Windows 8 isn't just a new version of the familiar desktop client — it's also a new version of Microsoft's server software. And as with the Windows desktop, Microsoft's BUILD conference has seen the release of a developer preview of Windows 8 Server, focusing on what Bill Laing, head of Microsoft's Server and Cloud Division, calls "optimising your IT for the cloud". We spent some time before BUILD in Redmond talking with the Windows Server development team and looking at many of the next release's key new features.
What's clear is that Windows 8 Server isn't a revolutionary change. Instead, it's an evolution that builds on features introduced in Windows Server 2008, optimising it for private cloud operation and for operation at scale, while retaining the features that small and medium-sized organisations need. It's a balancing act that's a big challenge for Microsoft, and one the company needs to handle carefully if Windows Server is to continue to be successful.
This, of course, is pre-beta code — although it's pretty much beta quality. We did have some minor crashes, with user interface elements restarting and reloading quickly. If you're going to spend some time with the Windows 8 Server developer preview, we wouldn't recommend using it for production purposes, even if its new features are just what you need. With development still underway we expect plenty of changes between now and release, even if they are mostly fit-and-finish user interface tweaks.
No more server GUI?
Perhaps the biggest change is one that should simplify the Windows 8 Server line-up. Instead of a separate UI-less Server Core release, all versions of Windows 8 Server will be able to run in any of three different UI modes. One is the familiar Windows GUI, while another is the UI-less command-line approach that's been used in Server Core; a new third role removes the graphical shell and browser, while still letting you run Server Manager and use Microsoft Management Console snap-ins. Server Core will be the preferred installation for Windows 8 Server, with the shell an optional component that can be added and removed as required. Removing UI components from deployed servers should reduce the attack surface, helping protect your server infrastructure. Microsoft's aim for Windows 8 Server is a server that has just the functions necessary to run your operations — not only reducing security risks, but also reducing the need for patching and for planned downtime.
The key to this change is a massive increase in the number of available PowerShell cmdlets — over 2,300. That means you can use PowerShell to handle almost all system management tasks — both locally and remotely. Server UI is now a thin layer on top of PowerShell commands, with every action triggering PowerShell actions. You can also use management tools to administer several servers at once, with remote PowerShell calls on other machines. There will be a Windows 8 Server version of RSAT (Remote Server Administration Tools) that can be used to manage servers from a desktop PC, while a PowerShell history will allow you to copy cmdlets used by Windows' management tools and then customise them for use in your own management scripts.
The heart of Windows 8 Server is the Server Manager Dashboard, which runs on a standard desktop and gives you a Metro-like way of working with one or many servers
Microsoft is giving Windows 8 Server a new Server Manager, with a very Metro-like look and feel, that incorporates lessons learned from the System Center management tools. Server Manager is now a dashboard that lets you see information from all the servers you manage, quickly colour-coding the views to show you where action is required, with information displayed in role-based tiles. You can use filtering tools in the dashboard to quickly reduce noise (for example temporarily removing alerts from a server that may be down for hardware or software maintenance). The Server Manager lets you quickly add additional servers, using Active Directory or by IP address, automatically updating the server numbers and roles on the dashboard. You can view information using single server views, or aggregate several servers and see all the relevant events in a single view.
There's no Action Pane in the new server manager. That's partly due to changes in screen resolutions, with large wide-screen displays becoming increasingly common. Instead, you interact directly with tiles, with tiles for specific services and the ability to group by server with queries and filters that can be saved and re-used. It's an approach that should simplify working with large server farms, while still making it easy to work with one or two machines in a small office. A new version of the PowerShell scripting environment includes IntelliSense and makes it simpler to build and test your management scripts.
Microsoft has made significant changes to the PowerShell stack, with everything remotable and with no calls to private APIs. More importantly there's also support for long-running operations on tens, hundreds or even thousands of machines. Support for workflow and complex tasks means that PowerShell can be used to handle remote deployments, and for sites working with virtual servers, it'll be possible to use it to work with offline virtual hard disks. If you're using PowerShell to handle deployments, scripts can be exported and used via Windows 8 Server's automation tools.
