Transcript Future of Productivity TDM Deck

Windows Server 2012
for SQL Server DBAs
Andrew Fryer Microsoft
http://Blogs.technet.com/b/Andrew
@deepfat
[email protected]
Hyper-V Scalability
Expanded Processor & Memory Support
Maximum Number
System
Resource
Windows Server
2008 R2
Windows Server
2012
64
320
5x
Physical Memory
1 TB
4 TB
4x
Virtual processors per
host
512
2,048
4x
Virtual processors per
virtual machine
4
64
16x
64 GB
1 TB
16x
Active virtual machines
per server
384
1,024
2.7x
Nodes
16
64
4x
1,000
4,000
4x
Logical processors on
hardware
Host
Virtual Machine
Cluster
Improvement
Factor
Memory per virtual
machine
Virtual machines
Shared Nothing Live Migration
Shared Nothing Live Migration
The ability to move a virtual machine while it is
running from one host to another without
requiring shared storage
• Faster and simultaneous migration
• Entire VM moved with no downtime
• VHD, configuration files, snapshots,
etc.
• Improved performance and flexibility
• No longer requires a clustered
environment or shared storage*
Live Migration can be done with shared
storage and clustered VMs, but “Shared
Nothing” does not require either
Live Migration – Moving a Running
VM without Shared Storage
standard Ethernet connection
1. Live Migration setup
occurs
2. Memory pages are
transferred from the
source server to the
destination server
3. Modified pages are
transferred to
destination server
4. State is transferred to
destination server
5. VM brought online on
destination server
6. Network cleanup
occurs
Enabling Hyper-V over SMB
Common Configurations
Creating an SMB Share
From Server Manager:
1. Log on or connect to a
Windows Server 2012
computer on which the
File and Storage role is
installed. Open Server
Manager and navigate
to File and Storage
Services
2. In Server Manager, start
the New Share Wizard
With PowerShell:
# Create folder MD X:\VMS # Create file share New-SmbShare -Name VMS1
-Path X:\VMS -FullAccess Domain\HVAdmin, Domain\HV1$, Domain\HV2$,
Domain\HVC$ # Set NTFS permissions from the file share permissions (Get-SmbShare
VMS1).PresetPathAcl | Set-Acl
Hyper-V Replica
Installation and Configuration
1. Add Hyper-V role on Primary and Replica servers
• Add Role and Feature Wizard (ARFW) in Server Manager
• Deployment Image and Service Management (DISM)
dism /online /enable-feature /featurename:Microsoft-Hyper-V
• Server Manager Powershell cmdlet
Install-WindowsFeature –Name Hyper-V –IncludeManagementTools
2. Run Best Practices Analyzer to confirm
installation and verify functionality
3. Configure Replication
•
•
Standalone
Failover Cluster
4. Enable each Virtual Machine for replication
(Enable Replication Wizard)
5. Or use PowerShell
Set-VMReplicationServer -ReplicationEnabled $true AllowedAuthenticationType Integrated -IntegratedAuthenticationPort
$RecoveryPort -DefaultStorageLocation $ReplicaStorageLocation ReplicationAllowedFromAnyServer $true
Architectural Components
Windows Server 2012 User
Interface
MinShell
Minimal User Experience
option
• Server Core with GUI tools
• Server Manager and cmd.exe
launch by default when
server is booted
• Allows other GUI tools to
be loaded
• Enabled through Add Roles
and Features wizard, or with
PowerShell
Enabling/Disabling MinShell
Install-WindowsFeature
Server-Gui-Mgmt-Infra
Install-WindowsFeature
Server-Gui-Shell
Install-WindowsFeature
Desktop-Experience
Uninstall-WindowsFeature
Server-GUI-Shell
Uninstall-WindowsFeature
Server-GUI-Shell -remove
Interface Feature Sets
Server Core
MinServer
Server W/GUI
Desktop Experience
Command Prompt
Available
Available
Available
Available
Windows PowerShell
Available
Available
Available
Available
Server Manager
Not Available
Available
Available
Available
MMC
Not Available
Available
Available
Available
Control Panel
Not Available
Not Available
Available
Available
Control Panel Applets
Not Available
Some Available
Available
Available
