#9 Active Directory 2008 R2: Number 9 on my list are updates to Active Directory. Gotta start off by saying that no one really “has” to migrate to AD/2008 or AD/2008 R2 for any of the current products, so things like Exchange 2010, SharePoint 2010, etc do NOT require AD/2008 (or 2008 R2). We have a LOT of customers who are happily running AD/2003 in Native Mode with all of the latest and greatest products running. However, for those who want enhancements in AD, the biggies in 2008 R2 are the Recycle Bin (effectively allows you to simply recover deleted objects in AD, so if you fat finger delete a user object, accidentally overwrite an AD group, simply go to the recycle bin and undelete stuff…). Also in AD/2008 R2 is Offline Domain Join which allows you to pre-stage create a computer account in AD, dump an XML file and then when you install Windows 7 on the computer you can run a DJoin command on the Windows 7 and “join” the domain on that Win7 computer without the Win7 computer even being attached to the network! That way you can build systems in the lab and “join them” to AD without actually / physically connecting the computers to AD. Okay, another geek moment, but this is great when we’re prestaging systems to roll out in another site or domain and we don’t even need to be physically at or physically connected to that domain… Oh, and something that I’m still excited about that’s in AD/2008 is Fine Grain Password Policies. In AD/2003 you could only have 1 password policy per domain (upper case, complex password, change every 30-days, etc had to be the SAME for everyone in the domain). With Fine Grain Passwords added to AD/2008 (and carried over to AD/2008 R2) you can now set password policies “per group” so you can have folks in HR or Accounting change their passwords every 20-days to please the regulators, and field support and sales people can change their passwords say ever 60-days or something. All done by groups, really slick!!!
#8 Remote Server Manager: Alright, #8 on my Top 10 countdown is the ability to remotely manage other Windows 2008 R2 servers using the Server Manager tool. With Windows 2008 you had this really great tool “Server Manager” that allowed you to Add Roles, Features, Administer the servers, etc from a single console, however it was ONLY for the system you were on, so you had to constantly Remote Desktop into other servers. Now with Windows 2008 R2 servers you can remotely access Server Manager on other systems. So just sit at one console and reach into other servers in your network to do day to day administrative tasks!
#7 Direct Access: Okay, DirectAccess, probably gets my award for “most innovative technology” in Windows 7 client and Windows 2008 R2 server and would have been closer to #1 in my countdown if it weren’t so complicated to implement. So DirectAccess is a technology that effectively does away with VPNs. Just like RPC/HTTPS (Outlook Anywhere) eliminated the need to VPN from Outlook to Exchange for your email a few years ago, DirectAccess does away with VPNs by giving you access to “everything else” on your network like your F> and K> drive shares, http:// SharePoint shares, accounting software, CRM software, etc. Basically “anything” you normally have access to from a VPN, you can now access “natively” from a Windows 7 client. DirectAccess leverages IPSec policies and Certificates to “automatically” tunnel a Windows 7 client into the network. Effectively a client that has DirectAccess configured can simply turn on their laptop or desktop computer, get an Internet connection, and over encrypted IPSec re-establish normal network connections, but “outside” the network. AND, your internal network doesn’t have all be Windows 2008 R2, just a single server in the DMZ needs to be running Windows 2008 R2 as a “proxy” that effectively encrypts communications between the client and this one 2008 R2 server. Everything else “inside” your network can be just plain old TCP networking like Windows 2003, SharePoint, Linux, etc… Okay, so here’s the catch, the client systems need to be Windows 7 (not a biggie, a lot of orgs have already started their migration to Win7 clients). You need to enable IPv6 on the 2008 R2 proxy/gateway server and IPv6 on all Win7 clients (also not a biggie because it’s on by default since Win2008 and Vista, although you need to now understand how IPv6 works to do the proper addressing, so that’s a learning experience to figure out). You need to be running Microsoft Certification Authority (CA), which for many orgs is also not a big deal as they’ve been running Microsoft’s CA for a while, however if you haven’t setup Microsoft’s CA, kind of familiar with Auto-enrollment of certificates to automatically push out certs using AD, this is something new for you to learn. If you’re already doing Auto-enrollment, you’re set! And then IPSec and split DNS, this is the technical pieces that everyone gets wrong and Microsoft’s whitepaper guide on DA is not very helpful. We took time writing this portion of the chapter of my Windows 2008 R2 book as once you get this working, then DA actually works! So, a REALLY slick technology once you get it working. I’d recommend any hardcore techie to throw this in your lab to fiddle with, it’s a great technology to understand and ultimately implement!
