Microsoft targets virtualization with Windows 8/Windows Server combo

When we wanted to install features, we could do so as traditional Windows Server "Roles" into the current server, a group of servers (where that makes sense), or tuck them with various pre-configuration steps into a Virtual Hard Disk (VHD file). Of the installation choices, one can add components like the IIS web services, Active Directory, or the AD Rights Control Services, along with print and other familiar services.

What we liked about the changes in the Dashboard approach was that it allowed us to make choices, and it would figure out the dependencies -- other apps needed -- then let us allow the server to reboot automatically if we desired (rather than get hung up waiting for us to click "ok" when each server Role was installed). The Server Core version does the dependency checks, too.

This varies significantly from Windows 2008 R2 Server and former Windows Server editions, and comes closer to the ease of configuration found in dependency-checking apps from SUSE (YaST), and other RPM/like managers found in Red Hat Linux distributions.

Roles now included are Active Directory Certificate Services (upgraded from the CA Role in 2008 editions); Active Directory Domain Service, Active Directory Federation Services, Active Directory Lightweight Directory Services; Active Directory Rights Management Services (new), Application Server; DHCP Server; DNS Server; Fax Server; Hyper-V (installs the hypervisor and/or manager); Network Policy and Access Services; Remote Desktop Services; Volume Activation Services; Web Server (IIS); Windows Deployment Services; and Windows Server Update Services (WSUS).

Features, could also be added, and their dependencies resolved, as well, and more appropriately than in prior Windows Server editions. The list includes: adding .NET 3.5 and or 4.5, Background Intelligent Transfer Service/BITS, BitLocker Drive Encryption, BitLocker Network Unlock; Branch Cache, Client services for NFS, Data Center Bridging (QoS protocols); Enchanced Storage (third party storage access control options); Failover Clustering; Group Policy Management; Ink and Handwriting Services (handwriting and stylus ballistics recognition APIs), Internet Printing Client, IP Address Management (IPAM) Services, iSNS (Internet Storage Name Services (iSCSI support), LPR (Unix-ish printing) Port Monitor; Management ODATA IIS Extension (web developer interface for PowerShell), Media Foundation (multimedia handlers); Message Queueing (guaranteed disparate/similar app messaging foundation); Multipath I/O storage infrastructure; Network Load Balancing, Peer Name Resolution Protocol; Quality Windows Audio Video Experience; RAS Connection Manager Administration Kit; Remote Differential Compression (a service to identify objects that don't need transmission/copying); Remote Server Administration Tools, RPC over HTTP Proxy, Simple TCP/IP Services; SMTP Server; SNMP Service; Subsystem for Unix-based Applications; Telnet Client; Telnet Server; TFTP Server; User Interfaces and Infrastructure; Windows Biometric Framework, Feedback Forwarder, Identity Foundation 3.5 Internal Database; Powershell; Process Activation Service; Windows Search Service Server Backup; Server Migration Tools; Standards-Based Storage Management, System Storage Manager; Windows TIFF filter (optical character recognition for fax images); WinRM IIS Extension (secure web administration); WINS Server; Wireless LAN Service (for WLAN enumeration/configuration); WoW64 (this is the server GUI/Dashboard app); and XPS (document) Viewer.

Once a role or feature is selected, dependencies are resolved, and we could go on our merry way. We wished that services like telnet, tftp, and WINS could have a red flashing light next to them to warn users about the insecurity of these protocols, but if you spent the time, all of the communications between and among (at least) Windows clients could have IPSec encryption -- and this removes some of our objections to the inclusion of these otherwise easily discovered and abused protocols.

Other clients/services encryptions are left to the devices of those seeking to encrypt -- which means you need to re-do settings to accommodate Linux, MacOS, BSD, and other traffic, which isn't so much non-trivial, but obscure to do. It took quite some time for us just to get Macs accommodated over IPSec.

The number of PowerShell commandlets (cmdlets) has increased dramatically in Windows Server 2012, and extend to managing Active Directory Clients. You can have GUI, or you can script, or both, we found. What's lacking is a rudimentary filing or document control mechanism to store and identify PowerShell scripts in a way above implying the function of a script by its file name. The power of PS scripting begs a method to readily identify its use without examining its contents thoroughly.

