Table
of Contents
Introduction to Windows Server 2008
R2
Microsoft
Windows Server 2008 R2, built with Web and virtualization
technologies, is the most robust, secure, and reliable foundation on
which to develop, deliver, and manage rich user experiences and
applications.
Overview
Windows
Server 2008 R2, builds on the award-winning foundation of Windows
Server 2008, expanding existing technology and adding new features to
enable IT professionals to increase the reliability and flexibility
of their server infrastructures. New virtualization tools, Web
resources, management enhancements, and exciting Windows 7
integration help save time, reduce costs, and provide a platform for
a dynamic and efficiently managed data center. Powerful tools such as
Internet Information Services (IIS) version 7.0, updated Server
Manager and Hyper-V™ platforms and Windows PowerShell version
2.0 combine to give customers greater control, increased efficiency
and the ability to react to front-line business needs faster than
ever before.
Using this Guide
This
guide is designed to provide you with a technical overview of the new
and improved features in Windows Server 2008 R2. The following figure
outlines the technology investments areas of Windows Server 2008 R2:
Figure
1: Windows Server 2008 R2 technology investments
The
key technology investments in Windows Server 2008 R2 include:
Virtualization.
With its server virtualization technology, Windows Server 2008 R2
enables you to reduce costs, increase hardware utilization, optimize
your infrastructure, and improve server availability.
Management.
Windows Server 2008 R2 reduces the amount of effort you expend
managing your physical and virtual data centers by providing enhanced
management consoles and automation for repetitive day-to-day
administrative tasks.
Web.
Windows Server 2008 R2 gives you the ability to deliver rich
Web-based experiences efficiently and effectively, with improved
administration and diagnostics, development and application tools,
and lower infrastructure costs.
Scalability and
Reliability. With
enterprise IT departments shouldering ever-heavier burdens, Windows
Server 2008 R2 has been designed specifically with heavier workloads
for both across server and client computing. On the server side, R2
includes architectural enhancements for more compute power and role
componentization as well as specific features enhancing reliability
and security.
Better Together With
Windows 7. Windows
Server 2008 R2 includes technology improvements designed with Windows
7 enterprise users in mind, augmenting the network experience,
security and manageability.
As
you read each section, you can identify which Windows Server 2008 R2
features and capabilities will help you create solutions for your
organization. You can also see how Windows Server 2008 R2 can help
you manage and protect your existing solutions.
Getting Started
To
evaluate Windows Server 2008 R2, you need to install Windows Server
2008 R2 in your test or evaluation environment. After you install
Windows Server 2008 R2, you can use this guide to help you explore
the key technology investments for yourself.
System Requirements
Before
you install Windows Server 2008 R2, you need to ensure that the
physical or virtual computer being used in your evaluation has the
appropriate system resources. The following table lists the system
requirements for Windows Server 2008 R2.
Table 11: Window Server 2008 R2 System Requirements
Component
|
Requirement
|
Processor
|
•
Minimum:
1.4GHz x64 processor • Recommended: 2GHz or faster
|
Memory
|
•
Minimum:
512MB RAM • Recommended: 2GB RAM or greater •
Maximum 32GB (Standard) or 2TB (Enterprise and Datacenter Edtions)
|
Available
Disk Space
|
•
Minimum:
10GB • Recommended: 40GB or greater Note:
Computers with more than 16GB of RAM will require more disk space
for paging, hibernation, and dump files
|
Drive
|
DVD-ROM
drive
|
Display
and Peripherals
|
•
Super
VGA (800 x 600) or higher-resolution monitor • Keyboard •
Microsoft Mouse or compatible pointing device
|
The
actual requirements will vary based on your system configuration and
the applications and features you choose to install. Processor
performance is dependent upon not only the clock frequency of the
processor, but also the number of cores and the size of the processor
cache. Disk space requirements for the system partition are
approximate. Additional available hard-disk space may be required if
you are installing over a network.
Installation and Activation
This
pre-beta release of Windows Server 2008 R2 is intended for evaluation
and deployment planning purposes only. If you plan to install this
release of Windows Server 2008 R2 on your primary machine, it is
recommended that you back up your existing data prior to
installation.
Windows Server 2008 R2 Installation
Prior
to installation of Windows Server 2008 R2, you need to determine if
you will deploy Windows Server 2008 R2 in a physical environment or a
virtual environment. If you are installing Windows Server 2008 R2 in
a physical environment, all you need is the Windows Server 2008 R2
distribution media.
To
install this release of Windows Server 2008 R2, perform the following
steps:
Start the physical computer with
the Windows Server 2008 R2 distribution media, by inserting the
distribution media into the computer’s DVD-ROM drive.
For
a virtual machine, mount the .iso file image of the Windows Server
2008 R2 distribution media on the virtual machine and then start the
virtual machine.
Note:
Ensure that you configure the virtual machine to support x64
processors because Windows Server 2008 R2 is only supported on x64
processors.
On the Install
Windows page of the
installation process (as illustrated in the following figure), select
the appropriate language, time and currency format, and keyboard, and
then click Next.
On the Select the operating system you want to select Full
Installation, and then click Next.
Figure
2: Windows Server 2008 R2 operating system installation options
Notice
that Windows Server 2008 R2 is now available only over a 64-bit
processor architecture. Although you can install Windows Server 2008
R2 by using the Full Installation or Server Core Installation option,
this guide assumes that you select the Full Installation option.
Note:
After you have completed your installation, you cannot change the
installation option from the Full Installation option to the Server
Core installation, or vice versa, without reinstalling Windows Server
2008 R2.
The Windows Server 2008 R2 installation process continues until
Windows Server 2008 R2 starts for the first time.
After Windows Server 2008 R2 starts, log on as a user that is a
member of the local Administrators group.
Add, partition, and format any additional disks you require for your
evaluation.
Add any additional network adapters that you require for your
evaluation.
Configure the IP addressing settings for all network adapters to
allow the appropriate connectivity within your environment.
Note:
Ensure that you provide statically configured IP version 4 (IPv4) and
IP version 6 (IPv6) addresses as required for your evaluation. Do not
use IP addresses that are dynamically assigned by Dynamic Host
Configuration Protocol (DHCP).
Add the appropriate Windows Server 2008 R2 server roles and features
by using Server Manager.
Configure each server role and feature as required for your
evaluation.
Start your evaluation of Windows Server 2008 R2.
Windows Server 2008 R2 Activation
Evaluating
this early release of Windows Server 2008 R2 software does not
require product activation or entering a product key. This release of
Windows Server 2008 R2 may be installed without activation and
evaluated for an initial 60 days.
Virtualization
Virtualization
is a major part of today’s data centers. The operating
efficiencies offered by virtualization allow organizations to
dramatically reduce operational effort and power consumption.
Windows
Server 2008 R2 provides the following virtualization types:
Client and Server virtualization provided by Hyper-V™.
Hyper-V™ virtualizes the system resources of a physical
computer. Computer virtualization allows you to provide a virtualized
environment for operating systems and applications. When used alone,
Hyper-V™ is typically used for server computer virtualization.
When Hyper-V™ is used in conjunction with Virtual Desktop
Infrastructure (VDI), Hyper-V™ is used for client computer
virtualization.
Presentation virtualization. This type of
virtualization provided by TS RemoteApp virtualizes a processing
environment and isolates the processing from the graphics and I/O,
making it possible to run an application in one location but have it
be controlled in another. Presentation virtualization allows end
users to run a single application, ora complete desktop offering
multiple applications.
Note:
There are other types of virtualization that are not discussed in
this guide, such as application virtualization provided by Microsoft
App-V. For more information on all Microsoft virtualization products
and technologies, see the Microsoft Virtualization home page at
http://www.microsoft.com/virtualization/default.mspx.
Improved Computer Virtualization with Hyper-V™
Beginning
with Windows Server 2008, computer virtualization using Hyper-V™
technology has been an integral part of the operating system. A new
version of Hyper-V™, Hyper-V™, is included as a part of
Windows Server 2008 R2.
Hyper-V™
includes many improvements for creating dynamic virtual data centers,
including:
Increased availability for virtualized data centers
Improved management of virtualized data centers
A simplified method for physical and virtual computer deployments
by using .vhd files
Increased Availability for Virtual Data Centers
One of
the most important aspects of any data center is providing the
highest possible availability for systems and applications. Virtual
data centers are no exception to the need for consolidation, high
availability and most of all sophisticated management tools.
