Servers

10 compelling reasons to upgrade to Windows Server 2012

Windows Server 2012 is generating a significant buzz among IT pros. Deb Shinder highlights several notable enhancements and new capabilities.

We've had a chance to play around a bit with the release preview of Windows Server 2012. Some have been put off by the interface-formerly-known-as-Metro, but with more emphasis on Server Core and the Minimal Server Interface, the UI is unlikely to be a "make it or break it" issue for most of those who are deciding whether to upgrade. More important are the big changes and new capabilities that make Server 2012 better able to handle your network's workloads and needs. That's what has many IT pros excited.

Here are 10 reasons to give serious consideration to upgrading to Server 2012 sooner rather than later.

1: Freedom of interface choice

A Server Core installation provides security and performance advantages, but in the past, you had to make a commitment: If you installed Server Core, you were stuck in the "dark place" with only the command line as your interface. Windows Server 2012 changes all that. Now we have choices.

The truth that Microsoft realized is that the command line is great for some tasks and the graphical interface is preferable for others. Server 2012 makes the GUI a "feature" -- one that can be turned on and off at will. You do it through the Remove Roles Or Features option in Server Manager.

2: Server Manager

Speaking of Server Manager (Figure A), even many of those who dislike the new tile-based interface overall have admitted that the design's implementation in the new Server Manager is excellent.

Figure A

Server Manager

One of the nicest things about the new Server Manager is the multi-server capabilities, which makes it easy to deploy roles and features remotely to physical and virtual servers. It's easy to create a server group -- a collection of servers that can be managed together. The remote administration improvements let you provision servers without having to make an RDP connection.

3: SMB 3.0

The Server Message Block (SMB) protocol has been significantly improved in Windows Server 2012 and Windows 8. The new version of SMB supports new file server features, such as SMB transparent failover , SMB Scale Out, SMB Multichannel, SMB Direct, SMB encryption, VSS for SMB file sharing, SMB directory leasing, and SMB PowerShell. That's a lot of bang for the buck. It works beautifully with Hyper-V, so that VHD files and virtual machine configuration files can be hosted on SMB 3.0 shares. A SQL system database can be stored on an SMB share, as well, with improvements to performance. For more details about what's new in SMB 3.0, see this blog post.

4: Dynamic Access Control (DAC)

Even though some say Microsoft has shifted the focus away from security in recent years, it would be more accurate to say it has shifted the focus from separate security products to a more "baked in" approach of integrating security into every part of the operating system.

Dynamic Access Control is one such example, helping IT pros create more centralized security models for access to network resources by tagging sensitive data both manually and automatically, based on factors such as the file content or the creator. Then claims based access controls can be applied. Read more about DAC in my "First Look" article over on Windowsecurity.com.

5: Storage Spaces

Storage is a hot -- and complex -- topic in the IT world these days. Despite the idea that we're all going to be storing everything in the public cloud one day, that day is a long way off (and for many organizations concerned about security and reliability, it may never happen). There are myriad solutions for storing data on your network in a way that provides better utilization of storage resources, centralized management, and better scalability, along with security and reliability. Storage area networks (SANs) and network attached storage (NAS) do that, but they can be expensive and difficult to set up.

Storage Spaces is a new feature in Server 2012 that lets you use inexpensive hard drives to create a storage pool, which can then be divided into spaces that are used like physical disks. They can include hot standby drives and use redundancy methods such as 2- or 3-way mirroring or parity. You can add new disks any time, and a space can be larger than the physical capacity of the pool. When you add new drives, the space automatically uses the extra capacity. Read more about Storage Spaces in this MSDN blog post.

6: Hyper-V Replica

Virtualization is the name of the game in the server world these days, and Hyper-V is Microsoft's answer to VMware. Although the latter had a big head start, Microsoft's virtualization platform has been working hard at catching up, and many IT pros now believe it has surpassed its rival in many key areas. With each iteration, the Windows hypervisor gets a little better, and Hyper-V in Windows Server 2012 brings a number of new features to the table. One of the most interesting is Hyper-V Replica.

This is a replication mechanism that will be a disaster recovery godsend to SMBs that may not be able to deploy complex and costly replication solutions. It logs changes to the disks in a VM and uses compression to save on bandwidth, replicating from a primary server to a replica server. You can store multiple snapshots of a VM on the replica server and then select the one you want to use. It works with both standalone hosts and clusters in any combination (standalone to standalone, cluster to cluster, standalone to cluster or cluster to standalone). To find out more about Hyper-V replica, see this TechNet article.

7: Improvements to VDI

Windows Terminal Services has come a long way, baby, since I first met it in Windows NT TS Edition. Renamed Remote Desktop Services, it has expanded to encompass much more than the ability to RDP into the desktop of a remote machine. Microsoft offered a centralized Virtual Desktop Infrastructure (VDI) solution in Windows Server 2008 R2, but it was still a little rough around the edges. Significant improvements have been made in Server 2012.

You no longer need a dedicated GPU graphics card in the server to use RemoteFX, which vastly improves the quality of graphics over RDP. Instead, you can use a virtualized GPU on standard server hardware. USB over RDP is much better, and the Fair Share feature can manage how CPU, memory, disk space, and bandwidth are allocated among users to thwart bandwidth hogs. Read more about Server 2012 VDI and RDP improvements here.

8: DirectAccess without the hassle factor

DirectAccess was designed to be Microsoft's "VPN replacement," a way to create a secure connection from client to corporate network without the performance drain and with a more transparent user experience than a traditional VPN. Not only do users not have to deal with making the VPN work, but administrators get more control over the machines, with the ability to manage them even before users log in. You apply group policy using the same tools you use to manage computers physically located on the corporate network.