We like that it's syntactically coherent, where Unix/Linux/-alike bash/bourne/-other shell script syntaxes require making "man -k" your best friend as the scripting languages and Linux command's power is often hobbled by their vast historical inconsistencies. Veteran Unix/Linux admins will adapt easily to PowerShell's increased functionality, if they can overcome ideological barriers in using a closed-source, non-free host operating system.

Using Windows Server 2012 in a virtualized environment also has improved. The changes in Microsoft's bare metal hypervisor, Hyper-V 3, now allows an onboard L2/L3 switch to be configured to manage traffic. We tested the hypervisor and VM instances primarily on an HP DL380 G8 Server containing four processor sockets, and 16 cores -- but two licenses in Microsoft's ciphering.

Although the HP was plentifully powerful, in our testing, we didn't have the density needed to test high-traffic, multi-tenant configurations. The switch is programmable and can be enlightened to accommodate VM machine moves among server hosts for host-resource matching.

The infrastructure support in Hyper-V (licensing permitting) is vastly larger in 2012 Server editions compared to 2008R2. We could have 320 logical processors compared with 64 in 2008R2. Physical memory can be 4TB rather than 1TB. Hyper-V3 can support 2,048 vCPUs per host rather than the 512 in Windows 2008R2. The memory per VM goes from the former limit of 64GB to 1024GB. Clusters can grow from 16 nodes to 64 nodes max, in Windows 2012 Server, and the maximum number of VMs jumps from 1,000 to 8,000 in a cluster -- each with guest non-uniform memory access (NUMA, for speed).

But are the VM payloads as slim, lithe, and handy as ginning up bunches of Linux instances? We sought to test how this might work, as licensing issues have dogged rapid deployments of Windows instances into Platform-as-a-Service instances.

It's possible to host Windows 2012 Standard or Data Center editions as VMs on Hyper-V (2 and 3), VMware (we tested 5.0 and 5.1), and into data centers -- but Microsoft would prefer that you used Azure and Azure-compatibles. Towards these ends, there is a Key Server that can provision Windows 8 clients (tested with an MSDN key, rather than an Enterprise key (Microsoft won't let us have one). You can move VMs across Hyper-V 3 hosts; however, between V2 and V3 we had head-scratching difficulties that are still unexplained.

Active Directory Rights Management Services (AD RMS) was very interesting to us in Windows 2008, but in Windows Server 2012, it's linked to Active Directory Dynamic Access Control, which extends the covered storage "turf" to devices that can be controlled via Active Directory identity and access controls.

We set this up and copied numerous folders. If a device is Active Directory-authenticated (Windows Vista+), we had protection afforded for the files. We needed to generate a client certificate, which in turn, is used by the server to match identity, a process called DRMActivate.

Once installed, a match is made between the client and server portion when the certificates match (we also tried fudging a certificate, but that didn't work) and we received file access as we'd prescribed, as the creator or administrator of the files and folders. We also tried PowerShell subterfuge to no avail. AD RMS also controls policies for Windows 8 Professional/Enterprise AppLocker feature, we found. Encryption comes with Bitlocker, which uses the Trusted Information Chipset as in prior editions, but can also be run with a USB containing the key. Don't lose the key.

There is the sense that Microsoft accommodates other clients and server platforms within the turf that they seem to be managing by their improved editions. Active Directory is a key hook that Microsoft has, and if your clients and servers can speak Active Directory, you're happy, otherwise you're still a second-class citizen. It's been that way for decades and we didn't expect it to change.

Yet small irritations, like the fact that Group Policies are an admin-or-nothing gradient means that applications like Viewfinity Privilege Management and Beyond Trust Privilege Manager will still be needed to graduate Group Policy management, which is essentially unchanged from Windows 2008 (R2).

What the Windows 2012 Server editions provide is a compelling reason to stick with Windows infrastructure, as many of the advances represent integration of management components that have no competitive parallels. Microsoft wants to use Windows Server 2012 as the crux of many happy cloud deployments, but still doesn't have the lightweight, mindlessly flexible texture of Linux. Licensing costs are high, although we like the reduction in the mentality that made so many editions for every seemingly interesting application profile. There were 17 versions of Windows Server 2008, and now there are four. Whew.

Henderson is principal researcher for ExtremeLabs, of Bloomington, Ind. He can be reached at kitchen-sink@extremelabs.com. Matt Evangalista, also of ExtremeLabs, contributed to this report.

Read more about software in Network World's Software section.

This story, "Microsoft targets virtualization with Windows 8/Windows Server combo" was originally published by Network World.

| 1 2 Page 5
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon