Management Reliability

SolidFoundation

Windows Server ManagerPowerShell

VirtualizationActive Directory

Server CoreNext Generation

NetworkingHigh Availability

Clustering

Most Flexible and Robust Windows Server Operating System to Date

Improve Uptime

• Before, hardware upgrades and maintenance have required a shutdown, resulting in downtime

• Windows Server 2008 reduces the need for downtime by supporting these hardware configuration changes without a reboot:– Hot add and replacement of processors (Datacenter Edition)– Hot plug PCI Express

• Some vendor proprietary Windows Server 2003 configurations supported hot plug PCI

– Hot add memory (Enterprise and Datacenter Editions)

Self-Healing NTFS

• Before, NTFS corruptions required running Chkdsk, which often could only be done on the next reboot

• In Windows Server 2008, an NTFS worker thread performs background Chkdsk-type corrections when NTFS detects a corrupt file or directory– Minor disk errors are transparent to the user– No need to reboot to repair corruptions

Windows Server 2008 Boot Changes• Before, boot mechanism was platform

specific (e.g. BIOS, EFI)

• Windows Server 2008 unifies the boot mechanism to be platform independent

• NTLDR split into two components:– Boot manager (\Bootmgr)

• Replaces first half of NTLDR (OS selection & boot options)

– OS loader (\Systemroot\System32\Winload.exe)• Replaces 2nd half of NTLDR (loading OS, boot drivers,

and System registry hive)• One per OS installation

Boot Configuration Database (BCD)• Boot.ini is replaced by the Boot

Configuration Database (BCD)– Abstracts firmware – Unified across different OS installations– BCDEdit is the command-line management

interface • BCD is a new registry hive

– Stored in \Boot\BCD– Loads into HKLM\BCD00000000– Registry key security protects entries

Clean Service Shutdown

• Before, services had no way to extend the time allowed for shutdown– After a fixed timeout (default 20 seconds), SCM was killed and

system halted (while services were running) – This was a problem for services that needed to flush data

• In Windows Server 2008, services can request preshutdown notification and take as long as they want to shut down– If the service stops responding the system gives up on it after 3

minutes

Improved Auditing More Granularity

Support for many auditing subcategories: Logon, logoff, file system access, registry access, use of administrative privilege, Active Directory

Captures the Who, the What, & the When From and To Values for Objects or Attributes Logs All – Creates, Modifies, Moves, Deletes

New Logging Infrastructure Easier to filter out “noise” in logs Tasks tied to events: When an event occurs tasks

such as sending an Email to an auditor can run

automatically Event forwarding

“Restartable” Active Directory

• Introduction to Restartable Active Directory– Restart Active Directory without rebooting– Can be done through command line and MMC– No effect on non-related services while

restarting Active Directory– Several ways to process login under stopped

mode• Benefits of Restartable Active Directory

– Reduces time for offline operations– Improves availability for other services on DC

when Active Directory is stopped– Reduces overall DC servicing requirements with

Server Core

Windows Server 2008 Hardening

Windows® XP SP2/Server 2003 R2

LocalSystem

Windows Vista/Server 2008

Network Service

Local Service

LocalSystemFirewall Restricted

Network ServiceNetwork Restricted

Local ServiceNo Network Access

LocalSystem

Network ServiceFully Restricted

Local ServiceFully Restricted

Complete Redesign of TCP/IP

Dual IPv4 and IPv6 supportImproved performance via hardware acceleration

Provides the ability to offload network-processing functions from the CPU to the processing circuitry on the network interface card

Improved performance via autotuningTesting performed internally at Microsoft showed large file copy times were reduced by almost half for a 1Gbps connection with a 50ms RTT

Completely manageable through Group Policy

Insp

ectio

n

AP

I

WSK

WSK Clients TDI Clients

NDIS

AFD

TDX

TDI

Winsock User Mode

Kernel Mode

Next Generation TCP/IP Stack (tcpip.sys)

