Microsoft targets virtualisation with Windows 8/Windows Server combo
- 24 October, 2012 11:42
Much of the attention being paid to this week's Windows 8 launch focuses on the new Metro-style interface and the fact that Microsoft is extending its desktop OS to tablets and smartphones. But for enterprises, the real story is the way Microsoft has integrated Windows 8, Windows Server 2012 and the Hyper-V hypervisor to create an unmatched system for running virtualized environments.
Combined, Windows Server 2012 and Windows 8 represent the biggest changes we've seen from Microsoft in a decade, with the company training its guns on virtualized Linux vendors such as Red Hat, as well as hypervisor market leader VMware.
Both Windows 8 and Windows Server 2012 sport the new Metro-style GUI, but we found that it's not as radical a change as has been reported. Indeed the bemoaned missing "Start" button and menus already have a dozen replacements being offered freely (or almost freely). If you know about Windows 7 or Windows Server, the menu makeovers are rapidly obvious, we found.
Although we have some minor reservations about Windows Server, both philosophically and in practice, we found the Windows Server/Windows 8 Enterprise combination to be far ahead of its peers for large enterprise deployments and management. And that's not even counting the additional management functionality available from Microsoft System Center 2012.
Inside the Windows Server 2012 platform is a shift towards the kind of programmability first envisioned by Bill Gates when he declared that Windows would run on BASIC as a programming environment. That was an allusion towards the Visual BASIC scripting that became popularized in inter-application/platform custom coding efforts.
These efforts allowed organizations to integrate custom code with Microsoft Office apps, and web development efforts then became centered around Microsoft SharePoint services. While these "departmental" and populist development efforts continue, Microsoft has now evolved its PowerShell "cmdlets" in a way that both mimics scripting and inter-platform communications, but in vastly more powerful ways.
The goal is to give the Windows platform as much potential for programmability and customization as Linux distributions.
Windows 8 Enterprise
Pre-release criticisms have focused around a number of changes that appear to alter the character of Windows-as-we-know-it. We don't think so. Windows 8 has a new user-interface, but the changes are no more radical than those we've seen from Apple, Canonical, and others. Microsoft is trying to get unstuck from the success of Windows XP; and the new user interface -- once apps are built -- might just do it.
There are more differences than limitations, and there are just three different versions of Windows 8 to choose from, Home, Professional, and Enterprise. Each edition gradient has differing feature sets, and Enterprise is differentiated by its ability to be activated via Windows 2012 Key Management Services that can dole activation keys as needed.
Professional/Enterprise can be considered the analog to Windows 7 Ultimate; these replace up to nine different versions in Windows 7.
You get the Hyper-V hypervisor in Professional/Enterprise (we'll call it W8E) that's the same version shipped with Windows 2012 Server, and it replaces Windows Vista/Windows 7 Virtual PC to serve as a bare metal-type hypervisor.
Ostensibly, it's used to run a prior version that you upgraded from, like Windows XP, Vista, or Windows 7. You can have your old apps in other ways, too. You can host Windows 8 instances as VMs on Windows 2012 Hyper-V, VMware, or other hypervisors, too.
Microsoft's application virtualizer, App-V, has been upgraded and now has a physical-to-virtual feature, although we didn't test it. App-V V5 allows, like prior versions, a Remote FX-based GUI connection to an application that's executing someplace else. It appears as though the application launching, manipulation, and execution are happening locally, but these are actually communication broker stubs that link to the application on a server somewhere else.
Installation and Options
Microsoft Windows 8 wants to own the master boot record (MBR) on a system's hard drive, which some have objected to, but solutions that allow an alternate boot have already become available. The controversy regarding whether to prevent boot-sector virus vectors through the use of a UEFI secure boot (a BIOS replacement scheme) initially riled people who like to host concurrent operating system or disk partition instances. And we found that Windows 8 at installation, indeed grabs and will not eagerly let go the disk master boot, securing it, and making it very difficult to place other operating systems on it.
