Windows Server 8 plays catch-up with VMware and Unix
Microsoft rolls 'cloud-based operating system'
Preview "The cloud is a tectonic shift," said Microsoft's corporate vice president of server and cloud Bill Laing, introducing an in-depth press preview of Windows Server 8 and mixing metaphors with abandon.
In response to this cloudy earthquake, the company is declaring Server 8 to be a cloud-based operating system, though note that this is not about Azure – Microsoft's platform as a service – but instead focused on plain Windows Server running on virtual machines, either in private clouds at corporate data centres, or in public clouds hosted by Microsoft partners.
The main justification for Microsoft's cloud-based claim is in extensive improvements to Hyper-V, the Windows virtualization platform. There are also changes to Microsoft IIS Web Server that make it better suited to multi-tenancy.
Before taking a detailed look at these, though, consider this statement from Jeffrey Snover, Microsoft's lead architect for the Windows Server division: "We don't want management GUIs to run on servers – that's a bad thing."
Few would disagree, yet it was Microsoft that popularised the idea of GUIs (Graphical User Interfaces) on servers when it came out with Windows NT Server in 1993. It seems that the Unix guys, and later the Linux guys, were right after all. Now the company is trying to unwind history by persuading its customers to run Windows Server without a GUI.
Microsoft introduced Server Core, also without a GUI, as an option for Server 2008, so the idea is not entirely new. Server Core, as Microsoft admitted at Windows 8 briefing, is not widely adopted. There are issues with third-party software that expects a GUI, and some management operations are challenging on Server Core. Another problem is that a Server Core 2008 install cannot be converted to a GUI install; you have to wipe and start again.
In Windows 8 Server this changes. The operating system is more modular, and you can add or remove the GUI without reinstalling. There will now be three configurations:
- Server Core, which is Microsoft's recommendation;
- full server without the graphical shell – in other words, GUI applications still run, but there is no Explorer or Internet Explorer; and
- full server with the familiar GUI. Microsoft stated that this is now intended only for backward compatibility.
Microsoft still intends that you use graphical tools to manage the server, but these should run remotely. In keeping with this changed model, the new Server Manager is designed to manage multiple servers, rather than the box on which it is running.
The enabler for this change is PowerShell, which happens to be Snover's invention. PowerShell was originally launched as a command shell and scripting language, but is now called an automation engine. There are thousands of cmdlets and the idea is that any management task can be accomplished with a PowerShell script. Microsoft told us that tools like Server Manager are now lightweight GUIs wrapping PowerShell scripts. In some cases, the scripts are exposed so that you can perform a task once in the GUI, see what script was generated, and then repeat it as a script, perhaps with modification, or within a loop targeting multiple servers.
PowerShell also gains IntelliSense, which is a feature that auto-completes keywords as you type, and a workflow engine.
Now or never: Hyper-V hits version 3.0
"It is version 3.0 that is the winner," said Snover, introducing an extensive set of changes to Hyper-V. The improvements are needed, since more than half of Windows Server instances are now virtual, and the proportion will increase. A Hyper-V host can now have up to 160 logical processors and 2TB of RAM, while virtual machines (VMs) can have up to 32 virtual CPUs and 512GB RAM.
Hyper-V storage sees many changes. A new virtual disk format, VHDX, supports drives larger than 2TB and improves performance. Users with SANs (Storage Area Networks) will benefit from support for ODX (Offloaded Data Transfer), which lets you transfer data by sending an instruction to the SAN rather than reading and writing the actual data – thus delivering a remarkable performance improvement. Creating a fixed-size VHDX – which used to be a long operation – is near-instant with ODX. The feature also benefits live migration, where Hyper-V drives are moved while online.
Hyper-V VMs also get up to four virtual Fibre Channel HBAs (Host Bus Adapters), giving access to gigabit-speed storage networks from within the VM.
Live Migration and Live Storage Migration, where VMs or virtual drives are moved while remaining online, can now be done concurrently by a Hyper-V host. One goal is to be able to patch and reboot a host server without loss of service, by moving VMs elsewhere, updating, and then moving them back.
A time to replicate
Another key feature is Hyper-V Replica. At its most basic, all you need is two Hyper-V hosts, and you can set up VM replication via a right-click option in the Hyper-V manager. Once initialised, replication only copies differences, and uses VSS (Volume Shadow copy Service) for application-level consistency. Once configured, Hyper-V will failover to the replica if there is a failure.
Hyper-V virtual networks are transformed from the simple affair in earlier versions. Hyper-V now has an extensible virtual switch, which handles network traffic between VMs, the external network, and the host server. You can now create private VLANs (Virtual sub-networks) which are isolated from one another for safe multi-tenancy. Port ACLs (Access Control Lists) let you restrict traffic by source or destination.
Bandwidth control lets you specify maximum and minimum bandwidth per VLAN, which means you can guarantee the level of service for specific customers, or prevent one customer from using too much bandwidth.
Hyper-V virtual networks can also be extended with third-party filters for capturing, filtering or redirecting traffic.
The theme here is obvious: making Windows Server work properly for multi-tenanted hosts.
Desktops in the remote sense
Microsoft's remote desktop services, once known as terminal services, get both usability and feature improvements in Server 8. Microsoft now defines three types of virtual desktop:
- Remote Desktop Session Host (RDSH) is the original lightweight remote desktop based on a user session on the server.
- Pooled Virtual Desktop: each user has their own VM, but are drawn from a pool so they may get a different one on each log-on. In Server 8, both personalization and performance is improved by storing user state separately, so it is no longer solely dependent on what is in the roaming profile. Patching pooled VMs is simplified by use of a golden image VM. To patch the machines, you need only update the golden image. This is then rolled out to users when they log out, or on a schedule, or in emergency as an instant update.