Windows
Server 2008 R2 includes the much-anticipated Live Migration feature,
which allows you to move a virtual machine between two computers
running Hyper-V™ without any interruption of service. The users
connected to the virtual machine being moved will notice only a
slight drop in performance for a few moments. Otherwise, they will be
unaware that the virtual machine was moved from one physical computer
to another.
Live Migration Support through Cluster Shared Volumes
Live
Migration uses the new Cluster Shared Volumes (CSV) feature within
Failover Clustering in Windows Server 2008 R2. The CSV volumes enable
multiple nodes in the same failover cluster to concurrently access
the same logical unit number (LUN). From a VM’s perspective,
each VM appears to actually own a LUN; however, the .vhd files for
each VM are stored on the same CSV volume, as illustrated in the
following figure.
Figure
4: Cluster Shared Volumes
Because
CSV provides a consistent file namespace to all nodes in the cluster,
any files stored on a CSV have the same name and path from any node
in the cluster. CSV volumes are stored as directories and
subdirectories beneath the ClusterStorage root folder, as illustrated
in the following figure.
Figure
2: Example of single namespace in CSV
As
illustrated in the previous figure, the CSV volumes (Volume1,
Volume2, and Volume3) are stored in the ClusterStorage folder. If the
ClusterStorage folder exists in the root of E:, the fully qualified
path to each of the CSV volumes would be as follows:
E:\ClusterStorage\Volume1\root
E:\ClusterStorage\Volume2\root
E:\ClusterStorage\Volume3\root
All
cluster nodes would access the shared volumes by using these fully
qualified paths.
Note:
Currently, CSV volumes can only be used for the Live Migration
feature.
Improved Cluster Node Connectivity Fault Tolerance
Because
of the architecture of CSV, there is improved cluster node
connectivity fault tolerance that directly affects VMs running on the
cluster. The CSV architecture implements a mechanism, known as
dynamic I/O redirection, where I/O can be rerouted within
the failover cluster based on connection availability, as illustrated
in the following figure.
Figure
5: Dynamic IO redirection for Cluster Shared Volumes
The
first type of failure that can be redirected is the failure of a
cluster node connection to the shared storage between cluster nodes,
typically on a Storage Area Network (SAN). As shown in the following
figure, if the SAN connection on Node 2 fails, the I/O operations are
redirected over the network to Node 1. Node 1 then performs the I/O
operation to the SAN. This allows you do a Live Migration of the VM
running on Node 2 to Node 1.
Figure
6: IO connectivity fault tolerance for CSV
The
next type of failure that can be redirected is the failure of network
connectivity for a cluster node. As shown in the following figure,
the primary network connection between Node 1 and Node 2 fails. Node
2 automatically reroutes network traffic over a redundant network
connection and Node 1 performs the network I/O.
Figure
7: Network fault tolerance for CSV
The
next type of failure that can be redirected is the failure of an
entire cluster node. As shown in the following figure, Node 1 has
ownership of a volume that is used by the VM running on Node 2. In
the event of a complete failure of Node 1, ownership of the volume is
changed to Node 2 without any interruption of service to the VM
running on Node 2.
Figure
8: Node fault tolerance for CSV
Enhanced Cluster Validation Tool
Windows
Server 2008 R2 includes a Best Practices Analyzer (BPA) for all major
server roles, including Failover Clustering. This analyzer examines
the best practices configuration settings for a cluster and cluster
nodes. The test runs only on computers that are currently cluster
nodes.
Improved Migration of Cluster Workloads
You can
migrate cluster workloads currently running on Windows Server 2003
and Windows Server 2008 to Windows Server 2008 R2. The migration
process:
Supports every workload currently supported on Windows Server 2003
and Windows Server 2008, including DFS-N, DHCP, DTC, File Server,
Generic Application, Generic Script, Generic Service, iSNS, MSMS,
NFS, Other Server, TSSB, and WINS.
Supports most common network configurations.
Does not support rolling upgrades of clusters. (Cluster workloads
must be migrated to a new cluster running Windows Server 2008 R2.)
Integration of Live Migration and
Failover Clustering
Live
Migration requires failover clustering in Windows Server 2008 R2.
Specifically, Live Migration uses the Cluster Shared Volumes (CSV)
feature in failover clustering in Windows Server 2008 R2.
The
following are the requirements for performing Live Migration with a
failover cluster:
Live Migration can only be performed between cluster nodes within the
same failover cluster. (Virtual machines can only be moved between
cluster nodes.)
Hyper-V™ must be running on the cluster nodes in the failover
cluster and have access to the same set of CSVs.
The .vhd files for the virtual machines to be moved by Live Migration
must be stored on the CSVs.
The
following figure illustrates a typical Hyper-V™ and failover
cluster configuration for supporting Live Migration.
Figure
93: Typical configuration to support Live Migration
Live Migration Process
The
Live Migration process is performed in the following steps:
An administrator
initiates a Live Migration between the source and target cluster
node.
A duplicate virtual machine is created on the target cluster node, as
illustrated in the following figure.
Figure
10: Creation of target virtual machine on target cluster node
All of the current memory in the source virtual machine is copied to
the target virtual machine, as illustrated in the previous figure.
Clients connected to the source virtual machine continue to run on
the source virtual machine and create dirty memory pages as
illustrated in the following figure.
The dirty memory pages are tracked and continue an iterative copy of
the dirty memory pages until all memory pages are copied to the
target virtual machine, as illustrated in the following figure.
Figure
11: Iterative copy of dirty memory from source to target virtual
machine
When all memory pages are copied to the target virtual machine,
clients are automatically redirected to the target virtual machine
and the source virtual machine is deleted, as illustrated in the
following figure.
Figure
12: Final configuration after Live Migration completes
Improved Management of Virtual Data Centers
Even
with all the efficiency gained from virtualization, virtual machines
still need to be managed. The number of virtual machines tends to
proliferate much faster than physical computers because machines
typically do not require a hardware acquisition. Therefore,
management of virtual data centers is even more imperative than ever
before.
Windows
Server 2008 R2 includes the following improvements that will help you
manage your virtual data center:
Reduced effort for performing day-to-day Hyper-V™
administrative tasks by using the Hyper-V™ Management Console.
As illustrated below, the Hyper-V™ Management Console has been
updated to reduce the amount of effort required to perform common
day-to-day administrative tasks.
Enhanced command-line interface and automated management of
Hyper-V™ administrative tasks by using PowerShell cmdlets.
Simplified Method for Physical and Virtual Computer Deployments
Historically,
different methods have been used to deploy operating systems and
applications to physical and virtual computers. For virtual
computers, the .vhd file format has become a de facto standard
for deploying and interchanging preconfigured operating systems and
applications.
Windows
Server 2008 R2 also supports the ability to boot a computer from a
.vhd file stored on a local hard disk. This allows you to use
preconfigured .vhd files for deploying virtual and physical
computers. This helps reduce the number of images you need to manage
and provides an easier method for test deployment prior to deployment
in your production environment.
Terminal Services Focuses on
Presentation Virtualization
Terminal
Services (TS) is one of the most widely used features in previous
versions of Windows Server. Terminal Services makes it possible to
remotely run an application in one location but have it be controlled
in another. Microsoft has outfitted this technology with exciting new
features and capabilities, all aimed at providing users and
administrators with the features necessary for providing as robust a
usage experience across remote connects as users can expect with
local resources.
Terminal Services and Virtual Desktop Infrastructure
To
expand the Terminal Services feature set, Microsoft has been
investing in the Virtual Desktop Infrastructure, also known as VDI,
in collaboration with our partners, which include Citrix, Unisys, HP,
Quest, Ericom and several others. VDI is a centralized desktop
delivery architecture, which allows customers to centralize the
storage, execution and management of a Windows desktop in the data
center. It enables Windows Vista Enterprise and other desktop
environments to run and be managed in virtual machines on a
centralized server.
Increasingly
businesses aim to enable their employees and contractors to work from
home or from an offshore, outsourced facility. These new work
environments provide better flexibility, cost control and lower
environmental footprint but increase demand for security and
compliance so that precious Corporate data is not at risk. VDI
addresses all these challenges with the following features:
Improved
User Experience
For
both VDI and traditional remote desktop services the quality of user
experience is more important than ever before. The version of VDI and
remote desktop services in Windows Server 2008 improves the end user
experience through new Remote Desktop Protocol capabilities. These
new capabilities, enabled with Windows Server 2008 R2 in combination
with Windows 7, help make the user experience for remote users almost
identical to local users.