Windows Explorer
Not Available
Not Available
Available
Available
Taskbar
Not Available
Not Available
Available
Available
Notification Area
Not Available
Not Available
Available
Available
Internet Explorer
Not Available
Not Available
Available
Available
Help
Not Available
Not Available
Available
Available
Themes
Not Available
Not Available
Not Available
Available
Metro Start Screen
Not Available
Not Available
Not Available
Available
Metro Apps
Not Available
Not Available
Not Available
Available
Media Player
Not Available
Not Available
Not Available
Available
Server Manager
Multi-Machine Management
• Glanceable
Multi-Machine Management
• Directly actionable
26
Multi-Machine Management
• Multi-select and start all services together
Multi-Machine Management
• Custom Server Groups
Remotely Add Roles
• Local server
• Remote server (including Server Core)
• Offline VHD
29
Windows PowerShell
PowerShell
Built-in Cmdlets
• Windows Server 2012,
Windows 8, PowerShell 3.0
Show-Command Cmdlet
Lets beginners run cmdlets
from a dialog box
• Running without
parameters displays a
list of available
cmdlets, functions,
aliases and scripts
installed on the system
• Can filter by Module
• Can search by Name
Robust Sessions
Allow for reconnection to disconnected remote sessions
• This example creates a new session on a remote server, stores data in that
session, and then disconnects it while leaving the session running. The name of
the running session is Server1Session. The local connection variable is
$RemoteSession.
↪ Enable-PSRemoting –Force
↪ $RemoteSession = New-PSSession –Name Server1Session –ComputerName Server1
↪ Invoke-Command –Session $RemoteSession –ScriptBlock {$date = Get-Date }
↪ Disconnect-PSSession –session $RemoteSession
↪ Exit
• The following commands reconnect to the remote session (in this example,
from the server where the session is still running)
↪ Get-PSSession –ComputerName Localhost
↪ $LocalSession = Connect-PSSession –ComputerName localhost –Name Server1Session
↪ Invoke-command –Session $LocalSession –Scriptblock { $date }
Workflows
↪ Workflow MyWorkflow {Write-Output -InputObject "Hello from Workflow!"}
↪ Get-Command –Name MyWorkflow –Syntax
↪ MyWorkflow
The workflow keyword adds more than 20 new
• Are typically started from a client computer
• Are ideal for executing long-running tasks across
multiple target computers, usually gathering data
from or make changes to managed nodes
• Are just like any other Windows PowerShell
command, which means that you can use GetCommand to discover them and Get-Help to
learn how to use them
• Can survive machine and network interruptions
such as reboots.
parameters, allowing users to specify such items as:
• A list of target machines for the workflow
(-PSComputerName)
• Credentials to use for running the workflow
(-PSCredential)
• Quotas to manage the workflow as the work scales
(-PSRunningTimeoutSec)
• Ability to retry the whole workflow or specific
activities in case there are connection issues
(-PSConnectionRetryCount)
• Ability to persist or checkpoint some or all workflow
activities, which will save the workflow metadata,
output and errors to disk and enable you to resume
workflow execution at given points during the
execution (-PSPersist, -PSPersistInterval)
Windows Server 2012
PowerShell Web Access
Allows management of
multiple computers from a
web browser
1. Enable through Add
Roles and Features
wizard in Server
Manager
2. Configure Web Access
↪ Install-PswaWebApplication –useTestCertificate
↪ Get-PswaAuthorizationRule
↪ Add-PswaAuthorizationRule –ComputerName * -UserName * ConfigurationName *
↪ Get-PSWAAuthorizationRule
3. Log in to gain full PowerShell access thru the browser
Delegated Permissions
Allow for the use of alternate credentials during a Workflow
• Type the following command, and press Enter. When prompted, type the
password for the referenced account.
