Kevin Remde's IT Pro Weblog

  • 31 Days of our Favorite Things: The Resilient File System (ReFS) in Windows Server 2012 (Part 15 of 31)

    New options for file storageNTFS is getting a little long in the tooth.  It has been, and continues to be, a rock-solid file system on which most of the world’s data on disk is stored.  And it is still the default disk format for installations of Windows Server 2012 and Windows 8.  

    Enter ReFS – the new Resilient File System available with Windows Server 2012.  In today’s “31 Days of our Favorite Things” article, Keith Mayer describes in detail the benefits of the new ReFS,  how it compares to NTFS, and when you might want to choose it as the format for a new data volume.

    READ HIS ARTICLE HERE

  • 31 Days of our Favorite Things: Yes, there is an “I” in Team. The NIC Team in Windows Server 2012 (Part 7 of 31)

    NIC TeamingHappy Sunday!  It’s my turn again to provide today’s article in our series of “31 Days of our Favorite Things”.  And today I am pleased to introduce to you the topic of NIC Teaming.

    “’Introduce’?  But, Kevin… I’ve been doing NIC Teaming for years now.”

    Sure.  But not as a built-in feature of Windows Server.  Long requested and desired, Microsoft has finally made NIC Teaming a native, built-in feature of the Server in Windows Server 2012

    To start things off, let me ask you a couple of questions: If you’re currently doing NIC teaming, you are probably doing it through some NIC vendor’s solution, right?

    “Yes.”

    And if you go to that vendor and say/ask, “I want to team your NICs with this other NIC from another vendor.  Can I?”, what do they say?

    “They won’t let me.” Sad smile 

    Right.  And that’s understandable.  Every vendor has their own proprietary solution and implementation, and they can’t (won’t, can’t support, etc).  Their solutions work great; but at the expense of real choice or flexibility.  So Microsoft has finally added NIC Teaming into Windows Server 2012 that:

    • Doesn’t care what the NIC vendor is,
    • Doesn’t’ care about the NIC’s network speed, and
    • Actually doesn’t care if it’s wired or wireless. 

    Oh.. and it’s just included for no additional cost.  Smile

    “Nice.  What are the benefits of having a NIC team?”

    In general there are two benefits: Resiliency and Performance.

    By resiliency, I mean that if any one of the network paths (or network cards) becomes disconnected or somehow fails, the remaining NICs in the team are in place to continue making sure that traffic is getting through.

    And in terms of performance, your team is able to take advantage of the aggregate of all bandwidth available.  So in theory, your 4 x 1 GB NICs should be able to give you 4GB of bandwidth.

    “Fantastic!  How does one set this up?”

    It’s pretty easy from Server Manager.  Let’s say your local computer area looks like this:

    image

    See the area I’ve circled?  There you can see the fact that this server has 4 NICs all currently getting their IP addresses through DHCP.  And you can also see right above those that NIC Teaming is currently disabled.

    Click on the word “disabled”.  This brings up the NIC Teaming window.

    image

    Notice that under the TEAMS section, I don’t have any.  Above that section, click on Tasks…

    image

    And select New Team.  That will bring up the New Team Window.

    image

    Notice that I’ve named my team (Go Vikings!), and selected all four of my NICs to become members of the team.  ALSO, I’ve expanded the Additional Properties area to show you that you have additional options available for configuration.

    Click OK, and now you’ll see that I have a team.

    image

    When I close this window and refresh the Server Manager window, now you’ll see that I only have one NIC being used by the server.  But underneath we know that this is really a team of 4 physical NICs.

    image

    In fact, if you click on the NIC here, you’ll be taken to the Network Connections window, where you’ll see all of the physical as well as team NICs.

    image

    The properties and the status of this team “NIC” look just like any other ordinary NIC.  Notice that the status shows that my 4 x 10 Gbps NICs are giving me 40 Gbps!  (Not really, in my case, because this is a virtual machine with virtual NICs all associated with the same Virtual Switch that connects them to my 1 Gbps laptop NIC.  But you get the idea.)

    image

    But interestingly, when I open the properties of any of the other four actual NICs that are members of the team, they have only one item selected: The Microsoft Network Adapter Multiplexor Protocol.

    image

    That’s obviously the protocol used to drive this NIC as a member of a NIC Team.

     

    So in summary: NIC Teaming is included in Windows Server 2012 to provide aggregated network performance and resilient connectivity for physical servers running Windows Server 2012 and Hyper-V Server, as well as virtual machines running virtually on those platforms.

    For the complete rundown of NIC Teaming in Windows Server 2012, plus greater detail on configurations, traffic distribution algorithms (yawn), using NIC teams in virtual machines, and other errata, CLICK HERE for the TechNet NIC Teaming Overview.

    ---

    Have you had a chance to try this out yet?  Are you hoping to do NIC Teaming for the first time, or to perhaps augment what you’re already doing with your NIC vendors?  If you’d like to comment, or if you have any questions, be sure to post a comment below.

  • 31 Days of our Favorite Things: Windows Server 2012 and Hyper-V Replica (Part 5 of 31)

    Hyper-V POWER!

    Hyper-V in Windows Server 2012 (and in the free Microsoft Hyper-V Server include an easy start to a good disaster recovery solution: Hyper-V Replica.  With Hyper-V Replica you can easily create and maintain an off-line copy – a replica – of a virtual machine on a separate virtualization host.  This means, for example, that if your main location or host for an important virtual machine goes down becomes unavailable, you can easily fail-over to the replica.  The copy will start up and be available in short-order.

    “That sounds really great, Kevin!  But what does it cost to set this up?”

    Absolutely nothing, other than what you’ve already paid for (the OS).  Hyper-V Replica is just a capability that is included with Windows Server 2012 Hyper-V and Hyper-V Server

    “How do I set it up?”