One of the key features of WMI (Windows Management Instrumentation) in Windows 8 Server is support for standards. Instead of working with custom interfaces, PowerShell will use standards to communicate with applications and hardware — for example using SMI-S (Storage Management Initiative - Specification) to work with storage arrays from multiple vendors. Microsoft has also made it easier to write WMI-providers, so that third parties can add their own tools for use with PowerShell — including task-oriented abstractions that simplify handling complex actions. PowerShell cmdlets in Windows 8 Server can be used to work with REST and JSON interfaces, simplifying interactions with web services.
Powering the private cloud: Hyper-V v3
With Microsoft describing Windows 8 Server as a 'cloud-ready OS', the Windows hypervisor is increasingly important. Intended for both on-premises and hosted private clouds, Hyper-V v3 adds native PowerShell support, making it easier to automate virtualised machines, with tools for handling a range of different workloads and for providing continuous availability. Certainly the new Hyper-V is looking impressive. According to Microsoft it can run on machines with up to 160 logical processors (cores and threads), with up to 2TB of physical memory, and with each hosted VM having up to 32 virtual processors and up to 512GB of memory. There's no longer a ratio between logical and virtual processors, and you can run as many VMs as your hardware will support. There are also tools that optimise for NUMA (Non-Uniform Memory Access) architectures, making virtual machines more efficient on large and powerful servers.
Hyper-V's NUMA support is important. Non-uniform memory access architectures partition cores and memory into nodes, using memory locations relative to processors to reduce latency. High-performance applications can detect this, and optimise for performance. With the current generation of hypervisors there's no relationship between VMs and NUMA, so performance can be reduced. Using Hyper-V v3's Guest NUMA mode there's a mapping between the physical arrangement of processors and memory and VMs, so applications can detect that they're running on NUMA systems and optimise appropriately. The result is impressive, with almost linear scaling as additional virtual processors and memory are added to a virtual machine.
Private clouds must be stable, and must be able to adapt to hardware failures and continue running until maintenance downtime can be arranged. Hyper-V v3 adds support for WHEA, the Windows Hardware Error Architecture. This detects errors in memory, and handles them to ensure that applications continue running. With multiple VMs on a single server, a WHEA event will suspend all the VMs and determine if the error can be isolated to a single VM; if it can be, WHEA will terminate that VM, mark the memory page as bad, and restart the affected VM while resuming the paused VMs. That means that a memory fault won't take down an entire server, just the one affected VM. Similarly, predictive failure analysis will use the error count features of ECC memory to mark pages that are showing signs of failure, taking them offline and warning system administrators.
Microsoft has also improved Hyper-V's storage support, with tools for handling scalable virtual disks and metering storage use, plus a new VHDX virtual disk format. Hyper-V will now support virtual fibre channel connections using SMB, along with tools that allow you to merge VHDs and to create parent disks without any downtime. VHDX virtual disks can be larger than 2TB (there's currently a 16TB limit) and have better performance, as well as using logs to reduce the risk of corruption. If you're using a SAN you can offload data transfer to the SAN, significantly reducing network and CPU load for large data transfers and live migrations. Other new storage features mean that cluster volumes can be encrypted using BitLocker, making it easier to secure data in hosted private clouds.
Although WHEA support makes individual VMs more reliable, there's also improved support for clusters. You can use this to build continuously available file servers, using fibre channel for high availability. There's support for more than 32 nodes and over 4,000 VMs in a cluster, with live migration and failover clustering, and I/O redundancy — including network load balancing and multichannel SMB. You're going to need this type of technology to build a large-scale private cloud, and it's not suitable for everyone.
On a smaller scale, Hyper-V can also handle disaster recovery, with asynchronous replication to a remote site. It's easy to set up a Hyper-V replica — all you need do is send a snapshot on a disk to a remote site and then start up replication — so you're ready to go a lot more quickly than if you had to upload a complete copy of your server to a recovery site. It's a very flexible approach, with support for active-passive failover, as well as active-active links between two sites, and for using hosted sites or branch offices as shared recovery sites. There are no limits; you can have replicas of as many VMs as you want. You can speed things up still further by using a separate virtual disk for page files, which don't need to be replicated to recovery sites. Failover to a recovery site will automatically inject the correct IP address settings into a new VM as well as updating your DNS, so you can be up and running on a new network.
