Windows server 2012
This presentation is the property of its rightful owner.
Sponsored Links
1 / 299

Windows Server 2012 ほぼ “ 全 ” 新機能 解説セミナー PowerPoint PPT Presentation


  • 499 Views
  • Uploaded on
  • Presentation posted in: General

Windows Server 2012 R2 Preview を試す前に知っておきたい. Windows Server 2012 ほぼ “ 全 ” 新機能 解説セミナー. 第 1 版 2013.07.12. Agenda. Server Manager ユーザーインターフェースオプション の追加 Windows PowerShell 3.0 SMB 3. 0 ストレージ スケールアウトファイルサーバー Hyper-V VDI DirectAccess IIS 8.0 IPAM DHCP Failover

Download Presentation

Windows Server 2012 ほぼ “ 全 ” 新機能 解説セミナー

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Windows server 2012

WindowsServer2012R2Preview

Windows Server 2012

1 2013.07.12


Agenda

Agenda

  • ServerManager

  • WindowsPowerShell3.0

  • SMB3.0

  • Hyper-V

  • VDI

  • DirectAccess

  • IIS8.0

  • IPAM

  • DHCPFailover

  • ActiveDirectoryDomainService

    • AD DSonHyper-V

    • DynamicAccess Control


Server manager

Server Manager


Modern ui

ModernUI


Windows server 2012


Windows server 2012


Windows server 2012


Windows server 2012

1

2

3


Windows server 2012


Windows server 2012

  • ( Server Core)

  • VHD


Powershell

PowerShell

  • 2300

  • IntelliSense


Windows server 2012


Windows server 2012

Windows Server 2012 3:

  • Server Core

    • ServerCore

  • (MinShell)

    • Server Core GUI

    • GUI

  • NEW


    Windows server 2012

    ?

    The challenges

    • ServerCore

    The Windows Server 2012

    • GUI

    • GUIOS

    • GUI1


    Windows server 2012

    Server Core

    • .Net Framework 4.5

    • Active Directory (AD)

    • Active Directory Lightweight Directory Services (ADLDS)

    • Active Directory Certificate Services (ADCS)

    • DHCP Server

    • DNS Server

    • File Services

    • BITS Server

    • BranchCache

    • Hyper-V

    • Internet Information Services (IIS)

    • Printing Services

    • Streaming Media Services

    • iSCSI

    • Load Balancing

    • MPIO

    • qWave

    • Telnet

    • Unix Migration

    • SQL Server 2012

    • Server Core -.Net Framework 4.5- SQL Server 2012

    • WinRM

    • Windows PowerShell

    • Server Core MinShell


    Windows server 2012

    MinShell

    GUI

    • GUI Server Core

    • Server Manager cmd.exe

    • GUI

    • PowerShell


    Windows server 2012

    MinShell

    Install-WindowsFeature Server-Gui-Mgmt-Infra

    Install-WindowsFeature Server-Gui-Shell

    Install-WindowsFeature

    Desktop-Experience

    Uninstall-WindowsFeature Server-GUI-Shell

    Uninstall-WindowsFeature Server-GUI-Shell -remove


    Windows server 2012


    Windows powershell

    Windows PowerShell


    Windows server 2012

    Windows PowerShell ?

    PowerShell 3.0 OS:

    • Built-in:

      • Windows Server 2012

      • Windows 8

  • :

    • Windows 7 SP1

    • Windows Server 2008 SP2

    • Windows Server 2008 R2 SP1


  • Windows server 2012

    bat

    VBScript

    JScript

    PowerShell

    PowerShell

    COM

    exe

    COM

    .NET Framework

    Script Engine

    Class Library

    Windows Script Host

    cmd/command

    Cscript.exe

    Wscript.exe

    CLR

    Windows


    Powershell1

    PowerShell

    • GUI

    Active Directory

    PowerShell

    System Center

    Virtual Machine Manager

    Active Directory

    PowerShell

    Hyper-V

    PowerShell

    Active Directory

    Hyper-V


    Windows server 2012

    • PS C:\>Set-ExecutionPolicyRemoteSigned

    • PS C:\>Enable-PSRemoting force

    • PS C:\>notepad $profile


    Set executionpolicy

    Set-ExecutionPolicy

    http://technet.microsoft.com/ja-jp/library/dd347628.aspx

      • Restricted ()

      • AllSigned

      • RemoteSigned

      • Unrestricted

      • Bypass

    Scope


    Windows server 2012

    • Storage

    • PS C:\>Get-Command

    PS C:\>Get-Command *-vm* -CommandTypeCmdlet

    • PS C:\>Get-Command -Module Hyper-V

    • PS C:\>Get-Help<>-detailed

    • PS C:\>Get-HelpMove-VM -detailed


    Windows server 2012

    unix

    • ls get-ChildItem

    • cp copy-Object

    • grep select-String

    • sort sort-Object

    • man help

    • clear clear-Host

    • cat get-Content

    • kill stop-Process

    • tee tee-Object

    • tail get-Content

    Get-Alias <unix >


    Windows server 2012

    IT Pro WindowsPowerShell 3.0

    Windows Workflow Foundation

    • ~2,430 (Windows Server 2008/R2 230 )

    • PowerShellISE

      • Intellisense

      • Snippets

      • 3rd

      • Show-Command

    • PowerShell


    Windows server 2012

    Show-Command Cmdlet


    Windows server 2012

    PS

    • PS

      • State=Disconnected, Availability=None

        • Disconnect-PSSession Disconnect

        • PC Disconnected

    • 2

    State=Disconnected

    Availability=None

    Target

    Source1

    Disconnect-PSSession

    Connect-PSSession

    Source2


    Windows server 2012

    Target

    PC1

    PS > $S = New-PSSession -ComputerName Target1

    PS > $Result = Invoke-Command -Session $S {Get-Service}

    PS > Disconnect-PSSession -Session $S

    Id Name ComputerName State ConfigurationName Availability

    -- ---- ------------ ----- ----------------- ------------

    121 Session121 Target1 DisconnectedMicrosoft.PowerShellNone

    PC2

    PS > Get-PSSession -ComputerName Target1

    Id Name ComputerName State ConfigurationName Availability

    -- ---- ------------ ----- ----------------- ------------

    10 Session112 tfdc01 Disconnected Microsoft.PowerShell Busy

    12 Session121 tfdc01 DisconnectedMicrosoft.PowerShellNone

    PS > $S = Get-PSSession -Name Session121 -ComputerName Target1

    PS > Connect-PSSession -Session $S


    Powershell 3 0

    PowerShell 3.0-

    WF

    WF

    1

    1

    1

    checkpoint

    2

    2

    checkpoint

    WF

    3


    Windows server 2012

    • PowerShell ISE

    • workflow

    workflow <> (<>)

    {

    <>

    }

    MyWorkflow

    workflow MyWorkflow ( [String] $ServiceName )

    {

    Get-Service -PSComputerName $PSComputerName -Name $ServiceName

    }

    PS C:\>mywf -PSComputerName 127.0.0.1 -ServiceNamewuauserv


    Windows server 2012

    Remote

    Server

    DC01

    PC

    PS

    $S = New-PSWorkflowSession -ComputerName DC01

    DC01

    Invoke-Command -Session $S -FilePath .\CreateNewUser.ps1

    Invoke-Command -Session $S {Get-Command -CommandType Workflow}

    Running

    Invoke-Command -Session $S {CreateUser -PSPersist $true -ErrorActionSilentlyContinue -AsJob}

    Suspended

    DC01

    DC01

    $S = New-PSWorkflowSession -ComputerName DC01

    ID

    Invoke-Command -Session $S {Get-Job}

    Running

    Invoke-Command -Session $S {Resume-Job3}


    Windows powershell web access

    Windows PowerShell Web Access

    WS-Man

    Internet

    Home

    Intranet

    DMZ

    Server

    Session

    PSWA

    PC

    PSSession

    Devices

    PSSession


    Powershell web access

    PowerShell Web Access

    PowerShell Web Access


    Windows server 2012

    IIS SSL


    Windows server 2012

    3. PowerShell

    4.

