The new platform
By Kay Ewbank
Windows 7 and Windows Server 2008 R2 make a great platform on which to build your business, as Kay Ewbank discovers.
HardCopy Issue: 47 | Found In: Systems | Published: 01/02/2010 | Last Revision: 07/07/2010
Choosing the operating systems that your business will be based upon is the key decision that will affect every other IT decision you will ever make. Choose UNIX and Linux, you go one route; Macs take you on a different path; and Windows points you down yet another.
With Windows Server 2008 R2 and Windows 7, Microsoft has put together a client and a server operating system that are intended to be treated as a team. They have features designed to be used together, and many of the technologies you find in one are also in the other. What’s more, some of the more interesting aspects of Windows 7 only work if your server is running Windows Server 2008 R2.
Windows Server 2008 R2 sounds as though it’s just an interim upgrade, but it actually goes way beyond this, and in terms of real changes you’ll see improved virtualisation, better Web and management tools, and strong integration with Windows 7.
The combination of Windows Server 2008 R2 and Windows 7 gives you access to a range of features that you don’t get with other combinations. These include better support and security for computers being used remotely; better performance in computers used in branch offices; more efficient power management; more fault tolerant VPN connectivity; and the option to protect removable drives by encrypting them. Making more efficient use of hardware through virtualised servers, and more reliable networks by setting up clustered servers are other ways the new releases offer business benefits.
Administering Windows Server 2008 R2 from Server Manager.
Virtualisation
Virtualisation can be an excellent way to make better use of existing hardware and to manage servers, and this is one area where Windows Server 2008 R2 has been improved. Most people tend to think of VMware when they consider virtualisation, but the Microsoft facilities for virtual machines have got a lot better in recent releases.
Windows Server 2008 R2 underpins its virtualisation using the Hyper-V hypervisor technology. Old-style virtualisation was essentially a particular sort of application running on top of the ‘real’ operating system. This hosted model then uses the host operating system to handle the processors, memory, disks and so on. A hypervisor is a thin layer of software that runs directly on the hardware platform and beneath all of the operating systems running on the computer. It manages memory, schedules virtual processors, and handles the basic functionality of the system. Hyper-V makes use of drivers and services within the Windows operating system to communicate with the hardware and for management facilities.
Hyper-V was released for Windows Server 2008, but has been improved for R2. One of the big improvements is live server migration. With live migration, you can move virtual servers running Hyper-V from one physical server to another without the need to shut down network connections, and without the need to inconvenience users with downtime.
The fact that this is designed to be easy alters the whole feel of the task. It means that if a particular physical server is running slowly because the virtual servers on it are all wanting the same resources and are getting heavier use than you anticipated, you can move one or more of the problem VMs without having to worry about when and how to do it. You might also want to move a VM to carry out maintenance on the physical server.
Administering Hyper-V from Windows
This feature competes with VMware’s VMotion feature which provides similar facilities for servers running VMware ESX. However this is a feature that is free from Microsoft, rather than the several thousand pounds charged by VMware.
One of the good things about Windows 7 is that it has a Hyper-V Management tool. Once set up, you can connect to virtual servers and administer them from your Windows 7 machine.
Clustering
Tied in with its support for live migration, Windows Server 2008 R2 is much better at failover clustering. A failover cluster is a group of at least two machines configured so that if one fails, another takes over and provides the same services to the user, ideally without them noticing. Done properly, clustered servers keep users working and reduce help desk calls. In R2, clustering can be set up across two physical servers, and Hyper-V will handle switching virtual machines between the physical servers without any of the applications running on the virtual machines shutting down.
Anyone who has watched Microsoft’s somewhat painful progress towards clustered servers will be sceptical about such claims, but it’s actually remarkably easy to do this in R2. Setting up clusters involves a set of wizards, and there’s a management GUI that is remarkably understandable even without a degree in clustering techniques. If you do know what you’re doing, the tools are there, but they’re not nearly as necessary. If you’re familiar with an earlier version, the cluster administration interface has been replaced with the Failover Cluster Management snap-in for the Microsoft Management Console.
