windows server 2012 for sql server dbas andrew fryer microsoft @deepfat [email protected]
TRANSCRIPT
Windows Server 2012for SQL Server DBAs
Andrew Fryer Microsofthttp://Blogs.technet.com/b/Andrew @[email protected]
Hyper-V Scalability
Expanded Processor & Memory Support
System ResourceMaximum Number
Improvement FactorWindows Server
2008 R2Windows Server
2012
Host
Logical processors on hardware 64 320 5x
Physical Memory 1 TB 4 TB 4x
Virtual processors per host 512 2,048 4x
Virtual Machine
Virtual processors per virtual machine 4 64 16x
Memory per virtual machine 64 GB 1 TB 16x
Active virtual machines per server 384 1,024 2.7x
ClusterNodes 16 64 4x
Virtual machines 1,000 4,000 4x
Shared Nothing Live Migration
Shared Nothing Live Migration
The ability to move a virtual machine while it is running from one host to another without requiring shared storage
• Faster and simultaneous migration• Entire VM moved with no downtime
• VHD, configuration files, snapshots, etc.
• Improved performance and flexibility• No longer requires a clustered environment or shared storage*
* Live Migration can be done with shared storage and clustered VMs, but “Shared Nothing” does not require either
Live Migration – Moving a Running VM without Shared Storage
1. Live Migration setup occurs
2. Memory pages are transferred from the source server to the destination server
3. Modified pages are transferred to destination server
4. State is transferred to destination server
5. VM brought online on destination server
6. Network cleanup occurs
standard Ethernet connection
Enabling Hyper-V over SMB
Common Configurations
Single-Node File Server• Lowest cost for share
storage• Shares not continuously
available
Dual-Node File Server• Low cost for continuously
available shared storage• Limited scalability (up to a
few hundred disks
Multi-Node File Server• Highest scalability (up to
thousands of disks)• Higher cost, but still lower
than connecting all Hyper-V hosts with FC
Creating an SMB ShareFrom Server Manager:
1. Log on or connect to a Windows Server 2012 computer on which the File and Storage role is installed. Open Server Manager and navigate to File and Storage Services
2. In Server Manager, start the New Share Wizard# Create folder MD X:\VMS # Create file share New-SmbShare -Name VMS1 -Path X:\VMS -FullAccess Domain\HVAdmin, Domain\HV1$, Domain\HV2$, Domain\HVC$ # Set NTFS permissions from the file share permissions (Get-SmbShare VMS1).PresetPathAcl | Set-Acl
With PowerShell:
2
1
Hyper-V Replica
Installation and Configuration
2. Run Best Practices Analyzer to confirm installation and verify functionality
3. Configure Replication • Standalone• Failover Cluster
4. Enable each Virtual Machine for replication (Enable Replication Wizard)
5. Or use PowerShell
Set-VMReplicationServer -ReplicationEnabled $true -AllowedAuthenticationType Integrated -IntegratedAuthenticationPort $RecoveryPort -DefaultStorageLocation $ReplicaStorageLocation -ReplicationAllowedFromAnyServer $true
1. Add Hyper-V role on Primary and Replica servers • Add Role and Feature Wizard (ARFW) in Server
Manager• Deployment Image and Service Management (DISM)
dism /online /enable-feature
/featurename:Microsoft-Hyper-V
• Server Manager Powershell cmdletInstall-WindowsFeature –Name Hyper-V –
IncludeManagementTools
3
4
Architectural Components
Windows Server 2012 User Interface
MinShell
• Server Core with GUI tools• Server Manager and
cmd.exe launch by default when server is booted• Allows other GUI tools to be loaded
• Enabled through Add Roles and Features wizard, or with PowerShell
Minimal User Experience option
Enabling/Disabling MinShell
Uninstall-WindowsFeature Server-GUI-Shell
Uninstall-WindowsFeature Server-GUI-Shell -remove
Install-WindowsFeature Server-Gui-Mgmt-Infra
Install-WindowsFeature Server-Gui-Shell
Install-WindowsFeatureDesktop-Experience
Interface Feature SetsServer Core MinServer Server W/GUI Desktop Experience
Command Prompt Available Available Available Available
Windows PowerShell Available Available Available Available
Server Manager Not Available Available Available Available