    PS C:\>Set-ExecutionPolicyRemoteSigned

    PS C:\>Import-Module PowerShellWebAccess

    PS C:\>Install-PswaWebApplication -webSiteName "Default Web Site"

    PS C:\> Add-PswaAuthorizationRule * * *

    5. https://<>/pswa


    Windows server 2012

    • RunAsUser

    • WinRM

    $Cred = Get-Credential Credential contoso\administrator

    Set-Item WSMan:\localhost\Plugin\Microsoft.Powershell.Workflow\RunAsUser -Value $Cred

    Restart-Service WinRM

    Get-ChildItemWSMan:localhost\Plugin\Microsoft.Powershell.Workflow


    Windows server 2012

    Snippets

    ISE

    • []-[]

    • New-ISESnippet

    • Get-ISESnippet


    Windows server 2012

    Intellisense

    - (dash) verb

    . (period)

    :: (double colon)

    \ (backslash)

    (space)


    Smb 3 0

    SMB3.0


    Windows server 2012

    ?

    • SMB


  • Nic smb 3 0

    NIC&SMB3.0

    • NIC32NIC/Team OS

    • Static or LACP/

    • SMB3.0 with RSS

    • SMB

    • 11NIC 4TCP/IPConnection

    • 1 32Connection

    CPU

    NICTeaming

    NICTeaming

    SMB Multi.

    Core

    Core

    SWITCH

    SMB Multi.

    RSS

    tNIC

    NIC

    tNIC

    RSS

    NIC

    Core

    Core

    RSS

    NIC

    NIC

    RSS

    Core

    Core

    Core

    NIC

    RSS

    NIC

    RSS

    Core

    RSS: Receive-side scaling

    SMB

    NICRDMA(Remote Direct Memory Access)


    Windows server 2012

    SMB3.0

    • Windows Server 2012 Windows 8

    • 1

      • 1 RSS (Receive Side Scaling)

      • 2 NIC

      • 1 RDMA (Remote Direct Memory Access)

  • SMB

  • 1 RSS

    • Windows Server 2012 Windows 8

    • WindowsPowerShell /


  • Windows server 2012

    NIC

    1

    1

    • TCP/IP NIC

    • RSS

    • 1NIC 4

    • NIC

    • 1 core

    SMBClient

    SMBClient

    CPU

    CPU

    CPU

    CPU

    RSS

    NIC

    NIC

    SWITCH

    SWITCH

    SMBServer

    SMBServer

    NIC

    NIC

    RSS

    CPU

    CPU


    Windows server 2012

    NIC

    1

    1

    • NIC

    • RSS NIC 32 1NIC4

    • RSSNICNIC1

    • 1NIC

    RSS

    RSS

    SMBClient

    SMBClient

    SMBClient

    CPU

    CPU

    RSS

    RSS

    NIC

    NIC

    NIC

    NIC

    NIC

    NIC

    SWITCH

    SWITCH

    SWITCH

    SWITCH

    SWITCH

    SWITCH

    SMBServer

    SMBServer

    SMBServer

    NIC

    NIC

    NIC

    NIC

    NIC

    NIC

    RSS

    RSS

    CPU

    CPU


    Windows server 2012

    1 RDMA NIC

    1

    1

    • NIC

    • RDMA

    • RDMA 2 connections /1NIC

      • 1TCP/IP NIC1

      • SMBover RDMA

    SMBClient

    SMBClient

    RDMA

    NIC

    RDMA

    NIC

    RDMA

    NIC

    RDMA

    NIC

    SWITCH

    SWITCH

    SWITCH

    SWITCH

    SWITCH

    SMBServer

    SMBServer

    RDMA

    NIC

    RDMA

    NIC

    RDMA

    NIC

    RDMA

    NIC


    Windows server 2012

    NIC

    1NIC

    1NIC

      • 1TCP/IP NIC1

    • NICNIC

      • NIC1NIC

    SMBClient

    SMBClient

    Teaming

    RSS

    RSS

    Teaming

    NIC

    NIC

    NIC

    NIC

    SWITCH

    SWITCH

    SWITCH

    SWITCH

    SWITCH

    SMBServer

    SMBServer

    NIC

    NIC

    NIC

    NIC

    RSS

    RSS

    Teaming

    Teaming

    RDAM NIC


    Windows server 2012

    /RDMA/NIC Teaming


    Windows server 2012

    SMB

    NIC

    • RSSNIC4 TCP/IP

    • RDMANIC2 RDMA

    • NIC1 TCP/IP

    321

    Client

    SMB

    SMB

    Server

    1Session/32 Connections

    Microsoft recommends keeping default settings, but the parameters can be modified


    Windows server 2012

    SMB /

    SMB :

    SMB

    • Set-SmbServerConfiguration -EnableMultiChannel $false

    • Set-SmbClientConfiguration -EnableMultiChannel $false

    SMB :

    SMB :

    • Set-SmbServerConfiguration -EnableMultiChannel $true

    • Set-SmbClientConfiguration -EnableMultiChannel $true


    Windows server 2012

    SMB

    /

    Set-SmbClientConfiguration MaximumConnectionCountPerServer <n>

    8

    RSSNIC

    Set-SmbClientConfiguration -ConnectionCountPerRssNetworkInterface <n>

    RDMANIC

    Set-ItemProperty -Path ` "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" ` ConnectionCountPerRdmaNetworkInterface -Type DWORD -Value <n> Force

    NIC

    Set-ItemProperty -Path ` "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" ` ConnectionCountPerNetworkInterface -Type DWORD -Value <n> Force


    Windows server 2012

    SMB

    1.

    2. SMB

    SMB :

    SMB :

    Get-NetAdapter

    Get-NetAdapterRSS

    Get-NetAdapterRDMA

    Get-SmbClientConfiguration | Select EnableMultichannel

    Get-SmbClientNetworkInterface

    Get-SmbServerConfiguration | Select EnableMultichannel

    Get-SmbServerNetworkInterface

    3. SMB

    Get-SmbConnection

    Get-SmbMultichannelConnection

    Get-SmbMultichannelConnection -IncludeNotSelected


    Windows server 2012

    SMB

    • [] [] [] [Windows] [SMBClient] [Operational]

      • Event ID 30700-30705

  • PowerShell SMB

  • Get-WinEvent -LogName Microsoft-Windows-SMBClient/Operational | ? { $_.Id -ge 30700 and $_.Id le 30705 }

    Get-WinEvent -LogName Microsoft-Windows-SMBClient/Operational | ? { $_.Id -ge 30700 and $_.Id le 30705 and $_.Level eq 2 }


    Windows server 2012


    Windows server 2012

      • Windows Server 2012


    Windows server 2012

    ?

