Chapter 1. Windows Server 2012: Overview

Introducing Windows Server 2012

The purpose of this book is to introduce and familiarize system administrators, or anyone who needs to get up and running with Windows Server 2012, with the platform’s major new features and improvements and how to implement them. First, I’ll offer a little background on the evolution of Microsoft’s newest server operating system.

Three years after the launch of Windows Server 2008 R2, Microsoft unveiled Windows Server 2012, its latest server operating system. Server 2012 is the most significant server release since the update from Windows Server NT 3.51 to NT 4.0, which introduced the modern graphical interface to Windows Server.

Server 2012 is just as significant because, arguably, for the first time in a Windows Server release, it represents a server product based on the needs and wants of consumers rather than solely on the needs of the enterprise.

Server 2012 is designed for compatibility with and support for three major and current computing trends, all driven primarily by consumer demand: cloud computing, virtualization, and the continued “consumerization of IT,” which is the surging demand from the workforce to use personal technology devices—in particular, mobile devices—in the work environment.

Microsoft has engineered Server 2012 to meet these three market trends with several upgrades and enhancements. Virtualization and cloud computing needs are met by new virtualization technologies baked into Hyper-V 3.0. Some of the capabilities include the ability to connect a datacenter to a public cloud, and features that allow system administrators to build hybrid and multitenant private clouds. Server hardware, storage, and networks can be virtualized, thereby reducing power costs, centralizing administration, and allowing for fast and efficient scalability as an infrastructure grows.

The consumerization of IT is a trend that has been of particular consternation to the field. As personal technology devices become more sophisticated and ubiquitous, people increasingly want to use their personal devices in the office. IT has to perform the delicate balancing act between maintaining control over the business networks that these devices access and delivering a rich user experience.

Server 2012 lends itself to navigating this balancing act with enhancements to Remote Desktop Services (RDS) and Virtual Desktop Infrastructure (VDI). Microsoft has made WAN-side improvements in VDI so that the remote desktop experience is as robust as connecting to apps and network resources within a LAN. Administration of Remote Desktop Services and remote clients is now centralized in an updated Server Manager, a one-stop shop that compiles all the primary tools a system administrator needs to manage a Windows infrastructure in a single interface.

Security improvements accommodate employees’ personal devices to prevent data leakage, to retain strong access controls, and to adhere to compliance regulations such as Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA). Overall, these are improvements with Dynamic Access Control (DAC)—the control over security and compliance in an organization in continuous and periodic intervals.

Server 2012 not only meets the changing technology needs of the workplace, but it also rolls out new capabilities and beefed-up legacy features. There is an abundance of new features and enhancements, some of them “under the hood” and not readily apparent to a user.

New Capabilities and Updated Features

Here’s a quick, at-a-glance overview of some of those new features and enhancements.

Installation and Interface

Installation options for Server 2012 carry over from Server 2008 R2. As with Server 2008 R2, Server 2012 installs in two primary ways: Server Core or Server with a GUI (graphical user interface).

Server Core installation is the default option and reduces the amount of system resources needed to run a GUI install, optimizing server performance. A Server Core install reduces the amount of disk space needed as well as the servicing requirements and the server’s potential attack surface.

Server with a GUI installation is the same as the Full Installation option in Server 2008 R2. The full graphical interface of Server 2012 is loaded, including the new Windows 8–like, modern UI–style interface and all the graphical tools needed to manage the server.

A new installation feature is the ability to switch between install options. For example, you may initially opt for the Server with a GUI install and use the graphical tools to configure the server. You can then switch to the Server Core installation and take advantage of its resource conservation and security.

This ability to switch between installation options creates an intermediary installation state called Minimal Server Interface. This interface is the result of starting with the Server with a GUI installation and then switching over to a Server Core install. With Minimal Server Interface, the Microsoft Management Console (MMC), Server Manager, and a subset of Control Panel are installed.

Whichever installation option you choose, you can remove any binary files for features and server roles you don’t need. This is made possible by the new Features on Demand capability. Because you can cherry-pick features, you can still save disk space and reduce the server’s attack surface after performing a Server with a GUI installation.