Disk security methods already in place will be removed on installation, unless Windows 8 plainly refuses to use the disk because it can't partition it. We applaud Microsoft's attempts at boot security, and don't have the qualms that others find when a vendor tries to secure a system. Yes, it makes it a hassle to have other operating systems on the same system -- that's what virtual machines and workarounds are for. The security trade-off, we feel is worth it and is only small discomfort for hackers -- who have already suggested clever workarounds.
We ran into one case where a pre-release version of Windows 8 wouldn't install without removing older partitions, but all upgrades we tried from Windows 7 to Windows 8 worked flawlessly and without complaint or annoyance. Microsoft suggests that anywhere Windows 7 works, Windows 8 should install; the only limitations we've heard anecdotally are where drivers for advanced displays just aren't available yet; we didn't run into this problem in 11 installations.
The Windows 2012 Key Management Service allows instances of W8E to be installed, grabbing an activation key when initially installed. This works with Windows 7, too. The operating system payloads can also be modified to deploy both Microsoft and third-party software for automated updates, although Microsoft's System Center 2012: Configuration Manager handles this chore with better finesse than manual payload management.
Windows 8 opens with the Windows 8 UI (formerly known as Metro), which is also found on Windows Server 2012, Windows RT and Windows Mobile 7.5+. This cross-platform UI ideal has also been championed by Apple with iOS (even MacOS devices are starting to look like iOS), Canonical with Unity on Ubuntu (desktop, server, tablet, and beta smartphones), and is desirable as the proliferation of personal device learning curves and seeming inter-device family incompatibilities arise.
The UI isn't tough to maneuver at all, we found. A fast mouse-movement to the right of the main UI reveals options to change settings, and otherwise move around. Behavior of applications already installed shouldn't change. But there's a rub.
There are apps currently compatible with Windows 7, and those should run OK. Apps that use the new Windows 8 UI are called Windows 8 apps, and can be obtained (ostensibly) only from the Microsoft Store. The store is currently starting to fill, but by no means has the quantity found in Apple, Google or Amazon app stores. The regimen used to vet applications in the store is also still largely unknown.
Other items we tested include: the Windows 8 User State Migration Tool, which allows user settings to be migrated to a new machine (similar to the older, Windows 7 version); Windows To Go, which makes a bootable (think USB Flash Drive or other externally connected drive) instance, system hardware-permitting; and we played with making customizable Windows 8 P/E images for distribution purposes.
By combining these tools, coupled to server-based key management tools, deploying Windows has been made almost as simple as an online Linux distro. It's still Windows, and uses a hallowed convention for file placement and licensing, but we found it easier than Windows 7 at image customizing.
The Windows 8 UI takes just a moment to understand; it's not quite an intelligence test. On our Lenovo T520 tablets -- on the same hardware -- Windows 8 boots in 16 seconds to usability in a fresh installation vs. Windows 7 (with updates) at 27 seconds. We could detect no real disk speed changes, but the UI is fast and has a "snappy" feel when we changed screens, or popped back to the Windows 8 UI with the Windows key on the Lenovos.
We were mystified that sleep, hibernate, and other control options were absent from the Windows 8 UI choices. These worked, but we like to choose them ourselves sometimes, rather than close the lid on our notebooks, or shutdown via hibernate switches on our desktop machine, but these are small grievances.
This is the first Microsoft client OS that hasn't been directly compared with Apple's MacOS in ages. With Windows 8, Microsoft deviates from the course of evolving their UI into stratifying their UI across the platform segments that it supports.
Windows 8 isn't quite as radical as Windows Server 2012, but the unified UI strategy is a departure from UI and iterative functionality improvements. Windows 8 is more distributable, more easily secured, and works hard to retain an enterprise presence. Old software works, new software installed without issue if it works with Windows 7. What's for sale here is cross-device unified behavior atop the gains made by Windows 7.
We still fear a dot-zero release, but with as much advance pounding as this release has seen -- it was in general beta for a year prior to our ability to obtain RTM code -- it seems (dare we say it?) safer.
