The 17 Best New Features Of Windows Server 81:00 PM EST Wed. Sep. 14, 2011
Microsoft invited the CRN Test Center to its Redmond, Wash. headquarters last week for an up-close and personal look at its upcoming Windows Server 8.
Before the first hour was through, it was clear that the unofficial slogan for the unofficially-named Windows Server 8 was, "It Just Works."
The excitement was palpable, as exec after high-level exec paraded through the room with their presentations, each more animated than the next to tell -- and to show -- what was in store for the next edition of Windows Server. And there was plenty to say. Here's just a sample -- the top 17 features of Windows Server 8.
The new version of Windows Server Manager can recognize and manage multiple servers at once. In the Dashboard shown, servers of different types are listed in the left-hand pane, and a simple step-by-step configuration process is at right. Below, servers are listed by role and group, mimicking the left-hand list.
Configuring servers is as easy as 1-2-3-4, as Server Manager presents admins with a fool-proof interface for configuring, adding roles, finding other servers to manage and combining machines for management as a group. Though shaded, functions 2, 3 and 4 are as active as number 1.
Server Manager "8" displays servers, sever groups and other manageable resources as tiles, with quick stats about each resource's major functions. Red-highlighted resources call for administrator attention and/or action. Drilling into a stat presents a dialog box listing those events, services or alerts. Drilling the resource title itself displays a new screen of information much the same as in prior versions of the tool, but in a flatter-looking and more functional UI (next).
From the resource page, events, services and list are displayed as in prior Server Manager versions. When managing multiple servers, the services and events running on all servers will be displayed in a single list, and will be long indeed. Windows Server Manager 8 lets administrators pare down those lists with search terms, and can save those queries for use later. Using terms like "stopped" (as in service) or "low" (as in priority) can narrow the search to specific criteria. Searches apply across all columns, and accept modifiers such as "contains."
"In the past we were guilty of overpromising and underdelivering," said Bill Laing, corporate vice president of Microsoft's Server and Cloud Division, as he opened the three-day Windows Server 8 reviewer's workshop in Redmond. "This time we didn't." And he wasn't kidding.
Laing said that Windows Server 8 took into account about 6,000 statements from more than 200 key partner consultations and design sessions and survey results from 26,000 respondents. In all, Microsoft spent $10 million researching what was needed in its next server edition. "The strongest message from IT was keeping the server up." The result, he said, was more than 300 new features, including high availability at "a new low price point," full automation through the PowerShell scripting engine, simplified storage with dedupe and thin provisioning and many advanced innovations in virtualization and Live Migration capabilities that "just work."
On the subject of Live Migration that just works, Jeff Woolsey, Microsoft's principal program manager lead for Windows Server Virtualization, described a scenario in which a virtualized Fibre Channel host bus adapter can be migrated from one server to another with no disruption in service to the SAN. "Try doing that with VMware; you can't," he said. The claim drew at least one incredulous "no way" from the audience. Yes way.
Live Migration, introduced with Windows Server 2008 R2, now works with any feature implemented in Windows Server 8, including its new NIC teaming capability, which now can mix and match with NICs from any vendor. "We're like HBO: No Limits. Everything is in the box." In response to a question from the audience, Woolsey added: "It required a lot of heavy lifting, but yes, you can sleep a Windows Server 8 host."
Roles and features are no longer launched from separate installation lists; roles and features are combined as Role-based and Feature-based installations. An all new scenario-based installation process draws roles features and services as appropriate based on the scenario. As it applies to a Remote Desktop Services (currently the only choice) scenario for example, the tool automatically presents options to install a connection broker, session and/or virtualization hosts, Web access, and so on, and indicates which are required. Further options are presented depending on the choices and their dependencies. In other words, "it just works."
"IT administrators don't actually know what data is on their servers," said Nir Ben-Zvi, a senior program manager at Microsoft, even though they set up systems and allocate storage. Windows Server 8 introduces Dynamic Access Control, an enhanced file-level auditing and authentication platform that layers Kerberos security via a new version of Active Directory, and can automatically tag sensitive data based on content and creator.
"Credit card numbers, for instance, can be identified and tagged as high-impact," he said. Active Directory 8 introduces claims definitions for files, folders and shares; as well as file property definitions and access policies, all of which can be sent and applied to other Windows Sever 8 servers across an organization. By applying centralized policies automatically (or manually), access to such files can be restricted by multiple criteria, including user, device and department. "I can apply this all across my organization, across borders and repositories," said Ben-Zvi, provided the files are hosted by a Windows Server 8 server.
Virtual switches handle traffic between the host OS, VMs and the NIC. Windows Server 8 adds to Microsoft's existing virtual switch technology a port access control layer (port ACL), which can block or control traffic by source or destination VM. "We don't want a VM to accidentally become a DHCP server, for example," said Sandeep Singhal, general manager and director of Windows Networking at Microsoft. A new feature called DHCP guard blocks VMs from providing services to other VMs. Windows Server 8 also now supports private VLANs, giving administrators the ability to isolate VMs to uplink only, for example, and to allocate and enforce bandwidth restrictions and control traffic in other ways to improve performance and make it more predictable, flexible and reliable. The switch also is extensible through an open API, permitting solution providers to develop custom apps for capturing, filtering or forwarding traffic to meet specific needs. "They can do firewalling, intrusion detection, anything you want to do. And when using Live Migration, the port ACLs and extensions migrate automatically. You don't have to worry about that; it just works."