    • SSD1

      • ActiveDirectory ACL

  • 3


  • Windows server 2012

    ?

    • WindowsPowerShell


  • Windows server 2012

    • Windows Server 2012

    • 1

    • 2

    • 3 3

    • 10 GB


    Windows server 2012

    I/O

    Volsnap.sys

    Spaceport.sys

    ClassPnP

    MPIO

    /

    JBOD


    Windows server 2012


    Windows server 2012

    VHD(X)


    Windows server 2012


    Windows server 2012

    1

    • NTFS

    WindowsServer2012

    • Data Dedupplication

    Source: IDC Worldwide File-Based Storage 2011-2015 Forecast: Foundation Solutions for Content Delivery, Archiving and Big Data, doc #231910, December 2011


    Windows server 2012

    Deduplication

    32128kbSystemVolumeInformationStore

    File1

    File2

    Metadata

    Data

    Metadata

    Data

    N

    Y

    A

    B

    C

    M

    A

    B

    C

    X

    Deduplicate Filter

    File1

    Metadata

    N

    A

    B

    C

    M

    Y

    X

    File2

    Metadata

    --

    --


    Deduplication

    Deduplication

    Source: Sample File Server Production data (12 Servers, 7TB)


    Deduplication1

    Deduplication

    • :

    • 20-35MB/s

    • 1 100GB/h

    • Read/Write Access:

    No impact

    VHD update (1.3x)

    VHD copy (0.7-1.5x)


    Deduplication2

    Deduplication

    • Boot, System, FAT, ReFS, CSV

    • 32Kb

    Deduplication

    • VHD

    • SQL Server Exchange Server

    • Hyper-VVHD

    • VDIVHD

    • WSUS

    • SQL Server Exchange Server

    • 1TB


    Windows server 2012

    WindowsPowerShell

    SMAPIStorage Management API PowerShell

    PS C:\> Get-Command *storage*

    CommandType Name ModuleName

    ----------- ---- ----------

    Function Get-StorageJob Storage

    Function Get-StoragePool Storage

    Function Get-StorageProvider Storage

    Function Get-StorageReliabilityCounter Storage

    Function Get-StorageSetting Storage

    Function Get-StorageSubSystem Storage

    Function New-StoragePool Storage

    Function New-StorageSubsystemVirtualDisk Storage

    Function Remove-StoragePool Storage

    Function Reset-StorageReliabilityCounter Storage

    Function Set-StoragePool Storage

    Function Set-StorageSetting Storage

    Function Set-StorageSubSystem Storage

    Function Update-HostStorageCache Storage

    Function Update-StorageProviderCache Storage

    Cmdlet Add-VMStoragePath Hyper-V

    Cmdlet Get-VMStoragePath Hyper-V

    Cmdlet Move-VMStorage Hyper-V

    Cmdlet Remove-VMStoragePath Hyper-V


    Windows server 2012


    Windows server 2012

    Passive

    Active

    Active

    Active


    Windows server 2012

    2

    • IW

      • SQLServerHyper-V

        • SAN

        • LUN


    Windows server 2012

    • Hyper-VOSSQLServer

    • SMB 3.0

    • SMB

    • SMB

    • SMB

    • SMB RDMA

    • SMB

    • Windows PowerShell

    • SMB

    • CSV File System (CSVFS)

    • DNNNTFS

    • BitLocker

    • IO

    • SMB 3.0


    Windows server 2012

    ?

    • Windows Server 2008R2 , CAP SMB NFS

    • 1

    • WindowsServer2012 SMB Hyper-V SQLServer


    Windows server 2012

      • Windows Server 2008 R2

      • SMB3.0

      • WindowsServer2012

        • Distributed Network Name: DNN

        • (CSV) Version 2

        • (

      • 4


    Csv cluster shared volume

    CSVCluster-SharedVolume

    • CSVFS

    • WindowsServer2008R2 Hyper-VClusterVHD

    • Windows Server 2012

    Hyper-V

    +

    Failover Cluster

    Node

    Hyper-V

    +

    Failover Cluster

    Node

    Hyper-V

    +

    Failover Cluster

    Node

    Hyper-V

    +

    Failover Cluster

    Node

    Hyper-V

    +

    Failover Cluster

    Node

    Hyper-V

    +

    Failover Cluster

    Node

    Hyper-V

    +

    Failover Cluster

    Node

    Hyper-V

    +

    Failover Cluster

    Node

    SMB 3.0

    SAN/iSCSI

    ClusteredFile Server

    ScaleoutFileServer

    HDD

    CSV

    HDD

    CSV

    WS2008R2

    WS2012


    Windows server 2012

    SMB3.0

    \\Server\Share

    File Server

    FailoverCluster(max 4 nodes)

    Node3

    Node1

    Node2

    Node4

    iSCSI/SAN

    CSV

    CSV v2


    Hyper v

    Hyper-V& &

    FailoverCluster(max 64 nodes)

    Node

    Node

    Node

    Node

    Node

    Hyper-V

    Hyper-V

    Hyper-V

    Hyper-V

    Hyper-V

    SMB3.0

    File Server

    \\Server\Share

    Node1

    Node2

    Node8

    Node8

    FailoverCluster(max 8 nodes)

    AD DSKDC

    iSCSI/SAN

    CSV

    CSV v2


    Windows server 2012

    DNS

    Hyper-V

    Hyper-V

    Hyper-V

    Hyper-V

    Node1A10.0.0.1

    Node2 A10.0.0.2

    Node3A10.0.0.3

    Node4A10.0.0.4

    HAFileServerA 10.0.0.1

    HAFileServerA 10.0.0.2

    HAFileServerA 10.0.0.3

    HAFileServerA 10.0.0.4

    DNN

    HAFileServer

    Node1

    Node2

    Node3

    Node4

    iSCSI/SAN

    CSV

    CSV v2

    iSCSINIC


    Windows server 2012

    DNN


    Witness

    Witness

    DNS

    Client

    Node1A10.0.0.1

    Node2 A10.0.0.2

    HAFileServerA 10.0.0.1

    HAFileServerA 10.0.0.2

    SMBClient

    DNSDNNNode1

    SMBNode1

    Node1

    ClientWitnessNode

    Node1Node

    NodeNode2Witness

    Node2 Client

    Node2 Client WitnessNode

    Node1

    Node2 SMB3.0 Node1

    Client Node1TCP

    WitnessNode

    SMBServer

    SMBServer

    SMB3.0

    Node1

    Node2

    CSV v2

    CSV


    Windows server 2012

    ?