One reason why clustering is so much easier in R2 is because of Microsoft’s new approach to hardware. So long as the components are Windows Server 2008 certified, then the clustering wizard will carry out a set of validation tests, and if the kit passes these tests, then your cluster configuration is supported. In previous versions, there was a separate hardware compatibility list for clustering. Essentially, if your server’s processors support Intel-VT or AMD-V, then you should be able to put them into clusters.
One fairly reasonable restriction is that you can’t create clusters that mix Intel and AMD processors. So long as you keep to this rule, you can put together clusters made up of different types of physical servers from different manufacturers. Most servers that have been released within the last five years will be compatible with Hyper-V and clustering. From the client end, clustered servers look transparent in the sense that machines connecting to a server will stay connected, even if that server has a problem and the workstation is switched over to the other server.
Smarter hardware use
Windows Server 2008 R2 also provides support for up to 256 logical processors. If you have a computer with more than one processor, or processors with multiple cores, you can configure R2 to use multiple logical processors. Hyper-V can support up to 64 cores within a virtual machine instance (the previous version was limited to 24). R2 is cleverer in the way it deals with loads on CPUs to avoid processors becoming saturated. It also now handles Non-Uniform Memory Access (NUMA) more intelligently, to the extent that on some hardware it can be a third faster than Windows Server 2008.
R2 is also smarter when it comes to data connections. If you manage FTP connections or Web sessions where data is transferred, Hyper-V offloads the appropriate VMs to an I/O queue that is dealt with in the most efficient way possible, to leave the CPU to deal with other business.
64-bit operation
Windows Server 2008 R2 is a 64-bit operating system: there is no 32-bit version. There are 32-bit versions of Windows 7, but there are also 64-bit versions available. Indeed the 64-bit version of Windows 7 shares a common kernel with Windows Server 2008 R2, which means Microsoft is maintaining one set of code for both operating systems. In time, as we all move to 64-bit versions, we should therefore derive benefits from the pooling of the development efforts for both server and client.
Depending on your viewpoint, the move to 64-bit is either wonderful news or a bit of a drawback. It’s wonderful news because it means the operating system doesn’t have to do all the little fiddles to take account of 32-bit technology, and old unsophisticated code can be dropped. By focusing only on new, fast and powerful hardware, the performance can be (and is) a lot better. The previous limit of 4GB on the amount of memory the operating system can access no longer applies, which can be useful if you run the sort of applications that find this restrictive.
Windows XP Mode is a free 32-bit compatibility download for 64-bit Windows 7.
On the drawback side, code written entirely from scratch has not historically been free of problems, so there’s an uneasy feeling about what the clever coders might have missed. It also means your older hardware can’t be brought up to date. This means companies either have to spend money they wouldn’t otherwise want to spend, or live with an older server system while Microsoft is focusing all its development and patching effort on a system that is out of reach.
Also, to get the best out of your 64-bit operating system, you need applications written to take advantage of it, which means more upgrading and more money spent. It also means software has to be rewritten if it’s going to run in kernel mode. This is particularly relevant to device drivers and antivirus software. If your peripherals such as scanners or printers are older versions, you may find you can’t get a 64-bit driver so may not be able to run it under Windows Server 2008 R2 or 64-bit Windows 7.
The good news is that Windows Server 2008 R2 does have a way to run 32-bit applications that are causing problems, thanks to a feature called Windows on Windows 64-bit (WOW64) that lets applications run in a 32-bit mode. WOW64 catches all the calls that make use of the system, registry, file system and so forth, and converts them behind the scenes to their 64-bit equivalent, without the application knowing anything about it. However, the bottom line is if you’re going to go 64-bit, go for it now. Hanging on to 32-bit elements will lose you the benefits you’re hoping to gain.