    I’m glad you asked.  There are really two simple requirements to make it happen:

    1. You need to be running Windows Server 2012 with the Hyper-V Role installed (or Microsoft Hyper-V Server 2012) on both the source and destination virtualization hosts, and
    2. You need network connectivity between them.  (and don’t  forget the firewall)

    Here are my 6 steps to working with Hyper-V Replica:

    1. Configuring the Hosts to Allow Replication

    In Hyper-V Manager, right-click on, or select the host, and choose Hyper-V Settings…

    On the left, select Replication Configuration, and then enable and configure your replication options.

    image

    2. Setting up a Replica

    To configure the replica using Hyper-V Manager, right click on the VM you want to replicate and choose Enable Replication…

    Enable Replication...

    On the Before You Begin page, click Next

    On the Specify Replica Server page, Enter the name of the server that is to be the replication host.

    Specify Replica Server

    Click Next.

    The Specify Connection Parameters page is, um, where you specify your connection parameters.

    Specify Connection Parameters

    Click Next.

    Choose the hard disks you want to replicate on the Choose Replication VHDs page.

    Choose Replication VHDs

    Click Next.

    On the Configure Recovery History page, choose whether you want to keep just the most recent recovery point, or perhaps maintain a number of points in the past that you could recover to.  You also have the option to occasionally perform a VSS copy.

    Configure Recovery History

    Click Next.

    On the Choose Initial Replication Method page, notice that you have options on how you want that big initial replication to take place.  Maybe you don’t want to use the network for that initial large transfer, but instead would prefer to use UPS or FedEx.

    Choose Initial Replication Method

    Then click Finish on the summary page, and you’re all set.

    image

    If all was configured properly, you’ll see a new VM appear on the replication host that will be turned off.

    3. Verifying the Replica’s Status

    You can easily verify the status of your replica by selecting either your original VM or your replica VM in Hyper-V Manager, right-click the VM, click Replication, and then View Replication Health.

    View Replication Health

    Replication Health

    4. Testing the Replica

    You can test your replicated machine by right-clicking on the replica VM and under Replication select Test Failover…

    Test Failover

    Pick the point in time that you want to test, and click Test Failover.

    Test Failover

    This will create a linked copy VM with the text “ – Test” appended to the name.  Simply start up that VM (go ahead.  It isn’t connected to the network, so it won’t interfere with anything) and verify that it is a useable machine.

    5. Disaster Strikes!  Time to Fail Over

    The unthinkable has happened.  Time to act.  Your original and important production VM is no longer available.

    On the replica VM, right click.  Under Replication, select Failover.

    Failover!

    Select the recovery point, and click Fail Over.

    image

    And your replica will start up configured, networked, and ready to take on Dr. Proton.

    Recovered VM

    6. Removing the Replica

    Easy.  On both the source and replica VMs, right click.  Under Replication, select Remove Replication

    image

    Now you can safely delete your replica from the replication host.

    ---

    Simple, yes?  Do you have any questions?

    “Can I have the failover happen automatically?”

    Not natively.  In its most simple form, Hyper-V Replica is a manual failover.  However, because you can use PowerShell to drive this entire process, there’s no reason why you (or some third party) couldn’t develop a solution that monitors the state of the source VM and launches a script (or some automation in System Center 2012 Orchestrator) to launch the failover.

    “But do I need to have Active Directory?  Or do both of my virtualization hosts need to be in the same domain?”

    Actually, no.  You have the option of using certificate authentication to make the trusted configuration.  (CLICK HERE for details on how to use certificates for Hyper-V Replica.)

    “Do my virtual machines need to be running particular operating systems for this to work?”

    Nope.  There is nothing required of the guest operating system.  You could be running the original Duke Nukum on DOS 6.22 in your VM, and this will still work.

    “I’ve heard good things about using Windows Azure for hosting my virtual machines and extending my datacenter into the cloud.  Can I create my replica up in my Windows Azure account?” 

    Currently the answer to that is no.  But I’ve heard this question enough times, and really it does make sense.. so I have to imagine (and that’s all I personally have to go on) that Microsoft is considering doing that.  Consider the ramifications, though… setting up a replica means configuring something beyond just standing up a virtual machine in Hyper-V.. so the process has to have the ability to manipulate the hypervisor.  I could see it happening sometime, but I don’t know when.

    “Can I replicate machines that are in clusters?  And can I replicate into or out of another cluster?”

    Yes and yes.  You will think of the cluster as and treat it as a single machine.  And to do that there is a special role that you need to add to the cluster called the Hyper-V Replica Broker.  This defines a new named entity that becomes either the source or the destination for replicas coming into or out of a cluster.   For more details on this, check out this Wiki article.

    “What about PowerShell?  Can I use PowerShell to set up a replica?  Can I use it to do the failover or even get status on current replicas?”

    Yes, yes, and yes. 

    For example, to configure the replica destination host, you could use these commands to configure the firewall to allow inbound replication on the destination, and set a server up as a new replication host (each numbered line is a separate complete PowerShell command or script line):

    1. Enable-Netfirewallrule -displayname "Hyper-V Replica HTTP Listener (TCP-In)”
    2. Import-Module Hyper-V
    3. $RecoveryPort = 8080
    4. $ReplicaStorageLocation = “D:\Example”
    5. Set-VMReplicationServer -ReplicationEnabled $true -AllowedAuthenticationType Kerberos -IntegratedAuthenticationPort $RecoveryPort -DefaultStorageLocation $ReplicaStorageLocation -ReplicationAllowedFromAnyServer $true

    And then to create a replication (each numbered line is a separate complete PowerShell command or script line):

    1. Import-Module Hyper-V
    2. $ReplicaServer = “Recovery1.contoso.com”
    3. $RecoveryPort = 8080
    4. $PrimaryVM1 = “CRMVM”
    5. $PrimaryServer = “Primary1.contoso.com”
    6. Enable-VMReplication -VMName $PrimaryVM1 -ReplicaServerName $ReplicaServer -ReplicaServerPort $RecoveryPort -AuthenticationType Kerberos -CompressionEnabled $true -RecoveryHistory 0
    7. Start-VMInitialReplication –VMName $PrimaryVM1

    For the full story, here is the Microsoft online documentation of  Hyper-V Replica: Hyper-V Replica Overview - http://technet.microsoft.com/en-us/library/jj134172.aspx 
    (NOTE: as of today, the online documents are still based on the RC code.  I’m sure it will be updated soon to work with RTM.)

