3/28/2017 Windows Server 2012 Herausragende Gründe für das Upgrade ‒ aus technischer Sicht Name des Sprechers Titel.

Präsentation zum Thema: "3/28/2017 Windows Server 2012 Herausragende Gründe für das Upgrade ‒ aus technischer Sicht Name des Sprechers Titel."—  Präsentation transkript:

1 3/28/2017 Windows Server Herausragende Gründe für das Upgrade ‒ aus technischer Sicht Name des Sprechers Titel

2 Agenda Windows Server 2012 im Überblick Servervirtualisierung Storage
3/28/2017 Agenda Windows Server 2012 im Überblick Servervirtualisierung Storage Netzwerk Verwaltung und Automatisierung Web- und Anwendungsplattform Virtual Desktop Infrastructure Identität und Zugriff Zusammenfassung und Anhang Diese Präsentation bietet eine Übersicht über die herausragenden technischen Funktionen von Windows Server 2012.

3 Windows Server 2012 im Überblick
3/28/2017 Windows Server 2012 im Überblick Introducing Windows Server 2012: Windows Server 2012 is at the heart of the Cloud OS and delivers on the promises of a modern data center to bring you the economics, agility and innovation of cloud both on your premises and off. We’ve seen hundreds of thousands of downloads of the pre-release versions, thousands of engineers worked on this product – and we couldn’t be more proud to share it with you. Let’s take a closer look at how Windows Server 2012 can deliver technical value to your organization – whether you are building your own cloud on-premises, plan to offer cloud services, or want to securely connect between on-premises and off-premises cloud services.

4 Geschäftliche Trends und Herausforderungen
Windows Server Management Marketing 3/28/2017 Geschäftliche Trends und Herausforderungen Wie beziehe ich die Cloud mit ein? Wie steigere ich die Effizienz in meinem Rechenzentrum? Neue Anwendungen Zunahme von Geräten Daten-explosion Cloud Computing Cloud and mobility are two major trends that have started to affect the IT landscape in general, and the datacenter in particular. There are four key IT questions that customers claim are keeping them up at night: How do I embrace the cloud? With a private cloud, you get many of the benefits of public cloud computing— including self-service, scalability, and elasticity—with the additional control and customization available from dedicated resources. Microsoft customers can build a private cloud today with Windows Server 2008 R2, Microsoft Hyper-V, and Microsoft System Center, but there are many questions about how to best scale and secure workloads on private clouds and how to cost-effectively build private clouds, offer cloud services, and connect more securely to cloud services. How do I increase the efficiency in my datacenter? Whether you are building your own private cloud, are in the business of offering cloud services, or simply want to improve the operations of your traditional datacenter, lowering infrastructure costs and operating expenses while increasing overall availability of your production systems is critical. Microsoft understands that efficiency built into your server platform and good management of your cloud and datacenter infrastructure are important to achieving operational excellence. How do I deliver next-generation applications? As the interest in cloud computing and providing web-based IT services grows, our customers tell us that they need a scalable web platform and the ability to build, deploy, and support cloud applications that can run on-premises or in the cloud. They also want to be able to use a broad range of tools and frameworks for their next-generation applications, including open source tools. How do I enable modern work styles? As the lines between people’s lives and their work blur, their personalities and individual work styles have an increasing impact on how they get their work done—and which technologies they prefer to use. As a result, people increasingly want a say in what technologies they use to complete work. This trend is called “Consumerization” of IT. As an example of “consumerization,” more and more people are bringing and using their own PCs, slates, and phones to work. “Consumerization” is great as it unleashes people’s productivity, passion, innovation, and competitive advantage. We at Microsoft believe that there is power in saying “yes” to people and their technology requests in a responsible way. Our goal at Microsoft is to partner with you in IT, to help you embrace these trends while ensuring that the environment is more secure and better managed. Wie stelle ich Anwendungen der nächsten Generation zur Verfügung? Wie ermögliche ich eine moderne Arbeitsweise? © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Windows Server 2012: Cloud-Optimierung Ihrer IT
3/28/2017 Windows Server 2012: Cloud-Optimierung Ihrer IT Mehr als Virtualisierung Skalierung und Absicherung von Workloads, kosteneffizienter Aufbau einer Private Cloud sowie sichere Verbindungen zu Cloud Services Die Leistung vieler Server, die Einfachheit eines Servers Effiziente Verwaltung der Infrastruktur bei gleichzeitiger Maximierung der Verfügbarkeit und Minimierung von Ausfällen und Ausfallzeiten Jede Anwendung, beliebige Cloud Aufbauend auf einer offenen und anpassbaren Webplattform, die Anwendungen standortübergreifend unterstützt Optimize your IT for the cloud with Windows Server 2012 When you optimize your IT for the cloud with Windows Server 2012, you take advantage of the skills and investment you’ve already made in building a familiar and consistent platform. Windows Server 2012 builds on that familiarity. With Windows Server 2012, you gain all the Microsoft experience behind building and operating private and public clouds, delivered as a dynamic, available, and cost-effective server platform. Windows Server 2012 delivers value in four key ways: It takes you beyond virtualization. Windows Server 2012 offers a dynamic, multitenant infrastructure that goes beyond virtualization technology to a complete platform for building a private cloud. It delivers the power of many servers, with the simplicity of one. Windows Server 2012 offers you excellent economics by integrating a highly available and easy-to-manage multiple-server platform. It opens the door to every app on any cloud. Windows Server 2012 is a broad, scalable, and elastic web and application platform that gives you the flexibility to build and deploy applications on-premises, in the cloud, and in a hybrid environment through a consistent set of tools and frameworks. It enables the modern workstyle. Windows Server 2012 empowers IT to provide users with flexible access to data and applications anywhere, on any device, and while simplifying management and maintaining security, control, and compliance. With Windows Server 2012, Microsoft has made significant investments in each of these four areas that allow customers to take their datacenter operations to the next level. Now, let’s take a look how Windows Server 2012 helps customers to: Build and deploy a modern datacenter infrastructure Build and run modern applications Enable modern work styles for their end users Für eine moderne Arbeitsweise Unterstützung einer mobilen und flexiblen Arbeitsweise

6 3/28/2017 Warum Windows Server 2012? HERAUSRAGENDE VORTEILE VON WINDOWS SERVER 2012 Umfangreiche Cloud Plattform Vollständige, eingebaute Virtualisierungsplattform Skalierbarkeit und Performance auf Enterprise-Niveau – zur Virtualisierung jeder Anwendung Möglichkeit, Geschäftskontinuität zu erreichen durch die eingebauten Lösungen zur Notfallwiederherstellung Optimales hybrides Cloud Erlebnis durch einheitliche Technologien Kosten-einsparungen und Effizienz-steigerungen Reduzierte Storage-Kosten dank Storage-Spaces und anderer Storage-Verbesserungen Gesteigertes „Server-pro-Administrator“-Verhältnis durch Windows PowerShell und Multicomputer-Verwaltung Gesteigerte Verfügbarkeit durch clusterfähige Aktualisierung und transparentes Failover Windows Server 2012 provides value in 3 key areas – Providing a comprehensive cloud platform for both you datacenter and cloud solutions, providing further cost savings and increased efficiencies, and also support fort the new mobile and BYOD (Bring your own device) workforce. WS2012 provides a comprehensive cloud platform through delivering Complete virtualization platform: Delivers a fully isolated, multi-tenant environment that includes tools to guarantee SLAs, enable chargebacks, and support self-service delivery. Improved scalability and performance: Delivers a high-density, scalable environment that can be adapted to perform at the optimal level based on customer needs. Connecting to cloud services: Uses a common identity and management framework for security- enhanced and reliable cross-premises connectivity. WS2012 delivers new levels of cost savings and efficiencies though performance and reliability on industry- standard hardware, maximizing uptime and minimizing failures and downtime. Flexible storage: Provides diverse storage choices that deliver performance, efficiency, and innovation while taking advantage of industry-standard hardware. Continuous availability: Provides cost-effective and highly available IT services, designed to protect against a wide range of failure scenarios and help both prevent downtime and speed recovery when needed. Management efficiency: With automation of a broader set of management tasks, simplifies deployment of major workloads and provides the path toward full lights-out automation. WS2012 enables flexible access to data and applications while simplifying management and maintaining security, control, and compliance. Access from virtually anywhere, any device: Enables seamless, flexible access to a virtualized work environment from virtually anywhere, including branch locations and public connectivity services. Full Windows experience, anywhere: Enables a personalized and rich user experience on popular devices, while adapting to different network conditions quickly and responsively. Enhanced data security and compliance: Offers central audit and access policies that enable granular access to data and corporate resources, based on strong identity, data classification, and simplified administration for remote access. Unterstützung einer modernen Arbeitsweise Virtual Desktop Infrastructure (VDI): Vereinfachte Verwaltung und geringere Implementierungskosten Optimierte WAN (Wide Area Network) -Bandbreitenverwendung für Zweigstellen Remotebenutzer erhalten sichere Zugriffsmöglichkeiten auf interne Ressourcen, ohne dass dazu ein VPN (virtuelles privates Netzwerk) erforderlich ist

7 Möglichkeiten von Windows Server
3/28/2017 Möglichkeiten von Windows Server Infrastruktur Anwendung Client Scenario-spezifische Möglichkeiten Technische Möglichkeiten Virtualisierung Storage Web- und Anwendungsplattform So, how does Windows Server 2012 provide all this value, and technology enhancements? To make it easier, we divide all the great new and existing technologies into 7 core capabilities, each one focusing on a specific business and technical challenge, and a core set of features that can assist in meeting these challenges. Server Virtualization – using Hyper-V to not only consolidate your physical servers, but push the boundaries of virtualization through greater scale, performance and exciting new technologies Storage – Efficiency, performance, and innovation through diverse storage choices, Continuous availability through new features that preserve uptime and Cost efficiency through storage, management, and other capabilities Web and Application Platform – Flexibility through hybrid and symmetrical applications, Increased scalability and elasticity for applications and Enhanced support for open frameworks and open source Networking - Easy to connect users to IT resources, Efficient management of datacenters and private clouds and the ability to link your infrastructure with Public Cloud Services Management and Automation - Increased management efficiency, Simplified role deployment and Resilient and simple automation VDI - Anywhere access, on any device, Full Windows experience anywhere and Enhanced data security and compliance Identity and access - Protection of corporate resources, Data access management and protection and Simplified deployment and management of identity infrastructure Netzwerk Verwaltung und Automatisierung VDI Identität und Zugriff

8 Servervirtualisierung
3/28/2017 Servervirtualisierung

9 Kundenbedürfnisse und Herausforderungen
Every App, Any Cloud Scalable and Elastic Application Platform Overview Windows Server 2012 Kundenbedürfnisse und Herausforderungen BEDÜRFNISSE HERAUSFORDERUNGEN Größere, schnellere und verfügbarere virtuelle Maschinen Mehr Flexibilität und Agilität zur Bereitstellung von Lösungen Möglichkeit zur Behandlung komplexer Storage- und Netzwerk-Anfragen Grenzen der Mobilität virtueller Maschinen beseitigen Unterstützung neuer Hardwaretechnologien Services dauerhaft am Laufen halten und SLAs erfüllen Kapital- und Betriebskosten der Infrastruktur senken Größere, leistungsfähigere Server effizienter nutzen Vorhandene Investitionen und Infrastrukturen schützen und weiterhin verwenden Ressourcenseparation in Mehrinstanzenumgebungen bewahren

10 Servervirtualisierung
3/28/2017 Servervirtualisierung Vollständige Virtualisierungsplattform Bessere Skalierbarkeit und Performance Elastisch und flexibel —vom Rechenzentrum bis zur Cloud HERAUSRAGENDE FEATURES DER SERVERVIRTUALISIERUNG, DIE DIE ANFORDERUNGEN VON KUNDEN ERFÜLLEN Hyper-V- Netzwerkvirtualisierung „Shared-nothing“- Livemigration Massive Skalierbarkeit Cluster- Verbesserungen Hyper-V-Replika Windows Server 2012 Server Virtualization has many new features and enhancements at its core. To show you some of these and their value to your organization lets walk through a number of them Hyper-V Network Virtualization Hyper‑V Network Virtualization extends the concept of server virtualization to permit multiple virtual networks, potentially with overlapping IP addresses, to be deployed on the same physical network. With Hyper‑V Network Virtualization, you can set policies that isolate traffic in your dedicated virtual network independently of the physical infrastructure for fully secure and isolated multi-tenancy. Network Virtualization also provides IP Portability, and the ability for you to move Virtual Machines across physical subnets without changing your address space. You VM’s can keep there IP address whether moving across servers, racks, buildings, geographies or even to the cloud – no more need to reconfigure complex VLANs or adjust your address space to suite the destination environment. Shared-nothing Live Migration The ultimate in flexible VM mobility – moving a running VM without downtime to another Hyper-V host with no clustering, or no shared storage – just a network connection. Move VM’s between clusters without the need to stop, export and import. Move VM’s between Hyper-V servers anywhere in your organization, and even migrate your VM’s to service provides or the cloud without any downtime. Massive Scale Windows Server 2012 Hyper-V now support massive new scale improvements including support for 64 virtual CPU’s and 1 TB for Hyper-V Guests. And up to 320 Logical Processors and 4TB Memory support for Hyper-V hosts. Custer Enhancements Windows Serve 2012 Hyper-V has many new enchantments for clustering including Support for guest clustering via Fibre Channel Enhanced Live migrations to use more available network bandwidth which dramatically increases the performance of Live Migration and enables concurrent Live Migrations with no limits. Massive Scale. will now support up to 64 nodes and up to 4,000 virtual. Encrypted cluster volumes. Hyper-V application monitoring, where Hyper-V and Failover Clustering work together to bring higher availability to workloads that do not support clustering. Virtual machine failover prioritization. Inbox live migration queuing where Administrators can now perform large multi-select actions to queue live migrations of multiple virtual machines with ease and efficiency. And Affinity (and anti-affinity) virtual machine rules. Hyper-V Replica Asynchronous, application-consistent virtual machine replication is built in to Windows Server It permits replication of Hyper‑V virtual machines between two locations for business continuity and failure recovery. Hyper‑V Replica works with any server vendor, any network vendor, and any storage vendor. Hardware offloading Windows Server 2012 Hyper-V takes advantage of many new hardware offloading features that are supported in Windows Server 2012 including support for SAN-based ODX (offloaded data transfer), IP Offloading, and SR-IOV (through support for Single Root I/O Virtualization networking devices). Ultimately increasing the performance of your virtualized systems. Virtual Fibre Channel Virtual Fibre Channel lets virtual machines connect directly to Fibre Channel–based storage and presents up to 4 virtual Fibre Channel host bus adapter (HBA) ports in the guest operating system that runs in the virtual machine. This provides unmediated access to a SAN from you guests and Hardware-based I/O paths to the Windows software virtual hard disk stack. Guest NUMA Support Windows Server 2012 Hyper‑V now supports NUMA in a virtual machine. NUMA refers to a computer architecture in multiprocessor systems in which the required time for a processor to access memory depends on the memory’s location relative to the processor. With NUMA, a processor can access local memory (memory attached directly to the processor) faster than it can access remote memory (memory that is local to another processor in the system). Modern operating systems and high-performance applications such as SQL Server have developed optimizations to recognize the system’s NUMA topology and consider NUMA when they schedule threads or allocate memory to increase performance. Runtime memory configuration The Dynamic Memory improvements to Hyper‑V in Windows Server 2012 help you reach higher consolidation numbers with improved reliability of Hyper‑V operations. You can make memory configuration changes for your virtual machines without shutting down the virtual machines. If you have idle or low-load virtual machines, Dynamic Memory additions in Hyper‑V let you increase consolidation and improve reliability for restart operations. With runtime configuration changes for Dynamic Memory, overall IT productivity is expected to increase with reduced downtime and increased agility to respond to requirement changes. Hyper-V Network Switch The Hyper‑V Extensible Switch in Windows Server 2012 is a layer-2 virtual network switch that provides programmatically managed and extensible capabilities to connect virtual machines to the physical network. The Hyper‑V Extensible Switch is an open platform that lets multiple vendors provide extensions that are written to standard Windows API frameworks. The reliability of extensions is strengthened through the Windows standard framework and reduction of required third-party code for functions and is backed by the Windows Hardware Quality Labs (WHQL) certification program. You can manage the Hyper‑V Extensible Switch and its extensions by using Windows PowerShell, programmatically with WMI or the Hyper‑V Manager user interface. Hardware- Offloading Virtueller Fibre-Channel Unterstützung für Guest-NUMA (Non-Uniform Memory Access) Arbeitsspeicher- Konfiguration während der Laufzeit Hyper-V- Netzwerk-Switch 10

