Microsoft targets virtualization with Windows 8/Windows Server combo

By , Network World |  Virtualization, Hyper-V, Microsoft

It's possible to host Windows 2012 Standard or Data Center editions as VMs on Hyper-V (2 and 3), VMware (we tested 5.0 and 5.1), and into data centers -- but Microsoft would prefer that you used Azure and Azure-compatibles. Towards these ends, there is a Key Server that can provision Windows 8 clients (tested with an MSDN key, rather than an Enterprise key (Microsoft won't let us have one). You can move VMs across Hyper-V 3 hosts; however, between V2 and V3 we had head-scratching difficulties that are still unexplained.

Active Directory Rights Management Services (AD RMS) was very interesting to us in Windows 2008, but in Windows Server 2012, it's linked to Active Directory Dynamic Access Control, which extends the covered storage "turf" to devices that can be controlled via Active Directory identity and access controls.

We set this up and copied numerous folders. If a device is Active Directory-authenticated (Windows Vista+), we had protection afforded for the files. We needed to generate a client certificate, which in turn, is used by the server to match identity, a process called DRMActivate.

Once installed, a match is made between the client and server portion when the certificates match (we also tried fudging a certificate, but that didn't work) and we received file access as we'd prescribed, as the creator or administrator of the files and folders. We also tried PowerShell subterfuge to no avail. AD RMS also controls policies for Windows 8 Professional/Enterprise AppLocker feature, we found. Encryption comes with Bitlocker, which uses the Trusted Information Chipset as in prior editions, but can also be run with a USB containing the key. Don't lose the key.

There is the sense that Microsoft accommodates other clients and server platforms within the turf that they seem to be managing by their improved editions. Active Directory is a key hook that Microsoft has, and if your clients and servers can speak Active Directory, you're happy, otherwise you're still a second-class citizen. It's been that way for decades and we didn't expect it to change.

Yet small irritations, like the fact that Group Policies are an admin-or-nothing gradient means that applications like Viewfinity Privilege Management and Beyond Trust Privilege Manager will still be needed to graduate Group Policy management, which is essentially unchanged from Windows 2008 (R2).


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness