1. Visual Changes in Windows Server 2012
The first thing you notice when
Windows Server 2012 boots is that it boots to the Server Manager
console that enables administration and management of the server or
servers in the environment. If you press the Start or Windows key on a
keyboard, the Windows Metro style menu pops up. This might seem to be a
simple cosmetic change to standardize the current look and feel of the
Windows operating systems with other “Windows 8” operating systems like
those for tablets, laptops, and desktops. Interestingly, with the
release of Windows Server 2012, Microsoft did away with the Classic
view of Windows (the Start button is no longer on the lower left, where
it has been for years), so there are a few things to get used to. So,
the seasoned Windows administrator needs a bit of time to get used to
Windows 2012, but then it’s easy to find what you need.
2. Windows Server 2012 as an Application Server
As much as there have been significant
improvements in Windows Server 2012 under the hood that greatly enhance
the performance, reliability, and scalability of Windows Server 2012 in
the enterprise, Windows servers have always been exceptional
application servers hosting critical business applications for
organizations. Windows Server 2012 continues the tradition of the
operating system being an application server with common server roles
being included in the operating system. When you are installing Windows
Server 2012, the Server Manager Add Roles Wizard provides a list of
server roles that you can add to a system, as shown in Figure 1.
Figure 1. Server roles in Windows Server 2012.
The various server roles in Windows Server 2012 typically fall into three categories, as follows:
• File and print services—As
a file and print server, Windows Server 2012 provides the basic
services leveraged by users in the storage of data and the printing of
information off the network. Several improvements have been made in
Windows Server 2012 for file security and file server fault tolerance.
• Domain services—In
enterprise environments running Windows networking, the organization is
usually running Active Directory to provide centralized logon
authentication. Active Directory continues to be a key component in
Windows Server 2012, with several extensions to the basic internal
forest concept of an organization to expanded federated forests that
allow Active Directories to interconnect with one another.
• Application services—Windows
Server 2012 provides the basis for the installation of business
applications such as Microsoft Exchange, Microsoft SharePoint server,
SQL Server, and so on. These applications are initially made to be
compatible with Windows Server 2012, and later are updated to leverage
and take full advantage of the new technologies built in to the Windows
Server 2012 operating system. Some of the applications that come with
Windows Server 2012 include Remote Desktop Services for thin-client
computing access , utility server services such as domain name system (DNS) and Dynamic Host Configuration Protocol (DHCP), and virtual server hosting.
Windows Server 2012 is also the
base network operating system on top of which all future Windows Server
applications will be built.
However, Windows Server 2012 is more than
just adding server roles and applications to the system’ some
significant improvements of the server roles have helped organizations
decrease the number of servers needed in the datacenter. A couple of
the server role enhancements are Multitenant Internet Information
Service (IIS) and Cluster-Aware Updating (CAU).
Internet Information Services (IIS) Support for Multitenant
Most people when they hear multitenant
think it is something a cloud hosting provider might use to provide web
services to a number of organizations. However, multitenant IIS can
also be used to decrease the number of servers of every organization
around. Multitenant IIS is the ability to take multiple instances of
IIS web services and consolidate them into a single Windows Server 2012
IIS server. Unlikely IIS web services in the past, where
most of the time you could not combine web services into a single host
system, now with Windows Server 2012, a single host server can host 5,
10, 15, or 20 isolated instances of IIS.
The single IIS server can front end
SharePoint Web, Exchange Outlook Web Access (OWA), the corporate
intranet, a handful of web apps, and the like. The consolidation of IIS
web instances is done with the separation of rights, privileges, and
execution operations. Multitenant IIS helps organizations eliminate
several if not dozens of web servers and decreases physical server and
license counts for guest sessions running small/thin Windows web
services.