11 Skalierbarkeitsverbesserungen
3/28/2017 Skalierbarkeitsverbesserungen System Ressource Maximale Anzahl Verbesserungs-faktor Windows 2008 R2 Windows Server 2012 Host Logische Prozessoren bei der Hardware 64 320 5× Physischer Arbeitsspeicher 1 Terabyte 4 Terabyte 4× Virtuelle Prozessoren pro Host 512 1.024 2× Virtuelle Maschine Virtuelle Prozessoren pro virtuelle Maschine 4 16× Arbeitsspeicher pro virtuelle Maschine 64 GB Aktive virtuelle Maschinen 384 2,7× Maximale Größe virtueller Festplatten 2 Terabytes 64 Terabyte 32× Cluster Knoten 16 Virtuelle Maschinen 1.000 4.000 Lets take a look at some of the new scale enhancements that Windows Server Hyper-V now provides. In some cases in 16 times greater then previous versions. Windows Server 2012 Host Up to 320 Logical Processor support Up to 4TB Memory Up to 1024 Virtual Processors per host Virtual Machine Guests Up to 64 vCPU’s Up to 1TB of Virtual Memory 1,024 active virtual machines Up to 64TB storage per Virtual Hard drive Clustering Scale Enhancements Now supporting up to 64 nodes per a single cluster and up to 4000 running VM’s

12 Erweiterte Livemigration
3/28/2017 Erweiterte Livemigration „Shared-nothing“-Livemigration Vollständige Mobilitätsoptionen für virtuelle Maschinen Mobilitätsoptionen für virtuelle Maschinen Microsoft VMware Windows Server 2008 R2 Windows Server 2012 vSphere 5.0 Enterprise Plus 1 GB simultane Livemigrationen 1 Unbegrenzt 4 10 GB simultane Livemigrationen 8 „Shared-nothing“-Livemigration Nein Ja Netzwerkvirtualisierung Partner Ethernet Vorteile Simultane Livemigration mehrerer virtueller Maschinen ohne Limits (ausgenommen Bandbreite) innerhalb eines Clusters und aus einem Cluster heraus Storage-Livemigration virtueller Maschinen von einem Subsystem zu einem anderen ‒ unterbrechungsfrei ohne Ausfallzeit Livemigration einer virtuellen Maschine von einem zu einem anderen Host mit lediglich einer Ethernet-Verbindung Migration einer virtuellen Maschine zu einem Host in einem anderen Standort mit einem anderen Netzwerkadressbereich ‒ ohne seine IP-Adresse zu verändern Before Windows Server 2012 To maintain optimal use of physical resources and to be able to easily add new virtual machines, you must be able to move virtual machines whenever necessary without disrupting business. Windows Server 2008 R2 introduced live migration, which allowed you to move a running virtual machine from one physical computer to another with no downtime and no service interruption. However, this assumed that the virtual hard disk for the virtual machine remained consistent on a shared storage device such as a Fibre Channel or iSCSI SAN. With Windows Server 2012 In Windows Server 2012, live migrations are no longer limited to a cluster and virtual machines can be migrated across cluster boundaries, including to any Hyper-V host server in your environment. Hyper-V builds on that feature and enhances the ability to migrate virtual machines with support for simultaneous live migrations—the ability to move several virtual machines at the same time. Further, when combined with features such as Network Virtualization, virtual machines can even be moved between local and cloud hosts with ease. Live migration improvements include: Faster migration and simultaneous migration. If you use live migration in a clustered environment today, you’ll see that live migrations can now use higher network bandwidths (up to 10 gigabits) to complete migrations faster. You can also perform multiple simultaneous live migrations so you can move many virtual machines in a cluster quickly. These changes allow customers to implement high levels of mobility and flexibility in private cloud solutions. Live migration outside a clustered environment. Windows Server 2012 lets you perform live migration outside a failover cluster in two additional scenarios: when storage is kept on a central server message block (SMB) share, and when the storage is local to each server. In Windows Server 2012, you can now configure a virtual machine to be stored on an SMB file share. You can then perform a live migration on this virtual machine, running between non-clustered Hyper‑V hosts while the virtual machine’s storage remains on the central SMB share. This lets you use the benefits of virtual machine mobility without investing in clustering infrastructure. Hosting providers and similar environments frequently need this capability. You can also perform a live migration of a virtual machine between two non-clustered Hyper‑V hosts when you use local storage for the virtual machine. In this case, the virtual machine’s storage is mirrored to the destination server over the network and then the virtual machine migrates while it continues to run and provide network services.

13 Notfallwiederherstellung serienmäßig Hyper-V-Replika
3/28/2017 Notfallwiederherstellung serienmäßig Hyper-V-Replika Standort A – Primäre Lokation Standort B – Entferne Lokation Notfallwiederher- stellungsszenarien: Geplantes, ungeplantes und Test-Failover Vorkonfiguration der IP- Einstellungen für den primären und Remote- Standort Current situation Business continuity is the ability to quickly recover business functions from a downtime event with minimal or no data loss. There are number of reasons why businesses experience outage including power failure, IT hardware failure, network outage, human errors, IT software failures, and natural disasters. Depending on the type of outage, customers need a high availability solution that simply restores the service. However, some outages that impact the entire data center such as natural disaster or an extended power outage require a disaster recovery solution that restores data at a remote site in addition to bringing up the services and connectivity. Organizations need an affordable and reliable business continuity solution that helps them recover from a failure. Before Windows Server 2012 Beginning with Windows Server 2008 R2, Hyper-V and Failover Clustering can be used together to make a virtual machine highly available and minimize disruptions. Administrators can seamlessly migrate their virtual machines to a different host in the cluster in the event of outage or to load balance their virtual machines without impacting virtualized applications. While this can protect virtualized workloads from a local host failure or scheduled maintenance of a host in a cluster, this does not protect businesses from outage of an entire data center. While Failover Clustering can be used with hardware-based SAN replication across data centers, these are typically expensive. Hyper-V Replica fills an important gap in the Windows Server Hyper-V offering by providing an affordable in-box disaster recovery solution. Windows Server 2012 Hyper-V Replica Windows Server 2012 introduces Hyper‑V Replica, a built-in feature that provides asynchronous replication of virtual machines for the purposes of business continuity and disaster recovery. In the event of failures (such as power failure, fire, or natural disaster) at the primary site, the administrator can manually fail over the production virtual machines to the Hyper-V server at the recovery site. During failover, the virtual machines are brought back to a consistent point in time, and within minutes they can be accessed by the rest of the network with minimal impact to the business. Once the primary site comes back, the administrators can manually revert the virtual machines to the Hyper-V server at the primary site. Hyper‑V Replica is a new feature in Windows Server It lets you replicate your Hyper‑V virtual machines over a network link from one Hyper‑V host at a primary site to another Hyper‑V host at a Replica site without reliance on storage arrays or other software replication technologies. The figure shows secure replication of virtual machines from different systems and clusters to a remote site over a WAN. Benefits of Hyper-V Replica Hyper-V Replica fills an important gap in the Windows Server Hyper-V offering by providing an affordable in-box business continuity and disaster recovery solution. Failure recovery in minutes. In the event of an unplanned shutdown, Hyper-V Replica can restore your system in just minutes. More secure replication across the network. Hyper‑V Replica tracks the write operations on the primary virtual machine and replicates these changes to the Replica server efficiently over a WAN. The network connection between the two servers uses the HTTP or HTTPS protocol and supports both integrated and certificate-based authentication. Connections configured to use integrated authentication are not encrypted; for an encrypted connection, you should choose certificate-based authentication. Hyper‑V Replica is closely integrated with Windows failover clustering and provides easier replication across different migration scenarios in the primary and Replica servers. Hyper-V Replica doesn’t rely on storage arrays. Hyper-V Replica doesn’t rely on other software replication technologies. Hyper-V Replica automatically handles live migration. Configuration and management are simpler with Hyper-V Replica: Integrated user interface (UI) with Hyper-V Manager. Failover Cluster Manager snap-in for Microsoft Management Console (MMC). Extensible WMI interface. Windows PowerShell command-line interface scripting capability. Vorteile Wird als Komponente von Windows Server 2012 geliefert, keine zusätzliche Installation erforderlich Host-basierte Replikation arbeitet auf virtueller Maschinen-Ebene und ist daher Anwendungs-agnostisch Storage-agnostisch ‒ arbeitet mit jeder Kombination aus SAN, DirectAccess-Server oder Server Message Block 3.0 (SMB 3.0) Unterstützt sowohl geclusterte als auch nicht-geclusterte Umgebungen

14 3/28/2017 Storage

15 Kundenbedürfnisse und Herausforderungen
Every App, Any Cloud Scalable and Elastic Application Platform Overview Windows Server 2012 Kundenbedürfnisse und Herausforderungen BEDÜRFNISSE HERAUSFORDERUNGEN Flexible und dynamische, standortübergreifende Rechenzentren Entwicklerkompetenzen und –trainings weiterverwenden Sicherere, effizientere Infrastrukturen Möglichkeit, steigende Anforderungen zu erfüllen und dadurch einen optimalen Service zu bieten Effiziente Verwaltung von Storage-Ressourcen Unterstützung neuer Hardwaretechnologien Maximierte Nutzung vorhandener Storage-Investitionen Steuerung der Storage-Kosten, die aus den Anpassungen an neuen Datenanforderungen resultieren Verbesserung der Storage-Zuverlässigkeit und Bereitstellung einer automatisierten Wiederherstellung im Falle von Fehlern Vorbereitung auf Hardware der nächsten Generation