    Node1

    Node2

    • Hyper-V SQLServer Office 60%70%

    • CSVFS

      • Classification

      • DataDedupplication

    Redirect

    OWNER

    Direct

    Owner

    CSVFS

    NTFS


    Windows server 2012


    Windows server 2012 storage space csv

    WindowsServer2012StorageSpace CSV

    • NTFS

    • ReFS

    • Fat32

    • Fat16

    • CSVCSVFS NTFS


    Hyper v1

    Hyper-V

    • WindowsServer2012


    Hyper v2

    Hyper-V


    Windows server 2012

    Hyper-V


    Windows server 2012

    Virtual NUMA

    NUMA: Non-Uniform Memory Access

    • NUMA

      • SQLServer

      • Windows Server 2012


    Sr iov single root i o virtualization

    SR-IOVSingleRootI/OVirtualization

    NIC

    Physical NIC

    Virtual NIC

    Virtual Function

    Host

    Host

    Root Partition

    Root Partition

    Virtual Machine

    Virtual Machine

    Hyper-V Switch

    Hyper-V Switch

    Routing

    VLAN Filtering

    Data Copy

    Routing

    VLAN Filtering

    Data Copy

    VMBUS

    SR-IOV Physical NIC

    Network I/O path without SRIOV

    Network I/O path with SRIOV


    Hyper v over smb shared nothing live migration

    Hyper-V over SMB&Shared-NothingLiveMigration


    Windows server 2012

    ... vs

    Compute/Storage

    CPU/RAM/NIC

    CPU/RAM/NIC

    HDD

    HDD


    Windows server 2012

    CPU/RAM/NIC

    network

    HDD

    Compute Storage

    Compute Storage


    Windows server 2012

    Hyper-V over SMB

    Server Message Block (SMB)

    • Windows Server 2012 SMB3.0

    Windows Server 2012Hyper-V

    • SMB3.0

    • SMB


    Hyper v over smb

    Hyper-VoverSMB

    WindowsServer2012

    OS

    OS

    OS

    SMB 3.0

    Hyper-V

    Hyper-V


    Windows server 2012

    Hyper-V over SMB

    • Windows Server 2012SMB3.0

    • SMB2.0

    • Hyper-VWindows Server2012SMB3.0

    • SMB2.0

    • Hyper-V

    • ADDSWindowsServer2012

    • Hyper-V ADDS

    Hyper-V

    SMB3.0

    \\Server\Share\xxx.vhdx

    ActiveDirectoryDomainService


    Windows server 2012

    &

    OS

    OS

    OS

    Hyper-V

    Hyper-V

    WindowsServer2012


    Windows server 2012

    • OS

    Node

    Node

    Hyper-V

    Hyper-V

    VM

    SAN/iSCSI

    CSV


    Windows server 2012

    Compute

    Compute

    VM

    SMB 3.0

    SMB 3.0

    \\Server\Share\xxx.vhdx


    Windows server 2012

    VHD/

    VHDX

    SMB3.0

    SMB3.0

    VirtualMachine

    VirtualMachine

    Dirty

    Running

    arp

    Hyper-V

    Hyper-V

    Switch


    Windows server 2012

    Hyper-V

    SMB 3.0

    SMB 3.0


    Windows server 2012

    • 1

    ITCAMP-PCxx

    192.168.210.xx

    ITCAMP-PCxx

    192.168.210.xx

    1

    Hyper-V

    Hyper-V

    VMxx

    VMxx

    C:\ProgramData\Microsoft

    \Windows\Hyper-V

    SMB 3.0

    SMB 3.0

    \\ITCAMP-FS\VMSTORE\\VMxx

    \\ITCAMP-FS\VMSTORE\VMxx

    VMxx.vhd

    VMxx.vhd


    Windows server 2012

    • Compute Storage

    switch

    WS2012 Hyper-V

    WS2012 Hyper-V

    SMB!

    SMB

    switch

    SMB

    SMB

    Storage

    Storage


    Hyper v3

    Hyper-V


    Windows server 2012

    Hyper-V ?

    LAN WAN

    • Windows Server 2012 Hyper-V

    • Hyper-V Hyper-V RSATSystem Center Virtual Machine Manager (SCVMM)

      • -

    VM

    VM

    Hyper-V

    Hyper-V


    Windows server 2012

    • WindowsServer2012Hyper-V

    • Firewall HTTP/HTTPS

    • X.509v3

      • http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx


    Windows server 2012


    Hyper v4

    Hyper-V


    Windows server 2012

    Compute

    Compute

    VM

    SMB 3.0

    SMB 3.0

    \\Server\Share\xxx.vhdx


    Hyper v over smb1

    Hyper-V over SMB


    Windows server 2012

    Compute

    Node

    Node

    Compute

    VM

    SMB 3.0

    SMB 3.0

    \\Server\Share\xxx.vhdx


    Hyper v5

    Hyper-V&

    • 64

    • Hyper-V


    Hyper v over smb2

    Hyper-Vover SMB &

    FailoverCluster(max 64 nodes)

    Node

    Node

    Node

    Node

    Node

    Hyper-V

    Hyper-V

    Hyper-V

    Hyper-V

    Hyper-V

    SMB3.0

    ITCAMP-FS

    192.168.210.30

    \\ITCAMP-FS\VMStore

    VMSTORE

    AD DSKDC

    VHD

    VHD

    VHD


    Hyper v over smb3

    Hyper-Vover SMB & &

    FailoverCluster(max 64 nodes)

    Node

    Node

    Node

    Node

    Node

    Hyper-V

    Hyper-V

    Hyper-V

    Hyper-V

    Hyper-V

    SMB3.0

    \\FileServer\Share

    Node8

    Node1

    Node2

    Node8

    FailoverCluster(max 4 nodes)

    AD DSKDC

    iSCSI/SAN

    CSV

    CSV v2


    Windows server 2012

    FailoverCluster(max 64 nodes)

    Node

    Node

    Node

    Node

    Node

    Hyper-V

    Hyper-V

    Hyper-V

    Hyper-V

    Hyper-V

    Hyper-VStorage

    SMB3.0

    \\FileServer\Share

    Node1

    Node2

    Node8

    FailoverCluster(max 4 nodes)

