Wow I can’t believe I have been at this for 20 days!  Tonight I am learning Remote Desktop Services. I have learned some cool new facts about RDS in 2012.  Let me share some of the things I have seen tonight:

• Active/Active RD Connection Broker - Yes that’s right now all pieces have high availability
• Fareshare of Resources (CPU, Network, I/O) – Yup, now no single user can hog all the resources
• A single management interface in Server Manager for all services
• Well, two management interfaces we also support Powershell
• CPU based or Physical support for Remote FX GPU
• User Profile Disk – This is a VHD to store the user’s Desktop and files

There are Tons of resources on this topic!  I listed some below that I used to study with:

Remote Desktop Services Overview

http://technet.microsoft.com/en-us/library/hh831447.aspx

This includes some great lab guides:

• Test Lab Guide: Virtual Desktop Infrastructure Quick Start
• Test Lab Guide: Virtual Desktop Infrastructure Standard Deployment
• Test Lab Guide: Managed Pooled Virtual Desktop Collections
• Test Lab Guide: Unmanaged Pooled Virtual Desktop Collections
• Test Lab Guide: Remote Desktop Services Session Virtualization Quick Start
• Test Lab Guide: Remote Desktop Services Session Virtualization Standard Deployment
• Test Lab Guide: Remote Desktop Services Publishing
• Test Lab Guide: Remote Desktop Services Licensing

Virtual Desktop Infrastructure Benefits

http://www.microsoft.com/en-us/server-cloud/windows-server/virtual-desktop-infrastructure-benefits.aspx

Windows Server 2012 VDI/RDS Infrastructure and Management (Video)

http://northamerica.msteched.com/topic/details/2012/VIR314#fbid=Yesz_YUD4Lk

RemoteFX and RDP Rocking RDS in Windows Server 2012 (Video)

http://northamerica.msteched.com/topic/details/2012/VIR313#fbid=Yesz_YUD4Lk

Lessons from the Field: 22 VDI and RDS Mistakes You'll Want to Avoid (Video)

http://northamerica.msteched.com/topic/details/2012/VIR317#fbid=Yesz_YUD4Lk

Bruce Adamczak

Bruce is blogging again, it is now day 10, one third of my voyage is over!  With the release of Windows Server 2012 we all have to start learning the new features of the product. This night I am studying Resilient File System.  Below I highlighted what I learned and listed some resources to bring you to speed at the same time.

Here is a little of what I learned about Resilient File System (ReFS).  ReFS will scale to PB dataset and very large files.  Data corruption is detected and fix on the fly.  It can support up to 18,446,744,073,709,551,616 files in a single directory.  That is 18 Quintillion files.   ReFS is for data volumes only. 

Resilient File System

http://msdn.microsoft.com/en-us/library/windows/desktop/hh848060(v=vs.85).aspx

Resilient File System (ReFS) is a new local file system. It maximizes data availability, despite errors that would historically cause data loss or downtime. Data integrity ensures that business critical data is protected from errors and available when needed. Its architecture is designed to provide scalability and performance in an era of constantly growing data set sizes and dynamic workloads.

Building the next generation file system for Windows: ReFS

http://blogs.msdn.com/b/b8/archive/2012/01/16/building-the-next-generation-file-system-for-windows-refs.aspx

WS2012 File System Enhancements: ReFS and Storage Spaces

http://channel9.msdn.com/Events/TechEd/Australia/2012/WSV316

About 42 minutes into the video is the ReFS stuff

Application Compatibility with ReFS

http://download.microsoft.com/download/C/B/3/CB3561DC-6BF6-443D-B5B9-9676ACDF7F75/Application%20Compatibility%20with%20ReFS.docx

Hello, Bruce here again.  With the release Windows Server 2012 we all have to start learning the new features of the product.    So I thought I would share with you what I’m studying and some resource to bring you to speed at the same time.     Below is the first topic I’m starting to look at.

Dynamic Access Control (http://technet.microsoft.com/library/hh831717.aspx)

Today, it is difficult to translate business-intent using the existing authorization model. The existing capabilities of access control entries (ACEs) make it hard or impossible to fully express requirements. In addition, there are no central administration capabilities. Finally, modern-day increases in regulatory and business requirements around compliance further compound the problem.