    And to give Windows Server 2012 a try,

    UPDATE: CLICK HERE for the full list of our "31 Days of our Favorite Things".

    ---

    So what do you think?  Good stuff?  Let’s discuss in the comments.

  • 31 Days of our Favorite Things: Extend Your Hyper-V Virtual Switch in Windows Server 2012 (Part 20 of 31)

    It’s the weekend!  Just in time for Part 20 of the “31 Days of our Favorite Things” series:  the Hyper-V Extensible Virtual Switch!

    MP900401302[1]What is a Virtual Switch?

    In Hyper-V, as in other virtualization platforms, a virtual switch is rather like a physical networking switch in the sense that it is a connection point for virtual machines.  You define this virtual connection point (a switch) that, when more than one virtual machine connect to it, and with the proper IP configuration, they can communicate with one another.  TCP/IP traffic flows through the switch.  And when supporting VMs that are doing production work, the virtual switch is also the conduit through which the virtual machines connect to the physical network.

    What makes your virtual switch extensible?

    Microsoft has created the new virtual switch in Hyper-V 3.0 (the one available in Windows Server 2012, or in the free Microsoft Hyper-V Server 2012) to allow for the adding of extensions that can monitor, operate upon, or even modify the network traffic as it passes through the switch.  Traffic shaping, protection against malicious virtual machines, easier troubleshooting of issues, and even tenant isolation can be provided as a result.

    Why is it good to be extensible instead of just replaceable?

    Microsoft doesn’t just provide a way to replace the native virtual switch with 3rd-party switches.  The goal was to add flexibility to the architecture that would allow more than one extension to be included in the same switch.  For example, the Cisco Nexus 1000v provides “consistent, policy-based network capabilities to virtual machines across your data center”, and I can add their extension to my Hyper-V virtual switch as a forwarding extension.  But on that same switch I also might want to packet inspection using products like sFlow by inMon.  Or perhaps I want to filter and even drop un-wanted packets using a virtual firewall and antivirus like the one by 5nine’s Security Manager.  Or how about filtering extensions to detect and prevent Denial-of-Service attacks. 

    How does it work?

    Figure 1  Architecture of vSwitch

    Need I say more?

    “Yes!”

    Okay.  In a nutshell (because I assume that the readers of this article are more likely to be consumers of these products and capabilities rather than the developers of these extensions), the extensions are written as either NDIS filter drivers or WFP callout drivers, which are two public platforms for extending Windows networking functionality.

    There are 4 general purposes extensions.  Here is a quick chart showing off the types, their defined purpose, some examples, and how the extensibility is provided (information borrowed from The Hyper-V Virtual Switch Overview):

    Extension Purpose Examples Extensibility Component

    Network packet inspection

    View network packets for virtual machine to virtual machine traffic per vSwitch. Cannot alter network packets.

    sFlow, network monitoring

    NDIS filter driver

    Network packet filter

    Create, filter, and modify network packets that are entering or leaving the vSwitch and in virtual machine to virtual machine traffic.

    Security

    NDIS filter driver

    Network forwarding

    Provide forwarding extension per vSwitch, which bypasses default forwarding (maximum of one per vSwitch).

    OpenFlow, Virtual Ethernet Port Aggregator (VEPA), proprietary network fabrics

    NDIS filter driver

    Intrusion detection or firewall

    Filter and modify TCP/IP packets, monitor or authorize connections, filter traffic that is protected by IPsec, and filter RPCs.

    Virtual firewall, connection monitoring

    WFP callout driver

    Where do I get these extensions?

    The Windows Server Catalog has a Hyper-V Switch Extensions section that will contain the released products.  Currently there is only one product listed,

    Additionally, you could always “Google it on Bing”, in order to discover other options currently in development, or being released by other vendors and perhaps not yet listed at our catalog site.

    Read more here: The Hyper-V Virtual Switch Overview

    So in summary, the Virtual Switch provided with Hyper-V in Windows Server 2012 and Hyper-V Server 2012 is extensible.  Extensions can be purchased and added to provide rich network packet inspection, filtering, traffic shaping, firewalling, and intrusion detection. 

    ---

    Does this sound like something you might use?  Have any questions?  That’s what the comments are for.

  • 31 Days of our Favorite Things: Windows Server 2012 - I think, therefore IPAM. (Part 23 of 31)

    I suppose a more correct title for this article might have been, “I manage IP addressing, therefore IPAM.”

    Windows Server“IPAM?  What’s that?”

    IPAM is a FLA (Four-Letter Acronym) that stands for IP Address Management.  More appropriately, Internet Protocol Address Management.  In Windows Server 2012 we have added a capability that addresses (get it?) a need to efficiently (and centrally) manage IP addressing in large and often complex environments.  Specifically, you’d like to be able to both track manage the configurations of your DHCP and DNS servers in a consistent way, and all from one central console.  This is what IPAM allows you to do.

    IPAM Features

    IPAM is a discovery, tracking, reporting, and auditing tool.  The initial use for the tool is to do an inventory and discover the DHCP, DNS, and NPS servers in your environment.  Once that is accomplished, you can view and organize IP addressing and address utilization into default or custom IP address blocks, address ranges, and individual addresses. 

    Once organized, you will use the tool to track and audit configuration changes, to track operational events, and to watch user DHCP leases and user logon events collected from Network Policy Server (NPS) and DHCP servers.