Improved
RemoteApp and Desktop Connections
New
RemoteApp & Desktop (RAD) feeds provide a set of resources, such
as RemoteApp programs and Remote Desktops. These feeds are presented
to Windows 7 users via the new RemoteApp & Desktop Connection
control panel. The new RemoteApp and Desktop Web Access feature
provide the ability to connect to resources from both Windows Vista
and Windows XP in addition to Windows 7.
The
improved RemoteApp and Desktop Connections features in Windows Server
2008 R2 and Windows 7 provide the following improvements:
Extends Terminal Services to provide tools to enable VDI. The
in-box Terminal Services capability is targeted at low-complexity
deployments and as a platform for partner solutions, which can extend
scalability and manageability to address the needs of more demanding
enterprise deployments. VDI includes the following technologies to
provide a comprehensive solution:
Hyper-V™
Live Migration
System Center Virtual Machine Manager 2008
Microsoft Application Virtualization version 4.5 in Microsoft Desktop
Optimization Pack (MDOP).
Vista Enterprise VECD licensing
Provides simplified publishing of, and access to, remote desktops
and applications. The RAD feature provides a set of resources,
such as RemoteApp programs and remote desktops. These feeds are
presented to Windows 7 users using the new RemoteApp & Desktop
Connection control panel. The new RemoteApp & Desktop Web Access
provides the ability to connect to resources from Windows Vista and
Windows XP in addition to Windows 7.
Improved integration with Windows 7 user interface. Once
accessed, RAD-delivered programs and desktops show up in the Start
Menu with the same look and feel of locally installed applications. A
new System Tray icon shows connectivity status to all the remote
desktop and RemoteApp connections to which the user is currently
subscribed.
Figure
13: Updates to the Terminal Services Connection Broker
Improving User
Experience through new Remote Desktop Protocol capabilities.
These new capabilities, enabled with Windows Server 2008 R2 in
combination with Windows7, improve significantly the experience of
remote users, making it more similar to the experience enjoyed by
users accessing local computing resources. These improvements
include:
Multimedia Redirection: Provides high-quality multimedia by
redirecting multimedia files and streams so that audio and video
content is sent in its original format from the server to the client
and rendered using the client’s local media playback
capabilities.
True multiple monitor support: Enables support for up to 10
monitors in almost any size, resolution or layout with RemoteApp and
remote desktops; applications will behave just like they do when
running locally in multi-monitor configurations.
Audio Input & Recording: VDI supports any microphone
connected to users local machine, enables audio recording support for
RemoteApp and Remote Desktop. This is useful for VoIP scenarios and
also enables speech recognition.
Aero Glass support: VDI provides users with the ability to use
the AeroGlass UI for client desktops; ensuring that remote desktop
sessions look and feel like local desktop sessions.
Direct X redirection: DirectX 9, 10 and 11 applications will
render on the server and will be remoted using bitmaps (requiring
Direct3D-compatible hardware). If the application supports the new
DirectX 10.1 API with remoting extensions the DirectX (2D& 3D)
graphics are redirected to the local client to harness the power of
the GPU on the user’s local device, removing the need for a GPU
on the server.
Improved audio/video synchronization: RDP improvements in
Windows Server 2008 R2 are designed to provide closer synchronization
of audio and video in most scenarios.
Language Bar Redirection: Users can easily and seamlessly
control the language setting (e.g. right to left) for RemoteApp
programs using the local language bar.
Task Scheduler: This adds the ability in Task Scheduler to
ensure that scheduled applications never appear to users connecting
with RemoteApp. This reduces user confusion.
While RAD improves the end-user experience, RAD also reduces the
desktop and application management effort by providing a dedicated
management interface that lets IT managers assign remote resources to
users quickly and dynamically. Windows Server 2008 R2 includes the
following RAD management capabilities to help reduce administrative
effort:
RemoteApp & Desktop Connections control panel applet. Users
can easily connect to RemoteApp programs and Remote Desktops using
the RemoteApp & Desktop Connections control panel applet.
Single administrative infrastructure. Both RemoteApp &
Desktop connections and RemoteApp and Desktop Web Access are managed
from a single management console. This ensures that connections can
still be used from Windows XP and Vista by using a Web page.
Designed for standalone computers that are domain members and
standalone computers: The RemoteApp & Desktop feature is easy
to configure and use for computers that are members of Active
Directory domains and for standalone computers.
Always up to date. Once a workspace is configured, that
workspace keeps itself up to date until it is removed from the user’s
desktop. When an admin adds an application it automatically appears
on users’ Start menu and via that user’s Web Access page.
Single sign-on experience within a workspace. Ensures that
only a single logon is required to access all applications and
resources with a RAD connection.
RemoteApp & Desktop Web Access. This capability provides
full integration with RemoteApp & Desktop Connections to ensure a
consistent list of applications is available to the user at all
times, no matter the desktop OS used. The default web page provides a
fresh and inviting look and feel and includes a new web based login
with integrated single sign-on.
Figure
13: Terminal Services Web Access expands TS features cross-OS
Administrators faced
with larger RAD deployment scenarios will also find additional
management features in Windows Server 2008 R2 aimed at improving the
management experience for all existing scenarios previously addressed
by Terminal Services as well as the exciting new scenarios available
via RAD. These improved management features include:
PowerShell Provider. Easily manage multiple servers and
repetitive tasks - almost all Terminal Services administrative tasks
can now be scripted; view and edit configuration settings for the
Terminal Services Gateway, Terminal Server and more.
Profile Improvements. The user profile cache quota removes the
need to delete profiles at logoff, speeding up user logon. Group
policy caching can now be performed across a TS Farm to speed up
group policy processing during logon
Microsoft Installer (MSI) compatibility. Microsoft has fixed
multiple MSI-related issues with Windows Server 2008’s Terminal
Services to ensure that MSI install packages can be installed
normally and that per-user install settings are correctly propagated.
The updates also remove the need to put the server in ‘install
mode’, meaning users no longer need to be logged off during RAD
management operations.
Terminals Services Gateway. TSG securely provides access to
RAD resources from the Internet without the need for opening
additional ports or the use of a VPN. TSG provides this by tunneling
RDP over HTTPS and incorporating several new security features:
Silent Session Re-authentication. The Gateway
administrator can now configure the TSG to run periodic user
authentication and authorization on all live connections. This
ensures that any changes to user profiles are enforced. For users
whose profiles haven’t changed, the experience is seamless.
Secure device redirection. The Gateway administrator
can be assured that device redirection settings are always enforced
even from unmanaged clients like kiosks.
Pluggable Authentication. For corporations that have
specific need to implement their own authentication and authorization
technologies, these customers now have the flexibility to plug-in
their preferred authentication/authorization mechanisms.
Idle & session timeout. Administrators now have the
flexibility of disconnecting idle sessions or limiting how long users
can be connected.
Consent Signing. If your business demands that remote
users adhere to legal terms & conditions before accessing
corporate resources, the consent signing feature helps you do just
that.
Administrative messaging. The Gateway also provides the
flexibility to provide broadcast messages to users before launching
any administration activities such as maintenance or upgrades.
Partners and
Independent Software Vendors (ISVs) also get tools with the new
service to more easily enable third-party software manufacturers to
built RAD-optimized products. These tools include:
RemoteApp& Desktop Web Access Customization. It is
now possible to easily extend the look and feel of web access by both
customers and partners using support for cascading style sheets.
Developers can also create custom Web sites that consume the RAD
connection XML feed and transform these with XSLT.
RemoteApp & Desktop Connection. Though RAD connections are
currently only used for Terminal Services it is possible to extend
both the server-side infrastructure and Windows 7 client shell to add
support for any type of application or service – even ones that
don’t use RDP or remoting protocols. This provides a single UI
and point of discoverability for any service.
Session broker extensibility. The session broker offers broad
extensibility to enable customers and ISVs to take advantage of the
built-in RDP redirection features while providing significant
additional unique value through the various types of plug-ins; for
example:
Policy (policy plug-in), which determines the proper farm or
VM for a connection,
Load Balancing (filter plug-in), which chooses the proper
endpoint based on load, and
Orchestration (filter plug-in), which prepares a VM to accept
RDP connections.