↪ $Cred = Get-Credential –Credential contoso\administrator
• To set the RunAsUser property, use the Set-Item cmdlet with the $cred
parameter as the value for the Value parameter.
↪ Set-Item WSMan:\localhost\Plugin\Microsoft.Powershell.Workflow\RunAsUser -Value $Cred
• To make the change effective, type the following:
↪ Restart-Service WinRM
• To see the effects of the change, type the following:
↪ Get-ChildItem WSMan:localhost\Plugin\Microsoft.Powershell.Workflow
Snippets
Displays code snippets for
selected commands
• Enabled in ISE by
selecting Start
Snippets from the
Edit Menu
Get-IseSnippet
New-IseSnippet
Active Directory Enhancements
Active Directory Administrative
Center Enhancements
• Active Directory Recycle
Bin
• Fine Grained Password
Policy Management
• PowerShell History
Viewer
• Dynamic Access Control
deployment
Active Directory Recycle Bin
- Restoration of AD Objects
1. In ADAC, select Deleted Objects container
2. Select item(s) to be restored
3. Select Restore or Restore To
Windows PowerShell
History Viewer
1. Records underlying
PowerShell commands
when action is taken in
the ADAC
2. Administrator can
copy/reuse in a
PowerShell script
Deleted DHCP Users group
Required Administrator
account to use smart card for
interactive login
Dynamic Access Control
Allows Administrators to create and manage Central Access and Audit Policies in Active
Directory, which can be managed through the ADAC
• Policies are based on
conditional expressions that
take into account who the
user is, what device they
are using and what data is
being accessed
• Organizations can translate
business requirements to
efficient policy enforcement
and considerably reduce
the number of security
groups needed for access
control
Group Policy Enhancements
Group Policy Management Console includes new capabilities that allow administrators
to more easily track SYSVOL replication as it relates to Group Policy, as well as force
Group Policy updates from a central location
Kerberos Constrained Delegation
Changes
Kerberos Constrained Delegation (KCD) permits a service’s account (front-end) to act on the
behalf of users in multi-tier applications for a limited set of back-end services
• The challenge in earlier versions of Windows
• The front-end is configured with the service (by SPN) to which it can impersonate users
• Setup/administration requires Domain Admin privileges
• Only works for back-end services in the same domain as the front-end service accounts
• The solution in Windows Server 2012
• Authorization decisions are moved to the resource owners
• Permits back-end to authorize which front-end service-accounts can impersonate users against their
resources
• Supports cross-domain, cross-forest scenarios
• No longer requires Domain Admin privileges
• Requires only administrative permission to the back-end service-account
AD Deployment Enhancements
Active Directory Domain Services (AD DS) deployment in Windows Server 2012 is simpler and
faster than previous versions of Windows Server
• The new AD DS installation process is now built on Windows PowerShell and is integrated with Server
Manager
• Includes prerequisite validation
• The wizard opens a PowerShell script containing all the options that were specified during the graphical
installation
• ADPrep is now integrated into the AD DS installation process
• The AD DS server role can be installed on multiple servers at the same time
• AD DS installation wizard can be run remotely on an individual server
• AD DS installation and removal can be performed entirely with PowerShell (new forests, domains, DCs, etc.)