IPv4

802.3 WLAN Loop-back

IPv4 Tunnel

IPv6 Tunnel

IPv6

RAWUDPTCP

Next Generation TCP/IP Stack (tcpip.sys)

IPv4

802.3 WLAN Loop-back

IPv4 Tunnel

IPv6 Tunnel

IPv6

RAWUDPTCP

Key New Networking FeaturesReceive Window Autotuning Windows Filtering Platform

Receive Side Scaling Policy-based Quality of Service

Automatically senses network environment and adjusts key performance settings

Allows increase of the size of the TCP/IP send / receive window

Provides filtering capability at all layers of the TCP/IP protocol stack

Integrates and provides support for next-generation firewall features

Previous Windows operating systems limits receive protocol processing to single CPU

RSS resolves this issue by allowing network load from a network adapter to be balanced across multiple CPUs

Prioritize or manage the sending rate for outgoing network traffic

Both DSCP marking and throttling can be used together to manage traffic effectively

Windows PowerShell

New Command-line shell & Scripting Language

Windows 2008

Improves productivity & control

Accelerates automation of system admin

Easy-to-use

Works with existing scripts

Will ship in WindowsAdmin GUIs layered over PowerShellOne-to-many remote management using WS-MGMT

Partners

Windows PowerShell Resources

Hundreds of Scripts

Books & Training Materials

Community Support

MS MVPs

PowerShell Team Blog

Active Newsgroup

Channel 9: DFO Show

IIS.net

Manning Publications

O’Reilly Media

Sapien Press & others…

TechNet ScriptCenterExchange Server 2007Terminal ServerWMI, Registry, Hardware, etc.Community-Submitted scripts

MyITForum.com

Server Manager

Product Installation

Initial Configuration

Managing Windows Server 2008

Reliability and Performance Monitor

Combines functionality of previous stand-alone tools

Tracks system changes

Provides new functionality

Server Manager

demo

Features

Windows Server Core

Reduced Software

Maintenance

Limits the server roles used.

Installs only a subset of the binaries.

Only required features are installed

Command line interface, no GUI shell

Takes about 1 GB for installation

Reduced Attack Surface

Reduced Management

Benefits

Less Disk Space

Required

FeaturesS

erv

er

Core

Roles

Hardware Support Components – Disk, Network Adapter, etc.

DNS

DHCP

FileServer

Active Directory

Infrastructure FeaturesCommand Shell, Domain Join,

Event Log, Perform. Counter Infra., WS-Mgmt, WMI Infra, Licensing

Service, WFP, HTTP Support, IPSec

Resolved Category Dependencies – HAL, Kernel, VGA, Logon, etc.

Core SubsystemsSecurity (Logon Scenarios)

Networking (TCP/IP) , File Systems, RPC, Winlogon,

Necessary Dependencies.

Thin Management Tools (Local and Remote)Configure IP Address, Join a Domain, Create Users, etc.

AD Lightweight

Directory Service

PrintServer

MediaServices

Windows Virtualization

Server

WINS SNMPBitLocker

Drive Encryption

Telnet Client

Failover Clustering

Removable Storage

ManagementBackup

Windows Server Core Architecture

Microsoft Virtualization Solution

Server Virtualizatio

n

Desktop Virtualization

ApplicationVirtualizatio

n

PresentationVirtualization

Virtualization Investments

Management

Infrastructure Applications Interoperabil

ityLicensing

Create agilityBetter utilizeserver resourcesPartner with AMD and Intel

Ease consolidationonto virtual infrastructureBetter utilizemanagementresources

Supportheterogeneityacross thedatacenterOSP (Open Specification Promise) VHD

AcceleratedeploymentReduce the cost of supportingapplications

Deliver cost-effective, flexible and simplified licensingRoyalty Free VHD format

A Multi-level Approach

Terminal Services

Monolithic vs. Microkernelized

• Monolithic hypervisor– Simpler than a modern kernel,

but still complex– Contains its own drivers

• Microkernelized hypervisor– Simple partitioning

functionality– Increase reliability– No third-party code– Drivers run within guestsVM 1