Windows Server 2012 (Standard and Data Center)
Microsoft's plentiful work in 2012 was spent towards making Hyper-V more competitive with features of other virtual machine and cloud services vendors, but also in out-featuring its competition in management and enterprise-focused control-plane capabilities.
You don't have to deploy all of the options to get just traditional file-and-print, Active Directory Controls, and MS Exchange going -- the most popular basic combination.
What Microsoft has added is the ability to get to those extra features rapidly and with rational procedures for civilians, or modifiable-then-deployable payloads for larger organizations that must distribute customized server payloads. And it's all 64-bit, even 32-bit in-place upgrades aren't possible. Microsoft's website offers extensive detail on upgrade paths from current versions of Windows 2008.
There are two forms of the Windows Server 2012 -- "Standard" and "Data Center"; both can be optionally run over Hyper-V. Two user-limited versions, Windows 2012 Essentials (25 users, 50 devices, one server) and Windows Server 2012 Foundation (up to 15 users, but without Essentials application features that are much like Windows 2008 Small Business Server/SBS) are available but aren't covered in this review.
Each Windows Standard/Server license covers just two physical processors, which we found comparatively limiting, although somewhat inline with hypervisor competitor VMware -- where you'll pay for the hypervisor license and in addition, the Windows license. Standard edition allows two VMs; licenses can be stacked up to eight VMs for two licenses on the same server. Data Center licenses are essentially unlimited, subject to the two physical processor rule. CAL (Client Access Licenses) are roughly the same as before, and Remote Access (VDI) sessions also require additional-cost licensing support in many cases.
We could also choose to install in a GUI- or GUI-less version, "Server Core". Windows 2012 as an operating system on media, can be mounted, added-to, or modified within constraints for either the full-installation, or a sparse one, prior to installation. Although we couldn't find directions regarding putting the operating system on a diet, we know that the payload can be reduced dramatically. A lighter payload makes it non-standard for purposes of later adding software, but for organizations seeking sparse instances to virtualize -- it can be done.
In the Server Core installation, the initial server payload can be pre-configured to wake-up the first time and find resources as a package, or can be rapidly and subsequently built through the use of additional PowerShell commands (in the form of text-based scripts) to get the server initially configured. If you haven't preconfigured anything, you're dropped to a CMD box at the end of the Server Core installation, and will subsequently run administration and modification of that server from a different machine, or through the use of PowerShell cmdlets -- perhaps a favored set of scripts completes the provisioning process for the server.
If the GUI-based installation is chosen, only a few selections need to be made until the server initially comes alive. From there, a server installation dashboard provides choices of what to do to install additional features. We could flip away from there and get a Windows 8-ish UI that allowed us to do things like set initial IP configuration, and perform other Control Panel settings. When we flipped back to the dashboard, we then made our installation choices.
When we wanted to install features, we could do so as traditional Windows Server "Roles" into the current server, a group of servers (where that makes sense), or tuck them with various pre-configuration steps into a Virtual Hard Disk (VHD file). Of the installation choices, one can add components like the IIS web services, Active Directory, or the AD Rights Control Services, along with print and other familiar services.
What we liked about the changes in the Dashboard approach was that it allowed us to make choices, and it would figure out the dependencies -- other apps needed -- then let us allow the server to reboot automatically if we desired (rather than get hung up waiting for us to click "ok" when each server Role was installed). The Server Core version does the dependency checks, too.
This varies significantly from Windows 2008 R2 Server and former Windows Server editions, and comes closer to the ease of configuration found in dependency-checking apps from SUSE (YaST), and other RPM/like managers found in Red Hat Linux distributions.
Roles now included are Active Directory Certificate Services (upgraded from the CA Role in 2008 editions); Active Directory Domain Service, Active Directory Federation Services, Active Directory Lightweight Directory Services; Active Directory Rights Management Services (new), Application Server; DHCP Server; DNS Server; Fax Server; Hyper-V (installs the hypervisor and/or manager); Network Policy and Access Services; Remote Desktop Services; Volume Activation Services; Web Server (IIS); Windows Deployment Services; and Windows Server Update Services (WSUS).