Install-ADDSDomainController [SkipPreChecks] –SafeModeAdministratorPassword <SecureString> [-ADPrepCredential <PS Credential>] [AllowDomainControllerReinstall] [-ApplicationPartitionsToReplicate <string[]>] [-ConfigureGlobalCatalog] [-CreateDNSDelegation] [-Credential
<PS Credential>] [-CriticalReplicationOnly] [-DatabasePath <string>] [-DNSDelegationCredential <PS Credential>] [-DNSOnNetwork] [DomainName <string>] [-InstallationMediaPath <string>] [-InstallDNS] [-LogPath <string>] [-MoveInfrastructureOperationMasterRoleIfNecessary]
[-RebootOnCompletion] [-ReplicationSourceDC <string>] [-SiteName <string>] [-SkipAutoConfigureDNS] [-SYSVOLPath] [-WhatIf] [-Confirm]
[<CommonParameters>]
Virtualized AD DS
Windows Server 2012 includes enhancements that improve the administrative experience
when virtualizing domain controllers
• Safe virtualization of domain controllers
• AD DS relies on the hypervisor platform to expose an identifier called VM GenerationID to detect if a
virtual machine has been rolled back in time. The design uses a hypervisor-agnostic mechanism for
surfacing the VM GenerationID in the virtual machine.
• Virtualized domain controller cloning
• Administrators can now promote a single virtual domain controller per domain and rapidly deploy all
additional replica virtual domain controllers through cloning.
• Administrators no longer have to repeatedly deploy a sysprepped server image, promote the server to a
domain controller and then complete additional configuration requirements for every replica domain
controller.
• AD Snapshots
• Windows Server 2012 domain controllers detect snapshot restoration and non-authoritatively synchronize
the delta of changes for AD DS and SYSVOL, making domain controller virtualization safer.
Active Directory Based Activation
(ADBA )
• Existing Active Directory environment can be used for activation of clients
No additional machines required
Uses LDAP exclusively; no RPC requirement
Includes RODCs
Beyond activation, no data written back to the directory
Activation object maintained in Configuration Partition
• Represents proof of purchase
• Computers can be a member of any domain in the Forest
• Leveraged only by Windows 8 computers
• Requires Windows Server 2012 AD Schema, not Windows Server 2012 domain controller
• Can coexist with KMS
• KMS is still required for down-level volume licensing
•
•
•
•
•
Continuously Available File Shares
Continuously Available Scale Out
File Server Architecture
Cluster platform for a continuously available scale out file server
• Cluster-wide client access point
• Consistent cluster-wide file server configuration
• CSV cluster-wide file system
Zero client downtime failover – both planned and unplanned downtime
Accessing VHDs over SMB
Hyper-V Cluster
Single Logical Server (\\Foo\Share)
Single File System Namespace
Cluster Shared Volumes
File Server Cluster
Storage Spaces and Thin
Provisioning
How does Storage Spaces Work?
An example…
Deduplication
• Capacity Optimization
• Scale and Performance
• Reliability and Data Integrity
Managing Storage with PowerShell
PowerShell is required to access many of the advanced
features afforded by the new Storage Management
application programming interface (API)
Example: New-StoragePool
Parameters configured with GUI and PowerShell
• Underlying storage pool name
• Virtual disk name
• Resiliency setting (Simple, Mirror, or parity)
• Provisioning type (Thin or Fixed)
• Virtual disk size
Parameters configured only with PowerShell
• Number of columns: the number of columns the
virtual disk contains
• Number of data copies - number of complete
copies of data that can be maintained
• Disk interleave - number of bytes forming a stripe
• Physical disks to use - specific disks to use in the
virtual disk
Integrating Storage Pools
with Failover Clustering
• Clustered Storage Spaces require
fixed provisioning
• Clustered virtual disks require
underlying hardware to support
persistent reservations
NIC Teaming with Load Balancing
Architectural Components
2 basic sets of algorithms for NIC teaming
• Switch-dependent modes
• Require the switch to participate in
the teaming
• Types
• Generic or static teaming
• Dynamic teaming (LACP)
• Switch-independent modes
• Do not require the switch to
participate in the teaming
Traffic distribution methods
• Hyper-V switch port
• Address Hashing (TransportPorts)
Requirements
• 1 NIC to be used for VLAN traffic
• At least 2 NICs for all modes that
provide fault protection through failover
• Up to 32 NICs per team
NIC Teaming in VMs
NIC Teaming in Windows Server 2012 is supported in a VM
• Virtual network adapters that are connected to more than one Hyper-V switch can still have
connectivity even if the network adapter under that switch gets disconnected
• Useful when working with SR-IOV
• Each Hyper-V switch port associate with a VM that is using NIC Teaming must be set to allow
Teaming in the host (parent partition) using PowerShell with administrative permissions:
Set-VMNetworkAdapter
-VMName <VMname> -AllowTeaming
• Teams created in a VM can only run in Switch Independent configuration, Address Hash distribution
mode
• Only teams where each of the team members is connected to a different Hyper-V switch are
supported
• Each Hyper-V switch port that is associated with a virtual machine that is using Teaming must be set
to allow MAC spoofing
• Hyper-V NICs exposed in the parent partition (vNICs) must not be placed in a Team
Interactions with Distribution Modes
All Address hash modes
Switch Independent
Switch Dependent
(Static and LACP)
Hyper-V Switch Port mode
 Outbound traffic is spread across all
 Outbound traffic is tagged with the port
active members.