The new interface loaded after a Server with a GUI install is based on the tiled interface of the Windows 8 client. You can use this interface to perform common administrative tasks such as searching for and opening common management tools, creating shortcuts to frequently used programs, and running programs with elevated permissions. Programs like Internet Explorer are now Windows 8–style apps and work in very much the same way that mobile apps do; instead of being closed, apps are minimized in the background and become inactive.

Management

Server Manager, introduced in the first release of Windows Server 2008, provides server management based on server roles such as Active Directory Domain Services, Domain Name System (DNS), and Dynamic Host Configuration Protocol (DHCP). In Server 2012, Server Manager has a tile-based, modern interface. In addition to managing the local server, Server Manager now supports multiserver management.

Most administrative tasks can now be performed through the updated Server Manager utility. These tasks include deploying features and roles remotely to physical and virtual servers.

Server Manager now integrates other management tools such as RDS, IPAM (Internet protocol address management), Hyper-V, and file and storage management. Administrators can use the enhanced Server Manager dashboard as a centralized launching point for most server management tools.

Active Directory (AD) is also fundamental in managing a Windows environment, and improvements have been made in Active Directory Domain Services. dcpromo, the command used to promote domain controllers, is integrated within the Server Manager dashboard. The Active Directory installation wizard, built on PowerShell, is easier than ever to use, due to prerequisite checks and remediation actions in the case of installation issues—all part of the install process. An AD install can also be launched remotely with RSAT (Remote Server Administration Tools) installed on the Windows 8 client.

Management, as well as security, is strengthened with Dynamic Access Control. You can tag files and apply policies based on file classification. For instance, files can be tagged as “Human Resources only,” and policies can be set to limit access only to the Human Resources groups. New support for expressions in access control lists (i.e., setting up permissions using an expression such as “User is member of <this group> AND/OR <that group>”) gives granular access control management.

Central access policies and claims-based definitions also help manage security and verify user authentication across an organization. Access-denied remediation allows administrators to troubleshoot “access denied” messages users may receive when accessing files and folders, and allow administrators to give on-the-fly access if needed. File and folder classifications, such as classifying documents as “Internal only” or “Confidential” is done through the File System Resource Manager.

The familiar tool CHKDSK, used to check volumes for problems, has been enhanced. Microsoft claims that CHKDSK can check 300 million files in eight seconds while volumes are still online and running.

Windows PowerShell 3.0

Microsoft encourages system administrators to perform many server management tasks using enhanced PowerShell scripting with Server 2012. In the past, using PowerShell required learning the cmdlets (pronounced “commandlets”) and syntax needed to manage a Windows environment. Many system administrators simply found using the graphical management tools easier.

PowerShell 3.0 eases that learning curve in several ways. First, PowerShell 3.0 uses a simplified language syntax that is closer to natural language. Also, improved cmdlet discovery plus automatic module loading makes finding and running cmdlets easier than ever. The Windows PowerShell Integrated Scripting Environment (ISE) 3.0 helps PowerShell beginners with scripting and gives advanced editing support.

Note

Server 2012 includes over 140 new PowerShell cmdlets for managing networking features and Hyper-V.

Storage

ReFS (Resilient File System) is a new local filesystem introduced in Server 2012. ReFS is designed to work with extremely large storage capacity, up into the petabytes. ReFS is tailored to use in conjunction with Storage Spaces (explained next). With ReFS, mirrored Storage Spaces can detect and automatically repair corruption.

The Storage Spaces feature allows virtualizing storage in Server 2012. In Storage Spaces, storage pools are created and a storage space is allocated from a storage pool. Windows sees this storage space as a virtual disk. Because this storage is virtualized, organizations do not need to invest in additional hardware for storage, so there are some savings associated with the feature as well as flexibility in expanding storage when the need arises.

Data deduplication—the automated find and removal of duplicate data, particularly in backup jobs—is an inherent feature in Server 2012. Data dedupe allows for more storage with less space.

File and storage management can be administered through Server Manager’s File and Storage Services and Storage Service. Both are available in Server Manager, but can also be launched and configured with PowerShell.

Remote Access

Remote access has been enhanced and Server 2012 engineered to provide unified remote access, the concept of managing remote access across an organization from a single console within Server Manager.