(“Service”)VM 3

Hardware

Hypervisor

VM 2(“Child”)

VM 3(“Child”)

Virt.Stack

VM 1(“Parent”)

DriversDriversDrivers DriversDriversDrivers DriversDriversDriversHypervisor

VM 2

Hardware

DriversDriversDrivers

*Microkernelized Hypervisor has an inherently secure architecture with minimal attack surface

VMware ESXWindows Server

Virtualization Approach (Xen also)

Hyper-V is not based on Xen. It was completely written at Microsoft.See: http://blogs.technet.com/windowsserver/archive/2007/12/20/Xen-in-the-Windows-kernal_3F00_-Ha_2D00_ha.aspx

Requirements & Key Features

• Requirements– Requires x64 hardware support – Requires AMD-V or Intel VT (IVT) enabled processors

• Key features– Hardware virtualization – SUSE Linux supports Virtualized hardware not emulation– 32-bit and 64-bit guests– Large memory support (up to 64 GB of memory per virtual

machine)– Guest multiprocessing (Up to 4 core virtual machines)– WMI management and control API– Save/Restore, Snapshotting– CPU and I/O resource controls– Easy transition of Virtual Server VMs with standard VHD

format– Quick Migration out of Box

Windows Server Virtualization

Quick Migration

• Available at Windows Server Virtualization RTM• For Planned Downtime

– Quick Migration means a few seconds of downtime• Can be as little as three seconds to move a VM• Downtime depends on storage connectivity and VM memory size

• For Unplanned Downtime– Quick Migration allows a restart of the virtual machine on

another physical server

Quick Migration

Fundamentals

• Save state– Save entire vm state

• Move virtual machine– Move storage

connectivity from origin to destination host

• Restore state and Run– Restore vm and run– Done

VHDs

Network Connectivity

SAN Storage

Quick Migration• Time to move a virtual machine is dependent on two

factors:– The memory allocation of the virtual machine– The speed of connectivity to storage

• Requires Clustering of Physical host– HA of Guests available with Clustering (VS2005)– Configuration provides HA plus Quick Migration CapabilityVM Memory 1 GbE iSCSI 2 Gb FC 4 Gb FC

512 MB ~8 seconds ~ 4 seconds ~2 seconds

1 GB ~16 seconds

~8 second ~ 4 seconds

2 GB ~32 seconds

~16 seconds

~8 second

4 GB ~64 seconds

~32 seconds

~16 seconds

8 GB ~2 minutes ~64 seconds

~32 seconds

Virtualization…

Microsoft in the Market

Microsoft Provides a Multilevel ApproachInfrastructureManagementApplications

Interoperability

Management Integrated Physical& Virtual

Management

Virtual Management Only

Virtual Machine Migration

*Free as part of Windows Server

Additional $$$ but Subsecond

Guest Multi-processing 4-core support (free)

2/4-core (Additional $$$)

Large Memory Support 64GB per VM 64GB per VM (3.5)

Architecture Support X86 & x64 X86 & x64

Windows Server

Virtualization

VMWareESX Server

Windows Server Core

Are you ready for Server Core!!!

Server Core Server Roles

Server CoreSecurity, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems

DNS DHCP FileAD

GUI, CLR, Shell, IE,

Media, OE, Etc.

