memory Access allows applications to utilize memory in an efficient
way on multi-processor systems
• The topology of memory configuration is passed on to VMs
• Virtual workloads that can be optimized with NUMA can take advantage (i.e. SQL Server)
Hyper-V: Virtual NUMA
Citrix Confidential - Do Not Distribute
• Is an extensible, managed L2 switch providing network access to VMs
• Can provide tenant isolation, traffic shaping, policing and IDS/IDP solutions
• Provides built-in support for NDIS filter drivers
Hyper-V: Virtual Switch
Citrix Confidential - Do Not Distribute
• Built-in features•ARP /ND poisoning protection•DHCP guard protection•Port ACLs•Trunk mode to VM•Network traffic monitoring•VLANs•Bandwidth and burst limits•ENC (Explicit Congestion Notification)
Hyper-V: Virtual Switch
Remote Desktop Services
Citrix Confidential - Do Not Distribute
• Overhauled Management
RDS: Unified Management
RDS: Session Virtualization Deployment
Citrix Confidential - Do Not Distribute
• RemoteApp Properties
RDS: RemoteApp
Citrix Confidential - Do Not Distribute
• Web based access to RemoteApps and Desktops
RDS: Resource Access
Citrix Confidential - Do Not Distribute
• E-mail or URL-based discovery
RDS: Resource Access
Citrix Confidential - Do Not Distribute
• Users can access remote resources from start screen
RDS: Resource Access
Citrix Confidential - Do Not Distribute
• Remote resource management
RDS: Resource Access
Citrix Confidential - Do Not Distribute
RDS: Desktop Virtualization Deployment
Citrix Confidential - Do Not Distribute
RDS: Creating VDI Collection
Citrix Confidential - Do Not Distribute
RDS: Accessing Virtual Desktops
• Virtual Desktops are available in Start Screen
Citrix Confidential - Do Not Distribute
• Automatic Network Detection
• UDP Transport
• Forward Error Correction
• Fallback to TCP
• Native UDP Support for RemoteFX
RDS: RDP Improvements
Citrix Confidential - Do Not Distribute
• WAN Optimization
• Multi-Touch Support
• Media Streaming
• Adaptive Graphics
• DirectX 11 Support
RDP: RemoteFX Improvements
Failover Clustering
Citrix Confidential - Do Not Distribute
Failover Clusters: Scalability
Windows 2008 R2 Windows Server 2012
• Up to 16 nodes
• 1000 VMs per cluster
• Up to 64 nodes
• 8000 VMs per cluster
• 1024 VMs per host
Citrix Confidential - Do Not Distribute
• Support for BitLocker
• VSS based file backup
• SMB Multichannel and SMB Direct
• Integration with Storage Spaces
• Ability to scan and repair online volumes
Failover Clusters: CSV
Shared Storage
Metadata
Citrix Confidential - Do Not Distribute
Failover Clusters: Scale-Out File Servers
Citrix Confidential - Do Not Distribute
• Scalability
• Availability
• Compatibility
• Proactive Error identification
Failover Clusters: Resilient File System
Citrix Confidential - Do Not Distribute
• Updates the cluster with little or no down time
Failover Clusters: Cluster Aware UpdatesNode is placed in Maintenance
ModeRoles are moved off the Server
Installs the Updates and Restarts the
ServerBrings the Node
out of Maintenance
Mode
Restores clustered roles back to Node
Moves on to the next
Node
Citrix Confidential - Do Not Distribute
• Virtual Machine Monitoring
• Active Directory Integration
• Cluster Upgrade and Migration
• Task Scheduler Integration
• Windows PowerShell Support
Failover Clusters: Other New Features
Networking
Citrix Confidential - Do Not Distribute
• Up to 32 NICs can be bundled
Networking: NIC Teaming
Citrix Confidential - Do Not Distribute
Networking: NIC Teaming
NIC Teaming Modes Load Balancing Modes
• LACP
• Static Teaming
• Switch Independent
• Address Hash
• Hyper-V Port
Citrix Confidential - Do Not Distribute
• DHCP Replication and Failover
Networking: DHCP Server
Citrix Confidential - Do Not Distribute
• DHCP Policies– Vendor Class– MAC Address– Client Identifier– Relay Agent Information
Networking: DHCP Server
Citrix Confidential - Do Not Distribute
• DNS Server•DNSSEC related updates•PowerShell management support
• DNS Client•LLMNR are not sent via mobile or VPN connections•NETBIOS queries are not send to mobile broadband interfaces•LLMNR and NETBIOS queries are sent in parallels•Asynchronous DNS cache
Networking: DNS
Citrix Confidential - Do Not Distribute
• What is BranchCache
• Automatic Hosted Cache Discovery
• File Server integration
• Multiple Hosted Cache Server
Networking: BranchCache
Citrix Confidential - Do Not Distribute
• What is DirectAccess?