Cluster-Aware Updating
Cluster-Aware Updating, or CAU, is a
feature that assists organizations in failing over cluster servers to
other nodes of the cluster so that another cluster node can be patched
or updated. This functionality is not new to organizations, but what is
new is the ability for Windows Server 2012 clusters to have built in to
them the technology to be patch update and cluster aware so that when a
cluster needs to be updated the core operating systems knows to fail
over and fail back the cluster nodes. CAU technology simplifies cluster
updates by automating the process to keep clusters up-to-date.
3. Windows Server 2012 Active Directory
Although the release of each subsequent
version of Windows Server provides a number of new server roles for
application services, the latest releases of Windows Server 2008,
Windows Server 2008 R2, and Windows Server 2012 also bring with them an
update to Active Directory. Unlike the shift from Windows NT to Active
Directory a decade ago that required a major restructuring of domain
functions, Active Directory 2008 and Active Directory 2012 are more
evolutionary than revolutionary. AD 2008 R2 added a handful of features
that many organizations have yet to implement still, and AD 2012 will
no doubt be the same. However, there are significant enhancements in AD
2008 and AD 2012 that are worth being aware of in case the organization
has a need for such functionality (typically security or
policy/manageability related):
The new features in Active Directory 2008 R2 and Active Directory 2012 are as follows:
• Active Directory Recycle Bin—The
AD Recycle Bin was included in Active Directory 2008 and provides
administrators an easy way to undelete objects in Active Directory. In
the past, when an administrator inadvertently deleted an Active
Directory object like a user, group, organizational unit container, or
the like, the object was effectively gone, and the administrator would
have to create the object from scratch, which would create a whole new
series of security concerns for the new/unique object. The AD Recycle
Bin now enables an administrator to simply run the recovery tool and
undelete objects.
• Global catalog cloning—In
earlier versions of Active Directory, the only way you could create a
global catalog (GC) server was to build a new server and let the data
from other GCs replicate to it over the wire. This was fine for a small
or mid-size organization because the global catalog typically didn’t
have a whole lot of stuff inside of it, so it took a few minutes, maybe
an hour, and everything was replicated. Even in large corporate
enterprises, a GC server might take a few hours to replicate over a WAN
link, but that is still well within typical acceptable tolerances.
However, as cloud-based environments grow to include hundreds of
thousands or millions of users, the replication time in multiple
datacenters gets past typical tolerable limits. GC cloning in Windows
Server 2012 allows an organization to take a GC, clone the information,
and send the information to another site and recover the cloned server
or information, and only changes (deltas) are replicated over the WAN.
• Managed service accounts—Applications
in a network frequently use service accounts associated with the
security to start a database, conduct data searches and indexing, or
launch background tasks. However, when an organization changes the
password of a service account, all servers with applications using the
service account need to be updated with the new password, which is an
administration nightmare. With Active Directory 2008 R2 mode supported
both in AD 2008 and AD 2012, service accounts can be identified and
then managed so that a password change to a service account will
initiate a process of updating the service account changes to
application servers throughout the organization.
• Authentication mechanism assurance—Another
Active Directory 2008 R2 feature that is supported both on AD 2008 and
AD 2012 is the enhancement of claims-based authentication in Active
Directory. With authentication mechanism assurance, information in a
token can be extracted whenever a user attempts to access a
claims-aware application to determine authorization based on the user’s
logon method. This extension will be leveraged by future applications
to improve claims-based authentication in the enterprise.
• Offline domain join—For
desktop administrators who create system images, the challenge of
creating images is that a system needs to be physically connected to
the network before the system can be joined to the domain. With offline
domain join, a system can be prejoined with a file created with a
unique system credential written to a file. When a Windows client
system or Windows Server system needs to be joined, rather than
physically connecting the system to the network and joining the system
to the domain, this exported file can be used offline to join the
system to the Active Directory domain.
These are some of the capabilities
built in to Active Directory 2012, something that organizations can
choose to upgrade AD or wait until an application requires an updated
version of Active Directory to be in place before the organization
updates their directory system.
