Windows Server 2012 Overview - · PDF fileImprovements •Faster and ... Windows Server...
Transcript of Windows Server 2012 Overview - · PDF fileImprovements •Faster and ... Windows Server...
•
•
•
•
•
•
•
•
VirtualizationHyper-V host scale and scale-up workload support
System Resource
MAXIMUM NUMBER Improvement
factorWindows 2008 R2 Windows Server 2012
Host Logical processors on
hardware64 320 5×
Physical memory 1 TB 4 TB 4×
Virtual processors per host 512 2,048 4×
Virtual
machine
Virtual processors per virtual
machine4 64 16×
Memory per virtual machine 64 GB 1 TB 16×
Active virtual machines 384 1,024 2.7×
Cluster Nodes 16 64 4×
Virtual machines 1,000 4,000 4×
Manage virtual machines independently
from underlying infrastructure
Handle changing needs on demand
Live migration
within a cluster
Shared-nothing live
migration
Hyper-V
Replica
Live migration of
storage
Improvements• Faster and simultaneous migration
• Live migration outside a clustered environment
• Store virtual machines on a File Share
VM VM
Live migration setup
SMB network storage
IP connection
Configuration data
Memory pages transferred
Memory content
MEM
ORY
MEM
ORY
Modified pages transferred
Modified memory pages
Storage handle moved
VIRTUAL MACHINE MOBILITY
Live migration based on server message block (SMB) share
VM
Computer running Hyper-V
Target deviceSource device
VIRTUAL MACHINE MOBILITY
Benefits• Manage storage in a cloud environment
with greater flexibility and control
• Move storage with no downtime
• Update physical storage available to a virtual machine (such as SMB-based storage)
• Windows PowerShell cmdlets
Live migration of storageMove virtual hard disks attached to a running virtual machine
Reads and writes go to the source VHDDisk contents are copied to new
destination VHDDisk writes are mirrored; outstanding
changes are replicatedReads and writes go to new
destination VHD
Virtual machine
Destination Hyper-V
Virtualmachine
Target deviceSource device
Virtualmachine
Source Hyper-V
IP connection
Configuration dataMemory contentModified memory pages
VIRTUAL MACHINE MOBILITY
Benefits• Increase flexibility of virtual machine
placement
• Increase administrator efficiency
• Reduce downtime for migrations across cluster boundaries
Shared-nothing live migrationReads and writes go to the
source VHDReads and writes go to the
source VHD. Live Migration BeginsDisk contents are copied to new
destination VHDDisk writes are mirrored;
outstanding changes are replicated
Live Migration
MEM
ORY
MEM
ORY
Live Migration ContinuesLive Migration Completes
Benefits• Affordable in-box business continuity and
disaster recovery
• Failure recovery in minutes
• More secure replication across network
• No need for storage arrays
• No need for other software replication technologies
• Automatic handling of live migration
• Simpler configuration and management
New featureReplicate Hyper-V virtual machines from a primary site to a replica site
VIRTUAL MACHINE MOBILITY
Hyper-V role and tools
Hyper-V cmdlets
Hyper-V PS integrated UI
Hyper-V Management Module tracks and replicates changes for
each virtual machine
Hyper-V role and tools
Hyper-V cmdlets
Hyper-V PS integrated UI
Hyper-V Management Module receives and applies the changes to
the replica virtual machine
Primary site
CRM virtual machine
SQL virtual machine
SharePoint virtual machine
Exchange virtual machineIIS virtual machine Exchange
replica virtual
machine
CRM replicavirtual
machine
Replicate over WAN link
SMB file share
Send/receive replica traffic
SAN
R1
R2
R3P1 P2
Replica site
What is NIC Teaming?• Multiple parallel network connections
• Increases throughput
• Provides redundancy in case of link failure
NIC Teaming in a Hyper-V environment• Uses virtual network adapters
• Can connect to more than one virtual switch
• Maintains connectivity if one switch
disconnects
• Can support up to 32 network adapters in a
team (Example: SR-IOV)
NIC Teaming
• Higher reliability against failure
• Better throughput
Benefits
Management
• Windows PowerShell
• Configuration UI for NIC Teaming Server Manager
CONTINUOUS SERVICES
• Multiple modes: switch dependent and independent
• Hashing modes: port and 4-tuple