    You also use it to monitor the availability of your DHCP and DNS servers.

    IPAM Architecture

    You can use IPAM either in a distributed method (one IPAM server per site) or centralized (one IPAM server only).  Here’s a diagram showing a distributed IPAM deployment:

    IC564249

     

    In either case, after you’ve done your discovery of servers, and configuring them manually, or automatically using Group Policy Objects that can be generated for you, you can manage the servers the various roles they play in IP addressing. 

    Installing IPAM

    Installation involves including the IPAM Server feature on a Windows Server 2012 server.

    Add Roles and Features Wizard

    Once that’s installed you have the local management tool already available from the Server Manager.  Optionally you can also  install the IP Address Management (IPAM) Client, which is one of the Remote Server Administration Tools (RSAT) on another server or Windows 8 workstation to allow for remote management.  You will notice that in either case you are also installing DHCP, DNS, and Group Policy management with the inclusion of IPAM management. 

    After the installation, you need to configure IPAM by provisioning the IPAM server, configure and launch server discovery, choose servers to manage, and finally retrieve data from the managed servers.  These operations can be easily found from within Server Manager:

    Server Manager and IPAM 

    HINT: If you’re going to use Group Policy to configure your servers, make sure you remember to configure it using on the IPAM server using the PowerShell Invoke-IpamGpoProvisioning command, in an elevated (run as Administrator) PowerShell window.

    Using IPAM

    Once configured and with managed servers answering and available for duty, you can define and manage IP Address Blocks and IP Address Ranges.  You can discover and reserve (or reclaim) unused addresses.  You can create and manage DNS entries.  You can use custom fields to logically organize addresses by their purpose or department.. or however you want. 

    Server Manager and IPAM

    Wham! Bam! Thanks, IPAM!

    ---

    I’m really just scratching the surface here.  For more information, be sure to check out the IP Address Management (IPAM) Overview.  And as a great first experience, I highly recommend installing and trying out IPAM in a test lab by working through the Step-by-Step: Configure IPAM to Manage Your IP Address Space.

    CLICK HERE for the recap and our full list of our "31 Days of our Favorite Things".

    ---

    Have I piqued your interest?  Are you considering IPAM now, but have some additional questions or concerns?  Let’s hear about them in the comments!

  • 31 Days of our Favorite Things: Stupid Active Directory Tricks (Part 25 of 31)

    Windows Server 2012Active Directory has been around for awhile (Remember Windows 2000 Server?), and with every new release of the server platform Microsoft has an opportunity to make things better.  Windows Server 2012 was no exception.  There are many improvements to Active Directory, and to the management tools and capabilities, introduced in this most recent version.

    “Well.. what are they?”

    I’ll tell you.  Actually, today I’m going to let Keith Mayer tell you.  It’s his turn to deliver the next article in our “31 Days of our Favorite Things” series.  In his article today, he introduces you to three new neat and nifty tricks (not necessarily in that order) that you now have in your trick bag in Server 2012.

    READ HIS EXCELLENT ARTICLE HERE

    ---

    Are you excited for some of the new capabilities and manageagility (Hey!  I made up a word!) that you get with Windows Server 2012?  Let’s talk about it in the comments!

  • 31 Days of our Favorite Things: Windows Server 2012 Versions (Part 22 of 31)

    Shopping for Server LicensesToday we need to talk about the versions and the licensing options you have for Windows Server 2012.  There are some pretty significant changes to A) what you can purchase, and B) what those versions include.

    “So it’s not just Standard, Enterprise, and Datacenter?  Are you making it even more complex?!”

    Absolutely not.  In fact, we’re making it much MUCH more simple.  Instead of 3 versions of Windows Server (not counting our “Essentials” product for small business), we now have just two license type: Standard and Datacenter.

    “Ah.. so, the Datacenter version includes all capabilities for a higher price, and Standard is a less capable version with fewer features?”

    Nope.  Datacenter and Standard do exactly the same things.  They have the same features and scale to the biggest, most capable hardware you can purchase today (and beyond). 

    “I’m confused.”

    Then how about you let me finish by outlining the versions and how you purchase them.

    “Okay.  Please continue.”

    Thank you.

    Updated Windows Server 2012 Licensing

    (Click to see a larger version)

    License Type

    You now buy Windows Server licenses per TWO physical processors.  Regardless of the number of cores in a processor, if you have a two processor server, then you only need to buy one copy of Windows Server 2012 – either Standard or Datacenter.  If you have four processors, you buy two copies.  And so on. 

    Features

    There is no difference.  Standard and Datacenter do exactly the same thing.  For example, a server running Windows Server 2012 Standard Edition is just as capable now for being a member of a Windows Failover Cluster.

    Virtualization Rights

    This is where they differ, and really why at some point of creating more and more virtual machines, you’ll decide that buying Datacenter is more cost effective and makes more sense. 

    With every license of Windows Server 2012 Standard Edition, you are granted TWO (2) virtual instances of the operating system.  So even though I can run as many VMs as my hardware will allow, the licensing gives you TWO virtualized server licenses.  To add more VM licenses, you can buy (and stack) additional Standard licenses on a server – each one giving you the license for two more VMs.

    With every license of Windows Server 2012 Datacenter Edition, you are granted UNLIMITED virtual instances of the operating system.  So, yes, it’s more expensive, but on that 2 processor / 8 core server, with one license of Windows Server 2012 Datacenter, you are given the licenses for as many virtual machines as you can fit on that box.  For ultimate flexibility in your virtualized datacenter, it just become a matter of having enough licenses to cover the physical processors on your server hardware, and you basically can run and migrate and use as many virtual machines as you can physically support.

    For More Information

    See the Windows Server 2012 “how to buy” page.

    Check out the Windows Server 2012 Pricing and Licensing FAQ document (.PDF Download).