    AD DSKDC

    iSCSI/SAN

    CSV

    CSV v2


    Windows server 2012

    VDI


    Windows server 2012

    PC

    :VDI, App-V, UE-V, Office 365

    AD

    Hello

    Virtual

    Desktop

    Infrastructure

    ConfigMgr,

    EndpointProtection,

    Lync

    FileServer

    Hyper-V & RDS

    Office 365

    Firewall

    Gateway


    Vdi desktop 3 1

    VDI=Desktop 3 +1

    Desktop

    UserState

    Application

    Apps

    Store

    User States

    Store

    OS

    OS

    Store

    Device

    Device

    Device


    Microsoft vdi

    Microsoft VDI

    WindowsServerActiveDirectoryDomainService

    • InfrastructureManagement

    OS

    RemoteApp

    App-V

    RDS

    Hyper-V

    UE-V


    Windows server 2012

    OS


    3 os virtualization

    3 OS Virtualization

    Powered by Windows Server 2012

    RDS+Hyper-V


    Architecture

    Architecture

    Sessions

    Pooled VMs

    Personal VMs

    Good

    Better

    Best


    Windows server 2012

    OS

    • Hyper-V+Storage

    • SMB3.0, NIC Teaming

    • Hyper-VoverSMB

    • Live Migration, Live Storage Migration

    • Hyper-VCluster( Failover Cluster

    • Scale-out File Server(Failover clustered file server

    • RDSRemoteDesktopServices

    • WEBAccess

    • ConnectionBroker

    • Gateway

    • LicenseService

    • SessionHost/VM Host


    Windows server 2012

    RemoteDesktopServices


    Windows server 2012

    RDSH

    • Windows Server RDP

    • WindowsServer

    • UI WindowsServer

    Session#0=ConsoleSession

    Session#1

    RDP

    Session#2

    RDP

    Session#3

    Session#4

    RDP

    Remote Desktop Service

    WindowsServer


    Windows server 2012

    or

    • Hyper-V VMOS

    RDP

    RDP

    RDP

    Remote Desktop Service

    VM3

    VM1

    VM2

    RDS

    RDS

    RDS

    Hyper-V

    WindowsServer


    Remote desktop service

    Remote Desktop Service

    Firewall

    OWNDEVICE

    Firewall

    SSL

    RDWebAccess

    RDGateway

    RD Connection Broker

    Windows ServerHyper-V

    SSL

    RDP

    SSL


    Windows server 2012

    Hyper-V

    session

    session


    Rd gateway

    RD Gateway

    • RDP over SSL RDP

    • NAPNetworkAccessProtection

    • CAPRAP

    NAP

    Firewall

    RDGateway

    • CAP

    RDPover SSL

    443/tcp

    • RAP

    • DomainUsers

    • DomainComputer

    • 3389

    RDP3389


    Windows server 2012

    Remote Desktop Connection Broker

    Active/Active

    Web farm

    Hyper-V cluster

    Remote Desktop Web Access

    SQL Server Clustering

    Web farm

    farm

    Remote Desktop Licensing

    Remote Desktop Gateway

    Cluster


    Application

    Application


    Windows server 2012

    • 2

    • RemoteApp

    • App-V

    RDP

    HTTPS


    Remoteapp

    RemoteApp

    • WindowsServer2012

    RDConnectionBroker

    RDS

    Hyper-V

    Firewall

    RDWebAccess

    • RDP

    RDP

    RDP

    RDGateway


    Rd web web

    RDWeb Web

    • RemoteApp

    • RSShttps://<ServerName>/RDWEB/Feed/WebFeed.aspx

    Hyper-V

    RDWebAccess

    RDP

    RDP

    Control

    Panel

    RSS

    AD DS

    GPO

    Win8


    User state

    User State


    Windows server 2012

    • OS VHD

    OS

    1

    2

    1

    2

    3

    3


    Windows server 2012

    • HDD

    VHD


    Remoteapp1

    RemoteApp ?

      • RemoteApp C:\Users


    Ue user experience v

    UE(User Experience)-V

    SettingsLocationTemplate

    IE

    Office

    LOB

    others

    GroupPolicy

    ADDS

    UE-V

    Agent

    Windows 8

    Windows7 SP1

    Windows Server 2008 R2 SP1

    WindowsServer2012


    Ux remotefx

    UX -RemoteFX


    Remotefx

    RemoteFX

    UX

    • GPUvGPURemoteFX

    • GPU Hyper-V

    • Hyper-V SLAT

    • Hyper-V DirectX11

    • RDP7.1

    • VRAM 1MB 16500

    • 1920*1200 150MB

    • USB Windows 7 RemoteFX

      • PCUSB

      • RD RD WS2012

      • Windows8 RemoteFX

  • WAN

  • UDP


  • Windows server 2012

    • RemoteFX USB

    • RDP

    • RDP8.0 RDP /

    PC

    USBPort

    USB

    USBCD/DVD

    USB

    EasyPrint

    USB

    USBWEB

    RemoteFXUSB

    USB

    EasyPrint

    /


    Easy print

    Easy Print

    • RDP6.1

    • XPS

    MSTSC

    Printing Plugin

    WindowsServerSpooler

    Windows Client Spooler

    XPSto GDI

    EasyPrintPrinterDriver

    EMF Spool

    XPSSpool

    RD

    EasyPrint

    http://blogs.technet.com/b/askcorejp/archive/2011/08/03/scaling-feature-has-not-supported-from-windows-server-2008-r2-sp1.aspx


    Windows server 2012


    Windows server 2012


    Directaccess

    DirectAccess


    Windows server 2012

    : DirectAccessBitLockerRMSLync

    Active Directory

    Hello

    ExchangeServer

    SharePointServer

    Lync

    Office 365

    Firewall

    SkyDrive

    DirectAccess

    BitLocker/BitLocker To Go


    Windows server 2012

    DirectAccess

    DirectAccess

    End User: Great Experience

    Exchange

    IT:

    SharePoint

    Apps

    Intranet

    FIREWALL

    VPN

    Win XP / Vista / Non-Windows

    DirectAccess

    Mobile Broadband

    Windows 7

    Windows 8

    VPN

    DirectAccess


    Vpn directaccess

    VPN DirectAccess

    VPN

    • VPN

    DirectAccess

    • PC

    • WindowsServer2012

    VPN


    Windows server 2012

    WindowsServer2012 DirectAccess

    • DirectAccess RRAS

    • Direct Access

      • PKI

    WindowsServer2012

    • DirectAccess and RRAS ( )

    • PKI

    • Kerberos

    • NAT64 DNS64 UAG

      • (OTPOneTimePassword)

      • WindowsPowerShell


    Directaccess1

    DirectAccess

    • ActiveDirectory

    • DirectAccess

    • AccountOperators

    • DomainAdmins

    • EnterpriseAdmins

    • IPv6 IPv6

    • IP

    • Windows Firewall


    Windows server 2012

    • OS

    • Windows7 Windows8

    • WindowsServer2008R2 WindowsServer2012

    • ActiveDirectory

    • ActiveDirectory

    • IPv6

    • WindowsServer2008

    • WindowsServer2008R2

    • WindowsServer2012

    • DNS

    • OSDNS

    • WindowsServer2008

    • WindowsServer2008R2

    • WindowsServer2012


    Directaccess ipv6

    DirectAccess IPv6

    • WindowsServer2012DirectAccess IPv6 IPv4

    • IPv6 DirectAccess

    DirectAccess Server

    IPSec

    IPv6

    DirectAccess Core

    IPv6

    IPv6

    IPv6

    IPv6

    IPv6

    IPv4

    IPv4


    Directaccess2

    DirectAccess

    Internet

    Intranet

    DirectAccess Server

    NIC

    NIC

    DMZ

    Firewall

    DirectAccess Server

    NIC

    NIC

    Firewall

    NIC

    DirectAccess Server

    AD DS


    Ipv4 or ipv6

    IPv4 or IPv6

    Firewall

    DirectAccess

    Server

    (Public) IPv6

    IPv6

    IPv6 over IPSec

    Public IPv4

    IPv4

    IPv6 over IPv4(w/ IPSec)

