Feeds

Windows Server 8 plays catch-up with VMware and Unix

Microsoft rolls 'cloud-based operating system'

The Power of One Brief: Top reasons to choose HP BladeSystem

A time to replicate

Another key feature is Hyper-V Replica. At its most basic, all you need is two Hyper-V hosts, and you can set up VM replication via a right-click option in the Hyper-V manager. Once initialised, replication only copies differences, and uses VSS (Volume Shadow copy Service) for application-level consistency. Once configured, Hyper-V will failover to the replica if there is a failure.

Hyper-V virtual networks are transformed from the simple affair in earlier versions. Hyper-V now has an extensible virtual switch, which handles network traffic between VMs, the external network, and the host server. You can now create private VLANs (Virtual sub-networks) which are isolated from one another for safe multi-tenancy. Port ACLs (Access Control Lists) let you restrict traffic by source or destination.

Bandwidth control lets you specify maximum and minimum bandwidth per VLAN, which means you can guarantee the level of service for specific customers, or prevent one customer from using too much bandwidth.

Hyper-V virtual networks can also be extended with third-party filters for capturing, filtering or redirecting traffic.

The theme here is obvious: making Windows Server work properly for multi-tenanted hosts.

Desktops in the remote sense

Microsoft's remote desktop services, once known as terminal services, get both usability and feature improvements in Server 8. Microsoft now defines three types of virtual desktop:

  • Remote Desktop Session Host (RDSH) is the original lightweight remote desktop based on a user session on the server.
  • Pooled Virtual Desktop: each user has their own VM, but are drawn from a pool so they may get a different one on each log-on. In Server 8, both personalization and performance is improved by storing user state separately, so it is no longer solely dependent on what is in the roaming profile. Patching pooled VMs is simplified by use of a golden image VM. To patch the machines, you need only update the golden image. This is then rolled out to users when they log out, or on a schedule, or in emergency as an instant update.
  • Personal Virtual Desktop, where users have their own dedicated VM. In this type of VDI (Virtual Desktop Infrastructure), VMs are now treated in a similar way to physical machines, and patching is managed by Windows Software Update Services.

Setting up these VDI options is simplified in Server 8. You need do little more than specify what kind of VDI you want, and a wizard will set it up with default options.

Performance of remote desktops is also improved. Fast graphics and video is possible with a feature called RemoteFX, which can adapt to both software and hardware GPUs depending on what is available, and there is now multi-touch support, perhaps in preparations for Windows 8 VMs.

One thing that Microsoft's VDI offering does not support is the ability to take a VM offline and sync it back later. Microsoft's Remote Desktop program manager Ashwin Palekar told us that he sees no value in offline VDI.

But there is hope for official Remote Desktop clients for non-Microsoft platforms such as iOS and Android. "We are actively evaluating support," said Palekar.

What about VDI licensing? Mike Neil, general manager of Windows Server Planning and Management, admitted: "The feedback we've had from our customers is that our licensing is Byzantine." He stopped short of promising to fix it, but at least the issue is on the table.

The IIS have it

Microsoft's web server has been revamped for better scalability and multi-tenancy. One example of this is in SSL certificate management. In previous versions, certificates are stored in the Windows certificate store and bound individually to websites, with all certificates loaded into memory even when not in use. Microsoft has now figured out that you can simply store SSL certificates on a file server and infer which to use for a particular site by matching the site name. This change lifts the limit of SSL sites on a single server from 500 to 10,000 or more, as well as improving performance.

Another change is better support for NUMA (Non Uniform Memory Access), where memory has an affinity with a specific processor. Apparently IIS handled this badly before, crossing NUMA boundaries in its memory usage so that performance might actually get worse on many core systems. That has been fixed, with systems of greater than 32 cores showing most benefit.

A key feature for multi-tenanted servers is CPU throttling, where you limit the processor time available to specific sites. This feature was present in earlier versions but did not work well, because it averaged CPU usage over a period. The new CPU throttling works as you would expect, letting cloud-hosting providers sell CPU time effectively to their customers, or allowing enterprises to ensure even performance across all sites.

What else is new? Quite a lot.

There's Dynamic Access Control, which is a new approach to authorizing access to shared files and folders. It is based on claims, tags and expressions. A simple example would be to require that users be from the same company department as the file, where "department" is a both tag on a shared folder and a claim in Active Directory.

Securing Web Applications Made Simple and Scalable

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.