    Also read Aidan Finn’s excellent blog post on Windows Server 2012 Licensing in Detail

    ---

    In summary – Microsoft has greatly simplified the choices, making it easier for you to determine and select the appropriate purchase choices of Windows Server 2012.

    CLICK HERE for the full recap of our "31 Days of our Favorite Things".

    ---

    This is by no means an exhaustive description of licensing, and I’m sure you may have questions.  Feel free to ask them in the comments.

  • 31 Days of our Favorite Things: Sometimes it’s the little things that make the difference. (Part 14 of 31)

    Happy Sunday!

    As the title of this post suggests, today we’re discussing a couple of the little things that make your experience so much better when using Windows Server 2012 and Windows 8.  For example, the Task manager…

    “Hold on.. the Task Manager has been the same for.. wow, I don’t even remember how many versions of Windows.”

    Very true.  And we’ve come to take it for granted.  But it’s an old friend whose time has come to retire.  Have you ever seen, for example, what the page of CPUs looks like in the old task manager when you’re running 32 CPUs on a single server?

    “No.. I haven’t."

    Well.. here you go…

    image

    And 32 isn’t nearly the capacity of what a virtual machine can have (64) or even a physical server (640).  That’s a lot of processors.. and the old interface just doesn’t cut it.

    In today’s installment of our “31 Days of our Favorite Things”, Keith Mayer will walk you through the new Task Manager, and perhaps a few other “UI Goodies”.

    CLICK HERE FOR HIS ARTICLE

    ---

    Are you going to miss the old task manager?  Me neither…

  • 31 Days of our Favorite Things: Let’s get dynamic with our access control (Part 26 of 31)

    BIG DATASo you have files to secure…

    “Yeah..”

    And forever you’ve been using security groups in Active Directory, and file and/or share permissions in Access Control Lists (ACLs), right?

    “Uh huh.  What’s wrong with that?”

    Nothing.  But what if I were to  tell you that you have some new and very flexible options available to you now in Windows Server 2012?

    “I’m listening…”

    In Server 2012 we introduce a capability called Dynamic Access Control.  Basically, the idea is to give you the ability to grant or deny access based on more than just security groups and permissions.  For example, your user accounts in Active Directory have details such as Department or Country, so why can’t you use those items to apply permissions? 

    And maybe there are certain aspects of some documents that we could dynamically detect, and assign usage rights to those documents based on those aspects.  For example, a document that contains some set of numbers that looks like a U.S. Social Security number.  Based on that, we would grant access to the document to only a very select set of individuals.

    “That sounds very useful!  Where can I go to learn more?”

    I’m glad you asked.  In today’s installment of “31 Days of our Favorite Things”, my friend and coworker Brian Lewis gives a good description of Dynamic Access Control in Windows Server 2012.

    READ HIS ARTICLE HERE

    ---

    Does Dynamic Access Control interest you?  Are you going to start looking at file security in a more dynamic way now?  Let’s talk about it in the comments!

  • 31 Days of our Favorite Things: I got yer document RIGHT HERE, thanks to BranchCache. (Part 10 of 31)

    Branch Cache ModesMany of you reading my blog are responsible for not only your local users and network and IT infrastructure, but also for supporting those poor folks who work remote branch offices.  And I say “poor folks” in the context of their access to the documents and applications that they would like quicker access to; because those are housed in the main office or at the corporate H.Q.  Those poor people probably have a WAN connection over the Internet that connects them to the stuff they need to do.  So.. even though they’re potentially working on the same web applications or the same documents as their local coworkers at the Scranton Branch, each time they have to work on that corp-based document requires the file to go across the slow WAN connection.  And that takes time and wastes bandwidth.

    But in Windows Server 2008 R2 Microsoft introduced technology called BranchCache.  With it, your branch office workers are likely to have local, automatically cached copies of the documents or applications they frequently use.  And it can be as automatic as using the PCs themselves to maintain the cached copies, or by setting up servers to maintain them.  But in either case, your branch office users won’t have to know or care about that.  All they’ll notice is that the file that usually took them 10-15 seconds to open is now there almost immediately. 

    Today’s “31 Days of our Favorite Things” author is Brian Lewis.  He’s going to expand upon and explain BrancheCache, and how it has been improved upon in Windows Server 2012 and Windows 8

    READ HIS ARTICLE HERE.

    ---

    Care to share your impressions of or experiences with BranchCache?  Got a tip or a question?  That’s what the comments are for.

  • 31 Days of our Favorite Things: Continuously Available File Shares in Windows Server 2012 (Part 18 of 31)

    How much do you depend on a file share to be available at all times?

    “Not much.  After all, I don’t use them for anything much beyond file storage due to the performance of that kind of resource.”

    CAFS in Windows Server 2012Ah.. but back in Part 17 of our series, we told you that with the new SMB 3.0 protocol, the performance rivals other high-end network-based storage (iSCSI, Fibre Channel, FCoE).  It’s so good that you could, for example, run virtual machines whose storage is just on a file share.

    And if that’s the case, how important does availability of that file system become?

    “Pretty important.”

    Exactly.  So in Windows Server 2012 we introduce the Continuously Available File Share (CAFS), otherwise known as the Scale-Out File Server for Application Data:

    “Scale-Out File Servers are ideal for server applications that keep files open for a long amount of time, doing mostly data operations with infrequent metadata operations on the file system. Hyper-V virtual hard disks and SQL Server database files can be stored on a scale-out file share on servers running Windows Server 2012.”

    “So.. I can be guaranteed that the files in use for these kinds of applications will always be available?”

    Precisely.

    In today’s installment of our “31 Days of our Favorite Things”, guest author and PowerShell MVP Steve Murawski discusses the new continuous availability you can achieve using this new capability.

    READ HIS ARTICLE HERE

  • 31 Days of our Favorite Things: Windows Server 2012 and the RSATs (Part 24 of 31)

    For your toolbeltRSAT stands for Remote Server Administration Tools.  This is the toolset that IT Pros have come to know and love, because it is the toolset that lets them keep sitting at their desks.