Management
The
ongoing management of servers in the data center is one of most
time-consuming task facing IT professionals today. Any management
strategy you deploy must support the management of both your physical
and virtual environments.
Another
design goal for Windows Server 2008 R2 is to reduce the ongoing
management of Windows Server 2008 R2 and to reduce the administrative
effort for common day-to-day operational tasks. These administrative
tasks can be performed on the server or remotely.
Management
improvements in Windows Server 2008 R2 include:
Improved data center power consumption management
Improved remote administration
Reduced administrative effort for administrative tasks performed
interactively
Enhanced command-line and automated management by using PowerShell
version 2.0
Improved identity management provided by Microsoft Active Directory®
Domain Services and Active Directory Federated Services
Improved compliance with established standards and best practices
Improved Data center Power Consumption Management
With
the proliferation of physical computers in data centers, power
consumption is of paramount importance. In addition to the
cost-saving associated with reducing power consumption, many data
centers are constrained by the number of computers they can support
in their data center by the actual power available to the data
center. Therefore reducing your power consumption also allows you to
support more physical computers while using the same amount of power,
or less power, than before.
Window
Server 2008 R2 includes the following improvements for reducing power
consumption:
Reduced multicore processor power consumption
Reduced processor power consumption by adjusting processor speed
Reduced storage power consumption
Reduced Multicore Processor Power Consumption
Windows
Server 2008 R2 reduces processor power consumption in server
computers with multicore processors by using a feature known as Core
Parking. The Core Parking feature allows Windows Server 2008 R2
to consolidate processing onto the fewest number of possible
processor cores, and suspends inactive processor cores, as
illustrated in Figure 13.
Figure
13: Core Parking in minimal power consumption configuration
If
additional processing power is required, the Core Parking feature
activates inactive processor cores to handle the increased processing
requirements, as illustrated in the following figure.
Figure
14: Core Parking with increased processing requirements
You can
configure Core Parking by using the Group Policy settings in Windows
Server 2008 R2 Active Directory Domain Services.
Reduced Processor Power Consumption
Windows
Server 2008 R2 has the ability to adjust the ACPI
“P-states” of processors and subsequently
adjust server power consumption. ACPI “P-states” are the
processor performance states within the ACPI specification. Depending
on the processor architecture, Windows Server 2008 R2 can adjust the
“P-states” of individual processors and provide very fine
control over power consumption, as illustrated in the following
figure.
Figure15:
“P-states” power management
You can
configure how “P-states” are adjusted in Windows Server
2008 R2 by using Active Directory Group Policy settings.
Reduced Storage Power Consumption
Another
key method for reducing power in data centers is by centralizing the
storage, typically by using a Storage Area Network (SAN). Because
SANs tend to have higher-capacity drives for the same amount of power
consumption, the storage capacity–to–power consumption
ratio in a SAN is higher than in a typical server computer. SANs also
make more efficient use of the available disk space, as any server
can have access to the available storage on the SAN.
The
following figure illustrates a data center without efficient usage of
centralized storage as provided by a SAN.
Figure16:
Data center with local storage in each server computer
Windows
Server 2008 R2 supports the ability to boot from a SAN, which
eliminates the need for local hard disks in the individual server
computers. In addition, performance for accessing storage on SANs has
been greatly improved. The following figure shows how booting from a
SAN can dramatically reduce the number of hard disks and decrease
power consumption as a result.
Figure17:
Centralizing storage to reduce power consumption
Improved Remote Administration
Remote
administration of server computers is essential to any efficient data
center. It is very rare that server computers are administered
locally. Windows Server 2008 R2 introduces a number of improvements
in remote administration, including the following:
Improved remote management through graphical management
consoles. Server Manager has been updated to allow remote
administration of servers. In addition, many of the management
consoles have improved integration with Server Manager and, as a
result, support remote management scenarios. For more detailed
information about each management console, see “Management
Console Improvements” later in this guide.
Improved remote management from command-line and automated
scripts. PowerShell version 2.0 offers a number of
improvements for remote management scenarios. These improvements
allow you to run scripts on one or more remote computers or to allow
multiple IT professionals to simultaneously run scripts on a single
computer. For more detailed information about these remote management
scenarios, see “Enhanced Remote PowerShell Scenarios”
later in this guide.
Reduced Administrative Effort for Interactive Administrative Tasks
Reducing
administrative effort for day-to-day administrative tasks is another
key design goal for Windows Server 2008 R2. Many of the management
consoles used to manage Windows Server 2008 R2 have been updated or
completely redesigned to help reduce your administrative effort. Some
of the prominent updated and redesigned management consoles are
listed in the following table with descriptions of the improvements.
Table 22: Updated & Redesigned Management Consoles in Windows
Server 2008 R2
Management
Console
|
Improvements
|
Server
Manager
|
Support for remote management of computers
Improved
integration with many role and role services management consoles
|
Active
Directory Administrative Center
|
Based on administrative capabilities provided by PowerShell
cmdlets
Task-driven user interface
|
Internet
Information Services
|
Based on administrative capabilities provided by PowerShell
cmdlets
Task-driven user interface
|
Hyper-V™
|
Based on administrative capabilities provided by PowerShell
cmdlets
Updated VM performance and management capabilities
Even tighter integration with System Center Virtual Machine
Manager
|
Enhanced Command-line and Automated Management
The
PowerShell 1.0 scripting environment was shipped with Windows Server
2008 RTM. Windows Server 2008 R2 includes PowerShell 2.0, which
offers a number of improvements over version 1.0, including the
following:
Improved remote management by using PowerShell remoting.
For more information about PowerShell remoting, see “Improved
Remote Management” under “Management” the upcoming
Windows Server 2008 R2 Technical Overview.
Improved security for management data, including state and
configuration information, by using constrained runspaces.
For more information about constrained runspaces, see “Improved
Security for Management” under “Management” in the
upcoming Windows Server 2008 R2 Technical Overview.
Enhanced GUIs for creating and debugging PowerShell scripts
and viewing PowerShell script output by using Graphical PowerShell
and the Out-GridView cmdlet. For more information about
Graphical PowerShell and the Out-GridView cmdlet, see
“Enhanced Graphical User Interfaces” under “Management”
in the upcoming Windows Server 2008 R2 Technical Overview.
Extended scripting functionality that supports creation of
more powerful scripts with less development effort. For more
information on this topic, see “Extended Scripting
Functionality” under “Management” in the upcoming
Windows Server 2008 R2 Technical Overview.
Improved portability of PowerShell scripts and cmdlets
between multiple computers. For more information about this
topic, see “Improved Portability of PowerShell Scripts and
Cmdlets” under “Management” in the upcoming Windows
Server 2008 R2 Technical Overview.
During
your review of PowerShell version 2.0 in Windows Server 2008 R2, you
will want to familiarize yourself with the new GUI tools, Graphical
PowerShell and the Out-GridView cmdlet. As illustrated in the
following figure, Graphical PowerShell provides a GUI that allows you
to interactively create and debug PowerShell scripts within an
integrated development environment similar to Visual Studio.
Figure18:
Graphical PowerShell user interface with Active Directory Provider
Graphical PowerShell includes the following features:
Syntax coloring for PowerShell scripts (similar to syntax coloring in
Visual Studio)
Support for Unicode characters
Support for composing and debugging multiple PowerShell scripts in a
multi-tabbed interface
Ability to run an entire script, or a portion of a script, within the
integrated development environment
Support for up to eight PowerShell runspaces within the integrated
development environment
Note:
Graphical PowerShell feature requires Microsoft .NET Framework 3.0.
The new
Out-GridView cmdlet displays the results of other commands in
an interactive table, where you can search, sort, and group the
results. For example, you can send the results of a get-process,
get-wmiobject, or get-eventlog command to Out-GridView
and use the table features to examine the data.
Note:
The Out-GridView cmdlet feature requires Microsoft .NET
Framework 3.0.
Also
during your review, you will want to familiarize yourself with the
new and updated cmdlets available in PowerShell version 2.0 and
Windows Server 2008 R2, a very few of which are listed in the
following figure.
