Session 3 - Windows Server 2012 with Jared Thibodeau


Published on

CTE Ottawa Seminar Day - September 7th, 2012
This clinic will cover key new features in Windows Server 2012. It will outline new management and access features for areas such as Server Manager, Active Directory and PowerShell. It will also cover storage and network improvements as well as High Availability and significant changes to Hyper-V contained within Windows Server 2012.

This clinic is intended for IT Professionals who are interested in learning about the new features and functionality in Windows Server 2012. People who are key influencers and technology decision makers in an IT organization will also be interested in attending this clinic and will benefit from gaining early insight into some of the latest technologies included in Windows Server 2012. In general, early adopters of new technology or people looking to gain early insight into new functionality in Windows Server 2012 will benefit from attending this First Look Clinic.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Session 3 - Windows Server 2012 with Jared Thibodeau

  1. 1. First Look Clinic:Windows Server 2012CTE Ottawa Seminar Day September 7th, 2012
  2. 2. Introduction• Name• Company affiliation• Title/function• Job responsibility• Windows administration experience• Windows Server experience• Your expectations for the clinic
  3. 3. Clinic MaterialClinic HandbookA succinct classroom learning guide that provides criticaltechnical information to optimize yourin-class learning experience.
  4. 4. Facilities• Class hours• Building hours• Parking• Restrooms• Meals• Phones• Messages• Smoking• Recycling
  5. 5. About This Clinic• Description• Audience• Clinic Prerequisites• Clinic Objectives
  6. 6. Clinic Outline• Module 1: Server Management in Windows Server 2012• Module 2: Storage, Networking and Availability in Windows Server 2012• Module 3: Hyper-V in Windows Server 2012
  7. 7. Demonstration: Using Hyper-V ManagerIn this demonstration, you will learn how to:• Open Hyper-V Manager• Navigate the various sections/panes within Hyper-V Manager  Virtual Machines, Snapshots, and Actions: Server specific and Virtual Machine specific• Identify the virtual machines (VMs) used in the labs for this course• Take a Snapshot and Apply a Snapshot• Connect to a VM• Start and log on to a VM• Switch between the full screen and window modes• Revert to the previous Snapshot• Shut down a VM  Understand the difference between Shut Down and Turn off• Close Hyper-V Manager
  8. 8. Module 1Server Management inWindows Server 2012
  9. 9. Module Overview• Whats New in Server Manager• Windows PowerShell and Server Core Enhancements• What’s New in Active Directory• Dynamic Access Control• Introducing IP Address Management
  10. 10. Lesson 1: Whats New in Server Manager• Administering Servers with Server Manager• Adding Roles and Features
  11. 11. Administering Servers with Server ManagerUsing Server Manager, youcan:• Manage multiple servers from one instance of Server Manager• Deploy roles and features to remote servers• Generate Windows PowerShell scripts for actions performed in Server Manager• Group servers• View the status of all servers from a single location• Determine whether roles on the network are functioning efficiently.
  12. 12. Adding Roles and Features• Remotely deploy roles and features• Add roles and features to virtual hard disks even if the virtual machine is turned off.
  13. 13. Demonstration: Exploring Server Management inWindows Server 2012In this demonstration you will:• Start the Server Manager console.• Add a server role or feature.• View role related events.• Run the Best Practice Analyzer for a role.• List the tools available from Server Manager.• Open the Start Menu.• Log off the currently logged on user.• Restart Windows Server 2012.Recorded Demo - Configuring Server Manager.wmv
  14. 14. Lesson 2: Windows PowerShell and Server CoreEnhancements• Using Windows PowerShell in Windows Server 2012• Removing the Graphical Interface
  15. 15. Using Windows PowerShell in Windows Server 2012The new PowerShell Integrated Scripting Engine (ISE)provides:• Integrated help – enables you to search for Windows PowerShell cmdlets if you know a few characters in their name.• IntelliSense - which suggests values as you type and prompts you for parameter values.