    “You mean, it contributes to the obesity epidemic in America?”

    Well.. I wouldn’t go that far.  But it certainly doesn’t help.  And that’s not what it was designed for.  How about we agree that when you’re done reading this, you promise to get up, stretch, and take a walk.*

    What I mean is that it’s the toolset that IT Pros use to manage their servers right from their workstations.  And with the huge (HUGE) improvements in Windows Server 2012, and in particular the Server Manager for fully managing all of your servers from one console, this becomes a very powerful toolset.

    To describe what the RSAT tools (redundant) do for you, allow me to share with you the text from the download page, followed by my answering a bunch of questions that I pose to myself in the oddly twisted method that has become “Full of I.T.”:

    “Remote Server Administration Tools for Windows 8 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server 2012 from a remote computer that is running Windows 8.”

    “So, you’re saying that I can only manage Windows Server 2012 from a Windows 8 workstation?”

    Yes, currently that is the answer.  The RSAT for Windows 8 only installs on…. [pause for effect].. Windows 8

    “What about Windows RT?  Can I install the RSAT on that new Surface tablet that I’m going to be getting?”

    Not directly, no.  And I say “not directly”, because I plan on doing a lot of work on my Surface using a remote desktop running Windows 8, or RemoteApps running from a Windows Server 2012.  So in those cases, I’ll have the full applications and even a full Windows 8 desktop at my disposal, all from the convenience of my Surface tablet.  (And yes, Windows RT has Remote Desktop and can support RemoteApps out-of-the-box.)

    “Hey Kevin.. can I use these tools to manage Windows Server 2008 or Windows Server 2008 R2?”

    Yes, you can; providing that you first install the new Windows Management Framework 3.0 onto those managed servers.  CLICK HERE FOR THE WMF 3.0  DOWNLOAD PAGE

    “Is there anything else that is significantly different in this new set of RSATs as compared to the previous ones?”

    I’m glad you asked that.  Yes, actually.  In the past, you had to both install the RSATs as well as then selectively enable specific tools in the by going into the Control Panel, clicking Programs and then click Turn Windows features on or off.  In the newest version, this is no longer the case.  All of the tools are installed and available to you automatically.  In fact, you’re welcome to remove them from the Start Screen afterwards, but by default they are all now available to you.

    Convinced?  CLICK HERE TO GO TO THE DOWNLOAD PAGE for the RSATs for Windows 8.

    Learn more about RSAT and how to install and deploy them by CLICKING HERE.

    And if you need the RSATs for older servers, CLICK HERE to read the Wiki article on these. 

    While I have your attention (and before you get up and head to the gym), here is a list of RSAT downloads for your convenience:

    ---

    And CLICK HERE for the full list of our "31 Days of our Favorite Things".

    * There.  I’ve done my part.  Time for a nap.  Or a beer and some pizza.

    Is this an IT Pro?

    ---

    Are you using the RSAT?  Does the Windows 8 requirement concern you?  Let’s discuss it in the comments.

  • 31 Days of our Favorite Things: Remote Desktop Services (RDS) in Windows Server 2012 (Part 30 of 31)

    There’s nothing remote about the chances that Microsoft would make big improvements in nearly all aspects of the platform that is Windows Server.  And Windows Server 2012 is no exception.  In this instance, we’re going to discuss Remote Desktop Services – otherwise lovingly referred to as RDS.

    Configured Remote Desktop Services in Windows Server 2012

    “Lovingly?  That’s a bit much, isn’t it, Kevin?”

    Okay.. perhaps to you.  But there are more and more people every day who depend upon this platform for bringing the Windows experience to the devices they love.  So any technology that lets my users and my business get their work done from wherever, on whatever device; that’s something I love.  It’s a true BYOD love story.

    In today’s next-to-last (wow!) installment of our “31 Days of our Favorite Things”, my Milwaukeen friend Brian Lewis writes about the “three main buckets” of changes and improvements in RDS for Windows Server 2012:

    1. Management of Remote Desktop Services
    2. Virtual Desktop Infrastructure
    3. The RDP protocol

    READ HIS EXCELLENT ARTICLE HERE

    PS – I am personally looking forward to using RemoteApp  from my new Microsoft Surface, for those few desktop applications that I want to use but can’t locally install.

    ---

    “’Milwaukeen’?  Is that a word?”

    I don’t know…  Milwauker?  Milwaukite? Milwacko? Milli Vanilli? 

    If you know the answer, please let us know in the comments.

    ---

  • I love these kinds of new-feature surprises (Office 2013)

    Isn’t it fun when a new feature just shows up in front of you before you even knew about it?  I recently installed Microsoft Office 2013 on my production laptop, and was working on an outline of questions for an upcoming TechNet Radio show we’re recording in a couple of days. 

    When finished, I created an e-mail that I had intended to attach the document to. 

    Office 2013 Preview“Attach a document?  Why aren’t you just storing them in SkyDrive or SharePoint?”

    Baby steps, my friend.  Baby steps. 

    Anyway.. what freaked me out (in a good way) was when I hit SEND…

     

    Sweet!

     

    Yeah.. like most of us have done at least once in our lives, I hit send before I remembered to attach the file.  But in the text (or context?) of the message, I simply mentioned attaching something.  So Office 2013 Outlook gave me this message basically saying to me, “Hey Kevin.. um.. duh!  I bet you meant to attach something here, but you didn’t.  So.. what are we gonna do about that?”

    I love little surprises like that.  Red heart 

    ---

    Do you?  Let’s discuss in the comments.

  • LIVE NOW: Watch it here: Windows 8 and Microsoft Surface Launch

    UPDATE: This was live on Thursday, Oct 25, 2012.  Obviously it’s no longer live, so I’ve removed the embedded video window from this post.

