Jun 14

Windows Server 2012 R2 New Features Study Guide

Windows Server 2012 R2 New Features (test 70-412 or 70-417)

These notes are my personal notes from the FREE training on Pluralsight. You can get your FREE signup through technet/MSDN or Dreamspark. The title of this course is exactly the title of this post. These notes are from this specific course only. I use these as a refresher Study Guide. POWERSHELL topics and cmdlets are in purple. I have a few notes with the “DEMO” each time the training included a DEMO just so you can see how many demos there were which were really helpful. Thanks to Orin Thomas, the trainer, contact info at the end.

  1. Web Application Proxy
    1. Replaces AD FS Proxy role
      1. AD FS offers CLAIMS BASED Authentication (based on other atributes from user or computer accounts). For example based on employee type, location, title, etc.
      2. AD FS can work between organizations with different OS (Windows / Linux)
      3. Allows SSO for premise and cloud (like Office 365)
      4. Reverse proxy for web apps (prior might have used TMG / Threat Management Gateway)
    2. Web Application Proxy prerequisites
      1. supports pass through authentication
      2. AD FS preauthentication
      3. requries certs;
        1. cert that includes federation service name
        2. specifics for Workplace Join
        3. Certs for each web app, or wildcard cert
  2. Guest Clustering with Shared Virtual Hard Disks
    1. I think is the same as using VMware RDMs to sup MSCS clusters on Windows Server VMs. I’ve done a bunch of these at work with vShere 6.0 and Server 2012 R2
    2. Nodes can be on different hosts; AKA “Cluster Across Boxes” as opposed to “Cluster in a Box” which is both nodes on one physical host.
    3. Shared Virtual Hard Disks allow shared storage WITHOUT SAN.  What?
    4. More simple than iSCSI
    5. Needs to be highly available via
      1. scale out file server
      2. cluster shared volume
    6. shared storage needs to be .vhdx
    7. Gen1 or Gen2
    8. Only with 2012 and 2012R2 for OS
    9. DEMO
      1. build out clustered SOFS
      2. configure cluster file server
      3. add csv
      4. set up new share on SOFS using SMB-Applications
      5. Hyper-V hosts need to be able to access this location
    10. Then use Hyper-V console to attach the VHD to a SCSI controller
      1. has to be .vhdx
      2. fixed or dynamic
      3. ENABLE VHD sharing
      4. attach to SCSI controller
      5. bring disk online, iitialize, format volume
      6. can create multiple drives on same volume
    11. DEMO
      1. create VHD and create VM cluster
      2. enalble vhd sharing

        2012EnableVHDSharing

        enable VHD sharing

      3. after each VM (node) can see the storage then you can add the failover clustering FEATURE.
      4. then build the cluster
  3. Improving VHD Performance
    1. resizing VHDs
      1. used to have to be shut down, now can be running
      2. must be using .vhdx format
      3. must be connected to a SCSI controller (Gen1, or Gen2)
        1. Gen1 machines boot from IDE, so…
      4. resizing allows to set smaller size upfront, knowing expansion is simple.
      5. use Hyper-V console or Resize-VHD Powershell command
      6. DEMO of above steps
    2. Storage QoS
      1. set max/min IOPS