  16. 16. Removing the Graphical Interface• Benefits of Using Server Core  Reduced update requirements.  Reduced hardware footprint.• Graphical shell is now a feature. Can be turned off and back on again• Server Core Installation Options  Server Core. The standard deployment of Server Core. It is possible to convert to the full version of Windows Server 2012.  Server Core with Management. This works the same as a deployment of Windows Server 2012 with the graphical component, except that the graphical components are not installed
  17. 17. Lesson 3: What’s New in Active Directory• Key New Features• Deploying Domain Controllers• Virtualization-Safe Technology• Group Managed Service Accounts
  18. 18. Key New FeaturesNew features of AD DS:• New deployment methods• Simplified administration• Virtualized domain controllers• Active Directory module for PowerShell• Windows PowerShell History Viewer• Active Directory Federated Services• Active Directory Based Activation
  19. 19. Deploying Domain Controllers • All configuration of domain controllers can be done through a wizard in Server Manager • AD DS binaries can be installed using PowerShell • Dism.exe is more complex to use • Dcpromo is only supported in Unattended mode
  20. 20. Virtualization-Safe TechnologyYou can safely clone existing virtual domaincontrollers by:• Creating a DcCloneConfig.xml file and storing it in the AD DS database location.• Taking the VDC offline and exporting it.• Creating a new virtual machine by importing the exported VDC.DcCloneConfig.xmlto AD DS databaselocation Export the VDC Import the VDC
  21. 21. Group Managed Service Accounts Group Managed Service Accounts provide: • Automatic password and SPN management to multiple servers in a farm • A single identity for services running on a farm Farm server1 Farm server2 Group managed Farm service server3 account
  22. 22. Lesson 4: Dynamic Access Control• Introduction to Dynamic Access Control• What are Claims?• Using Central Access Policies and Rules• Classifying Objects Using Resource Properties
  23. 23. Introduction to Dynamic Access Control• Dynamic Access Control provides :  Data Identification  Access Control to files  Auditing of access to files  RMS protection integration• Give users access to file system objects based on their attributes in Active Directory and the Classification of the file system object Finance Finance
  24. 24. What are Claims?• Claims are statements made by AD DS about specific user or object in AD DS• AD DS in Windows Server 2012 supports :  User claims  Device claims• Can be based on existing Active Directory attributes• Typical implementation might use Department • Department: Sales • Level: 5 • Site: Berlin • Role: Manager
  25. 25. Using Central Access Policies and Rules• Central Access Rules define access based on user attributes (claims) and resource properties• Central Access Rules are grouped into Central Access Policies• Central Access Policies are pushed to file servers using group policies• A Central Access Policy has three configurable parts :  Applicability.  Access conditions.  Exception.
  26. 26. Classifying Objects Using Resource Properties• You manage Resource Property objects in Resource Properties container in Dynamic Access Control node In ADAC• There is a new Classification tabfor file system objectProperties in FSRM• The Classification tab allows you to addclassifications to files and folders
  27. 27. Demonstration: Implement Dynamic AccessControl• In this demonstration, you will step through the process and UI for the following:  Creating and Enabling Claim Types  Creating Central Access Rule  Creating Central Access Policy  Enabling Dynamic Access Control and Kerberos armoring via Group Policy
  28. 28. Lesson 5: Introducing IP Address Management• Introducing IP Address Management• Server Discovery• Address Space Management
  29. 29. Introducing IP Address ManagementIPAM has the following functionality:• Address Planning DHCP• Address Allocation• Usage Tracking• Troubleshooting• Auditing IPAMKey Prerequisites:  The IPAM server DNS must not be a domain controller  You must log on to the IPAM server using a domain account
  30. 30. Server Discovery• Agentless discovery• Server connects to DHCP servers, DNS servers, domain controllers, and Network Policy Servers• Client connects to IPAM server to view data• Client connects to DHCP and DNS servers to perform updates Update Query DHCP, DNS, NPS, IPAM Client Domain Controllers IPAM Server Agentless Discovery
  31. 31. Address Space Management• Address blocks Contiguous range of IP addresses• Address ranges Sub-division of address block for internal allocation• IP addresses Individual IP addresses
  32. 32. Demonstration: IP Address Management• In this demonstration, you will use IPAM Server to perform a server discovery
  33. 33. Module Review• Module Summary• Review Questions
  34. 34. Module 2Storage, Networking and Availability in Windows Server 2012
  35. 35. Module Overview• Storage Enhancements• Whats New in Remote Access• New and Improved Networking Technologies• Availability Enhancements
  36. 36. Lesson 1: Storage Enhancements• New Storage Features in Windows Server 2012• Storage Spaces and Storage Pools• SMB 3.0• iSCSI Target Server• Microsoft Online Backup
  37. 37. New Storage Features in Windows Server 2012• Multi-terabyte volumes• Data Deduplication• Storage Spaces and Storage Pools• Unified remote management of File and Storage Services in Server Manager.• Server Message Block (SMB) 3.0• iSCSI Target server• Resilient System(ReFS)• Scale-Out File Server• Windows® PowerShell® cmdlets for File and Storage Services.
