Windows 8 Server storage
The explosion in the amount of data we want — and need — to store, has made it harder and more expensive to implement business storage. Windows 8 Server should simplify things considerably, as it now supports tools for handling thinly provisioned virtual disks that can be extended quickly by just adding new drives, with warnings to show just when you should add new disks to an array.
Two new storage concepts in Windows 8 Server are storage pools and storage spaces. Pools describe virtual disks, while spaces give you tools for managing resiliency and performance. There's no need to invest in specialised hardware, as you can use standard interconnects and storage, with SATA and Shared SAS disks. Storage pools aggregate physical storage, letting you quickly define an array of disks that can be used as the basis of a thinly provisioned virtual disk — a storage space. New disks can be added to a pool as required and are automatically used to provide additional storage for a space. You can start small, with a terabyte or so of storage that's exposed as 10TB of virtual disk.
Storage spaces can be implemented as simple spaces, just like traditional disks. If you want more security for your data, you can define a resilient space with either mirrored or parity storage. These options are similar to RAID 1 and RAID 5, but there are enough differences — including the ability to use unmatched drives in a storage space. Implementing storage spaces means that you can separate deployment from purchasing, as you can provision what you expect to need in the future from day one, deploying the storage you have and adding more as its actually needed.
One of the bigger changes is to how Windows handles disk checks. Instead of long CHKDSK operations that can take hours, with a file system offline, new tools let you handle scan and repair online. Corruption is logged as you run, and when you choose to repair a disk downtime is proportional to the number of corruptions, taking the file system offline for a quick fix rather than a complete scan. Running CHKDSK on Windows 8 Server for 100 million files can take less than 8 seconds, as opposed to more than 100 minutes with Windows Server 2008 R2.
Windows 8 Server also now supports data deduplication. That means you can store more data on fewer drives, resulting in quite significant savings. If there's a lot of common data (perhaps a batch of virtual desktop virtual drives) you can take actual storage requirements down to around four percent of the required space. Windows will report the required storage space and the actual space used.
You can see all the servers on your network from Server Manager, giving you a single pane of glass where you can discover and deal with problems
Active Directory in Windows 8 Server
Windows 8 Server makes it a lot easier to deploy a new Active Directory server. Promoting a server to a domain controller is much simpler, with the preparation steps part of the promotion process. Prerequisites are setup and validated automatically, and the whole process can be handled remotely. A new Active Directory Administrative Center lets you view the PowerShell commands that have been used on your system, and you can copy and paste the commands used, editing them as required and building them into a library of AD administration scripts.
You can also now run a domain controller as a virtual machine, with support for snapshots and copies. Each time a snapshot is taken a generation identifier is set, which can be used to indicate whether a domain controller has, so to speak, gone back in time. When you launch a snapshot of an Active Directory server the hypervisor checks the generation ID, and if necessary updates the domain controller with the latest Active Directory data. You'll need a hypervisor that supports generation IDs, but it's a useful technique as you can now clone domain controller. This lets you quickly deploy new AD forests in private clouds, or provision domain controllers during disaster recovery.
A PowerShell cmdlet handles the process, ensuring that only clonable services are running. Copies are made once a server has been shut down, and the first time a clone is booted sysprep automatically runs to ensure that the system is up to date.
Securing data: dynamic access control
With more and more data, it's getting harder to manage access controls and to put in place an information governance strategy. Windows 8 Server can automate much of the process of applying access controls, using its new dynamic access control features with tags held in a NTFS stream and in Office data.
Data is automatically identified, based on metadata tagging and on document classifications. Access can then be controlled using centrally-defined access policies, with audit rules and automatic use of rights-management tools for Office files. A claims-based identity framework employs user and device information to ensure that the appropriate rules are applied, which means the context of a request can be as important as the user identity. With dynamic access control, I can be given access to data if I'm in the office on a managed PC, and blocked if I'm at home on an unmanaged device — even if I'm using a VPN.
There's no need for system administrators to know where files are, or even that managed files exist. Rules are applied automatically, and enforced as soon as someone creates a share. Definitions and rules are built using Active Directory and Group Policies, and applied at runtime. If you create a share you can see the policies that apply, and can choose the rules that apply. Users don't just get refused access to a file; you can configure messages that indicate why users have been blocked and what they need to do if they're sure they need access to the data — including creating an email template for permission requests.
The dynamic access control mechanism is extensible, and can be tied into other access control tools. One option would be to bridge physical security with data security, locking down files for users who haven't badged into a secure building.