on the Hyper-V switch where it
 Inbound traffic (from beyond the subnet)
originated. All traffic with that port tag
arrives on only one interface (primary
is sent on the same team member.
member). If primary member fails
 Inbound traffic destined for a specific
another team member is selected as
Hyper-V port will arrive on the same
primary and all inbound traffic moves to
team member that the traffic from that
that team member.
port is sent out on.
 Outbound traffic is spread across all
 Outbound traffic is tagged with the port
active members.
on the Hyper-V switch where it
 Inbound traffic will be distributed by the
originated. All traffic with that port tag
switch’s load distribution algorithm.
is sent on the same team member. If a
team is put in the Hyper-V switch port
distribution mode but is not connected
to a Hyper-V switch, all outbound traffic
will be sent to a single team member.
 Inbound traffic will be distributed by the
switch’s load distribution algorithm.
rd
3 -Party
Interaction with
Teaming Solutions
STRONGLY RECOMMENDED that no system administrator ever run two teaming
solutions
at the same time on the same server. The teaming solutions are unaware of
• x
each other’s existence resulting in potentially serious problems.
• If the system administrator attempts to put a NIC into a 3rd party team that is
presently part of a Microsoft NIC Teaming team the system will become
unstable and communications may be lost completely
• If the system administrator attempts to put a NIC into a Microsoft NIC Teaming
team that is presently part of a 3rd party teaming solution team the system will
become unstable and communications may be lost completely
Standard
Low density or
no virtualization
Windows Server 2012
Standard
Microsoft System Center 2012
Standard
Enrollment for Core Infrastructure (ECI) Standard
Core Infrastructure Suite (CIS) Standard
Datacenter
High density
virtualization
Windows Server 2012
Datacenter
Microsoft System Center 2012
Datacenter
Enrollment for Core Infrastructure (ECI) Datacenter
Core Infrastructure Suite (CIS) Datacenter
Notes:
•
Windows Server continues to require Client Access Licenses (CALs)
•
Enrollment for Core Infrastructure (ECI) has a 25 license minimum and includes a 20% discount on new purchases
•
Core Infrastructure Suite (CIS) has no minimum purchase and includes a 5% discount on new purchases
SMB 3.0 Multichannel
Installation and Configuration
Prerequisites
• At least two computers running Windows Server 2012 or Windows 8.
• At least one of the configurations below:
• Multiple network adapters
• One or more network adapters that support RSS (Receive Side Scaling)
• One of more network adapters configured with NIC Teaming
• One or more network adapters that support RDMA (Remote Direct Memory
Access)
Sample Configurations that do not use SMB Multichannel
• Single non-RSS-capable network adapters
• Network adapters of different speeds
Installation
• None
• Enabled by default in Windows Server 2012 and Windows 8
• Can be disabled, re-enabled and configured with PowerShell
Multichannel, RDMA and NIC
Teaming Compatibility