• Active/active and active/standby
CONTINUOUS SERVICES
Virtual adapters
Team network adapter
Team network adapter
Key features
20
ROBUST AUTOMATION
Broader coverage• Rich management through more than 2300
cmdlets
• Windows PowerShell Web Access
Greater resiliency• Robust session connectivity
• Disconnected sessions
• Session configuration files
• Job scheduling
• Windows PowerShell Workflow
More intuitive• Integrated Scripting Environment 3.0:
IntelliSense | Code Snippets
• Syntax simplification
• Cmdlet discovery and module
autoloading
• Updatable help
• Script-sharing
Higher performance• On-the-fly compilation— scripts run up to
six times faster
• Performance Improvements
21
• Windows PowerShell Workflow
• .NET Framework 4 support
• Add-Member improvements
• Computer cmdlets
• CSV handling improvements
• Get-ChildItem attributes
• Get-Command improvements
• Default parameter values
• Better history support
• Security cmdlet fixes
• Select-Object optimizations
• Select-String improvements
• Tee-Object -Append
• Disconnected sessions
• Idle timeout & server buffering control
• Invoke-Command in disconnected sessions
• Disconnected jobs
• STA mode by default
• Run with PowerShell context menu
• Module autoloading
• Console host start perf improvements
• ETW logging and tracing
• Core CIM cmdlets
• New Group Policy settings
• Output redirection for all streams
• Array member enumeration
• Word wrap in console host
• Default properties on custom objects
• Updatable help system
• Method overload discovery
• HelpUri attribute support
• HelpFile property on FunctionInfo
• Simplified Where and ForEach
• Remoting local variables via $using
• Dynamic types & formats
• Get-Content -Tail
• Generic method invocation
• Typecasting deserialized objects
• New parser built on DLR
• Improved method overload selection
• New objects from hash tables
• Typecasting for parameter values
• Pipeline paging APIs
• Nested pipeline APIs
• $PSScriptRoot and $PSCommandPath
• Ordered hash tables
• Improved module discovery & import
• New module manifest keys
• Public abstract syntax tree
• Runspace pool cleanup API
• Public tab completion
• Windows RT API support
• Obsolete cmdlet attribute
• Command discovery improvements
• Script autosave support
• Out-GridView -PassThru
• CIM cmdlet authoring from WMI v2
• CIM .NET APIs
• Job scheduling
• Runtime script compilation
• Engine reliability improvements
• Better Get-ChildItem network performance
• Cmdlet definition files
• Certificate provider improvements
• Alternate NTFS data stream support
• Move-Item across drives
• Remote module discovery & import
• Credentials for FileSystem provider
• Remote session autodisconnect & retry
• Transport options for remote sessions
• Module logging
• Workflow persistence
• Job integration with Task Scheduler
• Alternate credential support for jobs
• Update console font & branding
• Verb & noun on FunctionInfo
• Special character handling
• LiteralPath support for core cmdlets
• DLR-based tab completion
• Session configuration files
• IntelliSense support
• Windows Management Framework 3.0
• Windows PE integration
• Windows RT support
• Windows PowerShell Web Access
• Management OData IIS Extension
• XAML-based workflows
• Script-based workflows
• Control Panel cmdlets
• Unblock-File cmdlet
• Workflow help
• Cmdlet to activity conversion
• RunAs and SharedHost support
• Improved WMI object formatting
• Heterogeneous object formatting
• Workflow logging
• Workflow extensibility
• Common workflow parameters
• Workflow execution environment
• Snippets
• ISE Add-ons
• $PSItem alias for $_
• Show-Command
• Get-Help -ShowWindow
• Restart Manager support
• Web & REST cmdlets
• JSON cmdlets
• XML syntax highlighting
• Block select
• Collapsible regions
• Contextual F1 support
• Script Explorer
• Context-sensitive command completion for cmdlet and script names, parameter names and enumerated values, and property and method names
• Show-Command pane for finding and running cmdlets in a dialog box
IntelliSense
More intuitive
22
ROBUST AUTOMATION
• Syntax simplification: Windows PowerShell 3.0 includes simplified, consistent syntax across all cmdlets