16 3/28/2017 Storage Effizienz, Performance und Innovation durch vielfältige Storage-Möglichkeiten Hochverfügbarkeit durch neue Funktionen, die die Verfügbarkeit bewahren Kosteneffizienz durch Storage-, Verwaltungs- und andere Funktionen HERAUSRAGENDE STORAGE-FEATURES, DIE DIE ANFORDERUNGEN VON KUNDEN ERFÜLLEN Storage-Spaces Dateisystem- Verbesserungen Thin-Provisioning Cluster Shared Volume (CSV) SMB 3.0 für Workloads Windows Server 2012 has many new features and enhancements related to storage and supporting application storage. To show you some of these and their value to your organization lets walk through a number of them Storage Spaces Storage Spaces enables you to deliver a new category of highly capable storage solutions to IT at a dramatically lower price point. Storage Spaces is flexible, allowing you to leverage SAS, Shared SAS, or SATA interconnects to build virtualized storage pools from which you can build various volumes to provide for your storage requirements. Storage Spaces volumes can be configured with RAID0, RAID1, or RAID5 equivalent striping to offer varied levels of performance and data protection as needed. File system improvements Windows Server 2012 includes new file system enhancements including the introduction of the new Resilient File System (ReFS) storage standard, and delivers the ability to deploy 64 TB volumes through improved NTFS and ReFS availability features. Specifically, Windows Server 2012 takes a new approach to correctly identify and eliminate transient error conditions while keeping the file system accessible. This new approach prioritizes file system availability even when corruption is present, and delivers on a new model for managing file system corruption. ReFS is an update to the NTFS standard, and adds support for SCSI storage devices. ReFS also includes improved support for SATA storage standards, which means that ReFS offers more performance and features that work with SATA than NTFS currently provides. Among the benefits of ReFS with SATA is better resilience against corruption caused by unexpected power loss conditions, and better utilization of read and write drive caching. Further enhancements include: Improved self-healing. ReFS and NTFS instantaneously self-heal more issues online without requiring Chkdsk to run. This reduces Chkdsk execution frequency. Online analysis. The time needed to scan and analyze the volume is a background task performed while the volume remains online. Corruption correction. Upon completion of an online scan, a determination is made whether the volume must be taken offline to complete the repair. Chkdsk directly fixes the previously identified corruption, and the offline time is reduced to seconds. Consequently, volume unavailability is no longer proportional to the number of files on the volume, but rather to the number of corruptions on the volume. Thin Provisioning “Get thin” and “stay thin” through new native support for thin provisioning and trim, which is the ability to provision storage as needed and to reclaim storage that is no longer needed. Instead of removing redundant data on the volume, thin provisioning gains efficiencies by enabling you to allocate just enough storage at the moment of storage allocation, and then increase capacity as your business needs grow over time Cluster Shared Volume Not just for Microsoft Hyper-V any longer, this popular shared file storage solution gives administrators the flexibility to house storage and applications in a consolidated cluster while taking advantage of many other new Windows Server 2012 features. With CSVs, all cluster hosts have simultaneous access to a single shared volume through a shared namespaces to share configurations across all cluster nodes, including the ability to build continuously available cluster- wide file systems. Application storage can be served from the same share as data, eliminating the need to deploy two clusters, an application and separate storage cluster, to support true high availability application scenarios. SMB 3.0 for workloads Windows Server 2012 now offers support for application-based file shares. This application support for SQL and Hyper-V allows you to leverage the high- performance and high availability features now available with Windows Server for your SQL databases or your Hyper-V guests. For example, by leveraging SMB Direct and SMB Multichannel on a file server hosting the VHDX drives for your Hyper- V cluster, you can see storage performance on your Hyper-V guests that approaches that of a built-in server storage. No only that, but those Hyper-V guests enjoy the resiliency of a failover network to help avoid any outages. Offloaded Data Transfer Offloaded Data Transfers (ODX) in Windows Server 2012 enables you to accomplish more with your existing hardware infrastructure by letting you quickly move large files and virtual machines directly between storage arrays, which reduces host CPU and network resource consumption. ODX enables rapid provisioning and migration of virtual machines and provides significantly faster transfers of large files such as database or video files. By offloading the file transfer to the storage array, ODX minimizes latencies, maximizes the use of array throughput, and reduces host resource usage such as CPU and network consumption. File transfers are automatically and transparently offloaded when you move or copy files, regardless of whether you perform drag-and-drop through Windows Explorer or use command-line file copy commands. No administrator setup or intervention is needed. Transparent Failover A new runtime infrastructure for failover clustering allows Windows Server 2012 to perform failover operations on clustered storage so quickly that most applications and services relying on that high-availability experience no downtime at all. If anything, business critical applications like SQL and Hyper-V may see a small I/O hiccup during a failover, but that delay occurs so quickly that everything is transparent to server applications and no errors are generated. Transparent failover takes effect during planned and unplanned outages alike, so transparent failover keeps your applications and services running through hardware failures, software failures, rebalancing operations, and even during cluster updates or other maintenance, freeing administrators from constraining downtime windows and keeping users productive 24/7, 365 days a year. NFS Support File-based storage has become a practical alternative to more expensive SAN storage because file- based storage is straightforward to provision and file-based storage has gained viability as an alternative to more expensive SAN storage because it is simple to provision and manage. An example of this trend is the recent popularity of deploying and running VMware ESX/ESXi virtual machines from file-based storage accessed over the NFS protocol. To help you take advantage of this, Windows Server 2012 includes an updated Server for NFS that supports NFS version 4.1 and can leverage many other performance, reliability, and availability enhancements available throughout the Windows storage stack. iSCSI Target Take advantage of low-cost servers providing block storage. One use case for iSCSI Target is the diskless Internet SCSI (iSCSI) boot services, which provide storage provisioning capabilities that are traditionally reserved only for high-end storage devices now fully integrated into Windows Server In this release, the iSCSI Target has been continuously improving the performance and scalability; ultimately, the iSCSI Target feature built into Windows Server 2012 lets you create a SAN storage device on any hardware and gives you the power to store operating system images in a centralized location to improve efficiency, manageability, availability, and security. Storage Management Along with the growing and costly demand for storage, storage infrastructure complexity brings additional costs that need to be addressed. To help improve storage management efficiency and offset that cost, Windows Server 2012 will come with a set of storage management APIs and provider interfaces that will enable administrators to centrally manage disparate storage resources and solutions, like SANs and storage arrays, from a centralized “single pane of glass” interface. Manageable resources can include SANs that are SMI-S complaint, storage devices with proprietary hardware that has compatible third-party storage management providers, or storage devices that are already being allocated through the use of Storage Spaces. This storage management capability will allow administrators to configure and manage all of the storage devices throughout their organization or management sphere through an easy-to-use management interface that they are already familiar with, the Server Manager. By using Server Manager, administrators can populate server groups with file servers or storage clusters that leverage Storage Spaces, or reach out to populate manageable devices that have SMI-S agents enabled. Offloaded Data Transfer Transparentes Failover Network File System (NFS) -Unterstützung Internet SCSI (iSCSI) -Target Storage- Verwaltung

17 Storage Spaces: Flexible Storage-Optionen
3/28/2017 Storage Spaces: Flexible Storage-Optionen Physische oder virtualisierte Bereitstellungen Windows-basierte Anwendungsserver oder Dateiserver Vorteile Virtualisierung von herkömmlichem Storage durch Storage-Spaces und Storage-Pools Widerstandsfähigkeit und Verfügbarkeit mit herkömmlichem Storage erzielen Serial Attached SCSI (SAS) und Serial AT Attachment (SATA) – Festplatten verbinden Cluster-Unterstützung Integriert in andere Windows Server 2012-Funktionen Dateiserver-Verwaltungskonsole Hyper-V SMB Multichannel Failover-Clustering NTFS SMB Direct Cluster Shared Volumes NFS Storage-Verwaltung Storage Spaces enable you to deliver a new category of highly capable storage solutions to all Windows customer segments at a dramatically lower price point. At the same time, you can maximize your operations by leveraging commodity storage to supply high-performance and feature-rich storage to servers, clusters, and applications alike. Storage Spaces is compatible with other Windows Server 2012 storage features, like SMB Direct and SMB Failover Clustering, so you can use simple inexpensive storage devices to create powerful and resilient storage infrastructures on a limited budget. Storage Spaces is also flexible, allowing you to leverage SAS, Shared SAS, or SATA interconnects to build virtualized storage pools from which you can build various volumes to provide for your storage requirements. Storage Spaces volumes can be configured with RAID0, RAID1, or RAID5 equivalent striping to offer varied levels of performance and data protection as needed. Von Windows virtualisierter Storage STORAGE - SPACES STORAGE- SPACES STORAGE- SPACES Storage-Pool Storage-Pool Storage-Pool (Shared) SAS oder SATA Physischer Storage

18 SMB-Anwendungsunterstützung für Microsoft SQL Server und Hyper-V
3/28/2017 SMB-Anwendungsunterstützung für Microsoft SQL Server und Hyper-V Einzelknoten- Dateiserver (D1) Geclusterter Datei- server mit zwei Knoten (D2) Geclusterter Datei- server mit mehreren Knoten (D3) 1 2 3 Vorteile Dateifreigabe-Storage als virtueller Storage mit Hyper-V Anwendungs-spezifische Möglichkeiten für SQL Server und Hyper-V SMB 3.0-Funktionen für hohe Performance und hohe Verfügbarkeit Cluster-fähige Aktualisierung Geringe Kosten Freigaben nicht kontinuierlich verfügbar Begrenzte Skalierbarkeit (~100 Spindels) Mittlere Kosten Freigaben kontinuierlich verfügbar Mittlere Skalierbarkeit (~200 Spindels) Höhere Kosten Freigaben kontinuierlich verfügbar Höchste Skalierbarkeit (~1,000 Spindels) Windows Server 2012 introduces new File Server features that let you store server application data on file shares and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a SAN. These new File Server features include transparent failover, networking improvements for greater bandwidth and resiliency, support for network adapters with Remote Direct Memory Access (RDMA) capability, specific performance optimizations, and support for Windows PowerShell commands.  Windows Server 2012 introduces a set of new File Server features that provide important improvements for server applications such as Microsoft SQL Server and Hyper‑V, which can store data on file shares. The following SMB3 improvements have been added to Windows Server 2012: Transparent failover. You can now more easily perform hardware or software maintenance of nodes in a File Server cluster by moving file shares between nodes without interrupting server applications that are storing data on these file shares. Also, if a hardware or software failure occurs on a cluster node, SMB2 transparent failover lets file shares fail over to another cluster node without interrupting server applications that are storing data on these file shares. Multichannel. This improvement allows aggregation of network bandwidth and network fault tolerance if multiple paths are available between the SMB2 client and the SMB2 server. Server applications can then take full advantage of all available network bandwidth and be resilient to a network failure. Direct. This improvement uses a special type of network adapter that has RDMA capability and can function at full speed with very low latency, while using very little CPU. For workloads such as Hyper‑V or SQL Server, this allows a remote file server to have performance that compares to local storage. Performance counters for server applications. Performance counters provide detailed information about I/O size, I/O latency, IOPS, and so on. This lets an SQL Server database administrator or Hyper‑V administrator analyze the performance of the SMB2 file shares where their data is stored. Performance optimizations. The SMB2 client and SMB2 server have been optimized for small random read/write I/O, which is common in server applications such as SQL Server online transaction processing (OLTP). In addition, large maximum transmission unit (MTU) is enabled by default, which significantly enhances performance in large sequential transfers, such as SQL Server data warehouse, database backup or restore, deploying or copying virtual hard disks, and so on. Management with Windows PowerShell. With Windows PowerShell, you can manage SMB2 on the File Server, end to end, from the command line. Remote file storage. Hyper‑V can now store virtual machine files (including configuration, virtual hard disk files, and snapshots) in shared folders that use the SMB2 protocol. Support for storing database files in shared folders that use the SMB protocol was introduced in SQL Server 2008 R2. SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server Dateiserver-Cluster Knoten A Knoten B Knoten A Knoten B Knoten C Knoten D Freigabe 1 Freigabe 2 Freigabe 1 Freigabe 1 Freigabe 1 Freigabe 2 Freigabe 1 Freigabe 2 Shared-SAS-Storage Fibre-Channel-Storage-Array

19 3/28/2017 Netzwerk

20 Kundenbedürfnisse und Herausforderungen
Every App, Any Cloud Scalable and Elastic Application Platform Overview Windows Server 2012 Kundenbedürfnisse und Herausforderungen BEDÜRFNISSE HERAUSFORDERUNGEN Flexiblere und agilere Lösungen Verringerte Netzwerkkomplexität zur Verbesserung der Mobilität virtueller Maschinen Unterstützung neuer Hardwaretechnologien Bessere Verwaltung, größere Kontrolle und bessere Erweiterungsmöglichkeiten In hohem Maße verfügbare und widerstandsfähige Netzwerk-Services Services dauerhaft am Laufen halten und Service Level Agreements (SLAs) erfüllen Auswirkungen schwankender Netzwerkperformance minimieren Verwaltung komplexer Netzwerklösungen Maximierte Nutzung der Ressourcen einer Mehrinstanzenumgebung Vorbereitung auf Hardware der nächsten Generation

