Windows Server 2012for SQL Server DBAs

Andrew Fryer Microsofthttp://Blogs.technet.com/b/Andrew @deepfatAndrew.fryer@Microsoft.com

Hyper-V Scalability

Expanded Processor & Memory Support

System ResourceMaximum Number Improvement

FactorWindows Server 2008 R2

Windows Server 2012

Host

Logical processors on hardware 64 320 5x

Physical Memory 1 TB 4 TB 4xVirtual processors per host 512 2,048 4x

Virtual Machine

Virtual processors per virtual machine 4 64 16x

Memory per virtual machine 64 GB 1 TB 16x

Active virtual machines per server 384 1,024 2.7x

Cluster Nodes 16 64 4xVirtual machines 1,000 4,000 4x

Shared Nothing Live Migration

Shared Nothing Live Migration

The ability to move a virtual machine while it is running from one host to another without requiring shared storage

• Faster and simultaneous migration• Entire VM moved with no downtime

• VHD, configuration files, snapshots, etc.

• Improved performance and flexibility• No longer requires a clustered environment or shared storage*

* Live Migration can be done with shared storage and clustered VMs, but “Shared Nothing” does not require either

Live Migration – Moving a Running VM without Shared Storage

1. Live Migration setup occurs

2. Memory pages are transferred from the source server to the destination server

3. Modified pages are transferred to destination server

4. State is transferred to destination server

5. VM brought online on destination server

6. Network cleanup occurs

standard Ethernet connection

Enabling Hyper-V over SMB

Common Configurations

Single-Node File Server• Lowest cost for share

storage• Shares not continuously

available

Dual-Node File Server• Low cost for continuously

available shared storage• Limited scalability (up to a

few hundred disks

Multi-Node File Server• Highest scalability (up to

thousands of disks)• Higher cost, but still lower

than connecting all Hyper-V hosts with FC

Creating an SMB ShareFrom Server Manager:

1. Log on or connect to a Windows Server 2012 computer on which the File and Storage role is installed. Open Server Manager and navigate to File and Storage Services

2. In Server Manager, start the New Share Wizard# Create folder MD X:\VMS # Create file share New-SmbShare -Name VMS1 -Path X:\VMS -FullAccess Domain\HVAdmin, Domain\HV1$, Domain\HV2$, Domain\HVC$ # Set NTFS permissions from the file share permissions (Get-SmbShare VMS1).PresetPathAcl | Set-Acl

With PowerShell:

2

1

Hyper-V Replica

Installation and Configuration

2. Run Best Practices Analyzer to confirm installation and verify functionality

3. Configure Replication • Standalone• Failover Cluster

4. Enable each Virtual Machine for replication (Enable Replication Wizard)

5. Or use PowerShell

Set-VMReplicationServer -ReplicationEnabled $true -AllowedAuthenticationType Integrated -IntegratedAuthenticationPort $RecoveryPort -DefaultStorageLocation $ReplicaStorageLocation -ReplicationAllowedFromAnyServer $true

1. Add Hyper-V role on Primary and Replica servers • Add Role and Feature Wizard (ARFW) in Server

Manager• Deployment Image and Service Management (DISM)

dism /online /enable-feature /featurename:Microsoft-Hyper-V

• Server Manager Powershell cmdletInstall-WindowsFeature –Name Hyper-V –

IncludeManagementTools

3

4

Architectural Components

Windows Server 2012 User Interface

MinShell

• Server Core with GUI tools• Server Manager and

cmd.exe launch by default when server is booted• Allows other GUI tools to be loaded