        2012SetIOPSonVHD

        set IOPS limits

    3. Storage Tiering
      1. via storage pools
      2. automatic; turn in and it moves based on activity
      3. CAN  manual settings
  4. Windows Server 2012 Clustering Improvements
    1. VM Drain on shutdown
      1. If you put a VM in maintenace mode, then VMs are moved to another host.
      2. HOWEVER, in 2012, if you shut down host WITHOUT maintenance mode, there is a disruption of service as VMs go into a saved state, are moved, then started. While they are in a saved state, they are non-functional.
      3. In R2, even if you shut down (without maintenance mode) they move to another host AUTOMATICALLY. This is new in R2
    2. Dynamic Quorum / Dynamic Witness
      1. DQ – 2012 and 2012 R2 automatically recalculate quorum if a node is shut down gracefully.
      2. if multiple nodes fail, 1) checks if it has a quorum then 2) recalculates quorum
      3. you can also configure certain nodes to be NON voting node.
      4. Dynamic Witness
        1. configure a witness that will or will not be used based on quorum
        2. if there is an odd number, then dynamic witness doesn’t vote
        3. if there is an even number, then dynamic witness will be active
        4. PURPOSE is to reduce the chance of cluster failure if a witness goes down.
        5. basically insures an odd number of votes
      5. Force Quorum Resiliency
        1. to avoid “split brain” or “partitioned cluster”; nodes are not aware of each other, most often due to network issue. Generally resolved by restarting cluster. Essentially, each set of nodes think they have quorum. Think nodes in two separate datacenters (Sydney and Melbourne)
        2. Force Quorum Resiliency is that when network is restored, the cluster quorum is restored automatically.
      6. Tiebreaker 50-50 Node Split
        1. clusters dynamically adjust a nodes vote (deprecated vote) to ensure odd number.
        2. you have to configure it.
        3. works WITH dynamic witness
        4. works if dynamic witness fails
        5. in multi site clusters, admin can set which site retains quorum
  5. Enhanced Session Mode and Improved VM Export
    1. Virtual Machine Connection via Hyper V Console
      1. doesn’t allow cut/paste, scripting, redirect sound, basically only KB and mouse
      2. if you want those features, you usually have to use RDP
      3. Requirements
        1. host on 2012 R2
        2. VMs running R2 or Windows 8.1
        3. Enabled in Hyper V settings on host
        4. account is a member of RDP users or Admins on VM
        5. (do not have to log into VM and enable RDP
    2. DEMO of Enhanced Session Mode2012EnhancedSessionMode
      1. allows to set resolution
      2. allows redirect audio
      3. allows record remote audio
      4. redirect printers
      5. redirect clipboard (like RDP)
      6. click “More” to get to map drives, PnP, etc.
      7. Essentially this is like the same thing in RDP but appears pretty robust and solid.
    3. Virtual Machine Export IMPROVEMENTS
      1. 2012 or prior, had to shut down machine.
      2. R2 lets you export RUNNING machine.
      3. the exported machine, when you import it, it will be running as well (with certain requirements)
      4. Example; testing; you want to copy a bunch of machines to test a software install.
    4. DEMO of Virtual Machine Live Export
      1. create checkpoint (snapshot)
      2. can export checkpoint or live machine
      3. if you do the live machine, it creates temporary checkpoint, then a live update at the last instant to finalize
      4. WILL create a new vm id upon import, if you want. there are three choices; 1) Register in place (use existing unique ID), 2) restore the virtual machine (use existing unique ID), and 3) copy the virtual machine (create a new unique ID). Explanations of these three options here.
      5. Also note the VM unique ID, is a unique Hyper-V GUID, but this is NOT the same as a SID. A SID is used for Active Directory, this is simply for Hyper-V see explanation here.
      6. CAN do multiple imports, like a template. That would usually be option # 3 above.
  6. Generation 2 Virtual Machines – NEW in R2
    1. Gen 1 machines WILL run in 2012 R2 no problem.
    2. Gen 1 machines emulate older hardware, which creates performance impact
      1. lots of P2V, but now we do a lot of straight to VM
    3. Gen 2
      1. supports secure VM boot
      2. don’t need to run on particular older hypervisor
      3. don’t need to support Remote FX
      4. boot volumes bigger than 2.2 Tb (developers will love this; we want all the storage you have….)
      5. there is a new step in VM creation wizard; 1 or 2.  Default is still Gen1 (see screenshot)
      6. Can’t really change this later. There is an unsupported script on MSDN and perhaps other places example here.
    4. DEMO of Generation 2 VM on Server 2012 R22012Gen2MachineDefaultGen1
      1. It states in the wizard that this cannot be changed, see the warning at the bottom.
      2. next few steps are the same as you’re familiar with.
      3. Gen2 only support new .vhdx format.
      4. Another new feature; no default virtual DVD! This is ONLY created if you specify install by .iso. (see screenshot)

        If you don't select the .iso, there will be NO default DVD drive created.

        If you don’t select the .iso, there will be NO default DVD drive created.