21 3/28/2017 Netzwerk Benutzer auf direktem Wege mit IT-Ressourcen verbinden Effiziente Verwaltung von Rechenzentren und Private Clouds Möglichkeit, Ihre Infrastruktur mit Public Cloud Services zu verbinden HERAUSRAGENDE NETZWERK-FEATURES, DIE DIE ANFORDERUNGEN VON KUNDEN ERFÜLLEN NIC-Teaming Netzwerk- virtualisierung Dynamic Host Configuration Protocol (DHCP) Server-Failover Single Root I/O Virtualization (SR-IOV) Ressourcen- Messung Windows Server 2012 Networking has many new features and enhancements at its core. To show you some of these and their value to your organization lets walk through a number of them NIC Teaming NIC teaming allows you to grow bandwidth while also protecting the services hosted on the server from network or hardware outages. Aside from being vendor-neutral, the other advantage of using Windows Server 2012 to team network adapters is that it’s done through the operating system, therefore requires no installing and configuring special drivers and can support multiple teams that are all managed through the same management interface. Network Virtualization Network Virtualization extends the concept of server virtualization to permit multiple virtual networks, potentially with overlapping IP addresses, to be deployed on the same physical network. With Hyper‑V Network Virtualization, you can set policies that isolate traffic in your dedicated virtual network independently of the physical infrastructure for fully secure and isolated multi-tenancy. Network Virtualization also provides IP Portability, and the ability for you to move Virtual Machines across physical subnets without changing your address space. You VM’s can keep there IP address whether moving across servers, racks, buildings, geographies or even to the cloud – no more need to reconfigure complex VLANs or adjust your address space to suite the destination environment. DHCP server failover Windows Server 2012 scans, isolates, and responds to unexpected server problems by supporting the Dynamic Host Configuration Protocol (DHCP) failover protocol as described in the Internet Engineering Task Force (IETF) Internet Draft. Through this protocol, the DHCP Server Failover feature enables two DHCPv4 servers to synchronize lease information almost instantly and to provide high availability of DHCP service. If one of the servers becomes unavailable, the other server assumes responsibility for servicing clients for the same subnet. SR-IOV Windows Server 2012 adds the ability to assign SR-IOV functionality from physical devices directly to virtual machines. This gives VMs the ability to bypass the software-based Hyper-V Virtual Switch, and directly address the NIC. As a result, CPU overhead and latency is reduced, with a corresponding rise in throughput. SR-IOV works in conjunction with system chipset support for virtualization technologies that provide remapping of interrupts and Direct Memory Access (DMA) and lets SR-IOV-capable devices be assigned directly to a virtual machine. Hyper‑V in Windows Server 2012 Beta enables support for SR‑IOV–capable network devices and lets an SR‑IOV virtual function of a physical network adapter be assigned directly to a virtual machine. Resource Metering Windows Server 2012 Hyper‑V introduces Resource Metering, a technology that helps you track historical data of the use of virtual machines. With Resource Metering, you can gain insight into the resource use of specific servers. You can use this data to perform capacity planning, to monitor consumption by different business units or customers, or to capture data needed to help redistribute the costs of running a workload. You could also use the information that this feature provides to help build a billing solution, so that customers of your hosting Dynamic Virtual Machine Queue Virtual machine queue (VMQ) is a feature available to computers that have VMQ- capable network hardware. VMQ uses hardware packet filtering to deliver packet data from an external virtual machine network directly to virtual machines, which reduces the overhead of routing packets and copying them from the management operating system to the virtual machine. With VMQ, a dedicated queue is established on the physical network adapter for each virtual network adapter that has requested a queue. As packets arrive for a virtual network adapter, the physical network adapter places them in that network adapter’s queue. When packets are indicated up, all the packet data in the queue is delivered directly to the virtual network adapter. Packets arriving for virtual network adapters that don’t have a dedicated queue, as well as all multicast and broadcast packets, are delivered to the virtual network in the default queue. The virtual network handles routing of these packets to the appropriate virtual network adapters as it normally would. IP Address Management (IPAM) IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name Service (DNS). IPAM includes components for: Automatic IP address infrastructure discovery: IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM. Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that can be used to further organize IP address space into hierarchical, logical groups. Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking using DHCP lease events and user logon events collected from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name. Monitoring and management of DHCP and DNS services: IPAM enables automated service availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available using the IPAM console. Quality of Service (QoS) QoS is a set of technologies for managing network traffic in a cost effective manner, to enhance user experiences in enterprise environments, as also in home and small offices. QoS technologies allow you to measure bandwidth, detect changing network conditions (such as congestion or availability of bandwidth), and prioritize or throttle traffic. For example, you can use QoS to prioritize traffic for latency-sensitive applications (such as voice or video), and to control the impact of latency-insensitive traffic (such as bulk data transfers). For network administrators, QoS in Windows Server 2012 is designed to help manage network traffic on the physical network and on the virtual network. Policy-based QoS is designed to manage traffic on the physical network. And a new functionality in QoS, referred to in this document as Hyper-V QoS, is designed to manage traffic on the virtual network. BranchCache BranchCache is a wide area network (WAN) bandwidth optimization technology. To optimize WAN bandwidth when users access content on remote servers, BranchCache copies content from your main office or hosted cloud content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN. At branch offices, content is stored either on servers that are configured to host the cache or, when no server is available in the branch office, on client computers that are running Windows 8 or Windows 7. After a client computer requests and receives content from the main office and the content is cached at the branch office, other computers at the same branch office can obtain the content locally rather than downloading the content from the content server over the WAN link. When subsequent requests for the same content are made by client computers, the clients download content information from the server instead of the actual content. Content information consists of hashes that are calculated using chunks of the original content, and are extremely small compared to the content in the original data. Client computers then use the content information to locate the content from a cache in the branch office, whether the cache is located on a client computer or on a server. Client computers and servers also use content information to secure cached content so that it cannot be accessed by unauthorized users. BranchCache increases end user productivity by improving content query response times for clients and servers in branch offices, and can also help improve network performance by reducing traffic over WAN links. SMB Direct and Multichannel SMB Multichannel enables aggregation of network bandwidth and network fault tolerance if multiple paths are available between the SMB 3.0 client and the SMB 3.0 server. This enables server applications to take full advantage of all available network bandwidth and be resilient to a network failure. SMB Direct supports the use of network adapters that have RDMA capability and can function at full speed with very low latency, while using very little CPU. For workloads such as Hyper-V or Microsoft SQL Server, this enables a remote file server to resemble local storage. Dynamic Virtual Machine Queue (DVMQ) IP-Adress- verwaltung (IPAM) Quality of Service (QoS) BranchCache SMB Direct und SMB Multichannel

22 Hyper-V- Netzwerkvirtualisierung
3/28/2017 Hyper-V- Netzwerkvirtualisierung Vorteile Isoliert Netzwerkverkehr von verschiedenen Geschäftseinheiten auf einer gemeinsam genutzten Infrastruktur, ohne dass dazu VLANs (virtuelle private Netzwerke) erforderlich sind Ermöglicht vollständige Mobilität virtueller Maschinen, da sich diese innerhalb einer virtuellen Infrastruktur verschieben lassen, während ihre virtuellen Netzwerkzuordnungen erhalten bleiben Blaue virtuelle Maschine Orange virtuelle Maschine Blaues Netzwerk Oranges Netzwerk Virtualisierung Physisches Netzwerk Physischer Server Hyper-V Network Virtualization extends the concept of server virtualization to allow multiple virtual networks, potentially with overlapping IP addresses, to be deployed on the same physical network. With Hyper-V Network Virtualization, you can set policies that isolate traffic in your dedicated virtual network, independent of the physical infrastructure. This diagram illustrates how you can use Hyper-V Network Virtualization to isolate network traffic belonging to two different customers. In the figure, Blue and Red virtual machines are hosted on a single physical network, or even on the same physical server. However, because they belong to separate virtual networks, the Blue Network and the Red Network, the virtual machines can’t communicate with each other even if the customers assign them IP addresses from the same address space. Highlights: Location-independent addressing by virtualizing the IP address. Creation of virtual layer-2/layer-3 topologies over any physical network that supports bidirectional IP connectivity. A physical network that can be a hierarchical three-tier network, a full bi-section bandwidth Clos network, or a large layer-2 network. Virtual networks that can span multiple physical subnets and multiple sites. Servervirtualisierung Mehrere virtuelle Server laufen auf einem physischen Server Jede virtuelle Maschine verhält sich, als ob sie auf einem physischen Server laufen würden Netzwerkvirtualisierung Mehrere virtuelle Netzwerke laufen auf einem physischen Netzwerk Jedes virtuelle Netzwerk verhält sich, als ob es auf einem physischen Netzwerk laufen würde

23 3/28/2017 SMB 3.0 Direct SMB 3.0-Client SMB 3.0-Server Anwendung User- Mode Kernel- Mode SMB 3.0-Client SMB 3.0-Client Nutzt Netzwerkadapter, die Remote Direct Memory Access (RDMA) unterstützen, für: Höhere Geschwindigkeiten Geringere Latenz Senkung der CPU-Belastung Netzwerk mit RDMA- Unterstützung Netzwerk mit RDMA- Unterstützung NTFS SCSI SMB Direct is a new class of SMB file storage connectivity that allows RDMA- compliant network adapters to offload the network I/O processing from the CPU onto the NIC. Essentially, RDMA bypasses the network stack, allowing the adapter to approach full performance capacity, which is especially useful when accessing storage over a network since it offers a more direct path to the storage itself. SMB Direct can work with SMB Multichannel (something we talk about on the next slide) to deliver high-performance storage network capability with failover resiliency. However, because RDMA bypasses the network stack, it does not work with Windows Server NIC Teaming. Still, when dealing with storage network, MPIO and SMB MultiChannel are preferred over NIC Teaming anyway so this shouldn’t be a concern. Also worth a mention, RDMA compatibility is currently limited to InfiniBand, iWARP, and RoCE (RDMA over Converged Ethernet) as of this publication. R-NIC R-NIC R-NIC Remote Network Adapter (Remote-Netzwerkadapter) NTFS New Technology File System

24 SMB 3.0 Multichannel Failover Durchsatz Automatische Konfiguration
3/28/2017 SMB 3.0 Multichannel Einzelne 10 GbE RSS-fähige NIC Mehrere 1 GbE-NICs in einem LBFO-Team Mehrere 1 GbE-NICs Mehrere 10 GbE/IB RSS-fähige NICs Failover Implementiert eine durchgängige Fehlererkennung Kann das NIC-Teaming-Failovers vollständig nutzen, setzt dieses aber nicht voraus Durchsatz Aggregiert Bandbreite mit mehreren Netzwerkadaptern Nutzt mehrere CPUs zur Verarbeitung von Netzwerk-Interrupts mit einem einzelnen RSS- fähigen oder mehreren Netzwerkadapter(n) Automatische Konfiguration Erkennt und verwendet mehrere Netzwerkpfade zur Problembehandlung SMB-Server SMB-Client NIC 10 GbE Switch 10 GbE SMB-Server SMB-Client LBFO Switch GbE NIC 1 GbE SMB-Server SMB-Client Switch GbE NIC 1 GbE SMB-Server SMB-Client Switch GbE/IB NIC 10 GbE/IB In Server Message Block 3.0 (SMB 3.0), Windows Server 2012 introduces a set of new file server features that provide important improvements for server applications, such as Microsoft SQL Server and Hyper‑V, which are used to store data on file shares. One of the key new features is SMB 3.0 Multichannel. SMB 3.0 Multichannel allows aggregation of network bandwidth and network fault tolerance if multiple paths are available between the SMB 3.0 client and SMB 3.0 server. Server applications can then take full advantage of all available network bandwidth and be resilient to a network failure. To use SMB 3.0 Multichannel, one computer should be configured as the File Server (SMB 3.0 server) and the other as the File Client (SMB 3.0 client). SMB 3.0 automatically detects and uses multiple network connections by using any of the configurations illustrated in this diagram. SMB 3.0 automatically detects and uses multiple network connections if the following configurations are used: Single 10-gigabit Ethernet (GbE) network adapters. Each of the two computers is configured with a single 10-GbE network interface. Multiple 1-GbE network adapters in a team. Each of the two computers is configured with two 1-GbE network interfaces configured as an LBFO team. Each SMB 3.0 client network adapter communicates with an SMB 3.0 server network adapter by using its teamed interfaces. Multiple 1-GbE network adapters. Each of the two computers is configured with two 1-GbE network interfaces. Each SMB 3.0 client network adapter communicates with an SMB 3.0 server network adapter by using a different subnet. Multiple 10-GbE network adapters. Each of the two computers is configured with two 10-GbE network interfaces. Each SMB 3.0 client network adapter communicates with an SMB 3.0 server network adapter by using a different subnet. Multiple InfiniBand (IB) network adapters. Each of the two computers is configured with two InfiniBand network interfaces. Each SMB 3.0 client network adapter communicates with an SMB 3.0 server network adapter by using a different subnet.

25 Verwaltung und Automatisierung
3/28/2017 Verwaltung und Automatisierung

26 Kundenbedürfnisse und Herausforderungen
3/28/2017 Kundenbedürfnisse und Herausforderungen BEDÜRFNISSE HERAUSFORDERUNGEN Den steigenden Bedarf an kontinuierlichen, hochperformanten Diensten erfüllen Berechnungs-, Storage- und Netzwerkressourcen über ein breit gefächertes Rechenzentrums-Ecosystem hinweg Effizienzsteigerung für die Verwaltung von Servern bei gleichzeitiger Kostenkontrolle Mehr Flexibilität und Skalierbarkeit bei der Verwaltung von physischen und virtuellen Serverumgebungen (sowohl lokal als auch remote) bieten Die Möglichkeiten von Benutzern verbessern durch die Automatisierung weiterer Aufgaben und Serverabläufe Innerhalb von Budgetgrenzen arbeiten durch die Entwicklung eines standarisierten Ansatzes zur Verwaltung von Serverumgebungen

27 Verwaltung und Automatisierung
3/28/2017 Verwaltung und Automatisierung Verbesserte Verwaltungseffizienz Vereinfachte Bereitstellung und Virtualisierung Widerstandsfähige, einfach umzusetzende Automatisierung HERAUSRAGENDE VERWALTUNGS- UND AUTOMATISIERUNGS-FEATURES, DIE DIE ANFORDERUNGEN VON KUNDEN ERFÜLLEN Multiserver- Verwaltung Rollen- und Feature- Bereitstellung Integrierte Konsole 2.300 Cmdlets Unterbrochene Sitzungen Windows Server 2012 Management has many new features and enhancements at its core. To show you some of these and their value to your organization lets walk through a number of them Multiserver Management In Windows Server 2012, the capabilities of Server Manager have expanded considerably to facilitate multiserver tasks such as remote role and feature deployment to both physical and virtual servers, remote role and feature management, and custom server group creation. By using Server Manager, IT pros can now provision servers and offline virtual hard disks from their desktop without requiring either physical access to the system or Remote Desktop Protocol (RDP) connections to each server. Server Manager also helps administrators manage groups of servers collectively from within a single, integrated console, allowing them respond to business-critical problems with greater speed and agility. Server Manager can handle multiple servers in a server pool, and create server groups to organize them. The server grouping functionality resembles grouping functionality in Windows Server Update Services (WSUS), or the cloud service Windows Intune. Groups let you manage servers that are related by certain commonalities (such as location, function, Windows operating system release, or hardware type) as if they were a single unit. Role and feature deployment Windows Server 2012 can deploy both roles and features in a single session using the unified Add Roles and Features Wizard. The Add Roles and Features Wizard in Windows Server 2012 performs validation passes on a server that you select for deployment as part of the installation process; you don’t need to pre-verify that a server in your Server Manager server pool is properly configured to support a role. Administrators can deploy roles and features to remote servers and offline virtual hard disks from Server Manager on their local server. In a single session in the Add Roles and Features Wizard, you can add your desired roles and features to an offline virtual hard disk, allowing for faster and simpler repetition and consistency of desired configurations. Integrated Console Windows Server 2012 now has a fully integrated console that can Manage groups of servers collectively from within a single, integrated console, allowing you to respond to business-critical problems with greater speed and agility Generate status views for multiple servers after polling servers for operational statistics, including which roles and features are installed, events, service states, performance threshold alerts, and Best Practices Analyzer (BPA) scan results Access to over 2,400 PowerShell 3.0 cmdlets Windows PowerShell 3.0 provides many improvements that help manage a multiserver network. These features as a whole improve manageability through improved coverage, automation, resiliency, and simplicity including Workflows that run long-running activities (in sequence or in parallel) to perform complex, larger management tasks, such as multi-machine application provisioning. Using Windows PowerShell Workflow, IT Pros can run tasks (workflows) that are repeatable, parallelizable, interruptible, and recoverable (suspendable/resumable). Robust Session Connectivity, which allows session to automatically recover from network failures and interruptions. Disconnected Sessions, which allows you to disconnect from an active session, shut down the computer, and reconnect from a different computer without interrupting the task. Scheduled jobs that run regularly or in response to an event to deliver standardized "lights-out" operations. Commands that can be executed with a delegated set of credentials so users with limited permissions can run critical jobs. Simplified language syntax that make commands and scripts look a lot less like code and a lot more like natural language. Improved cmdlet discovery and automatic module loading that make it easier to find and run any of the cmdlets installed on your computer. Updatable Help through the new Update-Help cmdlet, which simplifies access to the most recent Help documentation. Show-Command, a cmdlet and ISE Add-On that helps users find the right cmdlet, view its parameters in a dialog box, and run it. Disconnected Sessions Windows PowerShell 3.0 lets you disconnect from and then reconnect to any session without losing state. Disconnected Sessions allows you to create a session, start a command or job on a remote computer, disconnect from the session, shut down your computer, and then reconnect to the session from a different computer at a later time to check the job status or get the results. When administrators are disconnected from the session, persistent commands and jobs continue to run. Windows PowerShell Workflow Windows PowerShell 3.0 goes beyond scripting and enables you to write workflows—long-running task sequences that are repeatable, parallelizable, interruptible, and restartable. Workflows are scripts written in the Windows PowerShell language, typically run from a client computer to gather data from or make changes to a few or hundreds of target computers. Workflows can be written in the Windows PowerShell language or in XAML and are executed by the Windows Workflow Foundation (WF) engine. Windows PowerShell Web Access Windows PowerShell Web Access (PowWA) is a new feature enabled by Windows Server 2012 that lets you to manage Windows servers by using Windows PowerShell within a web browser. The target machines you want to manage can be running any version of Windows that is enabled for PowerShell remoting. Windows PowerShell ISA The Windows PowerShell Integrated Scripting Environment (ISE) 3.0 includes many new features to ease beginning users into Windows PowerShell and provide advanced editing support for scripters. The following are some of the new features: Show-Command pane lets users find and run cmdlets in a dialog box. IntelliSense provides context-sensitive command completion for cmdlet and script names, parameter names and enumerated values, and property and method names. Code examples add reusable text to scripts and commands. The built-in code examples include templates for functions, parameters, and statements so that users don’t have to remember the syntax. Collapsible regions in scripts and XML files make navigation in long scripts easier. Script Sharing Windows PowerShell 3.0 helps IT professionals by providing access to a community- generated library of Windows PowerShell code snippets, called Integrated Script Snippets, within Windows PowerShell ISE. To access Integrated Script Snippets, the user presses the keystroke (Ctrl-J). The user can then select from a list of script templates, select the appropriate template, and have partially completed script inserted into the editor. By default ISE ships with twelve script snippets to ease creating the commonly used programming syntax patterns. Syntax Simplification and IntelliSense Windows PowerShell 3.0 includes simplified, consistent syntax across all cmdlets. The ForEach-Object and Where-Object cmdlets have been updated to support an intuitive command structure that more closely models natural language. Users are able to construct commands without script block, braces, the current object automatic variable ($_), or dot operators to get properties and methods. In short, the “punctuation” that plagued beginning users is no longer required. Windows PowerShell Workflow Windows PowerShell Web Access Windows PowerShell Integrated Scripting Environment (ISE) Script-Sharing Syntax- Vereinfachung und IntelliSense