• Enabled through Add Roles and Features wizard, or with PowerShell

Minimal User Experience option

Enabling/Disabling MinShell

Uninstall-WindowsFeature Server-GUI-Shell

Uninstall-WindowsFeature Server-GUI-Shell -remove

Install-WindowsFeature Server-Gui-Mgmt-Infra

Install-WindowsFeature Server-Gui-Shell

Install-WindowsFeatureDesktop-Experience

Interface Feature SetsServer Core MinServer Server W/GUI Desktop Experience

Command Prompt Available Available Available AvailableWindows PowerShell Available Available Available AvailableServer Manager Not Available Available Available AvailableMMC Not Available Available Available AvailableControl Panel Not Available Not Available Available AvailableControl Panel Applets Not Available Some Available Available AvailableWindows Explorer Not Available Not Available Available AvailableTaskbar Not Available Not Available Available AvailableNotification Area Not Available Not Available Available AvailableInternet Explorer Not Available Not Available Available AvailableHelp Not Available Not Available Available AvailableThemes Not Available Not Available Not Available AvailableMetro Start Screen Not Available Not Available Not Available AvailableMetro Apps Not Available Not Available Not Available AvailableMedia Player Not Available Not Available Not Available Available

Server Manager

Multi-Machine Management• Glanceable

Multi-Machine Management• Directly actionable

26

Multi-Machine Management• Multi-select and start all services together

Multi-Machine Management• Custom Server Groups

12

3

Remotely Add Roles• Local server• Remote server (including Server Core)• Offline VHD

29

Windows PowerShell

PowerShellBuilt-in Cmdlets

• Windows Server 2012, Windows 8, PowerShell 3.0

Show-Command CmdletLets beginners run cmdlets from a dialog box

• Running without parameters displays a list of available cmdlets, functions, aliases and scripts installed on the system

• Can filter by Module • Can search by Name

Robust SessionsAllow for reconnection to disconnected remote sessions

• This example creates a new session on a remote server, stores data in that session, and then disconnects it while leaving the session running. The name of the running session is Server1Session. The local connection variable is $RemoteSession.

• The following commands reconnect to the remote session (in this example, from the server where the session is still running)

↪ Enable-PSRemoting –Force ↪ $RemoteSession = New-PSSession –Name Server1Session –ComputerName Server1 ↪ Invoke-Command –Session $RemoteSession –ScriptBlock {$date = Get-Date } ↪ Disconnect-PSSession –session $RemoteSession ↪ Exit

↪ Get-PSSession –ComputerName Localhost↪ $LocalSession = Connect-PSSession –ComputerName localhost –Name Server1Session

↪ Invoke-command –Session $LocalSession –Scriptblock { $date }

Workflows

• Are typically started from a client computer

• Are ideal for executing long-running tasks across multiple target computers, usually gathering data from or make changes to managed nodes

• Are just like any other Windows PowerShell command, which means that you can use Get-Command to discover them and Get-Help to learn how to use them

• Can survive machine and network interruptions such as reboots.

↪Workflow MyWorkflow {Write-Output -InputObject "Hello from Workflow!"}

↪ Get-Command –Name MyWorkflow –Syntax ↪ MyWorkflow

The workflow keyword adds more than 20 new parameters, allowing users to specify such items as:• A list of target machines for the workflow

(-PSComputerName) • Credentials to use for running the workflow

(-PSCredential) • Quotas to manage the workflow as the work

scales (-PSRunningTimeoutSec) • Ability to retry the whole workflow or specific

activities in case there are connection issues (-PSConnectionRetryCount)

• Ability to persist or checkpoint some or all workflow activities, which will save the workflow metadata, output and errors to disk and enable you to resume workflow execution at given points during the execution (-PSPersist, -PSPersistInterval)

Windows Server 2012PowerShell Web AccessAllows management of multiple computers from a web browser

1. Enable through Add Roles and Features wizard in Server Manager

2. Configure Web Access ↪ Install-PswaWebApplication –useTestCertificate ↪ Get-PswaAuthorizationRule ↪ Add-PswaAuthorizationRule –ComputerName * -UserName * -

ConfigurationName * ↪ Get-PSWAAuthorizationRule

3. Log in to gain full PowerShell access thru the browser

Delegated PermissionsAllow for the use of alternate credentials during a Workflow

• Type the following command, and press Enter. When prompted, type the password for the referenced account.