Features, could also be added, and their dependencies resolved, as well, and more appropriately than in prior Windows Server editions. The list includes: adding .NET 3.5 and or 4.5, Background Intelligent Transfer Service/BITS, BitLocker Drive Encryption, BitLocker Network Unlock; Branch Cache, Client services for NFS, Data Center Bridging (QoS protocols); Enchanced Storage (third party storage access control options); Failover Clustering; Group Policy Management; Ink and Handwriting Services (handwriting and stylus ballistics recognition APIs), Internet Printing Client, IP Address Management (IPAM) Services, iSNS (Internet Storage Name Services (iSCSI support), LPR (Unix-ish printing) Port Monitor; Management ODATA IIS Extension (web developer interface for PowerShell), Media Foundation (multimedia handlers); Message Queueing (guaranteed disparate/similar app messaging foundation); Multipath I/O storage infrastructure; Network Load Balancing, Peer Name Resolution Protocol; Quality Windows Audio Video Experience; RAS Connection Manager Administration Kit; Remote Differential Compression (a service to identify objects that don't need transmission/copying); Remote Server Administration Tools, RPC over HTTP Proxy, Simple TCP/IP Services; SMTP Server; SNMP Service; Subsystem for Unix-based Applications; Telnet Client; Telnet Server; TFTP Server; User Interfaces and Infrastructure; Windows Biometric Framework, Feedback Forwarder, Identity Foundation 3.5 Internal Database; Powershell; Process Activation Service; Windows Search Service Server Backup; Server Migration Tools; Standards-Based Storage Management, System Storage Manager; Windows TIFF filter (optical character recognition for fax images); WinRM IIS Extension (secure web administration); WINS Server; Wireless LAN Service (for WLAN enumeration/configuration); WoW64 (this is the server GUI/Dashboard app); and XPS (document) Viewer.
Once a role or feature is selected, dependencies are resolved, and we could go on our merry way. We wished that services like telnet, tftp, and WINS could have a red flashing light next to them to warn users about the insecurity of these protocols, but if you spent the time, all of the communications between and among (at least) Windows clients could have IPSec encryption -- and this removes some of our objections to the inclusion of these otherwise easily discovered and abused protocols.
Other clients/services encryptions are left to the devices of those seeking to encrypt -- which means you need to re-do settings to accommodate Linux, MacOS, BSD, and other traffic, which isn't so much non-trivial, but obscure to do. It took quite some time for us just to get Macs accommodated over IPSec.
The number of PowerShell commandlets (cmdlets) has increased dramatically in Windows Server 2012, and extend to managing Active Directory Clients. You can have GUI, or you can script, or both, we found. What's lacking is a rudimentary filing or document control mechanism to store and identify PowerShell scripts in a way above implying the function of a script by its file name. The power of PS scripting begs a method to readily identify its use without examining its contents thoroughly.
We like that it's syntactically coherent, where Unix/Linux/-alike bash/bourne/-other shell script syntaxes require making "man -k" your best friend as the scripting languages and Linux command's power is often hobbled by their vast historical inconsistencies. Veteran Unix/Linux admins will adapt easily to PowerShell's increased functionality, if they can overcome ideological barriers in using a closed-source, non-free host operating system.
Using Windows Server 2012 in a virtualized environment also has improved. The changes in Microsoft's bare metal hypervisor, Hyper-V 3, now allows an onboard L2/L3 switch to be configured to manage traffic. We tested the hypervisor and VM instances primarily on an HP DL380 G8 Server containing four processor sockets, and 16 cores -- but two licenses in Microsoft's ciphering.
Although the HP was plentifully powerful, in our testing, we didn't have the density needed to test high-traffic, multi-tenant configurations. The switch is programmable and can be enlightened to accommodate VM machine moves among server hosts for host-resource matching.