Remote Access in Windows 8 Server
Current trends in both IT infrastructure and in working patterns mean that remote access tools need to become easier to use. Windows 8 Server's new Unified Remote Access role bundles together three previously separate technologies: Direct Access, VPN and cross-premises connectivity. Direct Access becomes the preferred connection technology for Windows devices, with VPNs for everything else.
Getting Direct Access working used to be hard, and Windows 8 Server simplifies things considerably. An express wizard gets you started quickly, and additional options support working behind NAT networking equipment rather than as a host in a DMZ. You can even use Direct Access with a single network adapter. You don't need to worry about IPv6 versus IPv4, which simplifies compatibility issues, and you can deploy in an existing network with no need for changes.
BranchCache has been improved, taking advantage of Windows 8 Server's data deduplication features to speed up download of similar files. This means you'll get version 2 of a document quickly, even if only version 1 is held in the local cache. You can also use it with cloud-hosted storage, computing the storage hashes for the cache on the client and storing them with the data on cloud servers. BranchCache will download the hashes first, before requesting data from the cloud. You don't need to be a branch office to take advantage of this feature — it works just as well for datacentres sharing data with cloud services.
Windows 8 Server and the web
With Windows 8 Server, the Internet Information Server (IIS) team has been moved to the Azure group, giving the new IIS many features that help support scalable cloud services. One major change in the next IIS is support for WebSockets, which makes it easier to connect HTML5 applications to data sources with asynchronous connections. There are also significant performance improvements over Windows Server 2008 R2, using 3.5 times less memory, and a 166-fold speedup on configuration changes.
Another important change is to how IIS handles and manages SSL certificates. Instead of managing them on a per-site basis (something that could be quite time-consuming on a large web farm), a central certificate store manages all your certificates, with tools for managing expiry as well as provisioning sites. There's no longer any need for IP address bindings for SSL certificates, and you can use a single PowerShell cmdlet to deploy and manage certificates.
With servers hosting multiple sites, IIS will now sandbox applications using CPU throttling. Where processes that needed too much CPU were simply killed in Windows Server 2008 R2, Windows 8 Server lets you define a maximum amount of CPU that can be used. If there's no contention, you can access all of a server's resources. Once there's contention, your process is throttled back to its limits.
Windows 8 Server and remote and virtual desktops
Virtual Desktops are becoming more and more common, and Microsoft is using Windows 8 Server to deliver an improved version of the Remote FX tools originally released with SP1 of Windows Server 2008. The storage needed to hold virtual desktops has been simplified and there's support for Windows 8 desktop features, including touch with multiple touchpoints.
Windows VDI used to require expensive shared storage for desktop images. That's been replaced with local storage for cached images, with no need to go to the network. Pooled storage also simplifies personalisation, and a session host server handles resource allocations, giving users fair shares of network and disk resources, as well as CPU. You can use direct attached storage for images, or access them using SMB connections to remote storage arrays.
One additional change is support for slow WANs, letting branch offices use virtual desktops from central offices. Microsoft expects bandwidth requirements to be 10 percent of those from Windows Server 2008 R2, with a new codec and support for both TCP and UDP connections. Patching is improved too, avoiding the dreaded patch storms, using policies to coordinate deployment. If you're using RemoteFX there's no longer a need for specialised GPU arrays on servers, as Windows 8 Server includes software graphics acceleration that works well for desktop features and for productivity applications.
Conclusion: your next server?
Windows 8 Server isn't so much a new thing, as the next step in the evolution of Windows. A new user interface, along with the various UI-less options, mean it's easier to deploy, manage and secure. A new version of the Hyper-V hypervisor makes it clear that you're expected to run Windows 8 Server as a virtual machine, not a standalone server. It's an approach that makes a lot of sense, as Windows 8 Server will be running alongside previous servers, and any conflict or incompatibility will affect rollouts and deployments.
Many of Windows 8 Server's new features have required significant architectural changes, and so won't be available to earlier versions. However, Windows Server 2008 users will get access to many of the new PowerShell cmdlets. Describing it as suitable for 'any application, any cloud', Microsoft has big ambitions for its new server. The new private cloud features in Hyper-V make it clear that this is Microsoft's Infrastructure-as-a-Service (IaaS) play to go along with the Azure cloud platform.
We're impressed with what we've seen so far. It's up to Microsoft to deliver what's likely to be your next server — and to move you from running a datacentre to running a cloud. It's a big challenge for everyone, but Windows 8 Server looks more than up to the task.