• To set the RunAsUser property, use the Set-Item cmdlet with the $cred parameter as the value for the Value parameter.

• To make the change effective, type the following:

• To see the effects of the change, type the following:

↪ $Cred = Get-Credential –Credential contoso\administrator

↪ Set-Item WSMan:\localhost\Plugin\Microsoft.Powershell.Workflow\RunAsUser -Value $Cred

↪ Restart-Service WinRM

↪ Get-ChildItem WSMan:localhost\Plugin\Microsoft.Powershell.Workflow

SnippetsDisplays code snippets for selected commands

• Enabled in ISE by selecting Start Snippets from the Edit Menu

Get-IseSnippetNew-IseSnippet

Active Directory Enhancements

Active Directory Administrative Center Enhancements• Active Directory

Recycle Bin

• Fine Grained Password Policy Management

• PowerShell History Viewer

• Dynamic Access Control deployment

Active Directory Recycle Bin- Restoration of AD Objects

31

2

3

1. In ADAC, select Deleted Objects container2. Select item(s) to be restored3. Select Restore or Restore To

Windows PowerShell History Viewer

1. Records underlying PowerShell commands when action is taken in the ADAC

2. Administrator can copy/reuse in a PowerShell script

Deleted DHCP Users group

1

4Required Administrator account to use smart card for interactive login

2

Dynamic Access ControlAllows Administrators to create and manage Central Access and Audit Policies in Active Directory, which can be managed through the ADAC

• Policies are based on conditional expressions that take into account who the user is, what device they are using and what data is being accessed

• Organizations can translate business requirements to efficient policy enforcement and considerably reduce the number of security groups needed for access control

Group Policy EnhancementsGroup Policy Management Console includes new capabilities that allow administrators to more easily track SYSVOL replication as it relates to Group Policy, as well as force Group Policy updates from a central location

Kerberos Constrained Delegation ChangesKerberos Constrained Delegation (KCD) permits a service’s account (front-end) to act on the behalf of users in multi-tier applications for a limited set of back-end services

• The challenge in earlier versions of Windows• The front-end is configured with the service (by SPN) to which it can impersonate users• Setup/administration requires Domain Admin privileges• Only works for back-end services in the same domain as the front-end service accounts

• The solution in Windows Server 2012• Authorization decisions are moved to the resource owners• Permits back-end to authorize which front-end service-accounts can impersonate users

against their resources• Supports cross-domain, cross-forest scenarios• No longer requires Domain Admin privileges• Requires only administrative permission to the back-end service-account

AD Deployment EnhancementsActive Directory Domain Services (AD DS) deployment in Windows Server 2012 is simpler and faster than previous versions of Windows Server

• The new AD DS installation process is now built on Windows PowerShell and is integrated with Server Manager• Includes prerequisite validation• The wizard opens a PowerShell script containing all the options that were specified during

the graphical installation• ADPrep is now integrated into the AD DS installation process• The AD DS server role can be installed on multiple servers at the same time • AD DS installation wizard can be run remotely on an individual server• AD DS installation and removal can be performed entirely with PowerShell (new forests,

domains, DCs, etc.)Install-ADDSDomainController [SkipPreChecks] –SafeModeAdministratorPassword <SecureString> [-ADPrepCredential <PS Credential>] [-AllowDomainControllerReinstall] [-ApplicationPartitionsToReplicate <string[]>] [-ConfigureGlobalCatalog] [-CreateDNSDelegation] [-Credential <PS Credential>] [-CriticalReplicationOnly] [-DatabasePath <string>] [-DNSDelegationCredential <PS Credential>] [-DNSOnNetwork] [-DomainName <string>] [-InstallationMediaPath <string>] [-InstallDNS] [-LogPath <string>] [-MoveInfrastructureOperationMasterRoleIfNecessary] [-RebootOnCompletion] [-ReplicationSourceDC <string>] [-SiteName <string>] [-SkipAutoConfigureDNS] [-SYSVOLPath] [-WhatIf] [-Confirm] [<CommonParameters>]