MMC Not Available Available Available Available
Control Panel Not Available Not Available Available Available
Control Panel Applets Not Available Some Available Available Available
Windows Explorer Not Available Not Available Available Available
Taskbar Not Available Not Available Available Available
Notification Area Not Available Not Available Available Available
Internet Explorer Not Available Not Available Available Available
Help Not Available Not Available Available Available
Themes Not Available Not Available Not Available Available
Metro Start Screen Not Available Not Available Not Available Available
Metro Apps Not Available Not Available Not Available Available
Media Player Not Available Not Available Not Available Available
Server Manager
Multi-Machine Management
• Glanceable
Multi-Machine Management• Directly actionable
26
Multi-Machine Management• Multi-select and start all services together
Multi-Machine Management• Custom Server Groups
12
3
Remotely Add Roles• Local server
• Remote server (including Server Core)
• Offline VHD
29
Windows PowerShell
PowerShellBuilt-in Cmdlets
• Windows Server 2012, Windows 8, PowerShell 3.0
Show-Command CmdletLets beginners run cmdlets from a dialog box
• Running without parameters displays a list of available cmdlets, functions, aliases and scripts installed on the system
• Can filter by Module • Can search by Name
Robust SessionsAllow for reconnection to disconnected remote sessions
• This example creates a new session on a remote server, stores data in that session, and then disconnects it while leaving the session running. The name of the running session is Server1Session. The local connection variable is $RemoteSession.
• The following commands reconnect to the remote session (in this example, from the server where the session is still running)
↪ Enable-PSRemoting –Force ↪ $RemoteSession = New-PSSession –Name Server1Session –ComputerName Server1 ↪ Invoke-Command –Session $RemoteSession –ScriptBlock {$date = Get-Date } ↪ Disconnect-PSSession –session $RemoteSession ↪ Exit
↪ Get-PSSession –ComputerName Localhost↪ $LocalSession = Connect-PSSession –ComputerName localhost –Name Server1Session
↪ Invoke-command –Session $LocalSession –Scriptblock { $date }
Workflows
• Are typically started from a client computer
• Are ideal for executing long-running tasks across multiple target computers, usually gathering data from or make changes to managed nodes
• Are just like any other Windows PowerShell command, which means that you can use Get-Command to discover them and Get-Help to learn how to use them
• Can survive machine and network interruptions such as reboots.
↪Workflow MyWorkflow {Write-Output -InputObject "Hello from Workflow!"}
↪ Get-Command –Name MyWorkflow –Syntax ↪ MyWorkflow
The workflow keyword adds more than 20 new
parameters, allowing users to specify such
items as:• A list of target machines for the workflow
(-PSComputerName) • Credentials to use for running the workflow
(-PSCredential) • Quotas to manage the workflow as the work
scales (-PSRunningTimeoutSec) • Ability to retry the whole workflow or specific
activities in case there are connection issues (-PSConnectionRetryCount)
• Ability to persist or checkpoint some or all workflow activities, which will save the workflow metadata, output and errors to disk and enable you to resume workflow execution at given points during the execution (-PSPersist, -PSPersistInterval)
Windows Server 2012
PowerShell Web AccessAllows management of multiple computers from a web browser
1. Enable through Add Roles and Features wizard in Server Manager
2. Configure Web Access
↪ Install-PswaWebApplication –useTestCertificate ↪ Get-PswaAuthorizationRule ↪ Add-PswaAuthorizationRule –ComputerName * -UserName * -
ConfigurationName * ↪ Get-PSWAAuthorizationRule
3. Log in to gain full PowerShell access thru the browser
Delegated PermissionsAllow for the use of alternate credentials during a Workflow
• Type the following command, and press Enter. When prompted, type the password for the referenced account.