Figure19:
A snapshot of new cmdlets
Improved Identity Management
Identity
management has always been one of the critical management tasks for
Windows-based networks. The implications of a poorly managed identity
managed system are one of the largest security concerns for any
organization.
Windows
Server 2008 R2 includes identity management improvements in the
Active Directory Domain Services and Active Directory Federated
Services server roles.
Improvements for All Active Directory Server Roles
Windows
Server 2008 R2 includes the following identity management
improvements that affect all Active Directory server roles:
New forest functional level. Windows Server 2008 R2
includes a new Active Directory forest functional level. Many of the
new features in the Active Directory server roles require the Active
Directory forest to be configured with this new functional level.
Enhanced command line and automated management.
PowerShell cmdlets provide the ability to fully manage Active
Directory server roles.
Improved automated monitoring and notification. An
updated System Center Manager 2007 Management Pack helps improve the
monitoring and management of Active Directory server roles.
Improvements in Active Directory Domain Services
The
Active Directory Domain Service server role in Windows Server 2008 R2
includes the following improvements:
Recovery of deleted objects. Domains in Active
Directory now have a Recycle Bin feature that allows you to recover
deleted objects. If an Active Directory object is inadvertently
deleted, you can restore the object from the Recycle Bin. This
feature requires the updated R2 forest functional level.
Improved process for joining domains. Computers can
now join a domain without being connected to the domain during the
deployment process, also known as an offline domain join.
This process allows you to fully automate the joining of a domain
during deployment. Domain administrators create an XML file that can
be included as a part of the automated deployment process. The file
includes all the information necessary for the target computer to
join the domain.
Improved management of user accounts used as identity for
services. One time-consuming management task is the
maintenance of passwords for user accounts that are used as
identities for services, also known as service accounts.
When the password for a service account changes, the services using
that identity also must be updated with the new password. To address
this problem, Windows Server 2008 R2 includes a new feature known as
managed service accounts. In Windows Server 2008 R2, when
the password for a service account changes, the managed service
account feature automatically updates the password for all services
that use the service account.
Reduced effort to perform common administrative tasks.
As illustrated in the following figure, Windows Server 2008 R2
includes a new Active Directory Domain Services management console,
Active Directory Administrative Center.
Figure
20: Active Directory Administrative Center management console
Active Directory
Administrative Center is a task-based management console that is
based on the new PowerShell cmdlets in Windows Server 2008 R2. Active
Directory Administrative Center is designed to help reduce the
administrative effort for performing common administrative tasks.
Improvements in Active Directory Federated Services
Active
Directory Federated Services in Windows Server 2008 R2 includes a new
feature known as authentication assurance. This feature
allows administrators to establish authentication policies for
accounts that are authenticated in federated domains. This enables a
variety of advanced authentication scenarios, such as smart cards,
for example.
Improved Compliance with Established Standards and Best Practices
Windows
Server 2008 R2 includes an integrated Best Practices Analyzer for
each of the server roles. The Best Practices Analyzer creates a
checklist within Server Manager for the role, which you can use to
help perform all the configuration tasks.
Web
Windows
Server 2008 R2 includes many improvements that make this release the
most robust Windows Server application platform yet. These
improvements comprise new features in IIS 7.0 as well as other areas
of Windows Server 2008 R2 to help applications run faster while using
fewer system resources. The improved features also combine to help
reduce the effort to administer and support Windows Server–based
applications as well as improve availability, reliability, and
scalability.
The
following improvements in Windows Server 2008 R2 are included in this
technical solution:
Reduced effort to administer and support Web-based applications
Enhanced security for Web-based applications
Improved file-transfer services
Ability to extend the functionality and features for Web-based
applications
Improved availability and performance for Web-based applications and
services
Reduced Effort to Administer and Support Web-based Applications
Reducing
the effort required to administer and support Web-based applications
running on IIS 7.0 is one of the primary design goals for Windows
Server 2008 R2. The goal of the design is to help reduce the effort
required to:
Perform common administrative tasks.
Support and troubleshoot Web-based applications.
Reduced Administrative Effort
Windows
Server 2008 R2 reduces administrative effort by:
Automating common administrative tasks through the new PowerShell
provider for IIS 7.0.
Expanding the management and administrative features in the
Administration Pack for IIS 7.0.
Improving the integration of Internet Information Services Manager
with Server Manager.
Automating the publishing of applications by using one-click
publishing in Microsoft Visual Studio®
10.
Automating the deployment of applications by using the Web Deployment
Tool.
Automation of Common Tasks Through
the PowerShell Provider
The
PowerShell provider for IIS 7.0 includes more than 50 new cmdlets for
managing IIS 7.0 and the applications running on IIS 7.0.
Expanded Administrator Pack
The
Administration Pack has been expanded to include:
Management of Microsoft SQL Server®
databases within IIS Manager by using Database Manager.
Configuration of IIS 7.0 and application settings by using
Configuration Editor.
Enhanced viewing of IIS log files by using IIS Reports.
Graphical user interface for managing the Request Filtering module by
using Request Filtering.
Database Manager
Database
Manager allows you to manage local and remote SQL Server databases
from within the IIS Manager user interface and reduces the number of
administration consoles required to perform administrative tasks.
Database Manager supports the ability to perform remote management
over HTTP, which means it works well in remote shared-hosting
scenarios.
Configuration Editor
Configuration
Editor (illustrated in the following figure) allows you to manage any
configuration section available in the configuration system.
Configuration Editor exposes several configuration settings that are
not exposed elsewhere in IIS Manager.
Figure21:
Configuration Editor user interface
IIS Reports
IIS
Reports provides you with built-in report visualization and charting
support for log file data. IIS Reports includes the ability to
perform full-range selection, create custom charts, and print or save
reports. IIS Reports also supports remote management over HTTP, which
means it works well in remote shared-hosting scenarios.
Request Filtering
The
Request Filtering user interface (illustrated in the following
figure) provides a graphical user interface for configuring the
Request Filtering module.
Figure22:
Request Filtering user interface
Improved IIS Manager Integration
with Server Manager
You can
now perform more IIS administrative tasks within Server Manager due
to the integration of IIS Manager, as illustrated in the following
figure. This improved integration reduces the number of consoles
needed to perform the tasks, allowing you to work more efficiently.
Figure23:
IIS Manager integration with Server Manager
Automated Publishing of Applications
One-click
publishing in Visual Studio 10 reduces the complexity and effort
required to publish applications into your test or production
environments, by requiring only a single mouse click to publish the
application.
Automated Application Deployment
Reduced Support and Troubleshooting Effort
Windows
Server 2008 R2 reduces support and troubleshooting effort in the
following ways:
Enhanced auditing of changes to IIS 7.0 and application
configuration. The new Configuration Tracing feature in IIS
7.0 provides enhanced auditing of changes to IIS and application
configuration, which allows you to track the configuration changes
made to your test and production environments.
Improved monitoring of IIS 7.0 and applications. IIS
7.0 in Windows Server 2008 R2 includes new performance counters that
help reduce support and troubleshooting effort. Some of these new
counters include:
Enhanced Web Application Security
Windows
Server 2008 R2 includes security enhancements for Web-based
applications. These enhancements help your Web-based applications run
more securely, with fewer system resources and improved
manageability. The enhancements include:
Ability to run .NET applications on the Server Core
installation option. You can now run .NET applications on
the Windows Server 2008 R2 Server Core installation option. The
Server Core installation option reduces the attack surface of Windows
Server 2008 R2 and improves the overall security of the Web-based
applications because the graphical user environment is not installed
as a part of the Server Core installation option.
Secure Web content publishing using standard
protocols. This is especially helpful in hosting and
development scenarios, and comprises features in the new FTP server
and integrated WebDAV module.
Reduction of potential security attacks by filtering client
traffic. The Request Filter module in Windows Server 2008 R2
will include the filtering features previously found in URLScan 3.0.
By blocking specific HTTP requests, the Request Filter module helps
prevent potentially harmful requests from being processed by Web
applications on the server.
Improved File Transfer Services
Windows
Server 2008 R2 includes a new version of FTP server services. These
new FTP server services offer the following improvements:
Reduced administrative effort for FTP server services.
The new FTP server is fully integrated with the IIS 7.0
administration interface and configuration store, as shown in the
following figure. The FTP server in Windows Server 2008 RTM used the
IIS 6.0 metabase, while the FPT server in Windows Server 2008 R2 uses
the new .NET XML-based *.config format. This allows you to perform
common administrative tasks within one common administration console.