Virtualized AD DSWindows Server 2012 includes enhancements that improve the administrative experience when virtualizing domain controllers

• Safe virtualization of domain controllers• AD DS relies on the hypervisor platform to expose an identifier called VM GenerationID to

detect if a virtual machine has been rolled back in time. The design uses a hypervisor-agnostic mechanism for surfacing the VM GenerationID in the virtual machine.

• Virtualized domain controller cloning• Administrators can now promote a single virtual domain controller per domain and rapidly

deploy all additional replica virtual domain controllers through cloning. • Administrators no longer have to repeatedly deploy a sysprepped server image, promote

the server to a domain controller and then complete additional configuration requirements for every replica domain controller.

• AD Snapshots• Windows Server 2012 domain controllers detect snapshot restoration and non-

authoritatively synchronize the delta of changes for AD DS and SYSVOL, making domain controller virtualization safer.

Active Directory Based Activation (ADBA )

• Existing Active Directory environment can be used for activation of clients• No additional machines required• Uses LDAP exclusively; no RPC requirement• Includes RODCs• Beyond activation, no data written back to the directory• Activation object maintained in Configuration Partition

• Represents proof of purchase• Computers can be a member of any domain in the Forest

• Leveraged only by Windows 8 computers• Requires Windows Server 2012 AD Schema, not Windows Server 2012 domain controller• Can coexist with KMS

• KMS is still required for down-level volume licensing

Continuously Available File Shares

Continuously Available Scale Out File Server Architecture

Cluster platform for a continuously available scale out file server• Cluster-wide client access point • Consistent cluster-wide file server configuration• CSV cluster-wide file system

Zero client downtime failover – both planned and unplanned downtime

Single Logical Server (\\Foo\Share)

Accessing VHDs over SMB Hyper-V Cluster

File Server Cluster

Single File System Namespace

Cluster Shared Volumes

Storage Spaces and Thin Provisioning

How does Storage Spaces Work?

An example…

Drive array presenting 4 100GB LUNs

Disk Management show the 4

disks online and initialized

Primordial Pool is populated in

the File and Storage Services Interface

Deduplication• Capacity Optimization• Scale and Performance• Reliability and Data Integrity

Enable & Configure

Deduplication on volume

Start-DedupJob –type optimization –Volume E:

Saved Space

Managing Storage with PowerShell

Parameters configured with GUI and PowerShell• Underlying storage pool name • Virtual disk name • Resiliency setting (Simple, Mirror, or parity) • Provisioning type (Thin or Fixed) • Virtual disk size

Parameters configured only with PowerShell• Number of columns: the number of columns

the virtual disk contains • Number of data copies - number of

complete copies of data that can be maintained

• Disk interleave - number of bytes forming a stripe

• Physical disks to use - specific disks to use in the virtual disk

PowerShell is required to access many of the advanced features afforded by the new Storage Management application programming interface (API)

Example: New-StoragePool

Integrating Storage Pools with Failover Clustering

• Clustered Storage Spaces require fixed provisioning

• Clustered virtual disks require underlying hardware to support persistent reservations

NIC Teaming with Load Balancing

Architectural Components2 basic sets of algorithms for NIC teaming

• Switch-dependent modes• Require the switch to

participate in the teaming• Types

• Generic or static teaming• Dynamic teaming (LACP)

• Switch-independent modes• Do not require the switch to

participate in the teaming

Traffic distribution methods• Hyper-V switch port• Address Hashing (TransportPorts)