Under the umbrella of unified remote access are two improved features: DirectAccess and BranchCache. DirectAccess allows end users to connect to corporate resources seamlessly, and its deployment has been improved in Server 2012 from Server 2008 R2. BranchCache allows storing data in remote (or branch) offices, and in Server 2012, remote access to that data is more efficient.

In addition to managing remote access from the GUI with Server Manager, Server 2012 allows user to deploy remote access through PowerShell commands.

On the client side, remote desktops now have the option of the Windows 8–style interface with its tiles and mobile operating system capabilities. Remote clients also have a rich user experience through enhanced RemoteFX, which provides 3D graphics and Voice over IP (VoIP) to remote users.

Networking

A significant new networking feature is network interface card (NIC) teaming, which allows you to join multiple network cards into a single, logical NIC. NIC teaming provides network connection failover or link aggregation, increasing network speeds. Prior to Server 2012, NIC teaming was achievable in Windows servers only through third-party solutions and only with the appropriate hardware. NIC teaming is now a native capability in Server 2012 and in Hyper-V 3.0.

Internet protocol address management is another new networking feature. With IPAM, administrators can perform IP address discovery, import IP address information into spreadsheets for asset management, monitor DHCP and DNS, track IP address changes (as well as monitor suspicious addresses), and more.

The Domain Name System Security Extensions (DNSSEC) feature helps protect DNS traffic from threats. In Server 2012, DNSSEC has been made simpler to deploy and integrates with Active Directory.

Several networking features have been boosted in Server 2012’s virtualization technology, Hyper-V. These include network QoS and network metering.

Hyper-V 3.0

A large number of major updates and new features can be found within Server 2012’s virtualization platform, Hyper-V. Hyper-V has been enhanced in such a large way that technology pundits are making the case that Microsoft’s virtualization capabilities are now on a level with established competitors in the virtualization space like Citrix and VMware.

Because there are so many new capabilities and enhancements in Hyper-V 3.0, it’s easiest to break them down by category:

Multitenancy and isolation have been improved with:

  • Private virtual local area networks (PVLANs) that provide isolation between two virtual machines on the same LAN.

  • Virtual port access control lists (port ACLs) provide a method of controlling which network traffic passes to virtual machines, based on IP and MAC addresses.

  • The Hyper-V extensible switch allows third parties to write software that extends the management of Hyper-V. Potential applications include traffic monitoring, firewall filters, and ways to detect network intruders.

Note

Multitenancy occurs when an organization hosts several different virtual infrastructures in one physical environment. Companies that host services for multiple customers on one platform have multitenant environments. One customer’s data has to be kept from another customer’s, even if that data resides on the same physical hardware. Isolation is keeping control over who has access to specific virtualized resources.

Flexibility and scalability:

  • Enhanced live migration means online and running virtual machines can be migrated from one host to another without downtime.

  • With a new import wizard, administrators can import virtual machines from one host to another. The import wizard also detects and assists in problem remediation.

  • Live merge allows merging virtual machine snapshots back into a virtual machine while it’s still online and running.

Performance:

  • Resource metering gives the power to track how much CPU, memory, storage, and network resources are used by a virtual machine.

  • Virtual Hard Disk Format (VHDX) aids in boosting performance on large-sector disks. VHDX supports up to 16 TB of storage and has mechanisms to guard against corruption as well as performance degradation.

  • Support for 4 KB disk sectors is a new feature for supporting large disk sectors to keep up with storage innovations. The data storage industry is transitioning the physical format of hard disk drives from 512-byte sectors to 4,096-byte sectors (also known as 4 K or 4 KB sectors). This transition is driven by several factors, including increases in storage density and reliability.

    However, most of the software industry has depended on disk sectors of 512 bytes in length. A change in sector size introduces compatibility issues in many applications. The storage industry is introducing 4 KB physical-format drives to provide increased capacity.

  • QoS (quality of service) minimum bandwidth is a new feature that allows virtual machines and services to be assigned a minimum level of bandwidth and prioritization. QoS is important because it gives administrators the ability to specify which virtual machines should be given bandwidth priority and provides a means of predicting network performance. For organizations that host services for customers, QoS allows them to adhere to customers’ service-level agreements (SLAs), which guarantee those customers a minimum amount of bandwidth for accessing a hosted service.

High availability:

  • The new Hyper-V supports incremental backup of virtual hard disks while the virtual machine is running.