• To set the RunAsUser property, use the Set-Item cmdlet with the $cred parameter as the value for the Value parameter.
• To make the change effective, type the following:
• To see the effects of the change, type the following:
↪ $Cred = Get-Credential –Credential contoso\administrator
↪ Set-Item WSMan:\localhost\Plugin\Microsoft.Powershell.Workflow\RunAsUser -Value $Cred
↪ Restart-Service WinRM
↪ Get-ChildItem WSMan:localhost\Plugin\Microsoft.Powershell.Workflow
SnippetsDisplays code snippets for selected commands
• Enabled in ISE by selecting Start Snippets from the Edit Menu
Get-IseSnippetNew-IseSnippet
Active Directory Enhancements
Active Directory Administrative Center Enhancements
• Active Directory Recycle Bin
• Fine Grained Password Policy Management
• PowerShell History Viewer
• Dynamic Access Control deployment
Active Directory Recycle Bin- Restoration of AD Objects
31
2
3
1. In ADAC, select Deleted Objects container2. Select item(s) to be restored3. Select Restore or Restore To
Windows PowerShell History Viewer
1. Records underlying PowerShell commands when action is taken in the ADAC
2. Administrator can copy/reuse in a PowerShell script
Deleted DHCP Users group
1
4Required Administrator account to use smart card for interactive login
2
Dynamic Access ControlAllows Administrators to create and manage Central Access and Audit Policies in Active Directory, which can be managed through the ADAC
• Policies are based on conditional expressions that take into account who the user is, what device they are using and what data is being accessed
• Organizations can translate business requirements to efficient policy enforcement and considerably reduce the number of security groups needed for access control
Group Policy EnhancementsGroup Policy Management Console includes new capabilities that allow administrators to more easily track SYSVOL replication as it relates to Group Policy, as well as force Group Policy updates from a central location
Kerberos Constrained Delegation ChangesKerberos Constrained Delegation (KCD) permits a service’s account (front-end) to act on the behalf of users in multi-tier applications for a limited set of back-end services
• The challenge in earlier versions of Windows• The front-end is configured with the service (by SPN) to which it can impersonate users• Setup/administration requires Domain Admin privileges• Only works for back-end services in the same domain as the front-end service accounts
• The solution in Windows Server 2012• Authorization decisions are moved to the resource owners• Permits back-end to authorize which front-end service-accounts can impersonate users
against their resources• Supports cross-domain, cross-forest scenarios• No longer requires Domain Admin privileges• Requires only administrative permission to the back-end service-account
AD Deployment EnhancementsActive Directory Domain Services (AD DS) deployment in Windows Server 2012 is simpler and faster than previous versions of Windows Server
• The new AD DS installation process is now built on Windows PowerShell and is integrated with Server Manager• Includes prerequisite validation• The wizard opens a PowerShell script containing all the options that were specified during
the graphical installation• ADPrep is now integrated into the AD DS installation process• The AD DS server role can be installed on multiple servers at the same time • AD DS installation wizard can be run remotely on an individual server• AD DS installation and removal can be performed entirely with PowerShell (new forests,
domains, DCs, etc.)