    You can find both the Windows 8 launch and the Surface launch here:   http://www.microsoft.com/en-us/news/presskits/windows/liveevent2.aspx

    You may have to click around on the bar to find the place where the actual events start, because it currently looks like they just recorded the whole day and put it all in one long continuous recording – including the hours of waiting in-between.

    I do highly recommend taking the time to watch them.  Smile

    I want one!

  • 31 Days of our Favorite Things: Windows Server 2012 and Easy(er) VDI (Part 13 of 31)

    For those of you not familiar with the acronym, VDI stands for Virtual Desktop Infrastructure.  The idea is that I can provide my users their desktops via remote desktop connections…

    “Like Terminal Services?”

    An example of a NON-virtual desktop...Where have you been since 2007?  But, in a sense, yes.  Using the same (or a similar) remote desktop protocol connection, and from a simple (or even “thin”) client, a user can access a computing desktop – whether all their own or shared.  But in this case, instead of a user session on a Remote Desktop Session Host (you’d call it a Terminal Server), the user is connecting to a virtual machine running a desktop operating system. 

    “Oh yeah.. I’ve heard of that.  I’ve considered it, but it is complex.”

    It’s certainly not something you enter into lightly.  And we still suggest that you consider partners such as Citrix to add value to the implementation.  But the good news is that in Windows Server 2012 we make it much easier to configure, manage, and support a VDI infrastructure.

    “’VDI Infrastructure’?  Isn’t that redundant?”

    Shut up.

    Today’s “31 Days of our Favorite Things” article comes to you by my friend Brian Lewis.  He will give you all the details on how to set up VDI using Windows Server 2012 and, oh, about 11 mouse clicks.

    READ HIS EXCELLENT ARTICLE HERE

    ---

    Are you considering VDI as a way to centrally provide and manage user desktops for some segment of your workforce?  Are you already doing this?  Share your experiences, or ask your questions, in the comments.

  • 31 Days of our Favorite Things: Windows Server 2012 makes NIC hardware sing! (Part 21 of 31)

    Networking PowerToday in Part 21 of “31 Days of our Favorite Things”, Brian Lewis answers the musical question, “To NIC or not to NIC?”

    There are so many new and exciting hardware options out there, and sometimes it makes sense to purchase one over another.  One thing that may influence your decision is in how you might be able to best integrate the hardware features with features that the operating system (in this case Windows Server 2012) now provides.  Brian does a great job of discussing those options.

    READ HIS EXCELLENT ARTICLE HERE

    ---

    Leave a comment if you’d like to discuss this further, or have any opinions you’d like to share.

  • 31 Days of our Favorite Things: Highly Available DHCP in Windows Server 2012 (Part 28 of 31)

    Windows Server 2012We’re in the final stretch of our 31 days, and for today’s article Keith Mayer is going to give you all the details on how you can make DHCP highly available in Windows Server 2012

    “But.. couldn’t you cluster DHCP services before?”

    Yes, but clustering involves more investment or complexity than some would like to invest in.  Server 2012, however, makes it really easy, while at the same time giving you a couple of useful options. 

    READ KEITH’S ARTICLE HERE

    ---

    Did you ever think that we’d make such big improvements to something as foundational as DHCP? 

  • 31 Days of our Favorite Things: Active Directory Gremlins? (Part 27 of 31)

    Don't get Windows Server 2012 wet!

    Yes, today in our “31 Days of our Favorite Things” series, Matt Hester is talking about Gremlins; specifically, the kinds of nasty things that can happen to an Active Directory domain controller that is virtualized, and when you attempt to restore an old snapshot or a backup of that virtual machine. 

    “Ah.. you mean the old ‘Event ID 2095’?  The dreaded USN Rollback?”

    Exactly.  AD Replication stops replicating.  Domain controllers stop domain-controlling.  Panic in the streets.  Mass hysteria.  All sorts of not good stuff.

    “But, what can be done about it?”

    Ah… In Windows Server 2012 we introduce something called the VM-GenerationID attribute.  I’ll let Matt give you all the details, but basically this little item allows a safe restore of an old copy of AD.  It also enables the ability to quickly create new domain controllers as clones of an original virtual machine.  Pretty slick stuff!

    READ MATT’S EXCELLENT ARTICLE HERE

    Hyper-V Server Download

    ---

    Any questions?   Comments?  Concerns?  Cheap shots?  Opinions on old ‘80’s movies or interesting antique automobiles?  That’s what the comments are for.

  • 31 Days of our Favorite Things: Simply Connected using DirectAccess in Windows Server 2012 (Part 16 of 31)

    DirectAccess is easier in Windows Server 2012DirectAccess is not new, but it is improved in Windows Server 2012

    For those of you who are not familiar with DirectAccess, let me briefly describe a scenario that I live every week (or three)…

    It’s time to fill out and submit expense reports for my many travels and the associated costs to the company.  To do this, Microsoft has an internal tool that is lovingly called “MS Expense”.  It is a browser-based application that requires me to know an internal address.  So.. the address to this web site, plus many of the other internal resources such as HR / Benefits, News, SharePoints.. they’re all at named resources that don’t (and can’t) exist on the Internet.  I need to be on the corporate network.  But… I’m at home.  Or in a hotel / airport / coffee shop.

    “So yeah.. big deal.  It’s called a ‘VPN’, Kevin.”

    Ah.. but that’s where our experiences diverge.  You (and I, in the past) have had to first make that connection happen as an extra step.  But , with DirectAccess, all I need is to be on the Internet.  Those internal resources are as readily available to me as any Internet resource.  I simply go to “MS Expense”, and start lying.  Surprised smile  ..er… start filling out and submitting my expenses accurately and honestly.  Smile

    And for IT Organizations, an added benefit is that the PCs you’re responsible for are also accessible by you.  Inventories and updates and pushing policies or software works as easily as if those machines were on the corporate network, because, in a sense, they are.