ADLDS Hyper-V IIS 7Print Cluster

Windows Server Core

• Can be managed:– Locally from the command prompt– Via TS remote admin mode from the command prompt– Remotely via MMC, Windows Remote Shell– Remotely via WMI based PowerShell scripts and cmdlets (e.g.

the IIS cmdlets)• Benefits

– Fundamentally improves availability– Less code results in fewer patches and reduced servicing burden– Low surface area server for targeted roles– More secure and reliable with less management

Managing WSV on Server Core• Locally

– Custom scripts accessing WMI (no managed code & no local PowerShell)

• Remotely– Using WSV MMC

• From Windows Server 2008• From Vista SP1

– Using Virtual Machine Manager• Designed for managing a farm of servers• Includes extensive PowerShell implementation

The Hypervisor doesn’t save you $$$

Managing your Virtual investment better

does..

What is VMM?

• A new System Center product that allows you to manage your virtualized environment– Entire Host Farm from a single Console– Built on Powershell

• Feature set includes centralized:– Host Configuration– Virtual Machine Creation– Virtual Machine Placement and Deployment– Server Consolidation Tools – Image Library Management– Monitoring and Reporting– Rapid Recovery

Windows® PowerShell Script

Administrator MMC Console

Self Service Web User

Physical Servers with VMM agents in DMZ

Perimeter Network (DMZ)

Physical Servers with VMM agents

Library Share

Self Service Web Portal

Virtual Machine Management: Topology

Administration

Virtual Machine Manager

Workload Provisioning and Server Consolidation

• Wizard based for creating VMs– Clone existing VMs, workload

templates, etc.

• Virtualization Candidates report to facilitate the consolidation process

• Wizard based solution for converting physical machines into virtual machines (P2V)– Windows 2003 and later can be

converted without any downtime

• Virtual to virtual (V2V) conversion for VMware VMs

Virtual Machine Manager Self Service Web Portal

• Web user interface to allow end users to create and use their own VMs

• Administrators can control access through policies which designate capabilities

Rating Function

Hard Requirements

CheckGuestVM Data

Capacity Planning

Technology

HostData

Actual CPU, Network,

& Disk Load

Configuration

Physical Disk, Processor &

Memory Reqs

Virtual Machine Intelligent Placement

Normalized Host + VM

Load

Result of Hard Requirements

Check

Virtualization Workload MonitoringHost Perspective

• Virtualization is a new server workload, but with similar monitoring needs as existing workloads.

• Virtual Machine is a component of the virtualization stack.

In Guest Perspective

• Virtual Machine is a computer!

Virtual Machine Host

Virtual Machine

Ops Mgr Agent

Virtualized Workload

Virtual Machine

Ops Mgr Agent

Virtualized Workload

Operations Manager Agent

Virtual Machine Manager Agent

Virtualization Management Pack

Server Virtualization Management Pack for Operations Manager 2007 provides the following:Discovery and monitoring of all Virtual Server and Virtual

Machine Manager ComponentsAlerts on job and component status changeReports for managing and maintaining a virtualized environmentVirtualization environment diagram view

Virtualization Management Pack Reports

• Reports in the Server Virtualization Management Pack leverage the data available from the Operations Manager Data Warehouse.

• The reports are accessible from with the VMM Administrator’s Console

– Virtualization Candidates

– Virtual Machine Allocation

– Virtual Machine Utilization

– Host Utilization

– Host Utilization Growth

Availability

• SCVMM 2007 – Available now• SCVMM “Next” Beta – Q2 CY2008• SCVMM “Next” RTM – H2 CY2008• Windows Server Virtualization Tech Preview

– Available with Windows Server 2008 RC0• Windows Server Virtualization Beta

– Available with Windows Server 2008 RC1• Windows Server Virtualization RTM

– within 180 days of Windows Server 2008 RTM

Windows Server Virtualization• Key features

– 32-bit and 64-bit guests– x64-only hosts with Intel VT or AMD V– Up to 8 CPU’s per guest– Direct SAN access available to guest– WMI management and control API– Live snapshotting of guests and hosts– CPU and I/O resource controls– Quick migration of guests (Live Migration planned RTM

+1)– Host and guest clustering– Completely manage SCVMM using PowerShell– Recommend install Server Core on the Parent Partition