The new FTP server administration is also integrated with Server
Manager.
Figure
244: Integration of the FTP server administration in Internet
Information Service Manager
Extended support for new Internet standards. The new
FTP server includes support for emerging standard, including:
Improved security by supporting FTP over secure sockets layer (SSL).
Support of extended character sets by including UTF8 support.
Extended IP addressing features provided by IPv6.
Improved integration with web-based applications and
services. With the new FTP server, you can specify a,
virtual host name for an FTP site. This allows you to create multiple
FTP sites that use the same IP address, but are differentiated by
using unique virtual host names. This allows you to provide FTP and
Web content from the same Web site simply by binding an FTP site to a
Web site.
Reduced effort for support and troubleshooting FTP–related
issues. Improved logging that now supports all FTP-related
traffic, unique tracking for FTP sessions, FTP sub statuses, an
additional detail field in FTP logs, and more.
Ability to Extend Functionality and Features
One of
the design goals for IIS 7.0 was to make it easy for you to extend
the base functionality and features in IIS 7.0 IIS Extensions allow
you to build or buy software that can be integrated into IIS 7.0 in
such a way that the software appears to be an integral part of IIS
7.0. The following figure illustrates the placement of IIS Extensions
in the IIS 7.0 architecture.
Figure25:
Architecture of IIS Extensions in IIS 7.0 in Windows Server 2008 R2
Extensions
can be created by Microsoft, partners, independent software vendors,
and your organization. Microsoft has developed IIS Extensions since
the RTM version of Windows Server 2008. These IIS Extensions are
available for download from
http://iis.net.
Many of the IIS Extensions developed by Microsoft will be shipped as
a part of Windows Server 2008 R2, including:
WebDAV
Integrated and enhanced Administration Pack
Web Deployment Pack
Web Playlist Pack
Improved Availability and
Performance for Web-based Applications and Services
Availability
and performance are key elements in every Web-based solution in your
enterprise. Today, most mission-critical applications require
increasing availability and performance requirements. Windows Server
2008 R2 addresses these needs by providing:
Detailed reporting
and diagnostic information available directly in Internet
Information Services management console.
High-speed dynamic
caching and compression for improved performance.
Support for
scalable Web farm via HTTP-based load balancing and intelligent
request handing and routing.
Solid Foundation for Enterprise Workloads
Windows
Server 2008 R2 has been designed as a best-of-breed enterprise
operating platform, capable of handling the most demanding data
center workloads and delivering the latest next-gen network
productivity experience to end-users across even the largest
networks. To address these challenges, Microsoft has designed Windows
Server 2008 R2 with several new feature categories in mind, divisible
into two basic categories:
Scalability and Reliability
Windows
Server 2008 R2 is capable of the unprecedented workload size, dynamic
scalability and across-the-board availability and reliability. A host
of new and updated features contribute to this pillar:
Leveraging
sophisticated CPU architectures
Increased
operating system componentization
Improved
performance and scalability for applications and services
Improved
availability for automated IP configuration services by using the
DHCP failover feature
Improved security
for Domain Name System (DNS) services by using the DNSSEC feature
Leveraging Sophisticated CPU Architectures
Windows
Server 2008 R2 is the first Windows operating system to be offered
for only 64-bit processors. With customers being unable to purchase a
32-bit server CPU for over two years, the performance and reliability
advantages to moving to this architecture were too beneficial to
ignore.
Additionally,
Windows Server 2008 R2 now supports up to 256 logical processor cores
for a single operating system instance. Hyper-V™ virtual
machines are able to address up to 32 logical cores in a single VM.
These improvements not only guarantee more bang for your server
hardware buck, but also offer better reliability with fewer locks and
greater parallelism.
Increased Operating System Componentization
Microsoft
introduced the concept of server roles to allow server administrators
to quickly and easily configure any Windows-based server to run a
specific set of tasks and remove extraneous OS code from system
overhead. Windows Server 2008 R2 further extends this model with
support for more roles and a broadening of current role support, like
the addition of ASP.NET within IIS 7.0.
Roles
have been refined and feature sets redefined as customers have
expressed desires for certain capabilities in popular scenarios. The
Server Core installation option is an appropriate mention here with
new (and much demanded) support for PowerShell scripting made
possible by the addition of the .NET Framework to the list of server
roles supported in the Server Core installation option.
Improved Performance and Scalability for Applications and Services
Another
key design goal was to provide higher performance for Windows Server
2008 R2 running on the same system resources as previous versions of
Windows Server. In addition, Windows Server 2008 R2 supports
increased scaling capabilities that allow you to support greater
workloads than ever before. Windows Server 2008 R2 features that
improve performance and scalability for applications and services
include:
Support for larger workloads by adding more servers to a workload
(scaling out).
Support for larger workloads by utilizing or increasing system
resources (scaling up).
Increased Workload Support by
Scaling Out
The
Network Load Balancing feature in Windows Server 2008 R2 allows you
to combine two or more computers in to a cluster. You can use NLB to
distribute workloads across the cluster nodes in order to support a
larger number of simultaneous users. Network Load Balancing feature
improvements in Windows Server 2008 R2 include:
Improved support for applications and services that require
persistent connections.
Improved health monitoring and awareness for applications and
services running on Network Load Balancing clusters.
Improved Support for Applications
and Services That Require Persistent Connections
As
illustrated in the following figure, the IP Stickiness feature in
Network Load Balancing allows you to configure longer affinity
between client and cluster nodes. By default, Network Load Balancing
distributes each request to different nodes in the clusters. Some
applications and services, such as a shopping cart application,
require that a persistent connection be maintained with a specific
cluster node.
Figure
26: IP Stickiness feature in Network Load Balancing
You can
configure a time-out setting for connection state to a range of hours
or even weeks in length. Examples of applications and services that
can utilize this feature include:
Universal Access Gateway (UAG), which uses an SSL–based virtual
private network (VPN).
Web-based applications that maintain user information, such as an
ASP.NET shopping cart application.
Improved Health Monitoring and
Awareness for Applications and Services
As
illustrated in the following figure, the Network Load Balancing
Management Pack for Windows Server 2008 R2 allows you to monitor the
health of applications and services running in Network Load Balancing
clusters.
Figure27:
Application health monitoring in Network Load Balancing clusters
Increased Workload Support by
Scaling Up
Windows
Server 2008 R2 includes features that also allow you to support
larger workloads on individual computers. Scaling up allows you to
reduce the number of servers in your data center and be more power
efficient. The features that support scaling up include:
Increased number of logical processors supported.
Windows Server 2008 R2 supports up to 256 logical processors.
Reduced operating system overhead for graphical user
interface. In addition to reducing the attack surface of the
operating system, the Server Core installation option eliminates the
graphical user interface, which reduces the amount of processor
utilization. The reduction in processor utilization allows more of
the processing power to be used for running workloads.
Improved performance for storage devices. Windows
Server 2008 R2 includes a number of performance improvements for
storage devices connected locally, through iSCSI and other remote
storage solutions. For more information on these improvements in
storage device performance, see “Improved File Services and
Network Attached Storage” later in this guide
Improved Storage Solutions
The
ability to quickly access information is more critical today than
ever before. The foundation for this high-speed access is based on
file services and network attached storage (NAS). Microsoft storage
solutions are at the core of providing high-performance and highly
available file services and NAS.
The
release version of Windows Server 2008 introduced many improvements
in storage technologies. Windows Server 2008 R2 includes additional
improvements that enhance the performance, availability, and
manageability of storage solutions.
Improved Storage Solution
Performance
Windows
Server 2008 R2 includes a number of performance improvements in
storage solutions, including:
Reduced processor utilization to achieve “wire speed”
storage performance. Wire speed refers to the
hypothetical maximum data transmission rate of a cable or other
transmission medium. Wire speed is dependent on the physical and
electrical properties of the cable, combined with the lowest level of
the connection protocols. Windows Server 2008 RTM is able to access
storage at wire speed, but at a higher processor utilization than
Windows Server 2008 R2.
Improved storage input/output process performance.
One of the primary contributors to storage performance improvements
in Windows Server 2008 R2 is the improvement in the storage
input/output process, known as NTIO. The NTIO process has been
optimized to reduce the overhead in performing storage operations.