  38. 38. Storage Spaces and Storage Pools• Provides RAID functionality without the need for RAID hardware or software• Enables striping, mirroring, and parity• Can be configured from Server Manager, Control Panel, or PowerShell• Provisioning Schemes  Thin Provisioning space  Fixed provisioning space
  39. 39. SMB 3.0 High Speed SMB Multi-Channel SMB Direct SMB Encryption
  40. 40. iSCSI Target Server• iSCSI Target is included with Windows Server 2012 as a role service• New Features include  Authentication  Query initiator computer for ID.• Provides iSCSI network storage to provide network storage to systems including:  Application servers  Hyper-V  Clustering  Diskless systems
  41. 41. Microsoft Online Backup• Back up to the cloud• Uses Windows Server Backup• Extensible to enable third-party providers
  42. 42. Lesson 2: Whats New in Remote Access• DirectAccess and Unified Remote Access• BranchCache
  43. 43. DirectAccess and Unified Remote Access• DirectAccess  Improved Management  Simplified Deployment  Performance and Scalability  New Deployment Scenarios• Unified Remote Access  One gateway can provide clients-to-site connectivity and site-to-site connectivity  Ideally suited to a hybrid cloud environment
  44. 44. Demonstration: Configuring Direct Access• In this demonstration, you will configure a Direct Access server
  45. 45. BranchCache• BranchCache caches data from head office to branch office to reduce network bandwidth and improve performance at the branch office• In Windows Server 2012, there are a number of improvements:  Performance • Performance is improved through chunking improvements and caching starting sooner.  Manageability • Manageability is improved through more straightforward deployment and PowerShell integration.  Scalability • Scalability is improved by supporting multi-terabyte caches
  46. 46. Lesson 3: New and Improved NetworkingTechnologies• Networking Changes• DNSSEC• Data Center TCP• Data Center Bridging• NIC Improvements• High Performance Networking Offloads
  47. 47. Networking Changes• DNSSEC• Extensible Authentication Protocol (EAP) for Network Access Landing Page• 802.1X Authenticated Wireless Access Overview• Data Center Bridging (DCB)• Data Center Transmission Control Protocol (DCTCP)• Network Direct• IPSecTOv2• SR-IOV• Receive Segment Coalescing (RSC)• Receive Side Scaling (RSS)• Quality of Service (QoS)• NIC Teaming (Load balancing and failover (LBFO))
  48. 48. DNSSEC• New Resource records defined in Windows Server 2012  DNSKEY  DS  RRSIG  NSEC3• Trusted Anchor  In DNS it is the DNSKEY resource record or DS resource record hash of DNSKEY resource record. Clients use these records to build trust chains.• Name Resolution Policy Table (NRPT)  Contains rules that control how DNS clients validate responses.
  49. 49. Data Center TCP• TCP traffic flow is interrupted in the presence of network congestion, so it is affected regardless of the degree of that congestion• DCTCP reacts to the amount of congestion• Traffic is smoothed• Buffer memory is dramatically decreased Congested traffic Smoothed traffic
  50. 50. Data Center Bridging• Reserves bandwidth by the type of network traffic• Requires DCB-capable NICs Bandwidth Reservation: Live Migration Media Streaming Video Conferencing
  51. 51. NIC Improvements NIC Teaming Consistent Device Naming
  52. 52. Demonstration: Configure NIC Teaming• In this demonstration, you will configure NIC Teaming.
