I just wrapped up a blog series on Exchange 2013, now going to focus on a blog of “What’s New” in Windows Server 2012. Windows 2012 shipped in the summer of 2012, however I was fortunate to have been able to work with Microsoft for the past 2-1/2 years on the development, deployment, feedback, and testing of Windows 2012. We put our first round of 2012 servers into production as early as the Winter of 2011 serving up full time access to Win2012 functions. But like every version of Windows, organizations don’t simply just implement the new version of Windows Server across the enterprise just because a new version of Windows is available. Take a look at most organizations, they still have several Windows 2003 servers in their environment running critical business workloads. So why implement Windows 2012?The purpose of this blog post is to bypass any marketing fluff and marketing spin of what Microsoft thinks might be of interest for orgs and going straight to a key list of technologies built in to Windows Server 2012 that had early adopters we were working with actually implemented in production environments over 18 months prior to the product launch. I’ll note not only the feature, but what about the feature that made it worthwhile for organizations to implement in beta months before Windows 2012 shipped as well as implementation tips and tricks.I’m going to make this a single posting, if there’s anything in this that you want me to expand on, add a comment to this blog post and I’ll respond and/or will just write up additional posts with more info…So, the top features in Windows 2012 that we found to be most beneficial to organizations:HyperV Shared Nothing Live MigrationWith Windows 2012 Shared Nothing Live Migration, you basically just setup a couple (or more) HyperV 2012 host servers, click a setting saying you want to Live Migrate to/from a server, then simply right click a VM and “move” the VM to another server and the VM will Live Migrate server to server with no downtime. No iSCSI initiators, no SAN, no clustering. Just 2 (or more) plain HyperV hosts running Win2012…So for one early adopter environment we had 4 host servers, of which 3 of the host servers had SSD storage for fast guest session operations. 1 of the HyperV hosts had plain old SCSI drives in it with 4TB of disk. We simply “moved” guest sessions that weren’t being used anymore to the host running SCSI and “park” the guest sessions on that server. The organization was then able to move guest sessions off that server onto any of the servers with SSD when they wanted to fire up guest sessions to use. Guest sessions can be Win2003, Win2008, Win2012, Linux, anything. There are times when you cannot Live Migrate “live” and have to shutdown guest sessions (ie: working with a version of Linux that isn’t supported of Live Migrations, moving guest from Intel to AMD (or AMD to Intel) hosts, Apple Mac OS X guest session, etc), but in those situations, you can simply shutdown the guest and move it when not running, which when parking guest sessions, most guests are off anyway…Here’s the step by step specifics:VERY slick way to move around guest sessions that need more capacity (RAM/CPU) than exists on a server you had built it on, or evacuate a server temporarily or permanently to free up space… Give it a try, REALLY easy way to manage VMs running on Windows 2012 Hyper-V Hosts!HyperV Replica
In Windows Server 2008, Microsoft included “Live Migration” which basically allowed organizations to move a HyperV guest session from one virtual host server to another, typically for fault tolerance (server A fails, guest session Live Migrates to server B) or for patching and updating (Live Migrate guest sessions off Server A to Server B, patch / update Server A, Live Migrate guest sessions back from Server B to Server A). It’s all done real time, with no down time. BUT Live Migration with Windows 2008 required Failover clustering setup as well as a SAN for shared storage.
1) Build 2 (or more) Windows 2012 servers, configure with HyperV Role service (by the way, with this Shared Nothing Live Migration, since you are NOT installing Cluster service, you are not limited by the 64 node limit and you can have an UNLIMITED number of target HyperV hosts. Hosts do need to be joined to a common domain to one another.
2) On each of your HyperV host servers, click on “Hyper-V Settings” and under “Live Migrations” click to “Enable incoming and outgoing live migrations” and typically at the bottom “Use any available network for the migration”. Click OK to set the settings
3) Sit on the server you want to move a VM “from”.
4) Right click the VM you want to move and choose MOVE
5) The Wizard will ask you to click Next at the welcome screen
6) Choose to “Move the virtual machine”, click Next
7) Type in the name of the destination server (ie: VM2, Host3, HV4.companyabc.com), you can select by Browsing servers in your environment or keying in the name of the servers, click Next
8) Choose “Move the virtual machine’s data to a single location, Click Next
9) Choose the destination folder of where you want the VM to end up (ie: c:\VMs\), Click Next
10) Click Finish, the VMs will be moved
A variation of the Shared Nothing Live Migration is HyperV Replica, which replicates VMs between host servers, and at some point in time, you can “failover” from one VM host to another. Unlike the Shared Nothing Live Migration which is intended to failover between relatively highly connected servers with ZERO downtime, the HyperV Replica replicates VMs with about a 5-10 minute lag between sites. HyperV Replica is more intended for site to site failover, but without the requirements of super high speed WAN connectivity, no super high speed disk, just replication between sites. There is downtime in the failover process, while limited typically to 5-10 minutes, it’s meant for site recovery.