    5. Generation 2 Boot Order
      1. for booting to .ISO etc.Just like changing boot order in BIOS more less.
      2. Enable secure boot (default is ENABLED)
      3. only supported by Windows OS
      4. VM has to be turned off to change setting.
      5. currently (as of this training)
    6. DEMO of Gen2 Boot Order
      1. contained in VM “settings/firmware”
    7. NO IDE controller. (older versions HAD to boot off IDE
      1. Gen2 ONLY boot from SCSI
      2. allows hot add storage, or expand storage while running (R2)
    8. DEMO of hot add storage and expand
      1. we went over this in the prior post VNEXT First Look
    9. Drawbacks to Gen2
      1. no remote FX (so be aware if you are a VDI shop)
      2. no .vhd support for OS drive.
      3. no linux support
      4. no iSCSI reboot
      5. cannot replicate to Azure
  7. SMB and DFS Improvements
    1. manage bandwidth based on traffic type; default/Live Migration/Virtual Machine Traffic
    2. by default, no limits
    3. Bandwidth Limit is a FEATURE, only enabled/configured by POWERSHELL (no GUI install). Installed from Server Manager, enabled by PS
    4. SMB manage bandwidth Managed by Powershell, see here.
    5. Clone of the DFS database; Use Case; setting it up in a branch office without WAN replication to get initial replication set up.
    6. Preserved File Restoration
      1. ConflictAndDeleted and PreExisting can be managed by Powershell;
        1. Get-DfsrPreservedFiles and Restore-DfsrPeservedFiles
        2. can choose to overwrite, or copy to new location
      2. This is a Server 2012 R2 capability.
    7. DEMO DFS Export
      1. Get-DfsrCloneState
  8. Remote Desktop Services Improvements
    1. Session shadowing, Dynamic Display, RestrictedAdmin Mode, Online Data Deduplication
    2. Session shadowing allows admin to connect to Server 2012 R2 session and view mode, or “control mode” so you can interact and control just like the user.
      1. Can be configured to “require permission”
    3. DEMO of session shadowing.
      1. similar to what a lot of third party tools have been able to do; Citrix, Webex, LogMeIn123, VNC,  etc.
    4. Dynamic Display – supports “device rotation” for landscape mode for tablets etc. Multiple monitors, projectors, etc. Supports touch devices.
    5. RemoteFX virtualized GPU support DX 11.1
    6. compression bandwidth compression – claims of 50% less bandwidth when playing video across Server 2012 R2 RDS WAN link.
    7. RestrictedAdmin mode
      1. allows interactive logon without sending credentials
      2. only Windows 8.1
      3. requires /restrictedadmin mode in MSTSC command
      4. more info on RestrictedAdmin mode here.
    8. Online Data Deduplication
      1. deduplicates VHD while running
      2. requires Server 2012 R2 with Feature enabled
      3. when deployed on tiered storage, deduped data moved to higher tier
  9. Windows Server 2012 R2 WDS Improvements
    1. WDS with Powershell and VHDX deployment
    2. lots of new powershell to automate. System Center Orchestrator can call these cmdlets.
      1. New Powershell cmdlets;
        1. New-WdsInstallImageGroup
        2. Import-WdsBootImage
        3. Import-WdsInstallImage
        4. Import-WdsDriverPackage
    3. DEMO of Powershell cmdlets via ISE
    4. VHDX files Import and Deployment
      1. now can use a GUI to manage.
      2. create in Hyper V, sysprep, then shut down.
      3. no need to capture
      4. import the .vhdx into WDS
      5. make reference machine smaller than 120 Gb or WDS will error thinking it’s larger than the default 120 Gb drive
    5. DEMO
      1. demo of sysprep, shut down, etc.
      2. Import to WDS
  10. DHCP and DNS Improvements
    1. Implementing DNSSEC, Zone Level Statistics, and DHCP Registration Options
    2. DNSSEC allows records to be digitally signed so clients can verify authenticity
    3. most Server 2012 R2 improvements related to replication
    4. When DNSSEC is enabled, each record gets a matching RRSIG (Record Resource SIGnature) record, and a DNSKEY record and a NSEC/NSEC3. More on DNSSEC here.
    5. DNSSEC keys
      1. trust anchor
      2. KSK Key Signing Key
        1. first server with DNSSEC has the KSK
      3. Zone Signing Key
      4. NRPT can be configured after DNSSEC is confitured.
        1. configured with Group Policy
        2. allows you to configure IPSEC
    6. DEMO of DNSSEC
    7. Zone Level Statistics (improved)
      1. query, transfer, updates
    8. Demo of Zone Level Statistics
      1. Get-DnsServerStatistics
    9. DHCP registration and Name Protection
      1. DEMO of DHCP registration and Name Protection
      2. site or server level
      3. “enable name protection” checkbox. Does not allow duplicate named hosts.
  11. Upgrading to Windows Server 2012
    1. upgrading domain controllers, migrating DHCP servers, migrating file servers
      1. DC not a true upgrade, can’t do x86 to x64 version
      2. only some OS can do an OS upgrade
      3. Recommendation is to introduce a Server 2012 R2 DC to your 2003 functional level domain
      4. promote Server 2012 R2 to DC
      5. transfer FISMO roles to Server 2012 R2 DC
      6. then demote the old DCs (dcpromo)
    2. DEMO of upgrading the DCs
      1. netdom query FISMO  (shows FISMO roles)
    3. Migrating DHCP
      1. back it up using DHCP concsole
      2. install ROLE on Server 2012 R2
      3. then restore the backup
        1. netsh to back up DHCP
        2. 2003 netsh DHCP server export c:\somefilename.txt all (exports the file)
        3. 2003 netsh DHCP server import c:\somefilename.txt all (imports to Server 2012 R2 server)
        4. 2008 use the Server Manager
    4. DEMO of transferring DHCP
    5. Migrating File Server
      1. biggest issues are permissions, share permissions, and quotas
      2. install migration tools Feature on Server 2012 R2
      3. creates a package to install on source machine
      4. basic steps are;
        1. INSTALL migration tools on Server 2012 R2 target machine
        2. CREATE package for donor/source machine
        3. INSTALL migration tools from package to donor/source machine
        4. START Receive-SmigServerData on target/destination
        5. START Send-SmigServerData on donor/source
        6. More on SmigServerData here.
    6. DEMO of moving file server role
      1. install Feature from server manager or PS
        1. DO NEED .net framework 4
        2. create package (just a folder of a bunch of files)
        3. run smigdeploy to start it on the donor/source

This concludes the Pluralsight Windows Server 2012 R2 New Features Course

Thanks to Orin Thomas;

http://www.pluralsight.com/author/orin-thomas

http://orinthomas.com/

@orinthomas