So why hasn't everyone been using DirectAccess with Server 2008 R2 instead of VPNs? One big obstacle was the dependency on IPv6. Plus, it couldn't be virtualized. Those obstacles are gone now. In Windows Server 2012, DirectAccess works with IPv4 without having to fool with conversion technologies, and the server running DirectAccess at the network edge can now be a Hyper-V virtual machine. The Server 2012 version of DA is also easier to configure, thanks to the new wizard.

9: ReFS

Despite the many advantages NTFS offers over early FAT file systems, it's been around since 1993, and Windows aficionados have been longing for a new file system for quite some time. Way back in 2004, we were eagerly looking forward to WinFS, but Vista disappointed us by not including it. Likewise, there was speculation early on that a new file system would be introduced with Windows 7, but it didn't happen.

Windows Server 2012 brings us our long-awaited new file system, ReFS or the Resilient File System. It supports many of the same features as NTFS, although it leaves behind some others, perhaps most notably file compression, EFS, and disk quotas. In return, ReFS gives us data verification and auto correction, and it's designed to work with Storage Spaces to create shrinkable/expandable logical storage pools. The new file system is all about maximum scalability, supporting up to 16 exabytes in practice. (This is the theoretical maximum in the NTFS specifications, but in the real world, it's limited to 16 terabytes.) ReFS supports a theoretical limit of 256 zetabytes (more than 270 billion terabytes). That allows for a lot of scaling.

10: Simplified licensing

Anyone who has worked with server licenses might say the very term "simplified licensing" is an oxymoron. But Microsoft really has listened to customers who are confused and frustrated by the complexity involved in finding the right edition and figuring out what it's really going to cost. Windows Server 2012 is offered in only four editions: Datacenter, Standard, Essentials, and Foundation. The first two are licensed per-processor plus CAL, and the latter two (for small businesses) are licensed per-server with limits on the number of user accounts (15 for Foundation and 25 for Essentials). See the chart with licensing details for each edition on the Microsoft Web site.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

8 comments
radio1
radio1

"But Microsoft really has listened to customers" That's the funniest thing I have ever read on TR. I'm still laughing. I may put that on a sign to bring me a smile every morning.

dl_wraith
dl_wraith

Although many of us will undoubtedly roll our eyes when we hear that the might MS is thinking about security (don't laugh. DON'T LAUGH!!) the whole idea of DAC certainly seems to be an interesting step in the right direction. Although we haven't played with it much on our win 2008 servers yet the 2012 iteration of DAC does concern me on a number of levels. A few questions drifting through my mind are: 1) Will this work without the ReFs? 2) What's the overhead on performance for running such a service over a WAN, MPLS, VPN or other site-to-site link where limited bandwidth to the server may already slow the retrieval/opening operations on a file? (yes, yes. I know VDI would help solve that but our business isn't ready to deploy that tech yet. We have enough trouble with Citrix Metaframe and ESx 2.5!) 3) Will tagged files need to exist on the Win 2012 server? (cutting tech like NetApp filers and other NAS technologies out of the loop) 4) How tied to Ad8 is the new DAC? Will you need 2012 Native mode, for instance, or can the new DAC attributes be added to earlier AD implementations. 5) How will DAC affect the world of permissions elevation attacks? Could certain 'tag manipulation' attacks grant unauthorised users access to sensitive files with less of a fingerprint to detect than more normal elevation of privilege attacks? There are more, small, questions but the biggest one is: 6) How much of an admin overhead is administering this system be? It seems to me that administering the tags could be fairly simple once you have our tagging rules set up as long as you don't have too many complexities in departmental data sharing to deal with but given that most businesses at the moment have an element on mix-'n'-match about departmental responsibilities required access to data may not be straight-forward and require a lot of tag planning. For dynamic companies who reconfigure often to meet short/medium term goals such a system may be unworkable. And how do you troubleshoot access rights quickly when DAC or file system permissions could be the issue? Will we now need to know powershell really well to work this thing correctly? I could go on, but I won't, as many of my questions are founded in a lack of knowledge about DAC. What I will say is that many companies (particularly the smaller ones) don't effectively deploy security because of the complexities and overheads involved in such an endeavour. Any security features MS bring out must always keep in mind that simplicity can increase take-up and besides, these days we all have 1001 responsibilities as IT techs already. Time for design and admin is short. here's hoping DAC has already kept that in mind because I think it could be very useful indeed (ironically in keeping file permission administration to a minimum, once it's set up correctly that is).

dl_wraith
dl_wraith

.....MS will continue to confuse customers and create headaches for admins until they take a leaf out of the Transformers book with regards to their OS editions. 'Til all are one. Edit: Crikey! That was a bit geektastic for this time in the morning. Sorry!

redevilnz
redevilnz

I don't know about anyone else, but the highlight of 2012 for me is DHCP fail-over and load balancing! That alone warrants the upgrade.

rader
rader

After having already gone thru the DirectAccess pain and gain scenario, the inclusion of IPv4 is a boon. While the learning curve was steep for that one, it has and will continue to be beneficial. Virtualization of the DA front end is also an added benefit. RDP improvements also work in my favor as does the extended storage capability.

cybershooters
cybershooters

The licensing is the key one, that reduces cost.

LENNY
LENNY

check the features by yourself.... very interesting...

dl_wraith
dl_wraith

I wonder how well that will work with VoIP systems that have a reliance on specific DHCP options and the presence of multiple scopes on the same DHCP servers. I see no reason for it not to work but experience tells me to be cautious rather than optimistic here. I should work....in theory at least. I agree though - these two features will be very handy for DHCP indeed and have been a long time coming.

Editor's Picks