1. Nivo 300 Windows Server 2012 What ITPros should know about Damir Dizdarević Logosoft d.o.o. Sarajevo

2. Nivo 300 Speaker – Damir Dizdarević Systems designer and trainer @ Logosoft MSCommunity BiH country leader MCSE,MCTS,MCITP,MCT MVP : Management Infrastructure Author of several MOC courses (Windows Server, Exchange Server) Technical articles in Windows ITPro ddamir@logosoft.ba www.mscommunity.ba/blogs/ddamir

3. Nivo 300 Agenda Windows Server 2012 Introduction Deployment Management Hyper-V Active Directory Q&A

4. Nivo 300 In the past, Windows was a great operating system for a server and its devices Introduction 00

5. Nivo 300 Windows Server 2012 is a great operating system for many servers and the devices that connect them— whether they are physical or virtual, on-premises or off-premises Introduction 0

6. Nivo 300 Deployment options 01 Default deployment type is CORE WHY? Server with full GUI is Metro based New interface option - Minimal Server Interface All three options are interchangeable at any time To reach the installation state in each column… Server Core installation option Minimal Server Interface Server with a GUI installation option Desktop Experience feature installed Select these features in Server Manager: none Graphical Management Tools and Infrastructure Graphical Management Tools and Infrastructure, Server Graphical Shell Graphical Management Tools and Infrastructure, Server Graphical Shell, Desktop Experience Run the Windows PowerShell install/uninstall commands with these values for the Name parameter: noneServer-Gui-Mgmt-Infra Server-Gui-Mgmt-Infra, Server-Gui-Shell Server-Gui-Mgmt-Infra, Server-Gui-Shell, Desktop-Experience

7. Nivo 300 Server Manager today (Windows Server 2008 R2) Windows Server Management Manages only online servers Manages many technologies and deploys workloads on the local server Provides support for remote management of computers Manages one server at a time 02

8. Nivo 300 Windows Server Management Server Manager in Windows Server 2012 New multi-server management and feature deployment capabilities: – Managing multiple servers at once – Managing features across servers – Deploying workloads to remote servers (including offline virtual hard disks) 01

9. Nivo 300 Windows Server Management 02 Remote deployment of roles and features The new Add Roles and Features Wizard in Server Manager is implemented by using new Windows Management Instrumentation (WMI) providers that enable remote deployment and configuration

10. Nivo 300 Simplified provisioning of new virtual server images: The process of provisioning new virtual server images is simplified with the new ability to deploy roles and features directly to offline virtual hard disks Windows Server Management 02

11. Nivo 300 Windows Server Management 02 Streamlined server configuration and deployment: In Windows Server 2012, Server Manager includes configuration functionality previously provided by the Initial Configuration Tasks window; the result is a single surface for managing the configuration of Windows Server and its roles and features

12. Nivo 300 Windows Server Management 02 Multi-server experience Manage groups of servers collectively from within a single, integrated console Generate status views for multiple servers after polling servers for operational statistics,

13. Nivo 300 In Windows Server 2008 R2, you connect to server roles (such as File Services, Hyper-V, and Remote Desktop Services) on a per-server basis. Windows Server Management 02 Windows Server 2008 R2

14. Nivo 300 In Windows Server 2012, you can manage a server role as it spans across servers, or you can look at a server and the server roles on that server. Both options are important. Windows Server Management 02 Windows Server 2012

15. Nivo 300 260 core cmdlets and more than 2,300 total cmdlets in 239 available modules Management of all Windows roles and features Native support for scheduled jobs Robust Session Connectivity allows remote sessions to remain connected during network failures Remote management through Windows PowerShell Web Access Windows PowerShell Workflows that improve automated administration Even easier to learn, use, and create new scripts Updatable Help simplifies the retrieval of most recent Help documentation Comprehensive, resilient, and simple automation from the command line: Windows Server Management Windows PowerShell in Windows Server 2012 (version 3.0) 02

16. Nivo 300 16 Reduces costs associated with backup storage and management Can leverage Windows Azure cloud services Options for third- party cloud services Ideal for small businesses, branch offices, and departmental business continuity needs Windows Server "8" Beta Backup (Extensible) Windows Server 2012 Agents Microsoft Online Backup 3 rd Party Agents Agents Microsoft Online Backup 3 rd Party Agents 3 rd Party Cloud Microsoft Online Backup Service 3 rd Party Online Backup Service Microsoft Online Backup Portal 3 rd Party Online Backup Portal Sign up Billing Sign up Billing IT Admin or VAP IT Admin or VAP Registration Backup/Restore Inbox Engine Inbox UI Windows Server Management – Online Backup 02

17. Nivo 300 Eliminates downtime associated with cluster updating Simplifies cluster updates through configurable automation Transparent to users and hosted applications Extensible to install even non-Windows software updates through custom plug-ins Updating Run orchestration Admin Apply updates on this cluster Node n Draining the node Resuming & Failback...... Node 1 Windows Server failover cluster... Windows Update Windows Server Management – Cluster aware updating 02