    6to4

    6to4

    Private IPv4

    Firewall

    NAT, Proxy

    IP-HTTPS

    IPv4

    (IPv6 packets on an HTTPS)

    IP-HTTPS

    Server

    IP-HTTPS

    Client


    Ipv4 or ipv61

    IPv4 or IPv6

    DirectAccess

    Server

    Public IPv6

    Ipv6

    Internet

    IPv4

    NAT64

    IPv4 only

    DNS64

    ISATAP

    ISATAP

    Private IPv6


    Windows server 2012

    IPv6

    IPv6 IPv4 IPv6

    • 6to4(RFC3056)

    • IPv6 IPv4

    • TeredoRFC4380

    • IPv6 IPv4

    • 2IPv4NIC

    • WindowsServer2012+Windows8

    • IP-HTTPSRFC1945, RFC2616, RFC2818

    • IPv6 IPv4HTTPS

    • DirectAccess IPv6 IPSec HTTPS

    • ISATAPIntra-SiteAutomaticTunnel Addressing Protocol

      • IPv4 IPv6


    Windows server 2012

    IPv6

    • IPv6 IPv6 IPv4

    • NAT64DNS64 IPv4

    IPv4

    DirectAccessClient

    DirectAccess

    Server

    Application

    DirectAccess

    Agent

    NIC

    NIC

    IPv6Stack

    IPv6Stack

    IPv4Stack

    IPv4Stack


    Firewall

    Firewall

    DA

    Firewall

    Dist.IP50

    NativeIPv6

    Dist. UDP500

    Src. UDP 500

    Dist. IP41

    6to4

    Dist. IP 41

    Dist. TCP443

    IP-HTTPS

    Src. TCP 443


    Windows server 2012

    HTTPS Kerberos Proxy

    Windows Server 2012 DirectAccess PKI

    AD DS

    DirectAccessKerberos

    Kerberos Kerberos

    /

    DirectAccess

    Server

    Firewall

    Kerberos

    Proxy

    Internet

    IPSec tunnel

    Intranet


    Windows server 2012

    • DirectAccess

    DirectAccess Server

    DirectAccess Server

    Client

    DirectAccess Server


    Windows server 2012

    Manage-Out

    • DirectAccess

    • DirectAccess

    Firewall

    Internet

    DirectAccess Server


    Windows server 2012


    Windows server 2012

    Firewall

    DirectAccess Server

    Proxy

    WEB


    Windows server 2012

    NRPT

    • DNS DNS

    • NICDNS

    • Windows7/Windows Server 2008 R2

    • DirectAccess DNS

    DNS

    AD DS

    Client

    NRPT

    NRPT

    Firewall

    DirectAccess Server

    DNS

    Internet

    Internet

    Intranet


    Windows server 2012

    []

    [Windows ]

    []


    Windows server 2012

    NLS

    • HTTPS

    • DirectAccess WEB

    • DirectAccess

    • NLS

    NLS

    Firewall

    NLS

    Internet

    Intranet

    Internet


    Windows server 2012

    []

    []

    []

    []

    []


    Nrpt nls

    NRPT NLS

    • NLS DirectAccess NLS NRPT

    DNS

    AD DS

    NLS

    NRPT

    NRPT

    Client

    DirectAccess

    DirectAccess

    Firewall

    DirectAccess Server

    DNS

    Internet

    Internet

    Intranet


    Windows server 2012

    • WindowsServer2012 DirectAccess

    Firewall

    AD DS

    Djoin.exe /provision

    Internet

    GP

    DirectAccess Server

    DirectAccess


    Windows server 2012

    • DirectAccess VPNRAS

    • WEB IIS

    • WEB

    • HTTP

    • HTTP

    • IP

    • HTTP


    Windows server 2012

    • RAS CMAK

    • WindowsInternalDatabase

    • WindowsPowerShell

    • GUI


    Iis 8 0

    IIS 8.0


    Windows server 2012

    IIS8.0

    • NUMA

    • Server Name Indication

    • SSL

    • IIS CPU

    • Application initialization

    • IP

    • FTP

      • Web Socket Protocol(ASP.NET 4.5)

      • ASP 3.5 4.5

    WEB


    Windows server 2012

    WEB

    • SSL

    IIS8

    • NUMA

    • SNI SSL

    • SSL

    • CPU SLA


    Windows server 2012

    NUMA

    • NUMA

      • CPUNUMA

    CPU


    Windows server 2012

    NUMA

    1

    2

    4

    3

    5

    0


    Sni server name indicator rfc4366

    SNIServerNameIndicator: RFC4366

    SSL HOST1SSL IP

    :IP

    xxx.xxx.xxx.xxx

    Client

    Server

    Hello

    IP=xxx.xxx.xxx.xxx

    Hello


    Windows server 2012

    SNI Hello

    WEBIIS8 Vista IE7

    IIS8:IPSSL

    Cotoso.com

    Client

    Server

    HelloHOST

    HOST=contoso.com

    Hello


    Windows server 2012

    IIS CPU

    CPU

    • KillW3wpKILL

    • ThrottleCPU

    • ThrottoleUnderLoadCPU

    1

    3

    2

    WEB 1

    WEB 2

    WEB 3

    WEB 4

    AppPool3

    AppPool2

    AppPool1

    15%

    50%

    35%


    Windows server 2012

    IIS8

    ServerFarm

    ServerFarm

    IIS

    IIS

    IIS www.contoso.com

    IISwww.contoso.com

    www.Contoso.com.pfx

    .pfx

    WEB


    Windows server 2012

    IIS


    Windows server 2012

    Application Initialization

    • WEB

    applicationHost.config

    Application pool configuration entry:

    <addname=".NET v4.5"managedRuntimeVersion="v4.0"/>

    Application configuration entry:

    <applicationpath="/appinit"applicationPool=".NET v4.5">

    • x

    web.config

    <applicationInitializationskipManagedModules="true"><addinitializationPage="/default.aspx"/></applicationInitialization>


    Windows server 2012

    IP

    • IIS7 IP

      • 403.6 Forbidden

    • IP

    • IP x-forwarded-for

      • Unauthorized: IIS HTTP 401

      • Forbidden: IIS HTTP 403

      • Not Found: IIS HTTP 404

      • Abort: IIS


    Ip address management ipam

    IP Address Management (IPAM)


    Windows server 2012

    IP Address Management (IPAM)