28 Standard-basierte Verwaltung
3/28/2017 Standard-basierte Verwaltung Windows Management Framework Vereinfacht die Verwaltung eines breit gefächerten Ecosystems Standard-APIs Standard- Protokolle Standard- Modelle The first stop in these scenarios is the Standards based management approach that Windows Server 2012 has adopted. Leveraging the Windows Management framework we can simply the management of a diverse datacenter ecosystem by adopting standardized models, protocols and APIs to make managing and automating datacenter components easier and more efficient.

29 Windows PowerShell 3.0 Hauptmerkmale Breitere Abdeckung
3/28/2017 Windows PowerShell 3.0 Hauptmerkmale Breitere Abdeckung Umfangreichere Verwaltung durch mehr als Cdmlets Mehr Widerstandsfähigkeit Robuste Sitzungs-Konnektivität Unterbrochene Sitzungen Sitzungskonfigurationsdateien Job-Scheduling Windows PowerShell Web Access Intuitiver Integrated Scripting Environment 3.0: Syntaxvereinfachung | IntelliSense | Wiederverwendbarer Text in Code-Beispielen Cdmlet-Entdeckung und Modul-Autoloading Aktualisierbare Hilfe Script-Sharing Windows PowerShell 3.0 provides many improvements that help manage a multiserver network. These features as a whole improve manageability through improved coverage, automation, resiliency, and simplicity. Workflows that run long-running activities (in sequence or in parallel) to perform complex, larger management tasks, such as multi-machine application provisioning. Using Windows PowerShell Workflow, IT Pros can run tasks (workflows) that are repeatable, parallelizable, interruptible, and recoverable (suspendable/resumable). Robust Session Connectivity, which allows session to automatically recover from network failures and interruptions. Disconnected Sessions, which allows you to disconnect from an active session, shut down the computer, and reconnect from a different computer without interrupting the task. Scheduled jobs that run regularly or in response to an event to deliver standardized "lights-out" operations. Commands that can be executed with a delegated set of credentials so users with limited permissions can run critical jobs. Simplified language syntax that make commands and scripts look a lot less like code and a lot more like natural language. Improved cmdlet discovery and automatic module loading that make it easier to find and run any of the cmdlets installed on your computer. Updatable Help through the new Update-Help cmdlet, which simplifies access to the most recent Help documentation. Show-Command, a cmdlet and ISE Add-On that helps users find the right cmdlet, view its parameters in a dialog box, and run it. Höhere Performance „On-the-fly“-Kompilation ‒ bis zu 6 mal schneller Windows PowerShell Workflow

30 Web- und Anwendungsplattform
3/28/2017 Web- und Anwendungsplattform

31 Kundenbedürfnisse und Herausforderungen
Every App, Any Cloud Scalable and Elastic Application Platform Overview Windows Server 2012 Kundenbedürfnisse und Herausforderungen BEDÜRFNISSE HERAUSFORDERUNGEN Skalierbare und sichere Workloads bereitstellen, die den vereinbarten Service-Level liefern Steigerung der Website-Dichte durch eine sicherere Isolation von Mandanten Begrenzung des Ressourcenverbrauchs und Bereitstellung eines Ressourcen-Sandboxing mit Messfunktionen Verwendung und Erstellung von Tools und Frameworks für Anwendungen der nächsten Generation, einschließlich Open-Source-Tools Optimale Verwaltung von Webanwendungen und Ressourcen Flexible und dynamische Rechenzentren standortübergreifend betreiben Entwicklerkompetenzen und –trainings weiterverwenden Vorhandene Investitionen und Infrastrukturen schützen und vorteilhaft nutzen Den steigenden Bedarf nach kontinuierlich verfügbaren Services erfüllen In addition to the rapid growth of the Internet, more and more enterprise applications are moving to a web model. However, servers are still critical to the business because of the applications organizations run on them, from to accounting to line-of-business applications. Key business drivers that call for an open web and application platform include: Managing web applications and resources optimally Operating flexible and dynamic datacenters across premises Reusing development skills and training Protecting and gaining leverage from existing investments and infrastructure Scaling on demand Windows Server is an open application and web platform for the datacenter and the cloud.

32 Web- und Anwendungsplattform
3/28/2017 Web- und Anwendungsplattform Standortübergreifende Erstellung und Bereitstellung von Anwendungen der nächsten Generation Webanwendungen skalieren und Ressourcen optimal verwalten Entwicklungskompetenzen und Fachkenntnisse wiederverwenden HERAUSRAGENDE FEATURES DER WEB- UND ANWENDUNGSPLATTFORM, DIE DIE ANFORDERUNGEN VON KUNDEN ERFÜLLEN Server Name Indication (SNI) Non-Uniform Memory Architecture (NUMA) Zentralisierter SSL-Speicher Anwendungs- initialisierung CPU Throttling Windows Server 2012 Web and Application Platform has many new features and enhancements at its core. To show you some of these and their value to your organization lets walk through a number of them Server Name Indication (SNI) On Windows Server 2012, IIS supports Server Name Indication (SNI), which is a TLS extension to include a virtual domain as a part of SSL negotiation. What this effectively means is that the virtual domain name, or a hostname, can now be used to identify the network end point. In addition, a highly scalable WebHosting store has been created to complement SNI. The result is that the secure site density is much higher on Windows Server 2012 and it is achieved with just one IP address. It should be noted that in order for this feature to be used, your client browsers have to support SNI. Most modern browsers support SNI; however, Internet Explorer (of any version) on Windows XP does not support SNI. Non-Uniform Memory Architecture (NUMA) Internet Information Services (IIS) on Windows Server 2012 is NUMA-aware and provides the optimal configuration for the IT administrators. Following section describes the different configuration options to achieve the best performance with IIS 8.0 on NUMA hardware. IIS supports following two ways of partitioning the workload: Run multiple worker processes in one application pool (i.e. web garden). If you are using this mode, by default, the application pool is configured to run one worker process. For maximum performance, you should consider running the same number of worker processes as there are NUMA nodes, so that there is 1:1 affinity between the worker processes and NUMA nodes. This can be done by setting "Maximum Worker Processes" AppPool setting to 0. In this setting, IIS determines how many NUMA nodes are available on the hardware and starts the same number of worker processes. Run multiple applications pools in single workload/site. In this configuration, the workload/site is divided into multiple application pools. For example, the site may contain several applications that are configured to run in separate application pools. Effectively, this configuration results in running multiple IIS worker processes for the workload/site and IIS intelligently distributes and affinitizes the processes for maximum performance. Centralized SSL store On Windows Server 2012, the Centralized SSL Certificate Support feature allows the server administrators to store and access the certificates centrally on a file share. Similar to Shared Configuration feature introduced in Windows Server 2008, the Windows Servers in a server farm can be configured to load the certificates from the file share on-demand. With this feature, the management experience of SSL bindings is much simplified. When it comes to SSL, the DNS name and CN name of the certificate must match. Similar contract can be further extended to the file names of the certificates. For example, would use the certificate with a file name This contract enables Windows Server 8 to have just one SSL binding, regardless of the number of secure sites that are using this feature. The corresponding certificate is inferred by the SNI value or hostname of the requested web site, and by matching it to the file name of the certificate. Application Initialization The IIS 8.0 Application Initialization feature enables website administrators to configure IIS 8.0 to proactively perform initialization tasks for one or more web applications. While an application is being initialized, IIS 8.0 can also be configured to return static content as a placeholder or "splash page" until an application has completed its initialization tasks. The Application Initialization feature is configured through a combination of global and application-specific rules that tell IIS 8.0 how and when to initialize web applications. The Application Initialization feature also supports integration with the IIS Url Rewrite Module to support more complex handling of placeholder content while an application is still initializing. CPU throttling On Internet Information Services (IIS) on Windows Server 2012, the sand-box is scoped to an IIS application pool. It offers both security boundaries at the Windows process level by running each tenant in separate user identity and the resource limitations are also enforced at the process. On Windows Server 2012, IIS CPU Throttling feature enables customers to truly limit how much CPU each tenant can consume as a percentage of CPU. Furthermore, this feature is configurable per IIS application pool, which means each tenant could have different limits, which can lead to a new business model in which tenants can pay more for higher limits. It is important to clarify that IIS CPU Throttling is not a reservation of a CPU resource. Rather it is a way to limit the maximum usage. Dynamic FTP and IP restrictions Dynamic IP Restrictions provides IT Professionals and Hosters a configurable module that helps mitigate or block Denial of Service Attacks or cracking of passwords through Brute-force by temporarily blocking Internet Protocol (IP) addresses of HTTP clients who follow a pattern that could be conducive to one of such attacks. This module can be configured such that the analysis and blocking could be done at the Web Server or the Web Site level. Shared configuration Web farms and server clusters have become a standard in helping to deliver highly scalable, available, and manageable applications by distributing load. More specifically, these application attributes are the main reasons behind Web farms and load balancing. By using a Web farm, an organization can provide a scalable way to increase the capacity of the user base that accesses the application and its resources concurrently. Shared centralized global configuration feature helps support homogeneous Web farms where servers share the same configuration across a server group. By using a UNC share, any changes to a central master configuration file will propagate across different servers without extra tools or programmatic support. Embraces web standards Windows Server 2012 provides an open web platform that gives organizations enormous flexibility in deploying and maintaining web solutions. Windows Server 2012 and Internet Information Services 8 are a solid platform for both open source web stacks and ASP.NET, so developers now can choose freely from programming stacks such as PHP and ASP.NET. Configuration Editor Configuration Editor is an IIS Manager feature that will let you managed any configuration section available in your configuration system. Configuration Editor allows you to use IIS Manager to make changes to any section, attribute, element, or collection in IIS configuration files, while providing the ability to control modifications to configuration files by placing or removing locks. To help automate configuration tasks, Configuration Editor also gives administrators the ability to generate scripts based on the actions taken in Configuration Editor. Common development platform A single set of development tools that supports a hybrid environment is complemented by the rich and comprehensive experience of using Visual Studio. With this common toolset, developers can create on-premises, cloud-based, or hybrid applications from within a unified Windows development environment that includes common workflows and rules across web, application, and datacenter tiers. Dynamische FTP- und IP- Einschränkungen Gemeinsam verwendete Konfiguration Bezieht Web- Standards ein Konfigurations- Editor Gemeinsame Entwicklungs- plattform

33 3/28/2017 Mandanten-Websites mit hoher Dichte Windows Server 2012 Internet Information Services Windows Server 2012-Features, die eine mandantenfähige Umgebung und ihre Verwaltung ermöglichen: Server Name Indicator (SNI) Unterstützung für zentralisierte SSL-Zertifikate Einschränkung von FTP-Anmeldeversuchen Dynamische IP-Einschränkung Konfigurations-Editor NUMA-fähige Skalierbarkeit IIS CPU Throttling Anwendungsinitialisierung Herausforderungen für Hosting-Provider in einer mandantenfähigen Umgebung Isolation und Sicherheit Skalierbarkeit Zentralisierte Unterstützung Vereinfachte Verwaltung Erweiterbarkeit Windows Server 2012 Multitenancy is the term that describes when a single instance of software serves dozens or hundreds of users or customers simultaneously. A tenant is any application—either inside or outside the enterprise—that needs its own secure and exclusive virtual computing environment. Multitenancy is much more efficient than the older server-hosting model, where the ratio of server to customer is 1:1. Challenges in a multitenant environment: Isolation and security: One of the frequent concerns from a customer perspective is whether data is secure. Often, additional design and development related to the product and database is required to keep sensitive data safe, because the data all resides in the same database in different schemas. A second concern is isolation between tenants. Scalability: It is not easy to scale up suddenly to managing your own data center, servers, and the hiring of people associated with the SaaS infrastructure. Centralized support: The resource-sharing mechanism to reduce the hardware, software, and management cost of each tenant. Simplified management: The customization mechanism to support a tenant-specific user interface, access control, process, and data model through configuration approaches. Extensibility: Giving each tenant its own database makes it easier to extend the application's data model (discussed later) to meet tenants' individual needs, and restoring a tenant's data from backups in the event of a failure is a relatively simple procedure. Unfortunately, this approach tends to lead to higher costs for maintaining equipment and backing up tenant data. Hardware costs are also higher than they are under alternative approaches, as the number of tenants that can be housed on a given database server is limited by the number of databases that the server can support. Gemeinsam genutzte Infrastruktur Mandant A Mandant B Mandant N SQL NS