Install-ADDSDomainController [SkipPreChecks] –SafeModeAdministratorPassword <SecureString> [-ADPrepCredential <PS Credential>] [-AllowDomainControllerReinstall] [-ApplicationPartitionsToReplicate <string[]>] [-ConfigureGlobalCatalog] [-CreateDNSDelegation] [-Credential <PS Credential>] [-CriticalReplicationOnly] [-DatabasePath <string>] [-DNSDelegationCredential <PS Credential>] [-DNSOnNetwork] [-DomainName <string>] [-InstallationMediaPath <string>] [-InstallDNS] [-LogPath <string>] [-MoveInfrastructureOperationMasterRoleIfNecessary] [-RebootOnCompletion] [-ReplicationSourceDC <string>] [-SiteName <string>] [-SkipAutoConfigureDNS] [-SYSVOLPath] [-WhatIf] [-Confirm] [<CommonParameters>]
Virtualized AD DSWindows Server 2012 includes enhancements that improve the administrative experience when virtualizing domain controllers
• Safe virtualization of domain controllers• AD DS relies on the hypervisor platform to expose an identifier called VM GenerationID to
detect if a virtual machine has been rolled back in time. The design uses a hypervisor-agnostic mechanism for surfacing the VM GenerationID in the virtual machine.
• Virtualized domain controller cloning• Administrators can now promote a single virtual domain controller per domain and rapidly
deploy all additional replica virtual domain controllers through cloning. • Administrators no longer have to repeatedly deploy a sysprepped server image, promote
the server to a domain controller and then complete additional configuration requirements for every replica domain controller.
• AD Snapshots• Windows Server 2012 domain controllers detect snapshot restoration and non-
authoritatively synchronize the delta of changes for AD DS and SYSVOL, making domain controller virtualization safer.
Active Directory Based Activation (ADBA )
• Existing Active Directory environment can be used for activation of clients• No additional machines required• Uses LDAP exclusively; no RPC requirement• Includes RODCs• Beyond activation, no data written back to the directory• Activation object maintained in Configuration Partition
• Represents proof of purchase• Computers can be a member of any domain in the Forest
• Leveraged only by Windows 8 computers• Requires Windows Server 2012 AD Schema, not Windows Server 2012 domain controller• Can coexist with KMS
• KMS is still required for down-level volume licensing
Continuously Available File Shares
Continuously Available Scale Out File Server Architecture
Cluster platform for a continuously available scale out file server• Cluster-wide client access point • Consistent cluster-wide file server configuration• CSV cluster-wide file system
Zero client downtime failover – both planned and unplanned downtime
Single Logical Server (\\Foo\Share)
Accessing VHDs over SMB Hyper-V Cluster
File Server Cluster
Single File System Namespace
Cluster Shared Volumes
Storage Spaces and Thin Provisioning
How does Storage Spaces Work?
An example…
Drive array presenting 4 100GB LUNs
Disk Management show the 4
disks online and initialized
Primordial Pool is populated in
the File and Storage Services Interface
Deduplication• Capacity Optimization• Scale and Performance• Reliability and Data Integrity
Enable & Configure
Deduplication on volume
Start-DedupJob –type optimization –Volume E:
Saved Space
Managing Storage with PowerShell
Parameters configured with GUI and PowerShell• Underlying storage pool name • Virtual disk name • Resiliency setting (Simple, Mirror, or parity) • Provisioning type (Thin or Fixed) • Virtual disk size
Parameters configured only with PowerShell• Number of columns: the number of columns
the virtual disk contains • Number of data copies - number of
complete copies of data that can be maintained
• Disk interleave - number of bytes forming a stripe
• Physical disks to use - specific disks to use in the virtual disk
PowerShell is required to access many of the advanced features afforded by the new Storage Management application programming interface (API)
Example: New-StoragePool
Integrating Storage Pools with Failover Clustering
• Clustered Storage Spaces require fixed provisioning
• Clustered virtual disks require underlying hardware to support persistent reservations
NIC Teaming with Load Balancing
Architectural Components2 basic sets of algorithms for NIC teaming
• Switch-dependent modes• Require the switch to
participate in the teaming• Types
• Generic or static teaming• Dynamic teaming (LACP)
• Switch-independent modes• Do not require the switch to
participate in the teaming
Traffic distribution methods• Hyper-V switch port• Address Hashing (TransportPorts)
Requirements• 1 NIC to be used for VLAN traffic• At least 2 NICs for all modes that
provide fault protection through failover• Up to 32 NICs per team
NIC Teaming in VMsNIC Teaming in Windows Server 2012 is supported in a VM
• Virtual network adapters that are connected to more than one Hyper-V switch can still have connectivity even if the network adapter under that switch gets disconnected• Useful when working with SR-IOV
• Each Hyper-V switch port associate with a VM that is using NIC Teaming must be set to allow Teaming in the host (parent partition) using PowerShell with administrative permissions:
• Teams created in a VM can only run in Switch Independent configuration, Address Hash distribution mode
• Only teams where each of the team members is connected to a different Hyper-V switch are supported
• Each Hyper-V switch port that is associated with a virtual machine that is using Teaming must be set to allow MAC spoofing
• Hyper-V NICs exposed in the parent partition (vNICs) must not be placed in a Team
Set-VMNetworkAdapter -VMName <VMname> -AllowTeaming
Interactions with Distribution Modes
All Address hash modes Hyper-V Switch Port mode
Switch Independent
Outbound traffic is spread across all active members.