So far we have discussed purely server-based benefits. We now come on to the areas where the improvements to Windows Server 2008 R2 need Windows 7 as the client to really shine.
DirectAccess
Anyone who wants to use information or applications on your company network from outside your nice safe firewall presents problems. Generally, you end up having to set up and manage a VPN (Virtual Private Network) which gives remote users a secure, encrypted tunnel across the Internet and into your LAN. Problems arise because users have to work through another layer. They may need client software on the machine they’re using to connect which prohibits use of public machines. Even when it’s a corporate laptop or home machine, the need for passwords and VPN connections to be set up and maintained causes problems. Users have to log-in, or may need to use a smart card. Problems such as the connection being dropped confuse users, and the end result is a higher level of help desk involvement than anyone would want.
When used with Windows 7 as a client, Windows Server 2008 R2 supports an alternative technique called DirectAccess. This does not need a VPN connection, and from the user’s viewpoint is transparent: they should just see the resources they want to use.
When users connect through DirectAccess, they and their machine are authenticated once, and then the connection is established automatically. Security is maintained through a combination of features. To begin with, DirectAccess authenticates the computer, and this means it can connect to your company intranet before the user logs on. DirectAccess integrates with Network Access Protection (NAP) and Network Policy Server (NPS), both features that are built into Windows Server 2008 and Windows 7 to verify that remote computers meet your security standards and are patched and up-to-date before the machine is allowed to connect. Working with the remote machine rather than the user also means you can carry out management and maintenance actions, such as applying Group Policy settings.
Once you’re happy with the machine, user authentication can be brought into play. You can set up DirectAccess so it also authenticates the user, with support for multifactor authentication using smart cards or biometrics.
Data in transit is secured using IPsec encryption. You can set up DirectAccess to use encrypted transport either between the client and the DirectAccess server, or to have end-to-end encryption all the way to the application server (the Exchange Server for example). Another nice touch is support for split-tunnel routing. This means that Internet traffic is routed separately from ‘network’ traffic. Usually, when using a VPN, all requests including Web page requests go via your VPN, clogging up the bandwidth. With split-tunnel routing, only the data that is actually intended for your network or requested from your network goes through the DirectAccess server. Web page requests can be handled locally.
Remote Desktop Services
Remote Desktop Services is the replacement for Terminal Services, and like its predecessor, it handles the graphical interface and application provision of the Windows desktop on machines that don’t have it locally. However, while Terminal Services was designed to deploy the entire PC environment from the central server to remote workstations, Remote Desktop Services includes the ability to remotely deploy individual applications. These applications download and run on user desktops as required, and look and behave just as they would if installed locally.
Remote Desktop also supports Virtual Desktop Infrastructure (VDI). This can be used to centralise the storage, execution and management of a Windows desktop in the data centre.
When used with Windows 7, applications and desktop items that are delivered using Remote Desktop show up in the Start Menu with the same look and feel of locally installed applications. The intention is that users won’t be able to tell the difference between a local and remote application.
BranchCache
Branch offices need to have access to data, to have their computers updated and to share server applications that are located at the main offices. The UK is not noted for its superfast broadband, so unless the branch office is large enough to justify expensive dedicated data lines, those working in branch offices are likely to spend a lot of time waiting for data and cursing the connection.
Choosing file storage options for BranchCache.
Windows Server 2008 R2 and Windows 7 support a feature called BranchCache that is aimed at just this business issue. Essentially, when anyone in a branch office gets data from Web and file servers located elsewhere, BranchCache keeps a local copy of the data. The data can be cached on a local server or on the computer of the person who originally accessed the data. If someone else in the office asks for the same file, the local copy is used instead of the original remote file. The user will only be given access to the file if they have the correct authorisation.
So Windows Server 2008 R2 and Windows 7 have definite advantages to offer the IT department looking for a strong platform for their business, but you really should take advantage of the 64-bit support if you possibly can.