#10 Migration Tools: Starting off my Top 10 countdown are the migration tools available for Windows 2008 R2. Okay, so who gets excited about migration tools? Considering
Windows 2008 R2 comes as a 64-bit only operating system and there’s no
inplace upgrade path from 32-bit to 64-bit, the release of Windows 2008
R2 requires tools to help organizations “migrate” server to server than
just shove in a CD and do an inplace upgrade. Because
of that, Microsoft made some GREAT tools (and for any org than plans to
migrate from physical Windows 2003 hardware to virtualized Windows 2008
R2 guest images, this is the PERFECT way to go from physical to
virtual!!!) Go to http://www.microsoft.com/migration
for a link to the various migration tools. There are tools that help
you migrate fileservers (including files and ACLs), tools that help you
migrate RRAS servers to 2008 R2, print server migration tools shifting
your printers and print queues to 2008 R2. My
favorite migration tool is the DHCP migration tool that migrates not
only scopes, but also LEASES from old Windows DHCP servers to Windows
2008 R2 servers! (do you realize what that means? You
can migrate a DHCP server in the middle of a day, carry over DHCP
leases without having to expire out leases from the old server to get
DHCP activated on a new server! (sorry, we were really excited when this
tool came out, and to this day, I still get excited about sharing
this!!!))
#9 Active Directory 2008 R2: Number 9 on my list are updates to Active Directory. Gotta
start off by saying that no one really “has” to migrate to AD/2008 or
AD/2008 R2 for any of the current products, so things like Exchange
2010, SharePoint 2010, etc do NOT require AD/2008 (or 2008 R2). We have a LOT of customers who are happily running AD/2003 in Native Mode with all of the latest and greatest products running. However,
for those who want enhancements in AD, the biggies in 2008 R2 are the
Recycle Bin (effectively allows you to simply recover deleted objects in
AD, so if you fat finger delete a user object, accidentally overwrite
an AD group, simply go to the recycle bin and undelete stuff…). Also in AD/2008 R2 is Offline
Domain Join which allows you to pre-stage create a computer account in
AD, dump an XML file and then when you install Windows 7 on the computer
you can run a DJoin command on the Windows 7 and “join” the domain on
that Win7 computer without the Win7 computer even being attached to the
network! That way you can build systems in the lab and “join them” to AD without actually / physically connecting the computers to AD. Okay,
another geek moment, but this is great when we’re prestaging systems to
roll out in another site or domain and we don’t even need to be
physically at or physically connected to that domain… Oh, and something that I’m still excited about that’s in AD/2008 is Fine Grain Password Policies. In
AD/2003 you could only have 1 password policy per domain (upper case,
complex password, change every 30-days, etc had to be the SAME for
everyone in the domain). With Fine Grain
Passwords added to AD/2008 (and carried over to AD/2008 R2) you can now
set password policies “per group” so you can have folks in HR or
Accounting change their passwords every 20-days to please the
regulators, and field support and sales people can change their
passwords say ever 60-days or something. All done by groups, really slick!!!
#8 Remote Server Manager: Alright,
#8 on my Top 10 countdown is the ability to remotely manage other
Windows 2008 R2 servers using the Server Manager tool. With
Windows 2008 you had this really great tool “Server Manager” that
allowed you to Add Roles, Features, Administer the servers, etc from a
single console, however it was ONLY for the system you were on, so you
had to constantly Remote Desktop into other servers. Now with Windows 2008 R2 servers you can remotely access Server Manager on other systems. So just sit at one console and reach into other servers in your network to do day to day administrative tasks!