- Personal Virtual Desktop, where users have their own dedicated VM. In this type of VDI (Virtual Desktop Infrastructure), VMs are now treated in a similar way to physical machines, and patching is managed by Windows Software Update Services.
Setting up these VDI options is simplified in Server 8. You need do little more than specify what kind of VDI you want, and a wizard will set it up with default options.
Performance of remote desktops is also improved. Fast graphics and video is possible with a feature called RemoteFX, which can adapt to both software and hardware GPUs depending on what is available, and there is now multi-touch support, perhaps in preparations for Windows 8 VMs.
One thing that Microsoft's VDI offering does not support is the ability to take a VM offline and sync it back later. Microsoft's Remote Desktop program manager Ashwin Palekar told us that he sees no value in offline VDI.
But there is hope for official Remote Desktop clients for non-Microsoft platforms such as iOS and Android. "We are actively evaluating support," said Palekar.
What about VDI licensing? Mike Neil, general manager of Windows Server Planning and Management, admitted: "The feedback we've had from our customers is that our licensing is Byzantine." He stopped short of promising to fix it, but at least the issue is on the table.
The IIS have it
Microsoft's web server has been revamped for better scalability and multi-tenancy. One example of this is in SSL certificate management. In previous versions, certificates are stored in the Windows certificate store and bound individually to websites, with all certificates loaded into memory even when not in use. Microsoft has now figured out that you can simply store SSL certificates on a file server and infer which to use for a particular site by matching the site name. This change lifts the limit of SSL sites on a single server from 500 to 10,000 or more, as well as improving performance.
Another change is better support for NUMA (Non Uniform Memory Access), where memory has an affinity with a specific processor. Apparently IIS handled this badly before, crossing NUMA boundaries in its memory usage so that performance might actually get worse on many core systems. That has been fixed, with systems of greater than 32 cores showing most benefit.
A key feature for multi-tenanted servers is CPU throttling, where you limit the processor time available to specific sites. This feature was present in earlier versions but did not work well, because it averaged CPU usage over a period. The new CPU throttling works as you would expect, letting cloud-hosting providers sell CPU time effectively to their customers, or allowing enterprises to ensure even performance across all sites.
What else is new? Quite a lot.
There's Dynamic Access Control, which is a new approach to authorizing access to shared files and folders. It is based on claims, tags and expressions. A simple example would be to require that users be from the same company department as the file, where "department" is a both tag on a shared folder and a claim in Active Directory.
Security, data deduplication and more
You can have expressions formed from multiple claims. The idea is to reduce the number of security groups you need. A traditional approach would require a security group for each department. It is a promising technique, though the management interface is buried and needs work based on what we saw in the preview.
Another addition is Data Deduplication, which reduces storage requirements by storing only the differences between files. Three identical files in different folders or with different names would only take the space of one. It is based on chunks of data, so files do not need to be identical to save space. There is a performance overhead, so it works best for files that are accessed less frequently, though Microsoft claims the system is smart about where to apply de-duplication based on activity.
DHCP is a service that assigns IP number to clients, along with other critical networking information. DHCP load balancing and failover is now built into Windows Server, whereas In the past this was awkward to configure.
IP Address Management (IPAM) is a new tool offering a unified view of IP address allocation across multiple subnets, which are sets of IP addresses. Microsoft claims most administrators resort to Excel spreadsheets to record which device has which address, and IPAM includes a spreadsheet import tool. Most DHCP tasks, such as reserving an address for a device, can now be done through IPAM as well as through the DHCP manager.
Active Directory gets a new management tool, called Active Directory Administrative Center, once again built on PowerShell. The Active Directory recycle bin is surfaced in the GUI for the first time, letting you easily restore deleted objects. Another change is that you can now easily clone an Active Directory server VM, speeding disaster recovery.
Storage has several new features in Windows Server 8. Storage Pools are a new way to create virtual drives that span several physical drives, with either resiliency or high performance and throughput. It sounds similar to software RAID, though Microsoft says it is a different approach. One feature is that you can over-commit by specifying a larger capacity than is actually available; Microsoft calls this thin provisioning. This lets you defer purchasing, buying additional storage only when needed.
Clustered file servers are enhanced in Windows Server 8. BitLocker encryption is now available for cluster volumes. Transparent failover lets you move a file server from one cluster node to another while it remains online. This means you can patch servers without interrupting access. A feature called Cluster-aware updating automates patching all nodes in a cluster while it remains online.
Network card teaming is where two network cards appear as one but with greater resiliency or performance. Teaming is now built into the operating system, and works across network cards from different vendors, whereas previously it was a vendor-specific feature.
Assessing Windows Server 8
Judging by what is being shown at Microsoft's BUILD Conference, Windows Server 8 is a big release. This is where Microsoft does its big VMware catch-up, turns its back on the misconceived idea of running a GUI on a server, and revamps the management tools to make them both easier to user and properly scriptable.
Foreshadowings of a greater cloud
We may also be seeing a shift in Microsoft's cloud computing strategy. Might Microsoft extend Azure so that it hosts generic Windows virtual machines, in contrast to the current model in which all virtual machines are stateless and of little use without additional Azure platform services?
Microsoft is not saying, yet there are hints of additional cloud services in Windows Server 8, such as a Backup to Microsoft Online option, which we spotted in the user interface. It seems plausible that the company will respond to the demand for something closer to infrastructure rather than platform as a service, enabling customers to create or move VMs to Microsoft's cloud without being limited by Azure's current platform requirements.
Windows Server 8 is not done yet, though Microsoft implied it is close to feature-completion even though there is more work to do on the detail of the user interface. That is needed, since there is inconsistency between the various tools while some features are hard to find. Nevertheless, it is a promising start with much that will be welcomed by Windows-platform administrators. ®