Ward Ralston delves into the technical details of the Windows Server 2008 R2 release
Michael Otey, technical director of Windows IT Pro, recently asked Ward Ralston, group product manager for Windows Server, to cover some of the aspects of Windows Server 2008 R2 that might make IT pros consider deploying this release sooner rather than later.
Michael Otey: What are the must-have features in Windows Server 2008 R2?
Ward Ralston: Windows Server is an interesting product in that it’s a platform technology. It’s no one-trick pony. Today there are 17 roles that can be deployed on Windows Server and more than 42 features and role services to complement those roles. And each one of those roles has something new to offer. So your infrastructure needs and how you deploy Windows Server (file server, application server, web server, DNS server, etc.) will determine where your “must-have” features lie. That said, when we think of the major technology investment areas we focus on for R2, we think of our new hypervisor and its ability to Live Migrate virtual machines, its power management and PowerShell capabilities, and its better-together technologies with the Windows 7 client—such as BranchCache and Direct Access.
Michael Otey: What are the new virtualization capabilities?
Ward Ralston: With Windows Server 2008 R2, there are a number of improvements to the hypervisor around scalability, performance, and reliability. First, on the scalability front, we have increased the number of logical processors supported to 64. This will allow Hyper-V Server 2008 R2 to scale the capabilities of the new multi-core systems as they come to market.
On the performance side, we have the ability to leverage technologies in the CPU known as Nested and Extended pages tables (Intel and AMD). Known as second-level address translation (SLAT), it allows us to use memory more effectively and reduce the host overhead of running Hyper-V from roughly 8 percent to 2 percent. We also have introduced new networking capabilities in the hypervisor, such as TCP Offloading and Virtual Machine Queues (VMQ), which give us better network performance.
And finally, on the reliability side, we have developed a technology called Clustered Shared Volumes (CSV) that allows multiple hosts in a cluster to talk to the same shared volume. This gives us the ability to perform Live Migrations of virtual machines with no perceived downtime to the end user connected to the VM while it’s running.
Michael Otey: Can you clear up some of the confusion about virtualization and licensing?
Ward Ralston: Microsoft has taken a leadership position over the last few years to ensure that licensing for virtual machines is as straightforward as possible. For Standard Edition, you get one license for a virtual guest; all other virtual guests require a license. For Enterprise Edition, you get four licenses—so every guest over four requires a license. And for Datacenter Edition, which is the preferred operating system for organizations that are looking to virtualize, we offer an unlimited number of virtual guests. No licenses required at all—essentially a virtualization buffet of all-you-can-eat VMs.
Michael Otey: What’s new in Active Directory improvements?
Ward Ralston: There are a couple of cool new things going on here. First is the new Active Directory Administrative Center (ADAC). We got our PowerShell team, our AD team, and our User Experience team together to create an intuitive wizard-driven console for AD management based 100 percent on PowerShell.
Another compelling feature for organizations is the AD Recycle Bin. In the past, if an object was accidently deleted from AD, you would have to take the Domain Controller into safe mode and perform an authoritative restore of that object from backup media. This process could potentially take hours and was only as good as the fidelity of your backup. With Windows Server 2008 R2, you can restore deleted objects from the command line without having to do any disaster recovery procedures. As you may suspect, a requirement of this capability is Windows Server 2008 R2 Forest Functionality Mode.
Michael Otey: Have there been any enhancements to Server Core?
Ward Ralston: Server Core is another area where there have been some significant improvements with Windows Server 2008 R2. One of the customer-driven features we added was the ability to run PowerShell and ASP.Net on Server Core. This was a limitation in the past, as we didn’t have a componentized version of the .NET framework, which is now part of Server Core.
Another improvement is with the Server Core memory footprint. We have a new R2 feature called trigger-starting of devices and services. This allows us to bring up certain devices and drivers only when needed instead of at install. This reduced the footprint of a base Server Core install even more. The memory footprint in RAM for Server Core has been reduced to less than 100MB, compared to roughly 130MB for Windows Server 2008 and 244MB for Windows Server 2003, which didn’t have a Server Core install option.
Michael Otey: Terminal Services has been renamed to Remote Desktop Services. Why? And what else has changed?
Ward Ralston: Microsoft has been investing in many new remote desktop and Virtual Desktop Infrastructure (VDI) areas with Windows Server 2008 R2. These changes include adding support for VDI scenarios by integrating Terminal Services and VDI management infrastructure, enabling simplified access to desktops and applications, and providing a much improved rich-media user experience. To better reflect the new capabilities to offer desktop and applications in a firewall-friendly manner to users—wherever they may be—we named everything formerly known as Terminal Services to Remote Desktop Services (RDS).
Windows Server 2008 R2 Remote Desktop Services embraces VDI scenarios, delivering a complete business desktop to employees’ remote PCs and other access devices—anywhere. The new Remote Desktop Connection Broker, which extends the Session Broker capabilities already found in Windows Server 2008, makes it easier for administrators to deliver remote resources (desktop or applications) to end-user devices.
The Remote Desktop Connection Broker currently supports four key deployment scenarios: session-based remote desktops; session-based remote applications (RemoteApp); VM-based, personal (permanent) virtual desktops; and VM-based, pooled (non-permanent) virtual desktops.
If your organization includes structured task workers, such as call center and retail branch employees, you can provide access to a session-based desktop or to session-based applications installed on a Remote Desktop Session Host. This type of deployment allows access to standard applications in a cost-effective manner and enables users to access line-of-business applications even from their legacy systems.