18. Nivo 300 DHCP easier to implement HA DHCP failover without clustering Can be configured for multiple subnets Can work in hot stand by or load sharing mode Windows Server Management – DHCP Failover 02

19. Nivo 300 Windows Server Management 0202 DEMO Server Manager Online Backup Cluster aware updating and app monitoring

20. Nivo 300 Basic server virtualization technology helps achieve cost savings and operational efficiencies Let’s go beyond basic virtualization. Hyper-V 3.0 Create more dynamic platforms to: Build private clouds. Create more flexible virtualization solutions on site to support core line of business applications and high availability solutions. 0303

21. Nivo 300 Hyper-V before Windows Server 2012 Windows Server 2008 R2 improvements to Hyper-V Increased availability for moving virtual machines Increased availability for adding and removing virtual machine storage Improved management of virtual data centers Simplified method for physical and virtual computer deployments Hyper-V processor compatibility mode for live migration Improved virtual networking performance Improved virtual machine memory management Hyper-V history Introduced with Windows Server 2008 New version in Windows Server 2008 R2 Update with Windows Server 2008 R2 SP1 Two manifestations of Hyper-V Hypervisor-based virtualization feature of Windows Server 2008 R2 Microsoft Hyper-V Server, a free stand- alone product containing only: – Windows Hypervisor – Windows Server driver model – Virtualization components 0303

22. Nivo 300 Hyper-V 3.0 - New virtual hard disk format (VHDX) VHDX principal features Storage capacity up to 64 terabytes (TBs) Corruption protection during power failures Optimal structure alignment for large-sector disks Benefits Increases storage capacity Protects data Helps to ensure quality performance on large-sector disks 0303

23. Nivo 300 Hyper-V 3.0 - Migrate virtual machines without downtime Improvements Faster migration and simultaneous migration Live migration outside a clustered environment SMB-share-based live migration Live migration setup Memory page transferred Modified pages transferred Storage handle moved 0303

24. Nivo 300 Hyper-V 3.0 - Migrate virtual machines without downtime Benefits Increase flexibility of virtual machine placement Increase administrator efficiency Reduce downtime for migrations across cluster boundaries “Share nothing" live migration 0303

25. Nivo 300 Hyper-V 3.0 - Move virtual machine storage with no downtime 25 Live storage migration Move virtual hard disks (VHDs) attached to a running virtual machine. Benefits Manage storage in a cloud environment with greater flexibility and control. Move storage with no downtime. Update physical storage available to a virtual machine (such as SMB-based storage). Windows PowerShell cmdlets. 0303

26. Nivo 300 Hyper-V 3.0 - Reliably import virtual machines Import Wizard Detects and fixes problems Doesn’t require the virtual machine to be exported Allows a virtual machine to be copied to a USB flash drive Moves virtual machines more easily and reliably Uses Windows PowerShell cmdlets for automation Benefit A simpler, better way to import or copy virtual machines. 0303

27. Nivo 300 Hyper-V 3.0 - Merge snapshots while the virtual machine is running Update parent virtual hard disks while the virtual machine is still running Benefit Snapshot data are stored in.avhd files You can merge the.avhd disk into the parent while the virtual machine continues to run I/O is suspended to a small range while data in the range is processed At completion, online merge fixes merged disks and closes files. Snapshot features 0303

28. Nivo 300 Hyper-V 3.0 - Use new automation support for Hyper-V 28 Designed for IT pros More than 150 cmdlets Consistent cmdlet nouns Task-oriented interface 0303

29. Nivo 300 Virtual machine starting with Hyper-V smart paging Hyper-V 3.0 - Dynamic Memory improvements for Hyper- V Windows Server 2012 improvements Minimum memory Hyper-V smart paging Memory ballooning Runtime configuration Dynamic Memory Introduced in Windows Server 2008 R2 SP1 Reallocates memory automatically among running virtual machines 0303

30. Nivo 300 Hyper-V 3.0 - Resource Metering A two-tenant environment built with Hyper-V in Windows Server "8" Beta Uses resource pools Is compatible with all Hyper-V operations Is unaffected by virtual machine movement Uses Network Metering Port ACLs Features Average CPU use Average memory use Minimum memory use Maximum memory use Maximum disk allocation Incoming network traffic Outgoing network traffic Metrics 0303

31. Nivo 300 Hyper-V 3.0 - Virtual Fibre Channel in Hyper-V Live migration maintaining Fibre Channel connectivity 31 Access Fibre Channel SAN data from a virtual machine Unmediated access to a SAN A hardware-based I/O path to virtual hard disk stack A single Hyper-V host connected to different SANs Up to four Virtual Fibre Channel adapters on a virtual machine Multipath I/O (MPIO) functionality Live migration 0303

