What’s New in Windows Server 8 for the ITPro
Corey Hynes
Access
Efficiency
Agility
Flexibility
Compliance
Business Needs
Multitenancy
Cross-premises connectivity
Virtualization
Cloud-based applications
Security and identity management
Automation
Technology Innovations
22
Converging needs and innovations
NewOpportunities
for IT
About This Session• Broad overview of what you can expect in Windows
Server 8• Demo’s Demo’s Demo’s• Focus on a few key areas• Virtualization and Cloud• Management and Automation• Security• Storage• Networking
Disclaimer – This is far from everything• There is a *lot* I will not even touch• This is what *I* am most excited about• What do I do?• Manage a datacenter consisting of lots of Hyper-V servers.• Host VM content for customers.• Provide access to hosted services• Manage it all• Monitor it all• Configure it all
Storage – Highly Available File Server• CSV has been extended to File Servers.• File servers for storage of server data• Exchange• SQL• SharePoint• Hyper-V
• Seamless uninterrupted failover• Allows a re-architecture of datacenter storage
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Datacenter before• Large SAN.• Extensive SAN Switching Fabric.• LUN’s provisioned and managed per server.• = Lots of LUNS• = Lot of time working in your storage infrastructure
• Made managing large storage a lot of work.
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Datacenter After• Large complex storage• Few LUNS• Small switching fabric• Cluster of file servers fronting storage• Servers get shares not LUN’s• Introduces a “Storage LAN” to replace “SAN”• EoFC• 10GB E• Possible with RDMA as well
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Hyper-V – Live/Storage Migration• Live migration requires *nothing* to be shared• No shared storage, network or anything else
• VHD’s can be moved while VM’s are running.• VHD’s can be moved to File Servers while VM’s are
running.• VM’s can be clustered while running• Enables you to move a VM from a standalone host to
a cluster, and cluster the VM, without downtime.
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Hyper-V - Hyper-V over SMB• Always worked……now supported• VM’s and VHD’s are stored on a file share• Enables many new scenarios
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Preparing Hyper-V to use a Share• Need a “Server data share”• Need Machine$ permissions• Enable Delegation in AD• Constrain to CIFS if required.
• Tell it to use a \\ path
Storage – Highly Available iSCSI Target• Complex storage presented to a few servers.• Easily extend the “SAN” to any Windows OS.• Protected from failover.
Storage – Data Dedup and Spaces• Storage spaces• Abstract volumes and disks further than before• Similar to Home Server• Simple and easy• Support “thin provisioning”
• Data Deduplication• Block level removal of redundant data• Operates on a schedule• Up to 97% space saving in testing with VHD libraries
Before and After
Security – Dynamic Access Control• Allows HR to deploy file permissions!• Permissions based on file and user properties not
static group memberships• i.e Department or Type
• Requires Identity Lifecycle to be effective• Integrates with File Classification
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Security - Understanding DAC• There are *two* distinct things to understand• Resource Properties• Claims
• Resource Properties• Apply to “things you access”• Use to classify them• Can be applied by FCS
• Claims• Statements about users• Based on user properties.
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Configuring Central Claims• Define a series of statements about users• User is in Japan• User is in Sales• User has group membership• User is approved for PII
• Basic building blocks of rules
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Resource Properties• Set of properties that are made available on file
servers• Must be configured once deployed.• Sequence• Enable (AD)• Deploy (File servers)• Configure (Users or FCS)
• Deployed through resource property lists
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Central Access Policy• Set of rules stored together• Each rule is like an ACL
• A rule compares a claim and a property• User (department) = Resource (dept)
• Policies are deployed via GPO• Policy must be enabled in file system
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Which Permission Wins• Before• Share and NTFS• Least restrictive wins
• After• Share and NTFS AND Central Policy• Least restrictive wins
• Remember• All permissions can only reduce, never increase access.
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Management – Server Manager• Total overhaul of UI• “Tile” health view of all servers which are auto
grouped• True remote server management• Remote server performance monitoring• Remote server health monitoring
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Management - ServerCore• There are now three UI levels• ServerCore – Traditional ServerCore – no GUI• “The middle” – ServerCore plus UI management tools• Control panel apps• MMC• Many more
• Full Server – Includes the Desktop
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Management - Active Directory• Fully integrated into Server Manager• NO MORE DCPROMO• Functionality loaded in Server Manager
• AD Deployment PowerShell Module• 100% scripted remote deployment supported, no
answer files required.
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
New Enhancements in ADAC• ADAC moving to replace ADUC• New functionality implemented in ADAC• No new functionality in ADUC
• 100% based on PowerShell AD Provider• Samples• AD PowerShell History• Password Settings Objects• Recycle-Bin• Claims and DAC
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
PowerShell History• Records all “actions” as cmdlets that can be copied• Commands can be grouped for easy creation of
scripts• TIP: Groups are in “backwards” order• Bug.
• Basis for AD scripting
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Management – PowerShell• Hundreds of new OS cmdlets• IP configuration• NSLookup
• Workflows• Persistent Sessions• Scheduling• Simplification of Syntax
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Management - Online Backup• Simply – you can now backup to Windows Azure
storage
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Networking - Network Teaming• Allows any two interfaces to be combined to one• No third party driver required• Scriptable with PowerShell• For this we turn to my previously recorded demo……
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Networking - DHCP Failover• Configure a replica DHCP Server• Replica DHCP server will allow fault tolerance or load
balancing• In load balancing, leases are issued from both
servers equally• In fault tolerance, all leases are issued from one
server until it fails, lease data is automatically replicated to the other servers.
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Networking - IPAM• Centralized Management of IP services• Single view of all DNS/DHCP and similar services• Combination of Server Manager and Group Policy
30
Why Windows Server 8?
Efficient, breakthrough platform for private cloud computing
Built for the future, while supporting
today’s business needs
Allows IT organizations to leverage
and optimize existing
investments
31
What the Media Are Saying
“Microsoft has grasped the fundamental truth about the transition to cloud.”Richard Fichera - Forrester Research
“Server 8 Benefits from Lessons Learned With Azure…Microsoft’s experience running Azure played heavily into the new server's
design.”Andy Patrizio - Network World
Windows Server 8: “Takes your breath away…Features will be a boon for enterprises creating private
clouds.”Jonathan Hassel - Computerworld
“Nothing from Microsoft, and I mean literally nothing has ever been this ambitious.”Jason Perlow - ZDNet
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.