Migrating VMs is a lot easier, too — all you need is some Ethernet — and you can move the history of your VM workload with the VM. Once you've moved a VM you can use the same PowerShell to script and batch moves for multiple VMs, with support for high- and low-priority VMs. Shared-nothing live migration simplifies setting up new servers, and helps smaller businesses build a virtual infrastructure more quickly.
At a lower level, there's support for multiple tenancy on Hyper-V's network switch, with tools for handling NIC teaming and for managing quality of service — as well as supporting private VLANs and networking access controls. The switch is now extensible, with the ability for third parties to add new functions — either as listeners, or for working with the network traffic directly. It's easy to imagine extensions to the Hyper-V network switch that add data loss prevention features, or enhanced intrusion detection. There are three types of extension, capture, filtering and forwarding, and there will be a Windows Logo programme to certify third-party extensions.
Windows 8 Server networking
Treating Windows 8 Server as the building block for cloud services has meant significant changes to the way it handles networking, focusing on handling multi-tenancy. Designing networks that work for separate isolated systems running on the same physical infrastructure is very different from traditional networks, but the techniques and tools work well for both approaches.
One change is the introduction of DHCP Guard, which blocks virtual machines from exposing services to other VMs on other virtual networks. Isolation is important if you're creating a multi-tenant network, as is performance, and there are now tools that control the traffic sent by virtual machines. You can define both minimum and maximum bandwidth guarantees, allowing you to offer a level of performance that can be exceeded if (and only if) there is spare capacity on the network. As these controls are managed by the Hyper-V network switch, you can use them on any and all VMs, with just a PowerShell cmdlet — making sure you manage your SLAs.
Virtual networks in Windows 8 Server mean that you can have multiple VMs on a physical server, operating as if they're on different hardware, giving the illusion of running on a dedicated network. This makes your services much more portable, making it possible to move from on-premises to the cloud without changing any network settings — even if you need to split functions between your datacentre and the cloud.
You can use Windows 8 Server's NIC teaming features to bundle up network cards into single networking functions, with faster connections, reduced congestion and the ability to failover for load-balancing or for hardware issues. It's vendor-agnostic too, so you can team network resources from different vendors, using either PowerShell or Server Manager.
Of course, this all means changes at a low level in the networking stack, and an increased reliance on DNS and DHCP. Windows 8 Server adds tools for handling DHCP failover, with pairs of DHCP servers for active-active and active-passive failover. You're likely to use them in active-active mode, as this also means you get load-balancing. DNS security is improved, with support for DNSSEC, which lets you use encryption to ensure data integrity and authority, with signed zones deployed to all your DNS servers.
Windows 8 Server also adds new tools for IP address management. A new console, the IP Address Management (IPAM) Center, lets you manage all the IP addresses in an organisation. It's a complex tool, but then managing IP addresses is complex — especially if you're managing a global organisation with many hundreds of address ranges, and with both dynamic and static IP addresses (plus IPv4 and IPv6). The IPAM Center will scan your network, loading dynamic and static addresses, whereupon you can sort and tag your data. It's an extensible tagging model, so you can add your own tags — for example, indicating which building and which floor have which IP address ranges. You can get reports on utilisation, so you can see whether ranges need to be consolidated or have extra addresses added, as well as planning future address assignments.
Windows 8 Server storage
The explosion in the amount of data we want — and need — to store, has made it harder and more expensive to implement business storage. Windows 8 Server should simplify things considerably, as it now supports tools for handling thinly provisioned virtual disks that can be extended quickly by just adding new drives, with warnings to show just when you should add new disks to an array.
Two new storage concepts in Windows 8 Server are storage pools and storage spaces. Pools describe virtual disks, while spaces give you tools for managing resiliency and performance. There's no need to invest in specialised hardware, as you can use standard interconnects and storage, with SATA and Shared SAS disks. Storage pools aggregate physical storage, letting you quickly define an array of disks that can be used as the basis of a thinly provisioned virtual disk — a storage space. New disks can be added to a pool as required and are automatically used to provide additional storage for a space. You can start small, with a terabyte or so of storage that's exposed as 10TB of virtual disk.