32. Nivo 300 Hyper-V 3.0 - Hyper-V Replica 32 New feature Replicates Hyper-V virtual machines from a primary to a Replica site Benefits Affordable in-box business continuity and disaster recovery solution Failure recovery in minutes More secure replication across network No need for storage arrays No need for other software replication technologies Automatic handling of live migration Simpler configuration and management 0303

33. Nivo 300 Hyper-V 3.0 0303 DEMO

34. Nivo 300 34 Active Directory Domain Services (AD DS) 0404 New or enhanced features Simplified deployment Safer virtualization of domain controllers Simplified management with Windows PowerShell 3.0 Expanded Active Directory functionality

35. Nivo 300 Domain controller deployment wizard Streamlined domain controller promotion Support for remote deployment 0404

36. Nivo 300 Deployment wizard features Prerequisite validation Remote execution against multiple servers Integrated pre- deployment validation Windows PowerShell script export option Simplified configuration pages 0404

37. Nivo 300 Cloning virtual domain controllers 1.Single virtual domain controller deployment with new wizard 2.Clone additional virtual domain controllers within the same domain Virtual domain controller Clones 0404

38. Nivo 300 Current state USN is assigned to each transaction InvocationID is assigned to each instance of AD InvocationID+USN uniquely identify each write transaction within forest Rolling DC back in time can cause usage of same USN for different transactions and they will not replicate Safer virtualization of domain controllers Solution AD DS stores the value of the VM GenerationID identifier in the msDS- GenerationID attribute on the domain controller’s computer object in its database or directory information tree (DIT) GenerationID changes when an event affects virtual machine’s position in time During boot, virtual domain controller compares current value of GenerationID against value stored in the directory A mismatch (rollback event) triggers safe virtual domain controller convergence 0404

39. Nivo 300 New Windows PowerShell cmdlets Manipulate and query AD DS Create scripts that automate common administrative tasks Windows PowerShell 3.0 More accessible, intuitive, and easier for non-experts to learn Simpler management with Windows PowerShell 3.0 0404

40. Nivo 300 Reduces learning curve Increases confidence in scripting Enhances Windows PowerShell discoverability Works in ADAC Windows PowerShell history viewer 0404

41. Nivo 300 Dynamic Access Control 04 File inherits classification tags from parent folder Manual tagging by owner Automatic tagging Tagging by applications Central access policies based on classification Expression-based access conditions for user claims, device claims, and file tags Access denied remediation Central audit policies can be applied across multiple file servers Expression-based audits for user claims, device claims, and file tags Staging audits to simulate policy changes in a real environment Automatic Rights Management Services (RMS) protection for Microsoft Office documents Near real-time protection when a file is tagged Extensibility for non- Office RMS protectors ClassificationAccess ControlAuditingRMS Protection 41

42. Nivo 300 DAC - Expression-based access policy User claims User.Department = Finance User.Clearance = High ACCESS POLICY For access to finance information that has high business impact, a user must be a finance department employee with a high security clearance, and be using a managed device registered with the finance department. Device claims Device.Department = Finance Device.Managed = True Resource properties Resource.Department = Finance Resource.Impact = High File Server AD DS 42 04

43. Nivo 300 DAC - Central access policy workflow 43 In Active Directory Domain Services: Create claim definitions Create file property definitions Create central access policy In Group Policy: Send central access policies to file servers On file server: Apply access policy to the shared folder Identify information On user’s computer: User tries to access information 04

44. Nivo 300 Access-denied remediation 44 1. Self-remediation 2. Remediation by file owner 3. Remediation by helpdesk and file server administrators Vague access denied messages Before Windows Server 2012Windows Server 2012 Assisted remediation 1. Manual helpdesk remediation 04

45. Nivo 300 45 Access-denied remediation process 45 Access denied remediation provides a user access to a file when it has been initially denied: 1.The user attempts to read a file. 2.The server returns an “access denied” error message because the user has not been assigned the appropriate claims. 3.On a computer running the Windows® 8 Consumer Preview operating system, Windows retrieves the access information from the File Server Resource Manager on the file server and presents a message with the access remediation options, which may include a link for requesting access. 4.The user requests access to the file. 5.When the user has satisfied the access requirements (e.g. signs an NDA or provides other authentication) the user’s claims are updated and the user can access the file. 04

46. Nivo 300 Active Directory 0404 DEMO Dynamic Access Control

47. Nivo 300 Active Directory – a few more features ADAC - Fine grained password policy interface ADAC - Recycle Bin Interface 0404 Off premises domain join Group Managed Service Accounts Activation using AD DS

48. Nivo 300 VPRAŠANJA? Po zaključku predavanja, prosimo, izpolnite vprašalnik. Vprašalniki bodo poslani na vaš e-naslov, dostopni pa bodo tudi preko profila na spletnem portalu konference www.ntk.si.www.ntk.si Najlepša hvala!