34 Every App, Any Cloud Scalable and Elastic Application Platform Overview Windows Server 2012 ECOSYSTEM UND ERWEITERBARKEIT Erstellung symmetrischer und hybrider Anwendungen zum Einsatz on-premises und in der Cloud Programmier-symmetrie Nutzung derselben Entwicklungstools für Windows Server 2012 und Windows Azure Vorteile Schulungskosten reduzieren und von vorhandenen Kenntnissen der Entwickler profitieren Auf ein großes Ecosystem von Partnern und Lösungsangeboten zurückgreifen können Anwendungen erstellen, die auf den Plattformen laufen, die sich jeweils am besten eignen Gemeinsame Entwicklungstools Bietet Microsoft .NET-Entwicklern ein umfangreiches Programmiererlebnis sowie eine vollständige Umgebung zur Erstellung von Cloud-übergreifenden Anwendungen Windows Server 2012 provides the flexibility to build symmetrical and hybrid applications on-premises and in the cloud Programming symmetry between on-premises and cloud environments provides the ability to use the same development model for Windows Server 2012 and Windows Azure. With programming symmetry, developers can work in a single, unified environment to build solutions that can focus on either Windows Server or the Windows Azure cloud platform. These programming tools can be used across web, application, and datacenter tiers for locally deployed applications and for private and public cloud solutions. Common development tools. Microsoft Visual Studio and Microsoft Team Foundation Server provide a rich development experience and offer to .NET developers a complete environment to build cloud and on-premises applications.

35 Virtual Desktop Infrastructure (VDI)
3/28/2017 Virtual Desktop Infrastructure (VDI)

36 Kundenbedürfnisse und Herausforderungen
Every App, Any Cloud Scalable and Elastic Application Platform Overview Windows Server 2012 Kundenbedürfnisse und Herausforderungen BEDÜRFNISSE HERAUSFORDERUNGEN Schutz vor dem Verlust sensitiver Unternehmensdaten und Daten-Lecks Den für die Bereitstellung neuer Anwendungen und Updates erforderlichen Kosten- und Zeitaufwand reduzieren Desktops und Anwendungen leicht und zentral administrieren und verwalten Den Bandbreitenverbrauch von Remotebenutzern reduzieren Benutzern den Zugriff auf Unternehmensanwendungen und –daten von unverwalteten Geräten und Standorten aus ermöglichen Anforderungen von Benutzern und Unternehmens- Compliance ausbalancieren

37 Virtual Desktop Infrastructure
3/28/2017 Virtual Desktop Infrastructure Zugriff von praktisch überall aus, mit beliebigen Geräten Volles Windows-Erlebnis ‒ überall Erweiterte Datensicherheit und Compliance HERAUSRAGENDE VDI-FEATURES, DIE DIE ANFORDERUNGEN VON KUNDEN ERFÜLLEN Vereinfachte Benutzerverbindung Benutzerprofil- festplatten „Fair Share“-Sitzungs- virtualisierung Intelligentes Patching Remotedesktop- dienste-SmartCache Windows Server 2012 VDI has many new features and enhancements at its core. To show you some of these and their value to your organization lets walk through a number of them Simplified User Connection The file type association is used to assign the file association on the client device to the associated RemoteApp program. To configure the file type association for a published RemoteApp program, you must first ensure that the default connection URL is configured in the appropriate Group Policy setting. After the default connection URL is configured, you can change the file type associations of a published RemoteApp program by using Server Manager. User Profile Disks Windows Server 2012 solves the problem of lost settings and application cache data with the new User Profile Disks. A User Profile Disk is created for each user and applies to a specific virtual machine pool or session collection. The User Profile Disk stores user personalization and application cache data so that they are maintained across user logon sessions. When the user logs on to a session or within a pooled virtual machine, the User Profile Disk is mounted and user personalization is quickly made available. Users benefit from faster startup times and personalization even within the shared environment of a virtual machine pool or session. Fair Share session virtualization To provide a predictable user experience in Windows Server 2012 and help ensure that one user doesn’t negatively impact the performance of another user’s session, the following features are enabled by default on RD Session Host servers. Network Fair Share dynamically distributes available bandwidth across sessions based on the number of active sessions, to enable equal bandwidth use. Disk Fair Share prevents sessions from overusing disks by providing equal distribution of disk I/O among sessions. CPU Fair Share dynamically distributes processor time across sessions based on the number of active sessions and their loads. Intelligent Patching Intelligent patching simplifies the process of updating both pooled and personal virtual machines with little impact on resource use or bandwidth. Administrators face several obstacles when patching many virtual machines in a pooled or personal virtual machine deployment. With intelligent patching in Windows Server 2012, you can patch virtual machine images in large deployments more easily and efficiently in an orchestrated way to reduce downtime and maintain high levels of productivity. In Windows Server 2012, the administrator can manage application installations and security updates for virtual desktops in a pooled virtual desktop collection by using built-in tools. You merely apply application installation and security updates to the master virtual machine image, and then all virtual desktops in the pooled collection are switched with the master image. RDS SmartCache Remote Desktop Services Smart Cache lets you deploy pooled virtual machine collections by using inexpensive and available DAS for client virtual machines, with affordable SMB shared storage for the master image virtual hard disk. You deploy the master image virtual hard disk on an SMB share that’s accessible from the virtual machine deployment server. Then, when you create a new pooled virtual machine, the image is streamed from the SMB shared system to the local disk or DAS. To minimize deployment time, the essential components of the operating system are brought into memory first, so that the virtual machine can start while the remaining copy operation continues in the background. This deployment method also takes advantage of dynamic placement to balance the load on virtual machines and host servers. Quick VDI Wizard Server Manager provides access to new deployment wizards that make it easier to deploy almost everything you need based on your desired scenario. You can choose either a session virtualization or VDI deployment, and the scenario-based installation installs the required role services to support it. In Windows Server 2012, administrators have an easier and more cost effective way to quickly deploy and manage virtual desktop, session-based, or RemoteApp collections from one management console. Remote users benefit from a local- like, personalized experience, and network and processor optimizations. Concurrent Redirection The system tracks the number of user sessions on each Session Host server in the farm, and redirects users who do not have an existing session to the server with the fewest sessions. This functionality enables you to evenly distribute the session load between servers in a load-balanced Session Host server farm. The system also keeps track of user sessions in a load-balanced Session Host server farm. The database stores session state information that includes session IDs, their associated user names, and the name of the server where each session resides. When a user with an existing session connects to a Session Host server in the load-balanced farm, the system redirects the user to the Session Host server where their session exists. This prevents the user from being connected to a different server in the farm and starting a new session. RemoteFX Adaptive Graphics RemoteFX Adaptive Graphics provides graphics processing that enables better delivery of virtual desktop and RemoteApp programs with Aero and 3D experience across various networks, including those in which bandwidth is limited and latency is high. The following are some of the key components that enable RemoteFX Adaptive Graphics: RemoteFX graphics processing pipeline. RemoteFX progressive download. Aero and 3D experience that uses the Microsoft basic render driver. By default, the RemoteFX graphics processing pipeline adaptively determines the optimal RDP experience level based on available bandwidth and server resource availability. RemoteFX over WAN To support VDI, Remote Desktop Services sessions, or RemoteApp sessions over WANs, Remote Desktop Services must be able to adapt to different network conditions and be quick and responsive. RDP RemoteFX for WAN in Windows Server 2012 responds to this challenge by including optimizations for low-bandwidth, high-latency connections. To help achieve this, RDP adds the following improvements: User Datagram Protocol (UDP). Forward error correction (FEC). Network auto-detect. Dynamic transport detection. Congestion control. Windows Server 2012 includes several improvements to provide a better experience for remote users who connect through a USB-based device, such as a USB flash drive, to the local, physical client device. Users see the device within the remote session; the USB device, desktop, and applications all appear as local, integrated resources, which creates a unified experience. Windows Server 2012 also introduces Multi Touch and gesture remoting with support for up to ten simultaneous touch inputs. This enables users to use the new breed of touch-enabled and gesture-enabled applications in remote desktop environments. VDI-Schnellstart- Assistent Gleichzeitige Umleitung Adaptive RemoteFX-Grafik RemoteFX über WAN RemoteFX USB- Umleitung und Multitouch

38 Vereinfachte, funktionsreiche VDI
3/28/2017 Vereinfachte, funktionsreiche VDI Unternehmens- Standort Microsoft VDI: Auf Basis der Remotedesktopdienste Desktop- Sitzungen Gepoolte virtuelle Maschinen Persönliche virtuelle Maschinen Vorteile Reichhaltiges Benutzer- erlebnis mit RemoteFX Einfach bereitzustellen, auf direktem Wege zu verwalten Außergewöhnlicher Mehrwert durch eine hochperformante VDI zu niedrigen Kosten Zweigstelle 1 Plattform | 1 Erlebnis | 3 Optionen der Bereitstellung FIREWALL Virtual Desktop Infrastructure (VDI) technologies in Windows Server 2012 offer three flexible VDI deployment options: Pooled Desktops, Personal Desktops, and Remote Desktop Sessions (formerly Terminal Services). Your IT professionals can customize a mix of deployment scenarios to meet your organization’s needs and manage all of them from one unified console. Built on Hyper-V and Remote Desktop Services, VDI offers: Simplified installation and configuration One centralized management console RemoteFX for WAN improvements Windows Server 2012 makes it easier to deploy virtual desktops by providing administrators with the flexibility to choose from the two common options for virtual machine deployments. Pooled virtual machine collections Customers can choose to deploy VDI through virtual machine pools. In this model, a single master image is shared by all users in the virtual machine pool. The changes made by each user during a session are stored in a transient virtual hard disk that’s discarded when the user logs off. The main advantage of this model is that there’s a single image to manage, which reduces storage requirements and simplifies management, thereby reducing costs of deployment. In Windows Server 2012, the entire model of deploying a pooled virtual machine collection is transparent to the administrator. The single-image management and administration is natively supported and the whole process is simplified for ease of deployment. Personal virtual machine collections Personal virtual machines are based on a master virtual machine. Windows Server automates the rollout process by copying the master image for each instance of the personal virtual machine. Once the initial rollout is completed, virtual machines are maintained as if they’re physical machines and can be managed using Windows Server Update Services (WSUS) and Microsoft System Center Configuration Manager (Configuration Manager). WSUS and Configuration Manager add-ons from VDI are available for customers to manage these virtual machines. Bibliothek/ Cafe Zuhause

39 RemoteFX Umfangreiches Remote-Erlebnis mit Windows Server 2012
3/28/2017 RemoteFX Umfangreiches Remote-Erlebnis mit Windows Server 2012 RemoteFX-Grafikarchitektur im Überblick Anwendungen und Desktop Windows Modern UI und –Anwendungen (HTML, XAML, Nativ) Adaptive RemoteFX- Graphik RemoteFX für WAN RemoteFX USB-Umleitung Modern UI- Remotedesktop- Anwendung RemoteFX Media- Remoting RemoteFX-Multitouch RemoteFX vGPU Adaptive RemoteFX-Grafik RemoteFX Intelligentes Caching RemoteFX Media- Remoting RemoteFX Progressive- Rendering Optimierte Text-Codecs von RemoteFX RemoteFX Calista-Codec RemoteFX now includes the following new features and enhancements, which enable fast and fluid remoting of the full Windows Metro Style UI across a wide range of networks: RemoteFX Adaptive Graphics RemoteFX for WAN RemoteFX Media Remoting RemoteFX Multitouch RemoteFX USB Redirection Metro-style Remote Desktop app Choice of software or physical graphics processing unit (GPU) or virtual GPU (vGPU) for virtual machines Available for sessions, virtual machines, and physical machines Broad range of Windows clients supported With today’s modern workforce, clients frequently need to connect from branch offices, homes, or hotels over low-bandwidth connections. To support VDI, Remote Desktop Services sessions, or RemoteApp sessions over WANs, RDP must be able to adapt to different network conditions and be quick and responsive. RDP in Windows Server 2012 solves these problems by including optimizations for low-bandwidth, high- latency connections. To help achieve this, the following improvements have been added: User Datagram Protocol (UDP). RDP in Windows Server 2012 intelligently chooses between TCP and UDP transports, depending on the content type and quality of the connection. When Remote Desktop is enabled on a computer, UDP for port 3389 is automatically enabled in the Windows Firewall. For enhanced performance, verify that this port is enabled on your network. Network auto-detect. Windows Server 2012 RDP detects end-to-end network speed by measuring latency, maximum bandwidth, and packet loss, and then it adjusts the type of connection and the data transfer based on the available bandwidth. Dynamic transport detection. RDP uses dynamic transport detection to select the most appropriate transport to communicate with the client. The system first tries using UDP as the transport mechanism. If that fails, it automatically switches to TCP, to use the most appropriate transport to achieve the best user experience. Congestion control. RDP employs congestion control to prevent loss of packets and recover quickly from transmission gaps, avoiding further delays. This helps maintain the necessary flow of data to the client to provide a seamless experience over an RDP connection. Windows Server 2012 includes several improvements to provide a more seamless experience for users connecting a USB-based device such as a USB flash drive to the local, physical client device. Users then see the device within the remote session. To the user, the USB device, desktop, and applications all appear as local, integrated resources, creating a unified experience. RemoteFX-Protokoll-Encodierung RemoteFX für WAN-Transport RemoteFX für WAN

40 3/28/2017 Identität und Zugriff

41 Kundenbedürfnisse und Herausforderungen
Every App, Any Cloud Scalable and Elastic Application Platform Overview Windows Server 2012 Kundenbedürfnisse und Herausforderungen BEDÜRFNISSE HERAUSFORDERUNGEN Verschiebung in die Cloud Consumer-getriebene Belegschaft Wachstum und Verteilung von Daten auf exponentiellen Niveau Compliance mit behördlichen und Branchenbestimmungen Infrastruktur fit machen für die Private Cloud Die Verwaltbarkeit der Infrastruktur aufrecht erhalten Die Datensicherheit bewahren Ansprüche von Endbenutzern nach einer flexiblen Arbeitsweise erfüllen As IT organizations evolve to meet new challenges, identity and access solutions within Windows Server 2012 have been enhanced to help IT build solutions to support the Modern Workstyle.