Windows Server 2012 AD DS addresses these challenges by introducing:

• A new claims-based authorization platform that enhances, not replaces, the existing model, which includes:
• User-claims and device-claims
• User + device claims (also known as compound identity)
• New central access policies (CAP) model
• Use of file-classification information in authorization decisions
• Easier access-denied remediation experience
• Access policies and audit policies can be defined flexibly and simply:
• IF resource.Confidentiality = high THEN audit.Success WHEN user.EmployeeType = vendor

Dynamic Access Control: Scenario Overview

http://technet.microsoft.com/en-us/library/hh831717.aspx

Dynamic Access Control demo walkthrough

http://technet.microsoft.com/en-us/video/dynamic-access-control-demo-walkthrough.aspx

Technet Windows Server 2012 Virtual Labs
Using Dynamic Access Control to Automatically and Centrally Secure Data

In this lab, you will explore Dynamic Access Control in Windows Server 2012. You will learn how to create Central Access Policies, explore the new Access Denied Remediation features, as well as learn how to use the audit capabilities built into Dynamic Access Control.

http://go.microsoft.com/?linkid=9806471

Setting Up the Test Environment

http://technet.microsoft.com/en-us/library/hh831776.aspx

Windows Server 2012 Dynamic Access Control Overview

http://northamerica.msteched.com/topic/details/2012/SIA207#fbid=6Bsslue7jST

Windows Server 2012 Dynamic Access Control Deep Dive for Active Directory and Central Authorization Policies

http://northamerica.msteched.com/topic/details/2012/SIA341#fbid=6Bsslue7jST

Windows Server 2012 Dynamic Access Control Best Practices and Case Study Deployments in Microsoft IT

http://northamerica.msteched.com/topic/details/2012/SIA316#fbid=6Bsslue7jST

Hi, it is Bruce again!  With the release Windows Server 2012 we all have to start learning the new features of the product.    So tonight I am studying about RID improvements.  Below are some resources to bring you to speed at the same time.    

These improvements have been needed for quite some time. We now finally have a way to handle RID Pool exhaustion. Some cool things we added:

• Alert when you start to run out of RID
• A soft ceiling to allow the administration to take action before they run out
• Double the number of RID available

Relative ID (RID) Improvements

http://technet.microsoft.com/en-us/library/hh831477.aspx

The following RID improvements in Windows Server 2012 provide greater ability to react to any potential exhaustion of the global RID pool space:

• Periodic RID consumption warning
  • At 10% of remaining global space, system logs informational event
    • First event at 100,000,000 RIDs used, second event logged at 10% of remainder
      • Remainder = 900,000,000
      • 10% of remainder = 90,000,000
    • Second event logged at 190,000,000
      • Existing RID consumption plus 10% of remainder
  • Events become more frequent as the global space is further depleted
• RID Manager artificial ceiling protection mechanism
  • A soft ceiling that is 90% of the global RID space and is not configurable
  • The soft ceiling is deemed as ”reached” when a RID pool containing the 90% RID is issued
  • Blocks further allocations of RID pools
    • When the ceiling is reached, system sets msDS-RIDPoolAllocationEnabled attribute of the RID Manager$ object to FALSE. An administrator must set it back to TRUE to override.
  • Log an event indicating that the ceiling is reached
    • An initial warning is logged when the global RID spaces reaches 80%
  • The attribute can only be set to FALSE by the SYSTEM and is mastered by the RID master (for example, write it against the RID master)
    • Domain Admin can set it back to TRUE

Note: It is set to TRUE by default

• Increased the global RID space per domain, doubling the number of security principals that can be created throughout the lifetime of a domain from 1 billion to 2 billion.

Managing RID Issuance

http://technet.microsoft.com/en-US/library/jj574229

New features in Active Directory Domain Services in Windows Server 2012, Part 14: RID improvements

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-active-directory-domain-services-in-windows-server-2012-part-14-rid-improvements.aspx

Saturday after and it is Bruce again! I need to get my studying done before the OSU game. With the release Windows Server 2012 we all have to start learning the new features of the product. This night I am studying Flexible Authentication Secure Tunneling (FAST). Below are some resources to bring you to speed at the same time.

This new feature enhances Kerberos Authentication. By keeping it from fallback to less-secure legacy protocols and protection against offline dictionary attacks. But what is really important about this, is that it is required if you plan to use Claims within Dynamic Access Control. This is the enhancement that allows us to put claims into the Kerberos ticket.

Kerberos Armoring (Flexible Authentication Secure Tunneling (FAST))

http://technet.microsoft.com/en-us/library/hh831747.aspx

Flexible Authentication Secure Tunneling (FAST) provides a protected channel between the Kerberos client and the KDC. FAST is implemented as Kerberos armoring in Windows Server 2012, and it is only available for authentication service (AS) and ticket-granting service (TGS) exchanges.

New features in Active Directory Domain Services in Windows Server 2012, Part 11: Kerberos Armoring (FAST)

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/05/new-features-in-active-directory-domain-services-in-windows-server-2012-part-11-kerberos-armoring-fast.aspx

A Generalized Framework for Kerberos Pre-Authentication

http://tools.ietf.org/html/rfc6113