  53. 53. High Performance Networking Offloads• Offloading data transfers with RDMA• Offloading security with IPSecTOv2• Offloading networking for virtual machines with SR-IOV• Coalescing received packets with RSC• Scaling out received network traffic with RSS
  54. 54. Lesson 4: Availability Enhancements• Cluster Scalability• File Server High Availability• DHCP High Availability• Cluster Aware Updating• Introducing Hyper-V Availability
  55. 55. Cluster Scalability• Clustering is now much more scalable• Clustering is now available in Standard Edition
  56. 56. File Server High Availability• Scale out to provide scalability• Automatic failover to provide availability with zero downtime failovers Scale-Out File Servers CSV
  57. 57. DHCP High Availability• DHCP Failover is a new feature in Windows Server 2012• Lease information is replicated between the two DHCP servers.• If one of the DHCP servers fails, then the other DHCP server services the clients for the whole subnet.• Only IPv4 scopes and subnets are supported because IPv6 uses a different IP address assignment scheme.
  58. 58. Cluster Aware Updating• One command performs an update on all nodes in turn: 1. Fails over the workload 2. Applies updates 3. Reboots if necessary 4. Fails back the workload 5. Continues to next node• Cluster Updating Modes  Remote-updating mode  Self-updating mode.
  59. 59. Introducing Hyper-V Availability• Virtual machine monitoring• Live Migration
  60. 60. Module Review• Module Summary• Review Questions
  61. 61. Module 3Hyper-V in Windows Server 2012
  62. 62. Module Overview• Storage Enhancements• What’s New in Networking• Introducing Hyper-V Replica• What’s New in Guest Clustering and VM Monitoring• Virtual Machine Movement in Hyper-V
  63. 63. Lesson 1: Storage Enhancements• Features of Virtual Hard Disk File Format• Hyper-V over SMB• Offloaded Data Transfer
  64. 64. Features of Virtual Hard Disk File Format• Support for virtual hard disk storage capacity of up to 64 TB• Protection against data corruption during power failures• Improved alignment of the virtual hard disk format• Larger block sizes for dynamic and differencing disks• A 4-KB logical sector virtual disk• Store custom metadata• Efficiency in representing data VHDX
  65. 65. Hyper-V over SMB File Server Cluster (SMB) DISK DISK Share 1 Share 2 Config Child Config Child 1 1 Disk Disk VHDX VHDX Hyper-V Parent 1 Hyper-V Parent N Single-Node File Server
  66. 66. Offloaded Data Transfer• Enables copying of large amounts of data from one location to another• Uses a token-based operation to move data on the storage device TokenOffload Offload Token Token read write Intelligent storage array Virtual Virtual Disk Actual Data Transfer Disk
  67. 67. Lesson 2: What’s New in Networking• Changes in Hyper-V Networking• Virtual Switches• Hyper-V Network Virtualization• Virtual MAC Addresses• Configuring Virtual Network Adapters• Quality of Service
  68. 68. Changes in Hyper-V Networking• DHCP guard• Router Guard• Hyper-V Extensible Switch• Extension monitoring• MAC address• MAC address spoofing• Monitor Port• single root I/O virtualization (SR-IOV)• Virtual Fibre Channel in Hyper-V• MultiPath I/O (MPIO)• Server for NFS data Store
  69. 69. Virtual Switches• Extensible virtual switch  ISVs can create their own plug-ins• Features  Bandwidth limit and burst support  ENC marking support  Diagnostics  Spoofing protection  DHCP Guard  Trunk mode to a VM  Port ACLs  Network traffic monitoring  Isolated VLAN
  70. 70. Hyper-V Network VirtualizationWoodgrove VM Contoso VM Woodgrove network Contoso network Switches Physica Physical l server networ k Servers Hyper-V Machine Hyper-V Network Virtualization Virtualization Run multiple virtual networks on a physicalRun multiple virtual servers network on a physical server
  71. 71. Virtual MAC Addresses• MAC Address in Hyper-V  Can be manually specified  Can be dynamically assigned within a range• If multiple Hyper-V hosts are hosting virtual machines using adapters connected to external networks,  Should ensure that each Hyper-V host uses a different pool of MAC addresses• Consider using static MAC addresses for virtual machines when those virtual machines are allocated IP addresses through a DHCP reservation.