42 Identität und Zugriff Support for the latest standards.
3/28/2017 Identität und Zugriff Schutz von Unternehmensressourcen Datenzugriffsverwaltung und -schutz Vereinfachte Bereitstellung und Verwaltung von Identitätsinfrastrukturen HERAUSRAGENDE FEATURES FÜR IDENTITÄT UND ZUGRIFF Dynamische Zugriffssteuerung Klassifizierung DirectAccess Einfachere Active Directory- Bereitstellung Domain Name System- Sicherheitserweite rungen Windows Server 2012 Identity and Access has many new features and enhancements at its core. To show you some of these and their value to your organization lets walk through a number of them Dynamic Access Control Dynamic Access Control in Windows Server 2012 gives you new ways to control access to your data and achieve regulatory compliance. It provides next-generation authorization and auditing controls, along with data classification capabilities that allow organizations to apply information governance to unstructured data on their file servers. Specifically, Windows Server 2012 provides the following new and enhanced ways to control access to your files while providing authorized users the resources they need: Automatic and manual file classification (“tagging”). Central access control for information governance. Including access-denied remediation to troubleshoot problems accessing files and shares. File access auditing for forensic analysis and compliance. Classification-based encryption for sensitive Microsoft Office documents (as per below) Classification Protection of sensitive information is mainly about mitigating risk for the organization. Various compliance regulations, such as HIPAA or Payment Card Industry Data Security Standard (PCI-DSS), dictate encryption of information, and there are numerous business reasons to encrypt business sensitive information. However, encrypting information is expensive and might impair business productivity. Thus, organizations tend to have different approaches and priorities for encrypting their information. To support this scenario, Windows Server provides the ability to automatically encrypt sensitive Office files based on their classification. This is done through file management tasks that invoke RMS protection for sensitive Office documents a few seconds after the file is identified as being a sensitive file on the file server (continuous file management tasks). RMS encryption provides another layer of protection for files. Even if a person with access to a sensitive file inadvertently sends that file out through , the file is still protected by the RMS encryption. Any user who wants to access the file must first authenticate himself to an RMS server to receive the decryption key. Direct Access Direct Access feature was introduced with Windows Server 2008 R2 and Windows 7 Client computers. Direct Access overcomes the limitations of VPNs by automatically establishing a bi-directional connection from client computers to the corporate network so users never have to think about connecting to the enterprise network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN. Simpler Deployment of Active Directory AD DS deployment in Windows Server 2012 integrates all the required steps to deploy new domain controllers into a single graphical interface. It requires only one enterprise-level credential and can prepare the forest or domain by remotely targeting the appropriate operations master role holders. The new deployment process conducts extensive prerequisite validation tests that minimize the opportunity for errors that might have otherwise blocked or slowed the installation. The wizard is built on Windows PowerShell and is integrated with Server Manager. It is able to target multiple servers and remotely deploy domain controllers, resulting in a deployment experience that is simpler, more consistent, and less time-consuming. Domains Name System Security Extensions Domain Name System Security Extensions (DNSSEC) is a suite of additions to Domain Name Systems (DNS) that helps protect DNS traffic from attack. By validating a digital signature attached to each DNS response, the resolver can verify the authenticity of DNS data, even from an untrusted DNS server. Specifically, DNSSEC provides origin authority, data integrity, and authenticated denial of existence. Windows Server 2012 extends and simplifies your implementation of DNSSEC by providing: Support for the latest standards. Integration with Active Directory. Simpler deployment, which proceeds as follows: The phased process begins with signing DNS zones. After signing, validation of DNS responses is enabled on caching resolvers. Windows 7 and Windows Server clients have a set of options for establishing trust of the responses from the caching resolver. A “sign and forget” operation experience. Active Directory Virtualization AD DS has been successfully virtualized for several years, but features present in most hypervisors can invalidate strong assumptions made by the Active Directory replication algorithms—primarily, the assumption that the logical clocks used by domain controllers to determine relative levels of convergence only go forward in time. Windows Server 2012 includes improvements that enable virtual domain controllers able to detect when snapshots are applied or a virtual machine is copied. This new functionality is made possible by a virtual domain controller that uses a unique identifier exposed by the hypervisor, called the virtual machine GenerationID. The virtual machine GenerationID changes whenever the virtual machine experiences an event that affects its position in time. The virtual machine GenerationID is exposed to the virtual machine’s address space within its BIOS and is made available to its operating system and applications through a Windows Server 2012 driver. During boot and before completing any transaction, a Windows Server 2012 virtual domain controller compares the current value of the virtual machine GenerationID against the value that it stored in the directory. A mismatch is interpreted as a “rollback” event, and the domain controller employs AD DS safeguards that are new to Windows Server The safeguards allow the virtual domain controller to converge with other domain controllers and also prevent it from creating duplicate security principals. For Windows Server 2012 virtual domain controllers to gain this extra level of protection, the virtual domain controller must be hosted on a virtual machine GenerationID–aware hypervisor such as Windows Server Hyper‑V. Active Directory Cloning With previous versions of Windows Server, administrators found that deploying virtualized replica domain controllers can be as labor-intensive as deploying physical domain controllers. In theory, this should not be the case, because virtualization brings capabilities that can simplify deployment, and all domain controllers within the same domain/forest are almost identical, with the exception of name, IP address, and so on. However, with previous versions of Windows Server, deployment still involved many (redundant) steps, such as the following: Preparing and deploying the sysprep server image. Manually promoting a domain controller using over-the wire or install-from-media (IFM). Post-deployment configuration steps where necessary. With Windows Server 2012, deployment of cloned domain controllers is much easier. AD DS in Windows Server 2012 allows you to deploy replica virtual domain controllers by “cloning” existing virtual domain controllers. You can promote a single virtual domain controller by using the new domain controller promotion interface in Server Manager and rapidly deploy all additional virtual domain controllers, within the same domain, through cloning. The process of cloning involves creating a copy of an existing virtual domain controller; authorizing the source domain controller to be cloned in AD DS; and creating a configuration file that either contains detailed promotion instructions (name, IP address, Domain Name System [DNS] servers, and so on) or is left empty, allowing the system to automatically fill in the blanks. This dramatically reduces the number of steps and time involved by eliminating repetitive deployment tasks and also allows you to fully deploy additional domain controllers that are authorized and configured for cloning by the Active Directory domain administrator. Kerberos Constrained Delegation Experienced users of Windows Server know how Kerberos Constrained Delegation (KCD) can provide single sign-on (SSO) functionality. KCD allows end users to access both the Microsoft Forefront Unified Access Gateway (UAG) site, and the applications that are enabled through it, by using client-certificate authentication. This client-certificate authentication can be, for example, smart card authentication, Active Directory Federation Services (AD FS), or one-time passwords. When using KCD, end users authenticate to the site only once. In Windows Server 2012, the KCD authorization decision is moved to the resource owner. This supports cross- domain, cross-forest scenarios and no longer requires Domain Admin privileges. As a result, KCD in Windows Server 2012 privileges permits the back end to authorize which front-end service accounts can impersonate users against their resources. This improved sign-on functionality supports cross-domain, cross-forest scenarios, and no longer requires Domain Admin privileges, because the sign-on requires only administrative permission to the back-end service account. Private virtual LAN VLAN technology is traditionally used to subdivide a network and provide isolation for individual groups sharing a single physical infrastructure. Windows Server 2012 introduces support for PVLANs, a technique used with VLANs that provides isolation between two virtual machines on the same VLAN. When a virtual machine doesn’t need to communicate with other virtual machines, you can use PVLANs to isolate it from other virtual machines in your data center. To configure this scenario, you assign every virtual machine in a PVLAN one primary VLAN ID and one or more secondary VLAN IDs. You can put the secondary PVLANs into one of three modes. Isolated Isolated ports cannot exchange packets with each other at layer 2. Promiscuous Promiscuous ports can exchange packets with any other port on the same primary VLAN ID. Community Community ports on the same VLAN ID can exchange packets with each other at layer 2. These PVLAN modes determine whether a virtual machine can exchange packets with other virtual machines on the PVLAN. To isolate a virtual machine, you can place it in isolated mode. Multi-tenant security & isolation Windows Server 2012 provides multitenant security for customers on a shared infrastructure as a service (IaaS) cloud through the new Hyper‑V Extensible Switch. The Hyper‑V Extensible Switch is a layer‑2 virtual interface that provides programmatically managed and extensible capabilities to connect virtual machines to the physical network. With the shift to shared off-premises IaaS solutions, maintaining network isolation between the various tenants or customers is an increasingly difficult requirement. With Windows Server 2012, you can configure Hyper‑V servers to enforce network isolation among any set of arbitrary isolation groups, which are typically defined for individual customers or sets of workloads. Windows Server 2012 provides the isolation and security capabilities for multitenancy by offering the following new features: Multitenant virtual machine isolation through private virtual LANs (PVLANs). Protection from Address Resolution Protocol/Neighbor Discovery (ARP/ND) poisoning (also called spoofing). Protection against Dynamic Host Configuration Protocol (DHCP) snooping and DHCP Guard. Virtual port access control lists (ACLs). The capability to trunk traditional VLANs to virtual machines. Monitoring. Windows PowerShell/Windows Management Instrumentation (WMI). Active Directory- Virtualisierung Active Directory- Cloning Eingeschränkte Kerberos- Delegierung Private VLAN Mandanten- Sicherheit und -Isolation

43 Dynamische Zugriffssteuerung
3/28/2017 Dynamische Zugriffssteuerung 01 Verwaltung von Identitätsdaten Zugriffs-steuerung Zugriffs-überwachung Daten schützen Manuelles Tagging durch Inhaltseigentümer Automatische Klassifizierung (Tagging) Anwendungs-basiertes Tagging Zentrale Zugriffsrichtlinien basierend auf Datei-Tags Ausdrucksbasierte Zugriffsbedingungen mit Unterstützung für Benutzer- Claims, Geräte-Claims und Datei-Tags Zugriffsverweigerungs- Wartungs Zentrale Überwachungs- richtlinien können auf mehrere Dateiserver angewandt werden Ausdrucksbasierte Überwachungsbedingungen mit Unterstützung für f Benutzer-Claims, Geräte-Claims und Datei-Tags Richtlinien-Staging- Überwachungen zur Simulation von Richtlinienänderungen in einer realen Umgebung Automatischer Rights Management Services (RMS) –Schutz für Microsoft Office- Dokumente basierend auf Datei-Tags Schutz nahezu in Echtzeit, nachdem die Datei getaggt ist Erweiterbarkeit für nicht-Office RMS-Protektoren Windows Server 2012 enables information governance on file servers by providing a solution for implementing the major requirements of regulatory and business compliance. Organizations are now able to more easily identify or "tag" the data on their file servers so that they can then achieve three levels of security: 1) controlling access to that data through centralized access policies, 2) auditing and reporting on events that access or attempt to access the data, and 3) RMS encryption of Office documents so that the files are protected even if they leave the file server. Windows Server 2012 includes a feature set that allows you to: Bridge the gap between administrators and content owners by allowing content owners to tag their data Apply a central access policy so that the organization can control access to its data Provide access denied remediation when users cannot access their data Configure central audit policies to log access to information so that it can be analyzed for auditing and forensic analysis Further protect specific sensitive data by automatically applying RMS protection