The infrastructure support in Hyper-V (licensing permitting) is vastly larger in 2012 Server editions compared to 2008R2. We could have 320 logical processors compared with 64 in 2008R2. Physical memory can be 4TB rather than 1TB. Hyper-V3 can support 2,048 vCPUs per host rather than the 512 in Windows 2008R2. The memory per VM goes from the former limit of 64GB to 1024GB. Clusters can grow from 16 nodes to 64 nodes max, in Windows 2012 Server, and the maximum number of VMs jumps from 1,000 to 8,000 in a cluster -- each with guest non-uniform memory access (NUMA, for speed).
But are the VM payloads as slim, lithe, and handy as ginning up bunches of Linux instances? We sought to test how this might work, as licensing issues have dogged rapid deployments of Windows instances into Platform-as-a-Service instances.
It's possible to host Windows 2012 Standard or Data Center editions as VMs on Hyper-V (2 and 3), VMware (we tested 5.0 and 5.1), and into data centers -- but Microsoft would prefer that you used Azure and Azure-compatibles. Towards these ends, there is a Key Server that can provision Windows 8 clients (tested with an MSDN key, rather than an Enterprise key (Microsoft won't let us have one). You can move VMs across Hyper-V 3 hosts; however, between V2 and V3 we had head-scratching difficulties that are still unexplained.
Active Directory Rights Management Services (AD RMS) was very interesting to us in Windows 2008, but in Windows Server 2012, it's linked to Active Directory Dynamic Access Control, which extends the covered storage "turf" to devices that can be controlled via Active Directory identity and access controls.
We set this up and copied numerous folders. If a device is Active Directory-authenticated (Windows Vista+), we had protection afforded for the files. We needed to generate a client certificate, which in turn, is used by the server to match identity, a process called DRMActivate.
Once installed, a match is made between the client and server portion when the certificates match (we also tried fudging a certificate, but that didn't work) and we received file access as we'd prescribed, as the creator or administrator of the files and folders. We also tried PowerShell subterfuge to no avail. AD RMS also controls policies for Windows 8 Professional/Enterprise AppLocker feature, we found. Encryption comes with Bitlocker, which uses the Trusted Information Chipset as in prior editions, but can also be run with a USB containing the key. Don't lose the key.
There is the sense that Microsoft accommodates other clients and server platforms within the turf that they seem to be managing by their improved editions. Active Directory is a key hook that Microsoft has, and if your clients and servers can speak Active Directory, you're happy, otherwise you're still a second-class citizen. It's been that way for decades and we didn't expect it to change.
Yet small irritations, like the fact that Group Policies are an admin-or-nothing gradient means that applications like Viewfinity Privilege Management and Beyond Trust Privilege Manager will still be needed to graduate Group Policy management, which is essentially unchanged from Windows 2008 (R2).
What the Windows 2012 Server editions provide is a compelling reason to stick with Windows infrastructure, as many of the advances represent integration of management components that have no competitive parallels. Microsoft wants to use Windows Server 2012 as the crux of many happy cloud deployments, but still doesn't have the lightweight, mindlessly flexible texture of Linux. Licensing costs are high, although we like the reduction in the mentality that made so many editions for every seemingly interesting application profile. There were 17 versions of Windows Server 2008, and now there are four. Whew.
Henderson is principal researcher for ExtremeLabs, of Bloomington, Ind. He can be reached at email@example.com. Matt Evangalista, also of ExtremeLabs, contributed to this report.
Read more about software in Network World's Software section.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- Cloud Computing for Midsize Businesses: Delivering Innovation and Efficiency
- A Holistic Approach to your BYOD Challenge
- Clearing the Clouds for Midmarket Businesses
- Devising a Server Protection Strategy with Trend Micro
- Integrated Computing Platforms: Infrastructure Builds for Tomorrow’s Data Centre
Australia remains black spot for Vodafone
WikiLeaks Party closer to registering
AusCERT 2013: NBN users need security professionals’ help, says Google
WikiLeaks Party closer to registering
AusCERT 2013: NBN users need security professionals’ help, says Google