Inbound traffic (from beyond the subnet) arrives on only one interface (primary member). If primary member fails another team member is selected as primary and all inbound traffic moves to that team member.
Outbound traffic is tagged with the port on the Hyper-V switch where it originated. All traffic with that port tag is sent on the same team member.
Inbound traffic destined for a specific Hyper-V port will arrive on the same team member that the traffic from that port is sent out on.
Switch Dependent(Static and LACP)
Outbound traffic is spread across all active members.
Inbound traffic will be distributed by the switch’s load distribution algorithm.
Outbound traffic is tagged with the port on the Hyper-V switch where it originated. All traffic with that port tag is sent on the same team member. If a team is put in the Hyper-V switch port distribution mode but is not connected to a Hyper-V switch, all outbound traffic will be sent to a single team member.
Inbound traffic will be distributed by the switch’s load distribution algorithm.
Interaction with 3rd-Party Teaming SolutionsSTRONGLY RECOMMENDED that no system administrator ever run two teaming solutions at the same time on the same server. The teaming solutions are unaware of each other’s existence resulting in potentially serious problems.
• x
• If the system administrator attempts to put a NIC into a 3rd party team that is presently part of a Microsoft NIC Teaming team the system will become unstable and communications may be lost completely
• If the system administrator attempts to put a NIC into a Microsoft NIC Teaming team that is presently part of a 3rd party teaming solution team the system will become unstable and communications may be lost completely
Updated Windows Server 2012 Licensing
Notes:• Windows Server continues to require Client Access Licenses (CALs)• Enrollment for Core Infrastructure (ECI) has a 25 license minimum and includes a 20% discount on new purchases• Core Infrastructure Suite (CIS) has no minimum purchase and includes a 5% discount on new purchases
StandardLow density or no virtualization
DatacenterHigh density virtualization
Enrollment for Core Infrastructure (ECI) StandardCore Infrastructure Suite (CIS) Standard
Enrollment for Core Infrastructure (ECI) DatacenterCore Infrastructure Suite (CIS) Datacenter
65
Windows Server 2012 Standard
Microsoft System Center 2012 Standard
Windows Server 2012 Datacenter
Microsoft System Center 2012 Datacenter
SMB 3.0 Multichannel
Installation and ConfigurationPrerequisites
• At least two computers running Windows Server 2012 or Windows 8.• At least one of the configurations below:
• Multiple network adapters• One or more network adapters that support RSS (Receive Side
Scaling)• One of more network adapters configured with NIC Teaming• One or more network adapters that support RDMA (Remote Direct
Memory Access)Sample Configurations that do not use SMB Multichannel
• Single non-RSS-capable network adapters• Network adapters of different speeds
Installation• None
• Enabled by default in Windows Server 2012 and Windows 8• Can be disabled, re-enabled and configured with PowerShell
Multichannel, RDMA and NIC Teaming Compatibility