HyperV Replica does NOT require anything fancy to work. Simply a Windows 2012 HyperV host server in 2 separate locations, configure the replication between the two servers within the HyperV Console (similar to what is shown below) and the replication trickles between the sites and readies the standby image in the event of a failover.DirectAccess 2012IP Address Management (IPAM)
Microsoft improved DirectAccess, the VPN-less remote connectivity solution first introduced with Windows 7 / Windows 2008 R2. DirectAccess in Windows 2012 provides easier configuration as Windows 8 endpoints can be configured using Kerberos as their authentication mechanism instead of having to push out Certificates to users and endpoints. Additionally, Microsoft included multi-site connectivity with DirectAccess 2012, which is effectively the ability for the organization to have multiple entrypoints into their network where endpoints can connect to either one of multiple systems within a site (for redundancy or scalability) as well as connect to endpoints in other sites (for site redundancy and/or global access). This, amoung other configuration wizard settings and options has greatly helped administrators setup DirectAccess with Windows Server 2012 to provide a seamless access experience to remote users in the enterprise.
As I mentioned in a tutorial video for Microsoft on IP Address Management, or IPAM (“eye-pahm”), when’s the last time you got excited about IP addressing? In IPAM, Microsoft has actually added a tool tht provides administrators the ability to more easily track IP addresses. Think about how you track IP addresses today? If they are static IP addresses, more than likely you have an Excel spreadsheet somewhere that lists server names and static addresses at best, most organizations go into DNS and look for addresses that currently aren’t in DNS with the hope that addresses not in DNS are “available” (until you configure something and get the error that some other device is already using that address…). Even with DHCP, if you run out of addresses in a DHCP scope, you start to wonder which address block(s) you have available.
IPAM is a tool from Microsoft that you configure as a Windows “Feature” that provides a number of different functions including:
- keeps track of static IP addresses
- keeps track of reserved IP addresses
- gathers info from DHCP servers and keeps track of DHCP leases, settings, and configurations
- gathers info from DNS servers and keeps track of DNS settings and configurations
- provides reporting (view and print) of IP Address information
As mentioned, Microsoft asked me to do a tutorial video on IPAM, so here’s a link to the training, it’s just under 12-minutes long: http://www.youtube.com/watch?v=-SjTyo9YiQwData Classification / Dynamic Access Control ListsIIS Web Multi-tenancy
Windows 2012 makes a huge leap forward in data classification and dynamic access control lists. Instead of manually classifying files and then applying access control to those files (which pretty much never happens as organizations simply just create fileshares that users “should” store files, like a fileshare for Accounting, a fileshare for Sales, a fileshare for HR). Unfortunately just simply having fileshares, that presumes people save the files to the right directories AND it assumes that someone is good about keeping the file permissions of having the right people access the right folders well managed. However, in Windows 2012, instead of manually classifying files and manually setting user permissions, Windows 2012 auto-classifies content and dynamically sets access permissions to content.
Auto-classification looks at the content of information being stored and tags the information with a classification based on the matching of set criteria. This classification can then be used to apply user access controls to content. User access is determined by looking at key attributes about the user (ie: country of residence (ie: anyone from the US or Japan or Germany), title of the user (ie: anyone with the title Vice President, or anyone with the title Senior Director), or group membership (ie: member of the Human Resources group) and provides access to content based on a variety of match controls (ie: if Vice President, but not in Germany, and not in the Marketing Department).
Data classification and Dynamic Access Controls can work in conjunction with Active Directory Rights Management Services (RMS) to wrap policies around documents so that permissible access is locked to AD user accounts and/or document content expiration can be applied and access tracking can be enabled.
Another huge improvement in Windows 2012 is the support for multi-tenancy in Internet Information Services (IIS), which many IT Pros would take that to mean if you are a hoster providing Web services to multiple companies and not applicable to them, but actually the IIS Web Multi-tenancy DOES have applicability to ANY organization that has multiple IIS Web Servers. Think about your IT environment, you likely have several (possibly dozens) of IIS Web servers in your environment. Those servers years ago used to be physical 1U tall “pizza box” Web servers that hosted a single IIS Web instance that over the years have virtualized and are running in guest sessions these days, but still, you likely have a LOT of these Web servers in your environment.
What if you could take those Web servers, consolidate them, and run multiple IIS Web instances off of a single virtual server guest session? It’ll be like you were “hosting” IIS web, but instead of thinking of as it as an external service, think about hosting multiple IIS Web instances within your own enterprise. This is where IIS Web Multi-tenancy has really helped us consolidate the number of servers in an organization, typically at least dropping by 30-40%, and with a little planning, 50-70% of the IIS Web Servers can be eliminated from the orgqanizaiton. This adds up in terms of VM guest sessions that are no longer needed, no longer needing excess Windows licenses, don’t have to patch/manage dozens of Web servers every month…Disk DeduplicationOther AreasLOTS of great things in Windows 2012, this is just touching the surface, but hopefully a good place to start. As noted, feel free to drop comments and let me know if there are things you might want me to expand on, it’ll give me impetus to spend a few cycles and write-up an article or two on other stuff…http://www.networkworld.com/community/morimoto to see a listing of all of the various blog posts I’ve done over the years. Hopefully this information is helpful!
http://www.cco.com) an early adopter partner of Microsoft that put Windows Server 2012 in production environments over 18-months before the product release. Rand is also the author of the book “Windows Server 2012 Unleashed”, over 1565-pages of tips, tricks, best practices, and lessons learned on Windows 2012 by Sams Publishing. Rand also co-authored the books “Exchange 2013 Unleashed” and “System Center 2012 Unleashed”, books also based on early adopter hands-on and real world implementations.