Storage spaces can be implemented as simple spaces, just like traditional disks. If you want more security for your data, you can define a resilient space with either mirrored or parity storage. These options are similar to RAID 1 and RAID 5, but there are enough differences — including the ability to use unmatched drives in a storage space. Implementing storage spaces means that you can separate deployment from purchasing, as you can provision what you expect to need in the future from day one, deploying the storage you have and adding more as its actually needed.
One of the bigger changes is to how Windows handles disk checks. Instead of long CHKDSK operations that can take hours, with a file system offline, new tools let you handle scan and repair online. Corruption is logged as you run, and when you choose to repair a disk downtime is proportional to the number of corruptions, taking the file system offline for a quick fix rather than a complete scan. Running CHKDSK on Windows 8 Server for 100 million files can take less than 8 seconds, as opposed to more than 100 minutes with Windows Server 2008 R2.
Windows 8 Server also now supports data deduplication. That means you can store more data on fewer drives, resulting in quite significant savings. If there's a lot of common data (perhaps a batch of virtual desktop virtual drives) you can take actual storage requirements down to around four percent of the required space. Windows will report the required storage space and the actual space used.
You can see all the servers on your network from Server Manager, giving you a single pane of glass where you can discover and deal with problems
Active Directory in Windows 8 Server
Windows 8 Server makes it a lot easier to deploy a new Active Directory server. Promoting a server to a domain controller is much simpler, with the preparation steps part of the promotion process. Prerequisites are setup and validated automatically, and the whole process can be handled remotely. A new Active Directory Administrative Center lets you view the PowerShell commands that have been used on your system, and you can copy and paste the commands used, editing them as required and building them into a library of AD administration scripts.
You can also now run a domain controller as a virtual machine, with support for snapshots and copies. Each time a snapshot is taken a generation identifier is set, which can be used to indicate whether a domain controller has, so to speak, gone back in time. When you launch a snapshot of an Active Directory server the hypervisor checks the generation ID, and if necessary updates the domain controller with the latest Active Directory data. You'll need a hypervisor that supports generation IDs, but it's a useful technique as you can now clone domain controller. This lets you quickly deploy new AD forests in private clouds, or provision domain controllers during disaster recovery.
A PowerShell cmdlet handles the process, ensuring that only clonable services are running. Copies are made once a server has been shut down, and the first time a clone is booted sysprep automatically runs to ensure that the system is up to date.
Securing data: dynamic access control
With more and more data, it's getting harder to manage access controls and to put in place an information governance strategy. Windows 8 Server can automate much of the process of applying access controls, using its new dynamic access control features with tags held in a NTFS stream and in Office data.
Data is automatically identified, based on metadata tagging and on document classifications. Access can then be controlled using centrally-defined access policies, with audit rules and automatic use of rights-management tools for Office files. A claims-based identity framework employs user and device information to ensure that the appropriate rules are applied, which means the context of a request can be as important as the user identity. With dynamic access control, I can be given access to data if I'm in the office on a managed PC, and blocked if I'm at home on an unmanaged device — even if I'm using a VPN.
There's no need for system administrators to know where files are, or even that managed files exist. Rules are applied automatically, and enforced as soon as someone creates a share. Definitions and rules are built using Active Directory and Group Policies, and applied at runtime. If you create a share you can see the policies that apply, and can choose the rules that apply. Users don't just get refused access to a file; you can configure messages that indicate why users have been blocked and what they need to do if they're sure they need access to the data — including creating an email template for permission requests.
The dynamic access control mechanism is extensible, and can be tied into other access control tools. One option would be to bridge physical security with data security, locking down files for users who haven't badged into a secure building.
Remote Access in Windows 8 Server
Current trends in both IT infrastructure and in working patterns mean that remote access tools need to become easier to use. Windows 8 Server's new Unified Remote Access role bundles together three previously separate technologies: Direct Access, VPN and cross-premises connectivity. Direct Access becomes the preferred connection technology for Windows devices, with VPNs for everything else.