• Simplified scripting through Windows PowerShell ISE 3.0:
• Built-in code snippets include templates for functions, parameters, and statements
• Users do not need to remember the syntax
Simplified Scripting
More intuitive
23
ROBUST AUTOMATION
Snippets add reusable text to scripts and commands
• Simplified learning
• Get-Command has been updated to find all cmdlets installed on the system
• Cmdlets can be used immediately because modules are imported automatically on first use
Cmdlet discovery
More intuitive
24
ROBUST AUTOMATION
For example
To find cmdlets, run Get-Command:
Get-Command *-Net*
To get the syntax of a cmdlet, run:
Get-Command <Command Name> -Syntax
• Microsoft Script Explorer for Windows PowerShell –available on Download Center
• Provides access to community-generated Windows PowerShell scripts
Script Sharing
More intuitive
25
ROBUST AUTOMATION
26
Lowers the cost of
acquisition,
deployment, and
operations
Optimizes capacity
utilization
SMB Direct
SMB 3.0
Data
Deduplication
Storage SpacesDelivers enterprise-
class performance
Resilient to
component failures
• Virtualization of storage with Storage Pools and Storage Spaces
• Storage resilience and availability with commodity hardware
• Resiliency and data redundancy throughn-way mirroring (clustered or unclustered) or parity mode (unclustered)
• Utilization optimized through thin and trim provisioning and enclosure awareness
• Integration with other Windows Server 2012 capabilities
• Serial Attached SCSI (SAS) and Serial AT Attachment (SATA) interconnects
Windows
Virtualized
Storage
Windows Application Server or File Server
Physical or
virtualized
deployments
Physical
Storage
(Shared) SAS or SATA
Integrated
with other
Windows
Server 2012
capabilities
Storage PoolStorage Pool
File Server Administration
ConsoleHyper-V
Cluster Shared Volume
Failover Clustering
SMB Multichannel
NFS Windows Storage Mgmt.
NTFS SMB Direct
Storage Space Storage Space Storage Space
ENTERPRISE-CLASS FEATURES ON LESS
EXPENSIVE HARDWARE
VHD Library
Software Deployment Share
General File Share
User Home Folder (My Docs)
0% 20% 40% 60% 80% 100%
Average savings with Data Deduplication by workload type
ENTERPRISE-CLASS FEATURES ON LESS
EXPENSIVE HARDWARE
Maximize capacity by removing
duplicate data
• 2:1 with file shares, 20:1 with virtual
storage
• Less data to back up, archive, and
migrate
Increased scale and performance
• Low CPU and memory impact
• Configurable compression schedule
• Transparent to primary server workload
Improved reliability and integrity
• Redundant metadata and critical data
• Checksums and integrity checks
• Increase availability through redundancy
Faster file download times with
BranchCache
Source: “Microsoft Internal Testing"
• Rapid recovery from file system corruption without affecting availability
• Resilient against power outage corruption
• Periodic checksum validation of file system metadata
• Improved data integrity protection
• Ideal for file server volumes
NTFS improvements
• Rapid recovery from file system corruption without affecting availability
• Data corruption virtually eliminated through allocate-on-write
• Period checksum validation of file system meta-data
• Seamless data integrity protection
CHKDSK
• Seconds to fix corrupted data
• No offline time when used with CSV
• Disk scanning process separated from repair process
• Online scanning with volume and offline repair
CONTINUOUS APPLICATION AVAILABILITY
0
100
200
300
400
100 Million Files 200 Million Files 300 Million Files
Windows Server 2008 R2 Windows Server 2012
Source: “Microsoft Internal Testing"
Win
do
ws
Serv
er
file
serv
er
clust
er
\\foo1\share1 \\foo2\share1
\\foo\share• High-performance, continually available
fileshares for business critical applications
• Failover transparent to server applications with zero downtime and with only a small I/O delay
• Support for planned moves, load balancing, operating system restart, unplanned failures, and client redirection (scale-out only)
• Resilient for file and directory operations
• All servers involved should have Windows Server 2012
CONTINUOUS APPLICATION AVAILABILITY
Windows Server Cluster
Current Workload