    IP

    • IP

      • DHCP

      • DNS

  • IP

  • IP

    • DHCP IP addressID

  • DHCP DNS

    • DNS

    • DNS

    • DHCP


  • Windows server 2012

    IPAM

    IPAM Client

    WS-Management

    Win 8

    RPC/WMI/SMB/MS-EVEN6/ WS-Management

    DHCP Server

    WCF

    IPAM

    Administrators

    WS2012

    RPC/WMI/MS-EVEN6

    DNS Server

    IPAM ASM

    Administrators

    IPAM Server

    WID

    WMI/LDAP/MS-EVEN6

    DC Server

    IPAM MSM

    Administrators

    Role-based access control

    Data-collection tasks

    NPS Server

    IPAM

    Users

    MS-EVEN6

    WS2012; WS08R2 & SPs; WS8

    IPAM Audit

    Administrators

    Address Expiry

    ServerDiscovery

    Server Configuration

    Address Utilization

    Event Collection

    Server Availability

    Server Monitoring

    MS-EVEN6 :Event Log Remoting Protocol Version 6

    WID:WindowsInternalDatabase


    Windows server 2012

    IPAM

    169.34.2.0/24

    192.168.0.0/16

    ISP RIR

    192.168.1/24

    192.168.3/24

    DHCP

    192.168.1.173

    192.168.1.101

    DHCP


    Dhcp failover

    DHCPFailover


    Dhcp failover1

    DHCPFailover

    SCOPE1

    DHCPFailover

    DHCP 1

    DHCP 2

    SCOPE1

    SCOPE2

    SCOPE1

    SCOPE1

    DHCP 1

    DHCP 2

    SCOPE1

    SCOPE2

    Client

    Client


    Active directory domain service

    Active DirectoryDomainService


    Windows server 2012

    IdP

    Consumer

    Enterprise

    WindowsAzure

    Active Directory

    Microsoft Account

    (WindowsLiveID

    Sync

    WindowsServer

    ActiveDirectory

    Federation

    IdP

    Microsoft

    Microsoft

    OS

    Windows 8

    Metadata

    Sync

    Sync

    HR


    Windows server 2012


    Windows server 2012

    DC

    • Hyper-VServer

    • WindowsServer2008

    • GuestOS

    • WindowsServer2012


    Windows server 2012

    DC

      • PC

      • DC IaaS


    Windows server 2012

    DC

    • Windows PowerShell

    • VHD


    Windows server 2012

    DC

    DC02

    VHD

    DC01

    Hyper-V

    Hyper-V


    Windows server 2012

    DC

    DC FSMO DC

    DC DC

    CustomDCCloneAllowList.xml

    DcCloneConfig.xml

    DC

    DC Export

    Export Import

    DC


    Windows server 2012

    $SourceDC = "ITCAMP-DC02"

    $DistDC = "ITCAMP-DC03"

    $distPDCEmu = "ITCAMP-DC01"

    $SourceHyperVHost = "ITCAMP-FS"

    $DistHyperVHost = "ITCAMP-FS"

    $VMStore = "\\$DistHyperVHost\VMStore"

    $ConfirmPreference = "none"

    Move-ADDirectoryServerOperationMasterRole -Identity $distPDCEmu -OperationMasterRolePDCEmulator

    Get-ADComputer $SourceDC | %{Add-ADGroupMember -Identity "Cloneable Domain Controllers" -Members $_.samAccountName}

    Invoke-Command -ComputerName $SourceDC -ScriptBlock { Get-ADDCCloningExcludedApplicationList -GenerateXml -Force }

    Invoke-Command -ComputerName $SourceDC -ScriptBlock { `

    New-ADDCCloneConfigFile -Static -IPv4Address "192.168.210.52" `

    -IPv4DNSResolver "192.168.210.50" `

    -IPv4SubnetMask "255.255.255.0" `

    -IPv4DefaultGateway "192.168.210.254" `

    -CloneComputerName "$Args" `

    -SiteName "Default-First-Site-Name" } `

    -ArgumentList $DistDC

    Stop-VM -ComputerName $SourceHyperVHost -Name $SourceDC

    Get-VM -ComputerName $SourceHyperVHost -Name $SourceDC | %{ Export-VM $_ -Path $VMStore}

    Start-VM -ComputerName $SourceHyperVHost -Name $SourceDC

    $CFG = (Dir "$VMStore\$SourceDC\Virtual Machines\*.xml").FullName

    MD \\$DistHyperVHost\F$\$DistDC

    Import-VM -ComputerName $DistHyperVHost -Path $CFG -GenerateNewId -Copy-VhdDestinationPath F:\$DistDC

    Get-VM -ComputerName $DistHyperVHost -Name $SourceDC |Where-Object {$_.State -EQ "Off"} | Rename-VM -NewName $DistDC

    Start-VM -ComputerName $DistHyperVHost -Name $DistDC

    DC

    DC03

    DC01

    DC02

    ITCAMP-FS

    step1

    step2

    step3

    step4

    step5

    step6

    step7

    step8

    step9


    Windows server 2012

    Step 1: DCPDC

    PDCDC

    $ConfirmPreference = "none"

    Move-ADDirectoryServerOperationMasterRole -Identity $distPDCEmu `

    -OperationMasterRolePDCEmulator


    Windows server 2012

    Step 2: DCDC

    Get-ADComputer $SourceDC | %{Add-ADGroupMember `

    -Identity "Cloneable Domain Controllers" -Members $_.samAccountName}

    CloneableDomainControllers


    Windows server 2012

    Step3. CustomDCCloneAllowList.xml

    Invoke-Command -ComputerName $SourceDC -ScriptBlock { Get-ADDCCloningExcludedApplicationList -GenerateXml -Force }