#7 Direct Access: Okay,
DirectAccess, probably gets my award for “most innovative technology”
in Windows 7 client and Windows 2008 R2 server and would have been
closer to #1 in my countdown if it weren’t so complicated to implement. So DirectAccess is a technology that effectively does away with VPNs. Just
like RPC/HTTPS (Outlook Anywhere) eliminated the need to VPN from
Outlook to Exchange for your email a few years ago, DirectAccess does
away with VPNs by giving you access to “everything else” on your network
like your F> and K> drive shares, http:// SharePoint shares,
accounting software, CRM software, etc. Basically “anything” you normally have access to from a VPN, you can now access “natively” from a Windows 7 client. DirectAccess leverages IPSec policies and Certificates to “automatically” tunnel a Windows 7 client into the network. Effectively
a client that has DirectAccess configured can simply turn on their
laptop or desktop computer, get an Internet connection, and over
encrypted IPSec re-establish normal network connections, but “outside”
the network. AND, your internal network doesn’t
have all be Windows 2008 R2, just a single server in the DMZ needs to be
running Windows 2008 R2 as a “proxy” that effectively encrypts
communications between the client and this one 2008 R2 server. Everything else “inside” your network can be just plain old TCP networking like Windows 2003, SharePoint, Linux, etc… Okay,
so here’s the catch, the client systems need to be Windows 7 (not a
biggie, a lot of orgs have already started their migration to Win7
clients). You need to enable IPv6 on the 2008 R2
proxy/gateway server and IPv6 on all Win7 clients (also not a biggie
because it’s on by default since Win2008 and Vista, although you need to
now understand how IPv6 works to do the proper addressing, so that’s a
learning experience to figure out). You need to
be running Microsoft Certification Authority (CA), which for many orgs
is also not a big deal as they’ve been running Microsoft’s CA for a
while, however if you haven’t setup Microsoft’s CA, kind of familiar
with Auto-enrollment of certificates to automatically push out certs
using AD, this is something new for you to learn. If you’re already doing Auto-enrollment, you’re set! And
then IPSec and split DNS, this is the technical pieces that everyone
gets wrong and Microsoft’s whitepaper guide on DA is not very helpful. We
took time writing this portion of the chapter of my Windows 2008 R2
book as once you get this working, then DA actually works! So, a REALLY slick technology once you get it working. I’d
recommend any hardcore techie to throw this in your lab to fiddle with,
it’s a great technology to understand and ultimately implement!
#6 SConfig in ServerCore: So for #6 on my countdown is SConfig.exe in ServerCore. So how many of you actually installed Microsoft’s GUI-less ServerCore when it came out in Windows 2008? Who
enjoyed the “net user administrator…”, “netdom rename computer…”,
“netdom join..” commands to even get a ServerCore system assigned an IP
address and joined to a domain before you could even do anything? It was a pain and the reason that a lot of people gave up on ServerCore. So with Windows 2008 R2, Microsoft came up with a utility called “Sconfig.exe” that you run after you install ServerCore. Now from the DOS prompt thing, you just type Sconfig and a “menu” (text based) shows up on screen. You
walk the menu to name your server, give it an IP address, domain a
domain, and most importantly set it so you can run Remote Server Manager
(see #8 on my list) to remotely manage the server. So
you can now have a simple menu to get the basics going, and then remote
into the system and use the Server Manager GUI to do the rest! Where
I can count the number of ServerCore systems we installed in Windows
2008 on one hand, I can now say we’re deploying a couple dozen
ServerCore systems a week these days because of these new tools built-in
to Windows 2008 R2!
#5 Improvements in Group Policy Management: Okay,
most of this is Windows 2008 stuff on the Group Policies, but never the
less, what Microsoft has done with Group Policies in Windows 2008 (and
2008 R2) has been awesome, so it landed in the #5 spot on my Top 10! So
the minute you launch the Group Policy Management Console (GPMC) you’ll
notice not just the Computer Configuration container and the User
Configuration container, but under the Computer and User containers are
“Policies” and “Preferences”. The Policies
container is the same container that has been in AD all along where you
have containers for Account Policies, Windows Settings, Administrative
Tools, Security, etc. But under the “Preferences” is a whole new set of “views” to policies. For
some 1000+ policies, instead of more text based “descriptions” of
stuff, there’s a GUI for you to “see” a user Control Panel type stuff
where you can click through the GUI to “set” settings. When you set the settings and click OK, you’re effectively creating the group policy. So for things like Internet Explorer settings, you just click the checkbox or option on screen, and those settings are set. Or you can do drive mappings through a GUI, or set display settings through a GUI. This whole Preferences area REALLY makes setting policies easier. It’s
just like you are in Control Panel on your workstation, but instead
what you choose are set for the “policy” for the managed systems…
#4 Clustering of Print Servers and DHCP: We’re at #4 on my countdown and it’s about clustering. So
with Windows 2008 R2, you can cluster everything like you used to
(fileservers, app servers, etc) but they’ve added a whole bunch of other