Third-party plug-in for updates
U
• Reduces server downtime and user disruption by orchestration of cluster node updates
• Maintains service availability without impacting cluster quorum
• Detects required updates and moves workloads off nodes for updates
• Uses Windows Update Agent or extensible plug-in
CONTINUOUS APPLICATION AVAILABILITY
Transparent network access
to the end user from any
Internet connection
Flexible
deployment
scenarios
Simple to deploy
and manage
centrally
DIRECTACCESS
35
Unified
management
experience
Support for
multiple sites
Easy-deployment
wizard
Support for
Windows
PowerShell for
client and server
Built-in support for
IPv6 translation
technology
Site-to-site
tunneling
Traditional virtual private networks
(VPNs) for compatibility
Connection originatesfrom mobile user on an indeterminate schedule
Cannot originate connection from intranet
Connection is not always established
36
DIRECTACCESS
DirectAccess for automatic,
transparent connectivity
Connection is established at machine startup time and user does not need to log on
Can originate connection from intranet
Connection tointranet is always active
Easily resolve end-user permission issues
Centrally manage access control from Active Directory
Pre-stage and simulate the effect of changes to access policy
Automatically identify and classify data based on content
DYNAMIC ACCESS
CONTROL
Central access
policies
File access audit
Integration with
Active Directory
Rights
Management
Services
File Classification
Infrastructure
Classification Access control Auditing
Rights Management Services protection
• Files inherit classification
tags from parent folder
• File owners tag files
manually
• Files are tagged
automatically
• Files are tagged by
applications
• Central access policies
are based on
classification
• Access conditions for
user claims, device
claims, and file tags are
based on expressions
• Assistance is available for
denial of access
• Central audit policies can
be applied across
multiple file servers
• Audits for user claims,
device claims, and file
tags are based on
expressions
• Audits can be staged to
simulate policy changes
in a real environment
• Automatic Rights
Management Services
(RMS) protection is
available for Microsoft
Office documents
• Protection is in near-
real–time when a file is
tagged
• RMS protection extends
to files not created in
Microsoft Office
DYNAMIC ACCESS
CONTROL
38
Create or
modify file
Determine classification
Save classification
In-box content classifier
Third-party classification plug-in
Location
Manual
Contextual
Application
DYNAMIC ACCESS
CONTROL
39
DYNAMIC ACCESS
CONTROL
40
User claimsUser.Department = Finance
User.Clearance = High
Access policyFor access to financial information that has high business impact, a user must
be a finance department employee with a high security clearance, and must use a
managed device registered with the finance department.
Device claimsDevice.Department = Finance
Device.Managed = True
Resource propertiesResource.Department = Finance
Resource.Impact = High
Active Directory Domain Services
DYNAMIC ACCESS
CONTROL
41
File server
Active Directory Domain Services
Characteristics
• Composed of central access rules
• Applied to file servers through Group Policy
objects
• Supplement (not replace) native file and
folder access control lists from New
Technology File System (NTFS)
DYNAMIC ACCESS
CONTROL
42
Corporate file servers
Personally identifiable information policy
Finance policy
User folders
Finance folders
Organizational policies• High business impact• Personally identifiable
information
High business impact policy
Finance department policies• High business impact• Personally identifiable
information• Finance
Active Directory
Domain Services
Create claim definitionsCreate file property definitionsCreate central access policy
Group PolicySend central access policies to file servers
File Server
Apply access policy to the
shared folder
Identify information
User’s computerUser tries to access
information
DYNAMIC ACCESS
CONTROL
43
Active Directory Domain Services
User
File server
Allow or deny
Claim definitions
Audit policy
File property definitions