Requirements• 1 NIC to be used for VLAN traffic• At least 2 NICs for all modes that

provide fault protection through failover• Up to 32 NICs per team

NIC Teaming in VMsNIC Teaming in Windows Server 2012 is supported in a VM

• Virtual network adapters that are connected to more than one Hyper-V switch can still have connectivity even if the network adapter under that switch gets disconnected• Useful when working with SR-IOV

• Each Hyper-V switch port associate with a VM that is using NIC Teaming must be set to allow Teaming in the host (parent partition) using PowerShell with administrative permissions:

• Teams created in a VM can only run in Switch Independent configuration, Address Hash distribution mode

• Only teams where each of the team members is connected to a different Hyper-V switch are supported

• Each Hyper-V switch port that is associated with a virtual machine that is using Teaming must be set to allow MAC spoofing

• Hyper-V NICs exposed in the parent partition (vNICs) must not be placed in a Team

Set-VMNetworkAdapter -VMName <VMname> -AllowTeaming 

Interactions with Distribution Modes

  All Address hash modes Hyper-V Switch Port modeSwitch Independent

Outbound traffic is spread across all active members.

Inbound traffic (from beyond the subnet) arrives on only one interface (primary member). If primary member fails another team member is selected as primary and all inbound traffic moves to that team member.

Outbound traffic is tagged with the port on the Hyper-V switch where it originated. All traffic with that port tag is sent on the same team member.

Inbound traffic destined for a specific Hyper-V port will arrive on the same team member that the traffic from that port is sent out on.

Switch Dependent(Static and LACP)

Outbound traffic is spread across all active members.

Inbound traffic will be distributed by the switch’s load distribution algorithm.

Outbound traffic is tagged with the port on the Hyper-V switch where it originated. All traffic with that port tag is sent on the same team member. If a team is put in the Hyper-V switch port distribution mode but is not connected to a Hyper-V switch, all outbound traffic will be sent to a single team member.

Inbound traffic will be distributed by the switch’s load distribution algorithm.

Interaction with 3rd-Party Teaming SolutionsSTRONGLY RECOMMENDED that no system administrator ever run two teaming solutions at the same time on the same server. The teaming solutions are unaware of each other’s existence resulting in potentially serious problems.

• x

• If the system administrator attempts to put a NIC into a 3rd party team that is presently part of a Microsoft NIC Teaming team the system will become unstable and communications may be lost completely

• If the system administrator attempts to put a NIC into a Microsoft NIC Teaming team that is presently part of a 3rd party teaming solution team the system will become unstable and communications may be lost completely

Updated Windows Server 2012 Licensing

Notes:• Windows Server continues to require Client Access Licenses (CALs)• Enrollment for Core Infrastructure (ECI) has a 25 license minimum and includes a 20% discount on new purchases• Core Infrastructure Suite (CIS) has no minimum purchase and includes a 5% discount on new purchases

StandardLow density or no virtualization

DatacenterHigh density virtualization

Enrollment for Core Infrastructure (ECI) StandardCore Infrastructure Suite (CIS) Standard

Enrollment for Core Infrastructure (ECI) DatacenterCore Infrastructure Suite (CIS) Datacenter

65

Windows Server 2012 StandardMicrosoft System Center 2012 Standard

Windows Server 2012 DatacenterMicrosoft System Center 2012 Datacenter

SMB 3.0 Multichannel

Installation and ConfigurationPrerequisites

• At least two computers running Windows Server 2012 or Windows 8.• At least one of the configurations below:

• Multiple network adapters• One or more network adapters that support RSS (Receive Side

Scaling)• One of more network adapters configured with NIC Teaming• One or more network adapters that support RDMA (Remote Direct

Memory Access)Sample Configurations that do not use SMB Multichannel

• Single non-RSS-capable network adapters• Network adapters of different speeds

Installation• None

• Enabled by default in Windows Server 2012 and Windows 8• Can be disabled, re-enabled and configured with PowerShell

Multichannel, RDMA and NIC Teaming Compatibility