Improved performance when multiple paths exist between
servers and storage. When multiple paths exist to storage,
you can load-balance storage operations by load-balancing the storage
requests. Windows Server 2008 R2 supports up to 32 paths to storage
devices, while Windows Server 2008 RTM only supported two paths. You
can configure load-balancing policies to optimize the performance for
your storage solution.
Improved connection performance for iSCSI attached storage.
The iSCSI client in Windows Server 2008 R2 has been optimized to
improve performance for iSCSI attached storage.
Improved support for optimization of the storage subsystem.
The storage system has been designed to allow hardware vendors to
optimize their storage mini-driver. For example, a vendor could
optimize the disk cache for their storage mini-driver.
Reduced length of time for operating system start.
Chkdsk is run during the operating system start when an administrator
has scheduled a scan of a disk volume or when volumes were not shut
down properly. Chkdsk performance has been optimized to reduce the
length of time required to start the operating system. This allows
you to recover faster in the event of an abnormal shutdown of the
operating system (such as a power loss).
Improved Storage Solution
Availability
Availability
of storage is essential to all mission-critical applications in your
organization. Windows Server 2008 R2 includes the following
improvements to storage solution availability:
Improved fault tolerance between servers and storage.
When multiple paths exist between servers and storage, Windows Server
2008 R2 can failover to an alternate path if the primary path fails.
You can select the failover priority by configuring the
load-balancing policies for your storage solution.
Improved recovery from configuration errors. An
error in the configuration of the storage subsystem can negatively
affect storage availability. Windows Server 2008 R2 allows you to
take configuration snapshots of the storage subsystem (for example,
the iSCSI configuration). In the event of a subsequent configuration
failure, you can quickly restore the configuration to a previous
version.
Improved Storage Solution
Manageability
Management
of the storage subsystem is another design goal for Windows Server
2008 R2. Some of the manageability improvements in Windows Server
2008 R2 include:
Automated deployment of storage subsystem configuration
settings. You can automate the storage subsystem
configuration settings in Windows Server 2008 R2 by customizing the
Unattend.xml file.
Improved monitoring of the storage subsystem. The
storage subsystem in Windows Server 2008 R2 includes the following
improvements that help in monitoring:
New performance counters that help reduce the support and
troubleshooting effort for storage subsystem–related issues.
Extended logging for the storage subsystem, including storage
drivers.
Health-based monitoring of the entire storage subsystem.
Improved version control of storage system configuration
settings. Windows Server 2008 R2 allows you to take
configuration snapshots of the storage subsystem. This allows you to
perform version control of configuration settings and to quickly
restore to a previous version in the event of a configuration error.
Improved Availability for Automated IP Configuration Services
Dynamic
Host Configuration Protocol (DHCP) server services are used to
provide automated IP configuration services for computers. However,
traditional DHCP services are prone to outages and failure because
the database that contains the DCHP lease information is stored on
only one computer. If the computer fails, the DHCP lease database is
inaccessible and computers are unable to renew their DHCP leases.
In
Windows Server 2008 R2 and Windows 7, the DHCP Failover feature has
been included to help mitigate IP configuration outages due to DHCP
server failures. The DHCP Failover feature is an implementation of
the DHCP Failover protocol, which is an Internet Engineering Task
Force (IETF) draft.
With
DHCP Failover, two computers providing DHCP Server services
synchronize DHCP lease information. One computer is designated as the
primary DHCP server and the other as the secondary DHCP server, which
is similar in concept to the primary and secondary Windows Internet
Name Service (WINS) servers.
When
computers request IP configuration, the primary DHCP server will
respond by default. In the event that the primary DHCP server fails,
computers receive IP configuration information from the secondary
DHCP server until the primary DHCP server is restored, as illustrated
in the following figure.
Figure
28: The DHCP Failover feature, used when primary DHCP server fails
The
DHCP Failover feature can also be configured to provide
load-balancing so that the IP configuration workload is distributed
between the primary and secondary DHCP servers. This load-balancing
allows you to support a larger number of IP configuration requests
over a shorter period of time, while helping to ensure that there are
no outages of IP configuration services.
Improved Security for DNS Services
One
common issue with DNS name resolution is that clients can’t
tell the difference between legitimate and illegitimate DNS
information and are this vulnerable to spoofing and Man in the Middle
attacks.
The DNS
Security Extensions (DNSSEC) feature in Windows Server 2008 R2 and
Windows 7 allows the DNS servers to verify authenticity of a DNS
record obtained from a signed zone, and allows clients to establish a
trust relationship with the DNS server.
The DNS
records in a protected DNS zone include a set of public keys that are
sent as DNS resource records from the DNS server services on Windows
Server 2008 R2 and Windows 7. Through the use of pre-configured Trust
Anchors, the DNS server can obtain the public keys of the key pair
used to sign the zone and validate the authenticity of the data
obtained from the zone. This method prevents interception of DNS
queries and returning of illegitimate DNS responses from an untrusted
DNS server.
Better Together with Windows 7
Windows
Server 2008 R2 has many features that are designed specifically to
work with client computers running Windows 7. Windows 7 is the next
version of the Windows operating system from Microsoft. Features that
are only available when running Windows 7 client computers with
server computers running Windows Server 2008 R2 include:
Simplified remote connectivity for corporate computers by using the
DirectAccess feature
Secured remote connectivity for private and public computers by using
a combination of the Remote Workspace, Presentation Virtualization,
and Remote Desktop Services Gateway features
Improved performance for branch offices by using the Branch Caching
feature
Improved security for branch offices by using the read-only
Distributed File System (DFS) feature
More efficient power management by using the new power management
Group Policy settings for Windows 7 clients
Improved virtualized presentation integration by using the new
desktop and application feeds feature
Higher fault tolerance for connectivity between sites by using the
Agile VPN feature
Increased protection for removable drives by using the BitLocker
Drive Encryption feature to encrypt removable drives
Improved prevention of data loss for mobile users by using the
Offline Folders feature
Simplified Remote Connectivity for Corporate Computers
One
common problem facing most organizations is remote connectivity for
their mobile users. One of the most widely used solutions for remote
connectivity is for mobile users to connect by using a virtual
private network (VPN) connection. Depending on the type of VPN, users
may install VPN client software on their mobile computer and then
establish the VPN connection over public Internet connections.
The
DirectAccess feature in Windows Server 2008 R2 allows Windows 7
client computers to directly connect to intranet-based resources
without the complexity of establishing a VPN connection. The remote
connection to the intranet is transparently established for the user.
From the user’s perspective, they are unaware that they are
remotely connecting to intranet resources. The following figure
contrasts the current VPN-based solutions with DirectAccess–based
solutions.
Figure
29: Comparison between VPN-based and DirectAccess–based
solutions
DirectAccess
was designed ground-up to manage a user-invisible always-on remote
access solution that removes all user complexity, gives you easy and
efficient management and configuration tools and doesn’t
compromise in any way the security aspect of remote connectivity. To
do this, Windows Server 2008 R2’s DirectAcces incorporates the
following important features:
Authentication. DirectAccess authenticates the computer,
enabling the computer to connect to the intranet before the user logs
on. DirectAccess can also authenticate the user and supports
multifactor authentication such as a smart card.
Encryption. DirectAccess uses IPsec for encrypted
communications across the Internet.
Access control. IT can configure which intranet resources
different users can access using DirectAccess. IT can grant
DirectAccess users unlimited access to the intranet, or only allow
them to access specific servers or networks.
Integration with Network Access Protection (NAP) and Network
Policy Server (NPS). NAP and NPS, features built into Windows
Server 2008 and Windows 7 Server, can verify that client computers
meet your security requirements and have recent updates installed
before allowing them to connect.
Split-tunnel routing. Only traffic destined for your intranet
is sent through the DirectAccess server. With a traditional VPN,
Internet traffic is also sent through your intranet, slowing Internet
access for users.
Figure
30: DirectAccess remote access solution
Unlike
a traditional VPN-based solution, the DirectAccess client forwards
traffic destined for Internet-based resources directly to the
Internet-based resource. In a traditional VPN-based solution, all
traffic, both Internet and intranet traffic, is sent through the VPN
connection. Separating the Internet-based traffic from the
intranet-based traffic helps reduce remote access network
utilization.