    Today’s “31 Days of our Favorite Things” article is provided by Sumeeth Evans (@sumeethevans).  He’s going to tell you all about how making DirectAccess happen with a foundation of Windows Server 2012 is so much better than the original. 

    HIS ARTICLE CAN BE FOUND HERE.

    ---

    Does this sound useful?  Have you been using it in Windows Server 2008 R2?  Have any questions?  That’s what the comments are for.

  • 31 Days of our Favorite Things: The new CHKDSK. Don’t blink; you’ll miss it! (Part 29 of 31)

    Construct your test lab with Windows Server 2012Yes, you read that subject line correctly.  We’ve actually improved the volume error detection so much in Windows Server 2012 that you’ll rarely if ever have to run a CHKDSK command to fix it.  And if you do, it will run fast and get out of your way.

    In our 29th installment of “31 Days of our Favorite Things”, Matt Hester does an excellent job of summarizing how the new CHKDSK works so much better than in the past; even on very large volumes. 

    And he also describes the equivalent method of doing a CHKDSK using PowerShell.  Do you want to take a guess at what the PowerShell cmdlet is?

    “Um… ‘Check-Disk’?”

    Nope.  That would be a very good guess, though.  However, I think because it’s really more of a repair than a simple check, and that we’re talking about volumes rather than disks.. the actual PowerShell cmdlet is “Repair-Volume”. 

    “Hey Kevin.. why do you have a photo of road construction barriers here?”

    Matt shares an interesting analogy of disk repairs and road construction in his article.  For all of the details on the new CHKDSK, as well as the road construction analogy, READ MATT’S EXCELLENT ARTICLE HERE.

    ---

    Have you always wanted a faster way to repair a disk?  Or wished that errors would happen less frequently?  Me too. 

  • 31 Days of our Favorite Things: Windows Server 2012 and Deduplication (Part 12 of 31)

    In Windows Server 2012 Microsoft includes many improvements, but also many new capabilities “in the box”.  One of the new things we’re including is built-in support for data deduplication. 

    Now THAT'S a lot of data!“Wait.. you mean like when a process makes more efficient use of the space used on a storage volume by finding all blocks of data that are the same, just one copy of what will be used for more than one file, thereby freeing up disk space?”

    Congratulations.  I couldn’t have said it better myself.  But here’s an even better description of the feature from the TechNet page on the subject:

    “Data deduplication involves finding and removing duplication within data without compromising its fidelity or integrity. The goal is to store more data in less space by segmenting files into small variable-sized chunks (32–128 KB), identifying duplicate chunks, and maintaining a single copy of each chunk. Redundant copies of the chunk are replaced by a reference to the single copy. The chunks are compressed and then organized into special container files in the System Volume Information folder.”

    In today’s installment of our “31 Days of our Favorite Things”, we are fortunate to have our former teammate Chris Henley (currently of Veeam) doing the writing for us. 

    READ HIS ARTICLE HERE

    Chris Henley

  • 31 Days of our Favorite Things: Wield the POWER of the SHELL with PowerShell Script Snippets. (Part 11 of 31)

    Today in our "31 Days of our Favorite Things", my friend and colleague Matt Hester has posted an article about a little-known improvement in the newest version of PowerShell: Script Snippets

    “PowerShell Script Snippets?  It’s fun to say.  But I’ve never heard of these before.  What are they?

    pshell3That’s what Matt is going to tell you.  But if I were to summarize what they are for you here, I’d borrow these two sentences from his article:

    “The Integrated Script Snippets are stored in the Integrated  Scripting Environment (ISE) and are designed to help us learn to PowerShell as well as write proper scripts.  When you access the snippets you can select from a list of script templates, select the appropriate template, and have partially completed script inserted into the editor. By default ISE ships with several script snippets to ease creating the commonly used programming syntax patterns.”

    “So.. it’s like inserting proper code into a script based on what you’re trying to accomplish?”

    Exactly.

    CHECK OUT HIS ARTICLE HERE

    ---

    Do you wield the power of the shell?  Or are you just getting started? 

  • You should like me.

    I’m almost at the big THREE DIGITS in the number of people who “LIKE” my “Kevin Remde is Full of I.T.” Facebook page. 

    Full of IT

    Go there, “like” the page, and push it over the top!

    “Gee Kevin.. that was a bit gratuitous.”

    Really?  Do ya think so?  Forgive me.  I’m in a silly mood.

    Smile with tongue out

  • 31 Days of our Favorite Things: Either / Or with Core in Windows Server 2012 (Part 19 of 31)

    CoreIn Windows Server 2008 we introduced you to the notion of a “Core” installation.  The idea with Server Core was that you had a minimal installation of a server workhorse that didn’t contain any of the extra fluff.  And when I say fluff, I mean GUI / UI / Windows Explorer / IE / multimedia.. stuff.  Things that you don’t really need or want on a server if you want to get the best performance, plus the benefit of a reduced attack surface for the sake of security. 

    “I like the idea, Kevin.. but Server Core is hard to administer."

    Yeah.. but that greatly improved with Windows Server 2008 R2, and is even better now in Windows Server 2012.  It’s so good, in fact, that the core installation is the default installation of Windows Server 2012. 

    “But if I install a Core of Server 2008 R2, I’m stuck with it.  I’d really like to be able to add the GUI later.  Or maybe install it as a Full installation, but then remove the GUI.”

    You’re in luck.  That’s what we’re allowing in Windows Server 2012.  It is no longer a one-time decision when you’re doing the installation of the server.  You can add or remove the UI features quite easily, either using the Add (or remove) Roles and Features wizard, or by using PowerShell

    In today’s entry for our “31 Days of our Favorite Things”, Keith Mayer will show off how you can choose and then change your choice between a Core install and a “Server with GUI” installation. 

    READ HIS EXCELLENT ARTICLE HERE