44 DirectAccess Ermöglicht dynamischen Cloud-Zugriff
3/28/2017 DirectAccess Ermöglicht dynamischen Cloud-Zugriff Leichte Bereitstellung Assistent zur Expresseinrichtung Möglichkeit, mit vorhandenem Netzwerk-Equipment zu arbeiten Konnektivität zu IPv4- und IPv6- Servern Bereitstellungsmodus unterstützt nur die Remoteverwaltung von mobilen Computern Verbesserte Verwaltbarkeit Einheitliches Remotezugriff- Verwaltungserlebnis Reichhaltigeres Erlebnis für die Aktivitäts- und Statusüberwachung von Remoteclients Berichterstattungs- und Kontoführungsmöglichkeiten für Audit/Compliance-Zwecke Umfangreiche Windows PowerShell- Verwaltungsschnittstelle Erweiterte Problemlösungs-Tools Ermöglicht neue Szenarien Multistandort- und hybride Cloud Authentifizierung per Einmalkennwörter und Trusted Platform Module wird unterstützt Unterstützung der Provisioning für off-premises-Clients Bereitstellung von DirectAccess- Server hinter einem Network Address Translation (NAT) -Gerät Verbesserte Skalierbarkeit und Performance Unterstützung der Hochverfügbarkeit sowie für externe Load-Balancers Verbesserte Performance in virtualisierten Umgebungen Unterstützung für erheblich mehr Benutzer pro Server Increasing numbers of employees are working remotely, but they are still expected to maintain a high level of productivity. This expectation increases the need for remote users to have more secure remote access to corporate networks. DirectAccess establishes transparent connectivity to the corporate network every time a DirectAccess client computer connects to the Internet, even before the user logs on. It also lets administrators easily monitor connections and remotely manage DirectAccess client computers on the Internet. In brief, Windows Server 2012 includes following improvements over Windows Server Direct Access and RRAS features; Direct Access and RRAS coexistence In Windows Server 2008 R2, combining RRAS and Direct Access might cause some conflicts for the remote client connectivity. Since Direct Access relies on IPv6 and RRAS implements IKEv2 IPSEC, this results in Direct Access traffic being blocked if RRAS is installed and VPN access is deployed with IKEv2. Now in Window Server 2012, Direct Access and RRAS are combined within a new unified server role. Simplified Direct Access management for small and medium organization administrators One of the most important simplicity in Windows Server 2012 is removal of the need for a full PKI deployment. As you know that one major deployment blocker for Windows 7 Direct Access is the requirement of a Public Key Infrastructure (PKI) for server and client certificate-based authentication. Now in Windows Server 2012, client authentication requests are sent to a Kerberos proxy service running on the DA server. Then Kerberos proxy sends requests to domain controllers on behalf of the client. And also new getting started wizard which will be covered on next posts allows for an automated setup in a few simple steps. Built-in NAT64 and DNS64 support for accessing IPv4-only resources In Windows Server 2008 R2, UAG might be used for NAT64 and DNS64 translations; Now Windows Server 2012 Direct Access server includes native support for NAT64 and DNS64 translations that convert IPv6 communication from the client to IPv4 internal resources. Support for Direct Access server behind a NAT device The Teredo IPv6 transition technology is used typically when the client system is assigned a private IP address (and for modern Windows clients, will be used when the client is assigned a public IP address and 6to4 isn’t available). A Windows Server R2 Direct Access server requires two network interfaces with two consecutive public IPv4 addresses assigned to the external interface. This is required so that it can act as a Teredo server. Now in Windows Server 2012 direct access server can be deployed behind a NAT device with support for only one single network interface and removes the public IPv4 address prerequisite. Load balancing support One of the most important enhancement is the chance to design a fully high available direct access solution. Now in Windows Server 2012, Direct Access has built-in Windows Network Load Balancing support to achieve high availability and scalability. And this configuration can be configured within new deployment wizard interface with a couple of clicks. Support for multiple domains Now you can configure Direct access server to allow remote clients located in different domains. Support for OTP (token based authentication) For organizations that needs a security level with OTP vendor solutions such as RSA SecurID, Windows Server 2012 supports two factor authentication with smart cards or OTP token based solutions. Automated support for force tunneling for-directaccess-clients.aspx By default only specific network traffic (defined by DNS records) will go through direct access tunnel. But if you want to route all traffic from client computer to the intranet resources over Direct Access tunnel, you can configure it with Force Tunneling. Force tunneling is a feature in Windows Server 2008 R2 that forces all network traffic to be routed over Direct Access IPSEC tunnel. But it requires manual steps to enable via group policy. In Windows Server 2012, direct access has integrated force tunneling with the setup wizard. Multisite support Now in Windows Server 2012, you can configure multiple Direct Access entry points across remote locations. This makes sure the client locates the closest IP-HTTPS server, Teredo Server, DNS Server etc. regardless of their physical location. Windows PowerShell support Direct Access in Windows Server 2008 R2 lacks a complete scripting and command line interface for configuration options. Windows Server 2012 provides full Windows PowerShell support for the setup, configuration, management, monitoring and troubleshooting of the Remote Access Server Role.

45 Windows Server 2012: Cloud-Optimierung Ihrer IT
3/28/2017 Windows Server 2012: Cloud-Optimierung Ihrer IT Mehr als Virtualisierung Skalierung und Absicherung von Workloads, kosteneffizienter Aufbau einer Private Cloud sowie sichere Verbindungen zu Cloud Services Die Leistung vieler Server, die Einfachheit eines Servers Effiziente Verwaltung der Infrastruktur bei gleichzeitiger Maximierung der Verfügbarkeit und Minimierung von Ausfällen und Ausfallzeiten Jede Anwendung, beliebige Cloud Aufbauend auf einer offenen und anpassbaren Webplattform, die Anwendungen standortübergreifend unterstützt Optimize your IT for the cloud with Windows Server 2012 When you optimize your IT for the cloud with Windows Server 2012, you take advantage of the skills and investment you’ve already made in building a familiar and consistent platform. Windows Server 2012 builds on that familiarity. With Windows Server 2012, you gain all the Microsoft experience behind building and operating private and public clouds, delivered as a dynamic, available, and cost-effective server platform. Windows Server 2012 delivers value in four key ways: It takes you beyond virtualization. Windows Server 2012 offers a dynamic, multitenant infrastructure that goes beyond virtualization technology to a complete platform for building a private cloud. It delivers the power of many servers, with the simplicity of one. Windows Server 2012 offers you excellent economics by integrating a highly available and easy-to-manage multiple-server platform. It opens the door to every app on any cloud. Windows Server 2012 is a broad, scalable, and elastic web and application platform that gives you the flexibility to build and deploy applications on-premises, in the cloud, and in a hybrid environment through a consistent set of tools and frameworks. It enables the modern workstyle. Windows Server 2012 empowers IT to provide users with flexible access to data and applications anywhere, on any device, and while simplifying management and maintaining security, control, and compliance. With Windows Server 2012, Microsoft has made significant investments in each of these four areas that allow customers to take their datacenter operations to the next level. Now, let’s take a look how Windows Server 2012 helps customers to: Build and deploy a modern datacenter infrastructure Build and run modern applications Enable modern work styles for their end users Für eine moderne Arbeitsweise Unterstützung einer mobilen und flexiblen Arbeitsweise

46 3/28/2017 © 2012 Microsoft Deutschland. Alle Rechte vorbehalten. Microsoft, Windows und andere Produktbezeichnungen sind entweder eingetragene Marken oder Marken der Microsoft Corporation in den USA und/oder anderen Ländern. Die hierin enthaltenen Informationen dienen lediglich Informationszwecken und spiegeln die aktuelle Sicht durch das Unternehmen Microsoft zum Zeitpunkt der Erstellung dieser Präsentation wider. Da Microsoft auf sich ändernde Marktanforderungen reagieren muss, stellt dies keine Verpflichtung seitens Microsoft dar. Die Richtigkeit der dargelegten Informationen nach der Erstellung dieser Präsentation kann Microsoft nicht garantieren. MICROSOFT SCHLIESST FÜR DIE INFORMATIONEN IN DIESER PRÄSENTATION JEDE GEWÄHRLEISTUNG AUS, SEI SIE AUSDRÜCKLICH ODER KONKLUDENT.

47 3/28/2017 Die Testversion herunterladen, sich zertifizieren lassen und sich weiterbilden Laden Sie die Testversion herunter Microsoft Windows Server 2012: Lassen Sie sich zertifizieren Microsoft-Zertifizierungen im Überblick: Bilden Sie sich weiter Microsoft Virtual Academy:

48 Anhang A

49 Windows Server 2012 Cloud-Optimierung Ihrer IT
Mehr als Virtualisierung Die Leistung vieler Server, die Einfachheit eines Servers Jede Anwendung, beliebige Cloud Für eine moderne Arbeitsweise Hybride Anwendungen DIE 10 WICHTIGSTEN FEATURES Skalierbarkeit auf Enterprise-Niveau und Performance für die größten Workloads „Shared-Nothing“- Livemigration Preisgünstiger, hochverfügbarer, dateibasierter Storage Windows PowerShell 3.0 Vereinfachte, funktionsreiche Virtual Desktop Infrastructure (VDI) Dynamische Zugriffs- steuerung Top features of Windows Server 2012 This slide highlights some of the biggest, most relevant, and most differentiated new features in Windows Server 2012. Enterprise-class scale and performance: Greatly expands support for host processors and memory. New features include support for as many as 32 virtual processors and 1 terabyte of memory for Hyper-V guests, a new virtual hard disk format with larger disk capacity (VHDX)—up to 64 terabytes—and additional resiliency. These features help ensure that the virtualization infrastructure can support the configuration of large, high-performance virtual machines to support workloads that might need to scale up significantly. Broad and significant improvements have been made, with Hyper-V now supporting increased cluster sizes, a significantly higher number of active virtual machines per host, and additionally, more advanced performance features such as in-guest Non-Uniform Memory Access (NUMA). This capability helps ensure that customers can experience the highest levels of scalability, performance, and density for their business-critical workloads. Shared-nothing live migration: Provides the ability to migrate a virtual machine from one Hyper-V host to another Hyper-V host that isn't part of the same cluster, shares no storage, and has only a gigabit Ethernet connection to the first virtual machine—and to do all that with minimal downtime. Shared-nothing live migration looks very much like the combination of server message block (SMB) live migration and storage live migration, where the mirroring of writes to both the source and destination storage is maintained while performing a live migration of the memory and state, before finally switching the host that's running the virtual machine. With shared-nothing live migration, we can move virtual machines between Windows Server 8 Hyper-V hosts, even when they have nothing in common but a shared Ethernet cable. Hyper-V Network Virtualization: Isolating virtual machines from different departments or customers can be a challenge on a shared network. When these departments or customers need to isolate entire networks of virtual machines, the challenge becomes even greater. Traditionally, virtual local area networks (VLANs) are used to isolate networks, but VLANs become very complex to manage on a large scale. Hyper‑V Network Virtualization helps to solve this problem. With this feature, you can isolate network traffic from different business units or customers on a shared infrastructure without using VLANs. Hyper‑V Network Virtualization also lets you move virtual machines as needed within your virtual infrastructure while preserving their virtual network assignments. Finally, you can even use Hyper‑V Network Virtualization to transparently integrate these private networks into a preexisting infrastructure on another site. Low-cost, highly available, file-based storage: Windows Server 2012 introduces file services features that let you store server application data on file shares, to take advantage of Server Message Block 3.0 (SMB3) protocol and also take advantage of low-cost, “commodity” hardware. A variety of performance enhancements and availability improvements come together to make file share storage a great low-cost choice for critical workloads such as Hyper-V and SQL Server. File services can endure a variety of failures transparently—resulting in minimal interruption in service to the users (or servers) that depend on them for storage. File server features support easier creation and management of an optimally available data storage foundation for critical application services such as Microsoft SQL Server and Hyper-V. An array of new SMB protocol enhancements and capabilities such as transparent failover, SMB Direct, and SMB Multichannel give you benefits and performance that are similar to much more expensive storage area networks (SANs). Hyper-V Replica: Provides a storage-agnostic and workload-agnostic solution that replicates efficiently, periodically, and asynchronously over IP-based networks, typically to a remote site. It also allows an administrator to more easily test the replica virtual machine with minimal disruption to the ongoing replication. If a disaster occurs at the primary site, administrators can quickly restore their business operations by bringing up the replicated virtual machine at the replica site. Hyper‑V Replica provides a virtual machine–level, affordable, reliable, and manageable replication solution that is tightly integrated with Hyper‑V Manager and the failover clustering feature in Windows Server 2012. Windows PowerShell 3.0: Provides a comprehensive management platform for all aspects of the datacenter: servers, network, and storage. In this newest version of Windows PowerShell, sessions on remote servers are resilient and can withstand various types of interruptions. In addition, learning Windows PowerShell is now easier than ever through improved cmdlet discovery and simplified, consistent syntax across all cmdlets. Hybrid applications: Most organizations today are using—or are planning for—a combination of on-premises and off-premises IT resources and tools, resulting in “hybrid” environments that comprise on-premises and cloud environments. With Windows Server 2012, your organization can protect its existing investment in on- premises applications as you begin to move to the cloud, and you can take a unified approach to managing your applications. The following capabilities in Windows Server 2012 help provide the flexibility to build and deploy hybrid applications on-premises and in the cloud: Programming symmetry provides the ability to use the same development model across Windows Server 2012 and Windows Azure, including common development tools that offer to Microsoft .NET developers a more complete environment to build cloud and on-premises applications. Cross-premises connectivity for hybrid scenarios enables enterprises to connect to private subnetworks in a hosted cloud network. It allows for VPN site-to-site functionality in remote access, and provides cross-premises connectivity between enterprises and hosting service providers. Virtual machine portability offers the ability to provision, manage and move virtual machine images across Windows Server 2012 and Windows Azure. Multitenant, high-density websites: Windows Server 2012 offers new and enhanced features that provide extensive support for web applications and cloud- based strategies. It helps to improve website density so that enterprises and hosting providers can increase the number of sites supported with the same amount of computer hardware. It delivers features such as sandboxing and CPU metering, so that organizations can isolate and increase the security of multitenant environments while keeping close track of resource usage. It also provides features to improve performance and increase security in environments. Simplified, feature-rich VDI: Growing adoption of VDI desktops in the enterprise requires tools that can help streamline deployment and management tasks for IT administrators. Windows Server 2012 provides a number of enhanced features that help to simplify and expedite these tasks, including: Simpler wizard-based set up procedures for Remote Desktop Services deployments. A unified management console for virtual desktops and session-based desktops and applications. Simplified creation, assignment, and patch management of pooled and personal virtual desktops. VDI in Windows Server 2012 Remote Desktop Services, to deliver a consistently rich experience to users on different devices, in various locations, and over changing network conditions. Some of the key enhanced features in Windows Server 2012 supporting this experience include: RemoteFX Adaptive Graphics, which provides improved graphics processing that enables smooth delivery of virtual desktop and RemoteApp programs. It also provides enhanced Windows Aero and 3-D experiences across various networks—including those with limited bandwidth and high latency. RemoteFX for WAN, which delivers a number of technical improvements that enhance the user experience when connecting over wide-area networks. This is especially important for people connecting from dispersed locations such as branch offices, homes, or hotels with low- bandwidth connections. RemoteFX Multitouch, which lets users of new kinds of touch-enabled and gesture-enabled applications take advantage of these solutions in remote- desktop environments. Dynamic Access Control: Gives the IT professional new ways to control access to file data and monitor compliance with regulations. It provides next-generation authorization and auditing controls, along with classification capabilities that let you apply information governance to the unstructured data on file servers. Until now, file security was handled at the file and folder level. IT professionals had little control over the way security was handled by users day to day. However, by using Dynamic Access Control, you can restrict access to sensitive files regardless of user actions by establishing and enforcing file security policy at the domain level that are enforced across all Windows Server 2012 file servers. For instance, if a development engineer accidentally posts confidential files to a publicly shared folder, those files can still be protected from access by unauthorized users. In addition, security auditing is now more powerful than ever, and audit tools make it easier to prove compliance with regulatory standards, such as the requirement that access to health and biomedical information is guarded correctly and monitored regularly. Mandanten-Websites mit hoher Dichte Hyper-V- Netzwerk- virtualisierung Hyper-V-Replika