  72. 72. Configuring Virtual Network Adapters• Synthetic and Legacy Adapters support:  MAC address allocation  DHCP Guard  Router Guard  Port Mirroring  NIC Teaming• Synthetic Adapters also support Hardware Acceleration features• Legacy Adapters do not support Hardware Acceleration features
  73. 73. Quality of Service• Includes bandwidth management features• Delivers predictable network performance• Ensures no customer is impacted by other customers on their shared infrastructure• Provides a basis for cost charging
  74. 74. Lesson 3: Introducing Hyper-V Replica• Overview of Hyper-V Replica• How to Configure Hyper-V Replica• Test Failover• Planned Failover
  75. 75. Overview of Hyper-V Replica Site A Site B Primary host Replica host (cluster) (standalone)
  76. 76. How to Configure Hyper-V Replica• Requirements  Hardware that supports Hyper-V  Windows Server 2012  Sufficient storage  Sufficient network bandwidth• Setup  Configure Hyper-V servers to accept replication  Enable replication of the VM• Monitoring  Add Replication Health column
  77. 77. Test FailoverTo verify the data at the replica site:• Test failover• Test workloads Site A Site B Primary host Replica host (cluster) (standalone)
  78. 78. Planned Failover 1. Shutdown primary 2. Send last delta Site A Site B 3. Failover to replica 4. Reverse replication Primary host Replica host (cluster) (standalone)  Testing DR or failover before disaster or planned maintenance  Zero data loss, but some downtime  Efficient reverse replication
  79. 79. Demonstration: Configuring Hyper-V Replica• In this demonstration, you will see how to configure Hyper-V Replica• Recorded Demo – Hyper-V Replica.wmv
  80. 80. Lesson 4: What’s New in Guest Clustering andVM Monitoring• VM Monitoring Overview• Comparison of Guest Clustering and VM Monitoring• High Availability Printing
  81. 81. VM Monitoring OverviewSequence of recovery steps:1. Application-level recovery  Service Control Manager (SCM) SQL2. Guest level HA recovery  Cluster service reboots VM3. Host-level HA recovery  Cluster service fails over VM to another node SAN
  82. 82. Comparison of Guest Clustering and VMMonitoring VM Monitoring Guest Clustering Application health monitoring   Proactive application  monitoring Application mobility  Simplified configuration  Event monitoring 
  83. 83. High Availability PrintingIn Windows Server 2012, HA Printing:• Enables Print Servers use Live Migration• Can be monitored by Virtual Machine Monitoring• Is easier to deploy and has reduced complexity• Can now be deployed on Server Core• Experiences fewer problems with print devices and drivers that were not designed to work in a server cluster• Has simplified backup, restore, and migration features
  84. 84. Lesson 5: Virtual Machine Movement in Hyper-V• Importing Virtual Machines• Storage Migration• Live Migration Process• Live Migration by using Shared Storage• Constrained Delegation
  85. 85. Importing Virtual Machines• Each VM consists of:  Virtual hard disks  Snapshots  Saved state of host specific devices  Memory file  Config file• Import Wizard:  Enables you to import either exported or copied VMs  Provides ability to fix common issues during import
  86. 86. Storage Migration• Move any part of a running virtual machine  VHDs  Config files  Snapshots• Storage migration enables you to:  Perform storage upgrades with no downtime  Respond to I/O bottlenecks  Resolve problems caused by poorly designed storage
  87. 87. Live Migration Process Move running virtual machines form one physical host to another • No disruption of service • No perceived downtime TCP
  88. 88. Live Migration by using Shared Storage• VMs can now be stored on an SMB 3 share• You can migrate a VM with the storage remaining on the SMB share VHDX
  89. 89. Demonstration: Live Migration• In this demonstration, you will see how to perform a Live Migration of a virtual machine• Recorded Demo - Hyper-V Live Migration.wmv.
  90. 90. Constrained DelegationWhen using Kerberos to authenticate, scenariosinvolving 3 computers can be problematic:  Log on to desktop, connect to Hyper-V server  Hyper-V server cannot pass your credentials to 3rd computer (e.g. SMB storage) VHDX• Constrained delegation allows credentials to be passed  Configure through Active Directory
  91. 91. Module Review• Module Summary• Review Questions
  92. 92. Clinic Evaluation