  • Improved Hyper-V clustering provides protection against application and service failure, and system and hardware failure.

Storage:

  • Unlimited live storage migration gives users the ability to perform multiple live simultaneous migrations. Clustered environments can use higher network bandwidths (up to 10 GB).

  • Cluster Shared Volumes can integrate with storage arrays for replication and hardware snapshots.

  • Virtual Fibre Channel allows for connecting virtual operating systems to storage arrays, integrating virtual machines with storage array networks (SANs).

You can perform many more Hyper-V administration and management tasks through PowerShell. PowerShell cmdlets are also available for configuring and managing storage and networking for both VMs and the hosts within Hyper-V.

In addition to these new features and improvements, Hyper-V hosts now support up to 320 logical processes and up to 4 TB of memory. Virtual machines support up to 64 virtual processors and up to 1 TB of memory.

IIS 8

Server 2012 introduces the new Internet Information Services 8 (IIS 8) and ASP.NET 4.5. New features in IIS include more robust security: IIS protects websites from external threats such as brute-force web and FTP attacks, and offers defense against DoS (denial of service) attacks.

IIS can now use a large number of processor cores more efficiently, keeping up with advances in server hardware. Centralized SSL (Secure Sockets Layer) certificate support enables you to store SSL certificates in a central location and automatically bind them to web applications.

IIS CPU throttling is a new feature administrators can use to increase a web application’s processor time to ratchet up performance as needed, and it can be used to scale down processor time when that app’s usage returns to normal levels.

Security

Data security is provided by new features that we’ve already addressed, such as Dynamic Access Control, which provides data governance and tight control over user authentication and verification of user identity across an organization. In Hyper-V, inherent security provides the ability to isolate virtualized networks in multitenant environments.

IIS 8 also has security mechanisms such as FTP logon restrictions, which aid in preventing brute-force attacks against an FTP server.

In addition to security already available in these features, BitLocker, a data protection feature introduced in Windows Vista, has also undergone upgrading in Server 2012. BitLocker is a security method that can be enabled on both the server end and on the Windows 8 client side. For extra security, BitLocker can be deployed on machines that support Trusted Platform Module (TPM), a hardware component available in newer computers that helps protect user data and guard against any tampering with a system while that system is offline.

In Server 2012 (and in Windows 8 client), BitLocker has some enhancements. Server 2012 and Windows 8 client are both now deployable to an encrypted state during install.

BitLocker now offers two encryption options: Full Volume Encryption, and Used Disk Space Only, where only used blocks on a targeted volume are encrypted, allowing for quicker encryption.

BitLocker passwords on data volumes can be changed as well as PIN numbers and passwords on client machines.

On a trusted wired network, BitLocker systems can be enabled to automatically unlock the operating system volume during boot.

Finally, Server 2012 includes BitLocker support for Windows Failover Cluster Shared Volumes on Windows Server “8” Beta running the Windows Failover Cluster feature.

Clustering

Clustering is grouping separate servers into one group to act as a single system. It provides high availability in case a server goes down. In Server 2012, advancements have been made in clustering both physical and virtual servers.

A failover cluster now supports up to 64 nodes. Improvements to the validation wizard and the migration wizard in failover clustering make it easier to set up clustered file servers as well as migrate existing clustered servers to new clusters.

In Hyper-V 3.0, failover clustering supports up to 4,000 virtual machines. An improved Cluster Shared Volume feature eases the configuration and operation of clustered virtual machines.

Cluster-Aware Updating (CAU) is a role that allows administrators to schedule automatic updates to clustered servers with no downtime during the update process.

Requirements

Server 2012’s hardware requirements include a minimum 1.4 GHz 64-bit processor, 512 MB RAM, and 32 GB of free disk space.

Upgrades from Server 2008 R2 are supported.

Summary

Almost every feature and capability present in Server 2008 R2 has been upgraded or enhanced in Server 2012. These enhancements, along with the new features, make for a very extensive feature set in Server 2012. A vast number of these new and improved features are native within the operating system and require no user interaction. These features and improvements are ones commonly deployed in an organization, from small to midsize businesses to enterprises.

In the following chapters, I’ll take you step by step through deploying and configuring the new capabilities and improvements in Server 2012.

Get Windows Server 2012: Up and Running now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.