Another
difference between DirectAccess and VPNs is that DirectAccess
connections are established before the user is logged in. This means
that you can manage a remote computer connected by DirectAccess even
if the user is not logged in; for example, to apply Group Policy
settings. However, for the user to access any corporate resources,
they must be logged in.
In
order to benefit from DirectAccess, you must be able to access the
resources within your intranet by using IPv6. If your organization
has an IPv6 routable infrastructure, no IPv6 translation is required.
If you have resources that only have IPv4 addressing, you will need
to provide IPv6-to-IPv4 transition services.
The
DirectAccess server supports the Teredo Server, Teredo Relay, ISATAP
Router, and 6to4 router transition technologies. Additionally,
Microsoft’s Forefront Intelligent Access Gateway (IAG) solution
will integrate with DirectAccess to provide additional management,
security and deployment capabilities. This IAG solution will become
available approximately 6 months after the launch of Windows Server
2008 R2 and the Windows 7 client.
Secured Remote Connectivity for Private and Public Computers
Another
common problem for remote users is the ability to access
intranet-based resources from computers that are not owned by the
user’s organization, such as public computers or Internet
kiosks. Without a mobile computer provided by their organization,
most users are unable to access intranet-based resources.
A
combination of the Remote Workspace, presentation virtualization, and
Terminal Services Gateway features allows users on Windows 7 clients
to remotely access their intranet-based resources without requiring
any additional software to be installed on the Windows 7 client. This
allows your users to remotely access their desktop as though they
were working from their computer on the intranet.
The
following figure highlights some of the new features provided by
Virtual Desktop Infrastructure (VDI) and Terminal Services in Windows
Server 2008 R2. For more information on these features, see “Secured
Remote Connectivity for Private and Public Computers” in
“Better Together with Windows 7” in Windows Server
2008 R2 Technical Overview.
From
the user’s perspective, the desktop on the remote Windows 7
client transforms to look like the user’s desktop on the
intranet, including icons, Start menu items and installed
applications are identical to the user’s experience on his or
her own computer on the intranet. When the remote user closes the
remote session, the remote Windows 7 client desktop environment
reverts to the previous configuration.
Improved Performance for Branch Offices
Driven
by challenges of reducing cost and complexity of Branch IT,
organizations are seeking to centralize applications. However, as
organizations centralize applications the dependency on the
availability and quality of the WAN link increases. A direct result
of centralization is the increased utilization of the WAN link, and
the degradation of application performance. Recent studies have shown
the despite of the reduction of costs associated with WAN links, and
WAN costs are still a major component of enterprises’
operational expenses.
Figure
31: The branch office problem
The
BranchCache™™ feature in Windows Server 2008 R2 and
Windows 7 Client reduces the network utilization on WAN links that
connect branch offices and improve end user experience at branch
locations, by locally caching frequently used content on the branch
office network.
As
remote branch clients attempt to retrieve data from servers located
in the corporate data center, they store a copy of the retrieved
content on the local branch office network. Subsequent requests for
the same content are served from this local cache in the branch
office, thereby improving access times locally and reducing WAN
bandwidth utilization between the branch and corpnet. BranchCache™
caches both HTTP and SMB content and ensures access to only
authorized users as the authorization process is carried out at the
servers located in the data center. BranchCache™ works
alongside SSL or IPSEC encrypted content and accelerates delivery of
such content as well.
BranchCache™
can be implemented in two ways: The first involves storing the cached
content on a dedicated BranchCache™ server located in the
branch office which improves cache availability. This scenario will
likely be the most popular and is intended for larger branch offices
where numerous users might be looking to access the BranchCache™
feature simultaneously. A BranchCache™ server at the remote
site ensures that content is always available as well as maintaining
end-to-end security for all content requests.
Figure
32: The BranchCache™ server deployment scenario
The
second deployment scenario centers around peer content requests and
is intended solely for very small remote offices, with roughly 5-10
users that don’t warrant a dedicated local server resource. In
this scenario, the BranchCache™ server at corpnet receives a
client content request, and if the content has been previously
requested at the remote site will return a set of hash directions to
the content’s location on the remote network, usually another
worker’s PC. Content is then served from this location. If the
content was never requested or if the user who previously requested
the content is off-site, then the request is fulfilled normally
across the WAN.
Figure
33: BranchCache™ peer-based deployment model
Improved Security for Branch Offices
Windows
Server 2008 introduced the read-only domain controller feature, which
allows a read-only copy of Active Directory to be placed in less
secure environments such as branch offices. Windows Server 2008 R2
introduces support for read-only copies of information stored in
Distributed File System (DFS) replicas, as illustrated in the
following figure.
Figure
34: Read-only DFS in a branch office scenario
Read-only
DFS replicas helps protect your digital assets by allowing branch
offices read-only access to information that you replicate to the
offices by using DFS. Because the information is read-only, users are
unable to modify the content stored in read-only DFS replicated
content and thereby protects data in DFS replicas from accidental
deletion at branch office locations.
More Efficient Power Management
Windows
7 includes a number of power-management features that allow you to
control power utilization in your organization with a finer degree of
granularity than in previous operating systems. Windows 7 allows you
to take advantage of the latest hardware developments for reducing
power consumption in desktop and laptop computers.
Windows
Server 2008 R2 includes a number of Group Policy settings that allow
you to centrally manage the power consumption of computers running
Windows 7.
Improved Virtualized Desktop Integration
Windows
7 introduces the RemoteApp & Desktop (RAD) feeds feature, which
helps integrate desktops and applications virtualized by using Remote
Desktop Services with the Windows 7 user interface. This integration
makes the user experience for running virtualized applications or
desktops the same as running the applications locally. For a detailed
description of RDS and VDI, see the “Terminal Services Becomes
Remote Desktop Services for Improved Presentation Virtualization”
section earlier in this guide.
Higher Fault Tolerance for Connectivity Between Sites
One of
the most common scenarios facing organizations today is connectivity
between sites and locations. Many organizations connect their sites
and locations by using VPN tunnels over public networks, such as the
Internet.
One
problem with existing VPN solutions is that they are not resilient to
connection failures or device outages. When any outage occurs, the
VPN tunnel is terminated and the VPN tunnel must be reestablished,
resulting in momentary connectivity outages.
The
Agile VPN feature in Windows Server 2008 R2 allows a VPN to have
multiple network paths between points in the VPN tunnel. In the event
of a failure, Agile VPN automatically uses another network path to
maintain the existing VPN tunnel, with no interruption of
connectivity.
Increased Protection for Removable Drives
In
Windows Server 2008 and prior operating systems primarily used
BitLocker Drive Encryption (BitLocker) to protect the operating
system volume. Information stored on other volumes, including
removable media, was encrypted by using Encrypted File System (EFS).
In
Windows 7, you can use BitLocker to encrypt removable drives, such as
eSATA hard disks, USB hard disks, USB thumb drives, or CompactFlash
drives. This allows you to protect information stored on removable
media with the same level of protection as the operating system
volume.
BitLocker
requires the use of a Trusted Platform Module (TPM) device or
physical key to access information encrypted by BitLocker. You can
also require a personal identification number (PIN) in addition to
the TPM device or physical key.
BitLocker
keys can also be archived in Active Directory, which provide an extra
level of protection in the event that the physical key is lost or the
TPM device fails. This integration between Windows 7 and Windows
Server 2008 R2 allows you to protect sensitive information without
worrying about users losing their physical key.
Improved Prevention of Data Loss for Mobile Users
The
Offline Files feature allows you to designate files and folders
stored on network shared folders for use even when the network shared
folders are unavailable (offline); for example, when a mobile user
disconnects a laptop computer from your intranet and works from a
remote location.
The
Offline Files feature has the following operation modes:
Online mode. The user is working in online mode when
they are connected to the server, and most file requests are sent to
the server.
Offline mode. The user is working in offline mode
when they are not connected to the server, and all file requests are
satisfied from the Offline Files cache stored locally on the
computer.
In
Windows Server 2008 RTM and Windows Vista, the Offline Files feature
was configured for online mode by default. In Windows Server 2008 R2
and Windows 7, the Offline Files feature was configured for offline
mode by default. This helps reduce network traffic while connected to
your intranet because the users are modifying locally cached copies
of the information stored in the Offline Files local cache. However,
the information stored in the Offline Files local cache is still
protected from loss because the information is synchronized with the
network shared folder.