• DirectAccess and RRAS Coexistence
• No PKI Prerequisite
• DirectAccess Server Behind NAT
• Manage-out to Clients
• Multisite Support
• Server Core and Windows Server Essentials Support
Networking: DirectAccess
Citrix Confidential - Do Not Distribute
• IP Address Management for Address Space Management• IPAM Discovery• IPAM Address Space Management• IPAM Multi Server Management and Monitoring• IPAM Auditing
• IPAM Architecture•Distributed•Centralized
Networking: IPAM Server
Citrix Confidential - Do Not Distribute
• IPAM Requirements•Windows 2008 DNS, DHCP DCs only•Servers must be domain members•Supports only Windows Internal Database
• Single IPAM Server can support:•150 DHCP Servers and 500 DNS Servers•6000 DHCP Scopes and 150 DNS zones
Networking: IPAM Server
Citrix Confidential - Do Not Distribute
• IPAM Manager
Networking: IPAM Server
Citrix Confidential - Do Not Distribute
• Step 2: Provisioning
Networking: IPAM server
Citrix Confidential - Do Not Distribute
• Step 3: Discovery
Networking: IPAM Server
Citrix Confidential - Do Not Distribute
• Default IP tasks
Networking: IPAM Server
Task Name Description Frequency
DiscoveryTask Discovers DHCP and DNS Servers 1 day
AddressUtilizationCollectionTask Collects space data from DHCPs 2 hours
AuditTask Collects IP lease audit logs 1 day
ConfigurationTask Collects Configuration information 6 hours
ServerAvailabilityTask Verifies status of DHCP and DNS Servers
Citrix Confidential - Do Not Distribute
• Management Interface
Networking: IPAM Server
Internet Information Services
Citrix Confidential - Do Not Distribute
Citrix Confidential - Do Not Distribute
\\Server\share
• Web Servers can access SSL certificates from a common shared folder
IIS8: Centralized SSL Certificates
Load Balanced Web Servers
Citrix Confidential - Do Not Distribute
• We need to install the required component first
IIS: Centralized SSL Certificates
Citrix Confidential - Do Not Distribute
• Enabling centralized Store
IIS: Centralized SSL Certificates
Citrix Confidential - Do Not Distribute
• Creating a web site with central certificate store
IIS: Centralized SSL Certificates
Citrix Confidential - Do Not Distribute
• Dynamically limiting CPU usage of application Pools– NoAction– KillW3wp– Throttle– ThrottleUnderLoad
IIS: CPU Throttling on Application Pools
Citrix Confidential - Do Not Distribute
• IP/Domain based restrictions can be dynamically applied
IIS: Dynamic IP Address Restriction
Citrix Confidential - Do Not Distribute
• IP Restrictions Proxy Mode
IIS: Dynamic IP Address Restriction
Citrix Confidential - Do Not Distribute
• Host Header Support for SSL binding
IIS: Server Name Indication
Citrix Confidential - Do Not Distribute
• FTP Logon Attempt Restrictions
• Application Initialization
• Multicore scaling on NUMA Hardware
IIS: Other New Features
Citrix Confidential - Do Not Distribute
• Citrix Receiver•Already in Windows Store
• VDI-in-a-Box• Virtual Desktop OS• Hypervisor
• Everything else •Project Excalibur•Q1 / Q2 time frame
What About Our Products
Citrix Confidential - Do Not Distribute
Questions?