things to cluster. My 2 favorite new clustered features are clustering print servers and DHCP servers… So how many times have you had a print server printer service stop and all of the print queues on the system go offline. A simple restart of the service gets you going again, but now you have hundreds of print jobs backed up… I
would have never taken 2 hardware systems and cluster print services,
that was overkill of hardware, but with virtualization, heck yeah, put a
print server as a guest session one physical host, and cluster it with a
guest session on another physical host. I now have full redundancy on a print service with effectively zero downtime! And the other cluster service that has been really slick is clustering DHCP. Do
you know for the past 20 years we’ve been doing DHCP “split scopes” the
whole 80/20 or 60/40 split scope across servers, which really wasn’t
fault tolerance, it was moreso just minimizing our risk that when a DHCP
server went offline that we were still able to limp along. Now with virtual guest sessions, I can CLUSTER the DHCP servers with 100% of my IP addresses. I have two servers issuing IP addresses in perfect unison. If I lose one server, I have another DHCP server continuing exactly where I left off. I can failover and patch/update a server back and forth. This completely changes (and drastically improves) something as simple as DHCP…
#3 Remote Desktop Services: Number 3 on my list is Remote Desktop Services, or RDS, which used to be called Terminal Services. Every
administrator has used Terminal Services / Remote Desktop to reach into
a server to remotely administer / manage a server, and a number of orgs
have used Terminal Services and Citrix for our client systems. With
Windows 2008 R2, we’ve really found orgs can get rid of Citrix and just
use the straight features out of 2008 R2 because why did people buy
Citrix? It was because Citrix provided Single
Sign-on (so you didn’t have to enter in your password to logon to
Citrix), better remote printing offered by Citrix, high availability
offered in Citrix, and the ability to just drop an application icon on a
user’s desktop and give remote access to an “application” and not have
to do the full Remote Desktop with the 2nd start button and everything. With Windows 2008 R2 (actually with Windows 2008) ALL of these features are native to Remote Desktop Services out of the box. So
as long as your client system is running XP SP3 or higher, you get the
single sign-on so you never have to type a logon/password to get access
to a RDS session. You can run RDS “RemoteApp” to simply launch an application right from your client system. Also
added in Windows 2008 R2 is Virtual Desktop Infrastructure (VDI) which
provides you the ability to give personal desktop sessions (like Hyper-V
guest sessions) to individual users for a full desktop experience. All
of this is something you used to have to go to 2 or 3 other vendors for
these features (Citrix and VMware) that are now included out of the box
in Windows 2008 R2. Check these features out!
#2 Hyper-V R2: Alright, down to #2 and Hyper-V server virtualization hits my #2 spot… What
can I say, just a couple years ago 100% of my server virtualization
business was VMware, they dominated the whole virtualization world and
in just over a year, Microsoft released Hyper-V with Windows 2008 and
then updated Hyper-V with Windows 2008 R2 to include not only what
VMware has in their VI3 and their newly released vSphere 4, but
Microsoft now gives it all away out of the box in Windows 2008 R2. If money matters to you, what organizations used to buy ESX, V/Motion, and now VSphere for, you get it all in Windows 2008 R2. In
side by side comparisons, server virtualization is server
virtualization whether it’s VMware or Hyper-V R2, you can run guest
sessions (lots of them on a 32gb 8core server (12-15 easily)), you can
take snapshots so before you patch or update a guest session, just take a
snapshot and if the update screws up your application, just rollback to
the snapshot. If you have a problem with any
Microsoft product being virtualized (Exchange 2010, SharePoint 2007,
System Center, etc) it’s the same company / same support call to get
Exchange support as it is Hyper-V virtualization support. And
with Hyper-V R2, you can now “cluster” Hyper-V host servers and move
guest sessions across Hyper-V hosts, AND not only move them around for
disaster recovery, you can do them LIVE in the middle of the day without
dropping a client session state in what Microsoft called “Live
Migration” (and VMware calls V/Motion that you pay lots of extra $$$
for). You just right click a guest session and
“Live Migrate” the guest session to another server in the middle of the
day to evacuate a problemsome host, or maybe do load balancing of hosts,
or as part of your process to move images so you can patch and update a
host. End of the day, VMware is far from 100% of
our virtualization business and actually in just a couple years is now
at par with Microsoft and now Microsoft Hyper-V makes up 50% of our
virtualization business…
#1 Stability and Reliability: Okay, not a specific feature or function, but my #1 on Windows 2008 R2 is that it just plain works! This
is the first operating system we’ve deployed well over a year in beta
in full blown production environments without issues, and our experience
since the product RTM’d has been just as solid. No
issues, no surprises, this one has been a keeper and because of that,
Stability and Reliability of Windows Server 2008 R2 and Windows 7 puts
this in my #1 spot!
Now
is comes down to getting to know MORE about each of these Top 10
features and functions which over this month I will be blogging tips,
tricks, best practices, and lessons learned on Windows Server 2008 R2
including insider comments and step by step “how to” guidance. All of this content is also covered in detail in my book “Windows Server 2008 R2 Unleashed”, all 1550-pages of the book…