Jeffrey Snover, a Distinguished Engineer and the Lead Architect of Microsoft's Windows Server Division made a point of noting that most Microsoft products (to put it kindly) don't reach their stride until version 3. "I've spent most of my career throwing rocks at new products from Microsoft," said Snover, whose past includes Tivoli and NetView. "But once Microsoft reaches version 3, it's game over."
Of course, Snover was there to introduce Virtualization 3.0, which offers vast improvements in performance and manageability as well as strict adherance to standards and support for multitenancy and numerous server-connected devices. "Things need to 'just work.' So we've focused on being a great OS for servers and the devices connected to them, be they physical or virtual, on-premise or off."
For example, a new service uses the Storage Management Initiative specification (SMI-S) of the Storage Networking Industry Association (SNIA) to interoperate between storage arrays from multiple vendors. There's also a new extensible storage management API.
An new version of IIS has been developed from the ground up for scalability, Staples said. "People have said, 'I want my investments to work better on Windows Server 8 and increase in performance as I upgrade my hardware.' We know that has not always been the case, but now we've had a chance to do that." The new IIS improves performance in part with all new SSL certificate handling, which is now more efficient and supports the Server Name Identifier (SNI) SSL extension. Certificates are centrally managed, easily sorted no longer loaded when expired or not in use.
Thanks to major changes in Active Directory, Windows Server 8 offers virtualization that "just works," according to Uday Hegde, group program manager in Microsoft's Identity and Access Team. A new domain controller promotion interface integrates the preparatory steps into the promotion process to automate prerequisites. "We validate environment-wide the prerequisites before beginning to deploy," he said.
AD also integrates with Server Manager 8 and is controllable remotely. A new configuration wizard contains the most common deployment scenarios, and it's backward compatible to Windows Server 2003. Hegde demonstrated a new virtual domain controller cloning feature that simplifies the propagation of VDCs to a simple file copy. "You can just copy the .vhdx file instead of using Hyper-V to clone. And we made sure we call the sysprep for each clone," he said, referring to Microsoft's System Preparation tool.
Still considered in the developer preview stage, Windows Server 8 has a good deal more to pass through before RTM. And that is a fundamental shift in the way Microsoft builds products, said Mike Neil, the company's general manager of Windows Server planning and management. "In the past we spent long periods planning a release and not on what we needed to do; instead of a little planning and lots of development and testing." He added that the validation period is the longest. "There's a huge ecosystem of hardware that needs to work, so when a customer buys a server they have a good experience."
Among the most impressive demonstrations was the ability of Windows Server 8 to migrate an virtualized network that was fully operational from an on-premise server into a cloud-based one without interrupting services and without changing the IP addresses. You read that right. No changes to IP addresses are necessary after Live-Migrating a virtual network to the cloud.
Virtual networking works by mapping virtual IP addresses to a physical one on the wire. When a virtual network is moved, it simply changes the mapping. "IP rewrite lets us provide full network virtualization in existing hardware," said Singhal. The other model (also supported) is to use GRE encapsulation, a decades-old standard that wraps the entire packet. "This preserves the header so we can know the source of the traffic and apply policies, and it takes advantage of an established standard."
If you've ever copied or moved large groups of files or other objects from one share to another, perhaps you've wondered why the server has to be involved at all beyond kicking off the process. Now it doesn't, thanks to ODX, or Offloaded Data Transfer. "ODX 'automagically' detects if a copy is from one part of the SAN to another," said Microsoft's Jeff Woolsey. There's no need for that to copy through the server to another part of the same SAN."
With this clever (and long overdue) feature, Windows Server 8 and Windows Explorer are aware of the source and destination of the objects involved in a copy or move process and it just works on its own to perform the operation, freeing up the system that initiated it. In a demo, a large object was copied without ODX and consumed 44 percent of the CPU and 25 percent of available network bandwidth. When the same file was copied with ODX enabled, CPU usage was four to eight percent and network usage was zero.
A clever application of Windows Server 8's clustering capabilities would be to use it for automating Patch Tuesdays, Microsoft's weekly posting of bug and vulnerability fixes. According to Thomas Pfenning, general manager of Microsoft's Server and Cloud division, "People hate Patch Tuesday." Pfenning described a scenario using Windows Server 8's maintenance mode and fail-back features for automatically updating servers with each Tuesday's patches. "When it restarts, it fails over to its stand-by system, which takes over without interruption and fails back when the patched node is up, so other nodes can be updated." Viola! No more Patch Tuesdays.
Also new is Storage Spaces, which removes the LUN-related limitations once placed on administrators. "Now you can just have bunch of disks, carve out some storage pools and make them available [to VMs]. That's basically it," said Pfenning. There's also now support for storage through SMB2 Multichannel and SMB2 Direct storage over RDMA (remote direct memory access).
With almost every description of new features to come in Windows Server 8, Microsoft backed its claims with a demonstration. But when asked straight out for a release time line, Mike Neil hedged. "What's that line from Earnest and Julio Gallo...?" Actually it was the slogan of Paul Masson wineries through the 1970s, often voiced by Orson Wells, that "We will sell no wine before its time."
Windows Server 8 bits were to be released Wednesday at Build.