Getting Direct Access working used to be hard, and Windows 8 Server simplifies things considerably. An express wizard gets you started quickly, and additional options support working behind NAT networking equipment rather than as a host in a DMZ. You can even use Direct Access with a single network adapter. You don't need to worry about IPv6 versus IPv4, which simplifies compatibility issues, and you can deploy in an existing network with no need for changes.
BranchCache has been improved, taking advantage of Windows 8 Server's data deduplication features to speed up download of similar files. This means you'll get version 2 of a document quickly, even if only version 1 is held in the local cache. You can also use it with cloud-hosted storage, computing the storage hashes for the cache on the client and storing them with the data on cloud servers. BranchCache will download the hashes first, before requesting data from the cloud. You don't need to be a branch office to take advantage of this feature — it works just as well for datacentres sharing data with cloud services.
Windows 8 Server and the web
With Windows 8 Server, the Internet Information Server (IIS) team has been moved to the Azure group, giving the new IIS many features that help support scalable cloud services. One major change in the next IIS is support for WebSockets, which makes it easier to connect HTML5 applications to data sources with asynchronous connections. There are also significant performance improvements over Windows Server 2008 R2, using 3.5 times less memory, and a 166-fold speedup on configuration changes.
Another important change is to how IIS handles and manages SSL certificates. Instead of managing them on a per-site basis (something that could be quite time-consuming on a large web farm), a central certificate store manages all your certificates, with tools for managing expiry as well as provisioning sites. There's no longer any need for IP address bindings for SSL certificates, and you can use a single PowerShell cmdlet to deploy and manage certificates.
With servers hosting multiple sites, IIS will now sandbox applications using CPU throttling. Where processes that needed too much CPU were simply killed in Windows Server 2008 R2, Windows 8 Server lets you define a maximum amount of CPU that can be used. If there's no contention, you can access all of a server's resources. Once there's contention, your process is throttled back to its limits.
Windows 8 Server and remote and virtual desktops
Virtual Desktops are becoming more and more common, and Microsoft is using Windows 8 Server to deliver an improved version of the Remote FX tools originally released with SP1 of Windows Server 2008. The storage needed to hold virtual desktops has been simplified and there's support for Windows 8 desktop features, including touch with multiple touchpoints.
Windows VDI used to require expensive shared storage for desktop images. That's been replaced with local storage for cached images, with no need to go to the network. Pooled storage also simplifies personalisation, and a session host server handles resource allocations, giving users fair shares of network and disk resources, as well as CPU. You can use direct attached storage for images, or access them using SMB connections to remote storage arrays.
One additional change is support for slow WANs, letting branch offices use virtual desktops from central offices. Microsoft expects bandwidth requirements to be 10 percent of those from Windows Server 2008 R2, with a new codec and support for both TCP and UDP connections. Patching is improved too, avoiding the dreaded patch storms, using policies to coordinate deployment. If you're using RemoteFX there's no longer a need for specialised GPU arrays on servers, as Windows 8 Server includes software graphics acceleration that works well for desktop features and for productivity applications.
Conclusion: your next server?
Windows 8 Server isn't so much a new thing, as the next step in the evolution of Windows. A new user interface, along with the various UI-less options, mean it's easier to deploy, manage and secure. A new version of the Hyper-V hypervisor makes it clear that you're expected to run Windows 8 Server as a virtual machine, not a standalone server. It's an approach that makes a lot of sense, as Windows 8 Server will be running alongside previous servers, and any conflict or incompatibility will affect rollouts and deployments.
Many of Windows 8 Server's new features have required significant architectural changes, and so won't be available to earlier versions. However, Windows Server 2008 users will get access to many of the new PowerShell cmdlets. Describing it as suitable for 'any application, any cloud', Microsoft has big ambitions for its new server. The new private cloud features in Hyper-V make it clear that this is Microsoft's Infrastructure-as-a-Service (IaaS) play to go along with the Azure cloud platform.
We're impressed with what we've seen so far. It's up to Microsoft to deliver what's likely to be your next server — and to move you from running a datacentre to running a cloud. It's a big challenge for everyone, but Windows 8 Server looks more than up to the task.