#6 SConfig in ServerCore: So for #6 on my countdown is SConfig.exe in ServerCore. So how many of you actually installed Microsoft’s GUI-less ServerCore when it came out in Windows 2008? Who enjoyed the “net user administrator…”, “netdom rename computer…”, “netdom join..” commands to even get a ServerCore system assigned an IP address and joined to a domain before you could even do anything? It was a pain and the reason that a lot of people gave up on ServerCore. So with Windows 2008 R2, Microsoft came up with a utility called “Sconfig.exe” that you run after you install ServerCore. Now from the DOS prompt thing, you just type Sconfig and a “menu” (text based) shows up on screen. You walk the menu to name your server, give it an IP address, domain a domain, and most importantly set it so you can run Remote Server Manager (see #8 on my list) to remotely manage the server. So you can now have a simple menu to get the basics going, and then remote into the system and use the Server Manager GUI to do the rest! Where I can count the number of ServerCore systems we installed in Windows 2008 on one hand, I can now say we’re deploying a couple dozen ServerCore systems a week these days because of these new tools built-in to Windows 2008 R2!
#5 Improvements in Group Policy Management: Okay, most of this is Windows 2008 stuff on the Group Policies, but never the less, what Microsoft has done with Group Policies in Windows 2008 (and 2008 R2) has been awesome, so it landed in the #5 spot on my Top 10! So the minute you launch the Group Policy Management Console (GPMC) you’ll notice not just the Computer Configuration container and the User Configuration container, but under the Computer and User containers are “Policies” and “Preferences”. The Policies container is the same container that has been in AD all along where you have containers for Account Policies, Windows Settings, Administrative Tools, Security, etc. But under the “Preferences” is a whole new set of “views” to policies. For some 1000+ policies, instead of more text based “descriptions” of stuff, there’s a GUI for you to “see” a user Control Panel type stuff where you can click through the GUI to “set” settings. When you set the settings and click OK, you’re effectively creating the group policy. So for things like Internet Explorer settings, you just click the checkbox or option on screen, and those settings are set. Or you can do drive mappings through a GUI, or set display settings through a GUI. This whole Preferences area REALLY makes setting policies easier. It’s just like you are in Control Panel on your workstation, but instead what you choose are set for the “policy” for the managed systems…
#4 Clustering of Print Servers and DHCP: We’re at #4 on my countdown and it’s about clustering. So with Windows 2008 R2, you can cluster everything like you used to (fileservers, app servers, etc) but they’ve added a whole bunch of other things to cluster. My 2 favorite new clustered features are clustering print servers and DHCP servers… So how many times have you had a print server printer service stop and all of the print queues on the system go offline. A simple restart of the service gets you going again, but now you have hundreds of print jobs backed up… I would have never taken 2 hardware systems and cluster print services, that was overkill of hardware, but with virtualization, heck yeah, put a print server as a guest session one physical host, and cluster it with a guest session on another physical host. I now have full redundancy on a print service with effectively zero downtime! And the other cluster service that has been really slick is clustering DHCP. Do you know for the past 20 years we’ve been doing DHCP “split scopes” the whole 80/20 or 60/40 split scope across servers, which really wasn’t fault tolerance, it was moreso just minimizing our risk that when a DHCP server went offline that we were still able to limp along. Now with virtual guest sessions, I can CLUSTER the DHCP servers with 100% of my IP addresses. I have two servers issuing IP addresses in perfect unison. If I lose one server, I have another DHCP server continuing exactly where I left off. I can failover and patch/update a server back and forth. This completely changes (and drastically improves) something as simple as DHCP…