We think there are many advantages to virtualizing desktops and applications, such as accelerating application deployment and maintenance and simplifying ongoing management. Users access applications in a central location on a virtual desktop, or on a remote desktop session host. Also, virtualizing desktops can help IT pros deploy new applications to a wide variety of clients, including those on which the new application cannot run natively. PC hardware upgrades aren’t required to deploy new applications.
Because applications aren’t installed locally, Remote Desktop Services enables more streamlined desktop OS images on PCs, accelerating organizations’ ability to adopt new operating systems such as Windows 7 or use thin clients, both of which can lower management costs.
With RDS, desktops and data live in the datacenter, so only encrypted keyboard and mouse strokes transmit over the network. Centralization of data helps to radically simplify the challenges associated with regulatory compliance. And finally, this approach lets IT departments quickly and easily connect remote or mobile workers with the critical applications and secure work environments they need—from the worker’s laptop, home computer, or airport kiosk—by accessing a secure web page to launch applications and virtual desktops that aren’t installed or available on the client machine.
Michael Otey: Are there any features in Windows Server 2008 R2 that are important but easy to overlook?
Ward Ralston: Thinking back to the first question—Windows Server is a platform technology. There is a little something for everyone, depending on the roles you deploy it for. For example, a powerful technology in the DNS server role is DNS Security (DNSSEC), which gives you the ability to ensure DNS lookups are served from a trusted source. Or, from a management perspective, Server Manager now has the ability to connect remotely to other servers for administration. The File Server role now has the new File Classification Infrastructure (FCI), which allows you to classify files based on the business value and take action on those files—for example, moving all files that contain the word string “Company Confidential” to an encrypted folder.
One set of features that stands out more than others, though, is our power management capabilities. From throttling the voltage applied to CPUs through the new Power Process Management (PPM), to turning off unneeded cores with Core Parking, to monitoring the wattage of your power supplies—there is a lot of potential to save money on your power bill with R2.
Michael Otey: What are some of the benefits that you get by running Windows Server 2008 R2 and Windows 7 together?
As a joint development effort from the beginning, one of the goals of Windows Server 2008 R2 and Windows 7 was to enable users to access the information that they need, whether they are in or out of the office, and in the case of Branch Offices, accelerate the delivery of that information and decrease WAN usage.
One of the challenges we’ve heard users have today when accessing resources that are inside the corporate network is establishing a VPN. VPN can be hard to use for users because it takes time and multiple steps to initiate the VPN connection and wait for the PC to be authenticated from the network. And if you’re lucky, the L2TP/PPTP ports will be open on the firewall from the location you are connecting from. Hence, most remote users try to avoid the VPN as much as possible and stay disconnected from the corporate network for as long as they can. At this point, we run into a chicken-egg problem: Since remote users are disconnected, IT cannot manage them while away from work. Remote users stay more out of date and it gets harder and harder to access corporate resources.
With the capabilities that R2 enables, users who have Internet access will be automatically connected to their corporate network without any user interaction—it’s just on. A user who is sitting in a coffee shop can open his laptop, connect to the Internet using the wireless access of the coffee shop, and start working as if he’s in the office. The user in this case will be able to not only use Outlook, but also work with intranet sites, open corporate shares, use line-of-business applications, and basically have full access to corporate resources.
This solution is also very appealing to IT pros as well—managing mobile PCs has always been an issue since they could be disconnected from the corporate network for a long time. With this work access solution, as long as they have Internet connectivity, users will be on the corporate network. Servicing mobile users (such as distributing updates and Group Policy) is easier since mobile devices can be accessed more frequently by IT systems.
Another area in which Windows Server 2008 R2 and Windows 7 shine is in the branch office. A new feature, BranchCache, is easily enabled using Group Policy. When enabled, R2 will intelligently cache data the first time it is downloaded from a corporate content server (either SMB or HTTP) so that subsequent requests for the same information are served up locally in the branch instead of taxing the WAN links. This is done in a way where we can ensure file changes, ACLs, file locks, etc. are all respected. Think of a branch where there are 100 users who all need to download the new employee manual, which is 50MB. Instead of 5GB going across the WAN in the early morning (slowly), only 50MB will go across and everyone will get the manual locally from the hosted cache in the branch. You just saved 4.5GB on that line.
Michael Otey: What’s the upgrade path for earlier versions of Windows Server?
Ward Ralston: People moving from Windows Server 2003 or Windows Server 2008 should have a fairly straightforward upgrade. Although we find most of our customers don’t upgrade, but rather migrate with new server hardware, you should still keep these steps in mind.
First, check with your ISV to ensure your applications are tested for compatibility. For a quick compatibility self-test check, you can take advantage of our free downloadable certification toolkit (use the Works with Windows Server 2008 R2 tool) as a black-box validation tool for application compatibility compliance verification. (You can find the Toolkit at microsoft.com/windowsserver/isv). If your ISV has not pledged support for Windows Server 2008 R2 (you may find a complete list of server pledged supported apps on our WindowsServerCatalog.com), we have application compatibility resources including the Microsoft Deployment Toolkit 2010 (MDT), which has the Application Compatibility Toolkit 5.5 (ACT).
Second, remember that Windows Server 2008 R2 is x64 only. You can’t upgrade from an x86 operating system to an x64 because the architectures are different. Also, keep in mind that WoW64 (Windows-on-Windows 64-bit) is capable of running 32-bit apps on a 64-bit OS. Third, check out the MDT as your first step in assessing your upgrade, migration, or new deployments of Windows Server 2008 and Windows Server 2008 R2.