#3 Remote Desktop Services: Number 3 on my list is Remote Desktop Services, or RDS, which used to be called Terminal Services. Every administrator has used Terminal Services / Remote Desktop to reach into a server to remotely administer / manage a server, and a number of orgs have used Terminal Services and Citrix for our client systems. With Windows 2008 R2, we’ve really found orgs can get rid of Citrix and just use the straight features out of 2008 R2 because why did people buy Citrix? It was because Citrix provided Single Sign-on (so you didn’t have to enter in your password to logon to Citrix), better remote printing offered by Citrix, high availability offered in Citrix, and the ability to just drop an application icon on a user’s desktop and give remote access to an “application” and not have to do the full Remote Desktop with the 2nd start button and everything. With Windows 2008 R2 (actually with Windows 2008) ALL of these features are native to Remote Desktop Services out of the box. So as long as your client system is running XP SP3 or higher, you get the single sign-on so you never have to type a logon/password to get access to a RDS session. You can run RDS “RemoteApp” to simply launch an application right from your client system. Also added in Windows 2008 R2 is Virtual Desktop Infrastructure (VDI) which provides you the ability to give personal desktop sessions (like Hyper-V guest sessions) to individual users for a full desktop experience. All of this is something you used to have to go to 2 or 3 other vendors for these features (Citrix and VMware) that are now included out of the box in Windows 2008 R2. Check these features out!
#2 Hyper-V R2: Alright, down to #2 and Hyper-V server virtualization hits my #2 spot… What can I say, just a couple years ago 100% of my server virtualization business was VMware, they dominated the whole virtualization world and in just over a year, Microsoft released Hyper-V with Windows 2008 and then updated Hyper-V with Windows 2008 R2 to include not only what VMware has in their VI3 and their newly released vSphere 4, but Microsoft now gives it all away out of the box in Windows 2008 R2. If money matters to you, what organizations used to buy ESX, V/Motion, and now VSphere for, you get it all in Windows 2008 R2. In side by side comparisons, server virtualization is server virtualization whether it’s VMware or Hyper-V R2, you can run guest sessions (lots of them on a 32gb 8core server (12-15 easily)), you can take snapshots so before you patch or update a guest session, just take a snapshot and if the update screws up your application, just rollback to the snapshot. If you have a problem with any Microsoft product being virtualized (Exchange 2010, SharePoint 2007, System Center, etc) it’s the same company / same support call to get Exchange support as it is Hyper-V virtualization support. And with Hyper-V R2, you can now “cluster” Hyper-V host servers and move guest sessions across Hyper-V hosts, AND not only move them around for disaster recovery, you can do them LIVE in the middle of the day without dropping a client session state in what Microsoft called “Live Migration” (and VMware calls V/Motion that you pay lots of extra $$ for). You just right click a guest session and “Live Migrate” the guest session to another server in the middle of the day to evacuate a problemsome host, or maybe do load balancing of hosts, or as part of your process to move images so you can patch and update a host. End of the day, VMware is far from 100% of our virtualization business and actually in just a couple years is now at par with Microsoft and now Microsoft Hyper-V makes up 50% of our virtualization business…
#1 Stability and Reliability: Okay, not a specific feature or function, but my #1 on Windows 2008 R2 is that it just plain works! This is the first operating system we’ve deployed well over a year in beta in full blown production environments without issues, and our experience since the product RTM’d has been just as solid. No issues, no surprises, this one has been a keeper and because of that, Stability and Reliability of Windows Server 2008 R2 and Windows 7 puts this in my #1 spot!