    C:\Windows\NTDS\CustomDCCloneAllowList.xml

    <AllowList>

    <Allow>

    <Name>Active Directory Management Pack Helper Object</Name>

    <Type>Program</Type>

    </Allow>

    <Allow>

    <Name>System Center Operations Manager 2012 Agent</Name>

    <Type>Program</Type>

    </Allow>

    <Allow>

    <Name>Microsoft Silverlight</Name>

    <Type>WoW64Program</Type>

    </Allow>

    <Allow>

    <Name>AdtAgent</Name>

    <Type>Service</Type>

    </Allow>

    <Allow>

    <Name>HealthService</Name>

    <Type>Service</Type>

    </Allow>

    <Allow>

    <Name>QWAVE</Name>

    <Type>Service</Type>

    </Allow>

    <Allow>

    <Name>System Center Management APM</Name>

    <Type>Service</Type>

    </Allow>

    <Allow>

    <Name>wlidsvc</Name>

    <Type>Service</Type>

    </Allow>

    </AllowList>


    Windows server 2012

    Step4. DcCloneConfig.xml

    Invoke-Command -ComputerName $SourceDC -ScriptBlock { `

    New-ADDCCloneConfigFile -Static -IPv4Address "192.168.210.52" `

    -IPv4DNSResolver "192.168.210.50" `

    -IPv4SubnetMask "255.255.255.0" `

    -IPv4DefaultGateway "192.168.210.254" `

    -CloneComputerName "$Args" `

    -SiteName "Default-First-Site-Name" } `

    -ArgumentList $DistDC


    Windows server 2012

    DcCloneConfig.xml

    <?xml version="1.0"?>

    <d3c:DCCloneConfig xmlns:d3c="uri:microsoft.com:schemas:DCCloneConfig">

    <ComputerName>ITCAMP-DC03</ComputerName>

    <SiteName>Default-First-Site-Name</SiteName>

    <IPSettings>

    <IPv4Settings>

    <StaticSettings>

    <Address>192.168.210.52</Address>

    <SubnetMask>255.255.255.0</SubnetMask>

    <DefaultGateway></DefaultGateway>

    <DNSResolver>192.168.210.50</DNSResolver>

    <DNSResolver>192.168.210.51</DNSResolver>

    <DNSResolver></DNSResolver>

    <DNSResolver></DNSResolver>

    <PreferredWINSServer></PreferredWINSServer>

    <AlternateWINSServer></AlternateWINSServer>

    </StaticSettings>

    </IPv4Settings>

    <IPv6Settings>

    <StaticSettings>

    <DNSResolver></DNSResolver>

    <DNSResolver></DNSResolver>

    <DNSResolver></DNSResolver>

    <DNSResolver></DNSResolver>

    </StaticSettings>

    </IPv6Settings>

    </IPSettings>

    </d3c:DCCloneConfig


    Windows server 2012

    Step 5: DC

    Stop-VM -ComputerName $SourceHyperVHost -Name $SourceDC


    Windows server 2012

    Step 6: DC Export

    Get-VM -ComputerName $SourceHyperVHost `

    -Name $SourceDC | %{ Export-VM $_ -Path $VMStore}


    Step7 dc

    Step7. DC

    Start-VM -ComputerName $SourceHyperVHost -Name $SourceDC

    DCDC


    Windows server 2012

    Step 8: Export Import

    $CFG = (Dir "$VMStore\$SourceDC\Virtual Machines\*.xml").FullName

    MD \\$DistHyperVHost\F$\$DistDC

    Import-VM -ComputerName $DistHyperVHost `

    -Path $CFG -GenerateNewId -Copy -VhdDestinationPath F:\$DistDC

    !!

    !!


    Step9

    Step9.


    Windows server 2012

    DC

      • 2Hyper-V 1

      • 1DC

      • 1 DC

    V-DC

    V-DC

    V-DC

    V-DC

    Hyper-V

    Hyper-V

    Hyper-V


    Windows server 2012

      • DC Server Core

      • RODC

      • VHD

        • VHD

    V-DC

    Server Core

    Hyper-V

    Server Core


    Windows server 2012

        • DC

    V-DC

    V-DC

    3

    Sysvol

    Hyper-V

    (domain member)

    DC

    2


    Windows server 2012

      • Windows Server 2008 10%

    Adtest.exe http://www.microsoft.com/en-us/download/details.aspx?id=15275


    Windows server 2012


    Windows server 2012

      • VHD

        • SID .. Sysprep

        • USNUpdate Sequence Number

      • Export

    http://technet.microsoft.com/en-us/library/

    virtual_active_directory_domain_controller_virtualization_hyperv(v=ws.10).aspx


    Windows server 2012 dc

    WindowsServer2012 DC


    Windows server 2012

    Non-Authoritative Restore

    Authoritative Restore

    DC1

    DC2

    DIT

    DIT

    DC1

    DC2

    DIT

    DIT


    Windows server 2012

    4 ID

    • USNUpdate Sequence Number

      • +1

    • RID (Relative Identifier)

      • DC .

      • SID

      • RID Master RIDPool

    • Invocation(,) ID

      • DIT

      • Get-ADDomainController

    • GUIDGlobally Unique IDentifier

      • ID


    Windows server 2012

    USN

    • Update Sequence Number

    • +1

    DC2

    DC1

    My USN=100

    My USN=200

    USN_DC2 = 100

    USN_DC1 = 200

    HighWatermark

    DIT

    DIT

    DC1USN=200


    High watermark

    High Watermark

    HWM

    DC2

    DC1

    My USN=200

    USN_DC1 = 200

    DIT

    DIT

    50

    DC2

    DC1

    USN_DC1 = 200

    My USN=250

    USN=201~250

    DIT

    DIT

    250


    Windows server 2012

    USN

    DC2

    DC1

    USN_DC1 = 250

    My USN=250

    DIT

    DIT

    USN

    DC1

    DC2

    My USN=200

    USN_DC1 = 250

    DIT

    DIT


    Windows server 2012

    DC1

    DC2

    My USN=250

    USN_DC1 = 250

    DIT

    DIT

    50

    10

    DC1

    DC2

    My USN=260

    USN_DC1 = 250

    USN=251~260

    DIT

    DIT

    260


    Windows server 2012

    USN

    • USN

      • Windows Server Backup DIT

      • VHD

      • Export

    Event ID 2103Active Directory Active Directory

    USN


    Invocation id

    Invocation ID

    • Invocation IDNTDS.DITID

      • DIT

    DIT

    Invocation ID


    Windows server 2012

    USN

    Invocation ID

    HWM

    DC2DC1

    DC1

    DC1

    DC1(A)@USN1000

    USN = 1000

    InvocationID = A

    USN

    HWM

    DC1(A)@USN1000

    DC1(B)@USN500

    USN = 500

    InvocationID = B

    DIT(USN)

    DC1(A)@USN1000

    DC1(B)@USN600

    USN=600

    InvocationID= B


    Windows server 2012

    USN

    • USN

    Timeline of events

    DC2

    DC1

    Create

    Snapshot

    USN: 100

    ID: A

    RID Pool: 500 - 1000

    TIME: T1

    • USN rollback DC250

    • All others are either on one or the other DC

    • 100 RID= 500-599 SID

    +100 users added

    USN: 200

    TIME: T2

    ID: A

    RID Pool: 600- 1000

    DC2 receives updates: USNs >100

    DC1(A)@USN = 200

    T1 Snapshot

    Applied!

    USN: 100

    ID: A

    RID Pool: 500 - 1000

    TIME: T3

    +150 more users created

    USN: 250

    ID: A

    RID Pool: 650 - 1000

    DC2 receives updates: USNs >200

    TIME: T4

    DC1(A)@USN = 250


    Windows server 20121

    Windows Server 2012

    Hyper-V VM-Generation ID

    • 128 ID

      • OS

        WS2012 DC VM-Generation ID

    DC

    DIT

    Invocation ID

    • DC invocation ID RID pool

    VM-GenID

    • Active Directory database (DIT)

  • DIT

    • DIT VM-Generation ID VM-Generation ID

    • DC invocation ID RID pool

  • Hyper-V

    VM-Gen ID


    Windows server 20122

    Windows Server 2012

    Timeline of events

    DC2

    DC1

    Create

    Snapshot

    USN: 100

    ID: A

    savedVMGID: G1

    VMGID: G1

    TIME: T1

    +100 users added

    USN: 200

    ID: A

    savedVMGID: G1

    VMGID: G1

    TIME: T2

    DC1(A)@USN = 200

    DC2 receives updates: USNs >100

    T1 Snapshot

    Applied!

    USN: 100

    ID: A

    savedVMGID: G1

    VMGID: G2

    missing users replicate back to DC1

    TIME: T3

    DC2 again accepts updates: USNs >100

    +150 users created: VM generation ID

    USN: 250

    ID: B

    savedVMGID: G2

    VMGID: G2

    DC1(A)@USN = 200

    DC1(B)@USN = 250

    TIME: T4

    USN re-use avoided and USN rollback PREVENTED : all 250 users converge correctly across both DCs


    Windows server 2012

    ...

    • Authoritative Restore

    • Forefront Identity Manager


    Dynamic access control dac

    DynamicAccess ControlDAC


    Windows server 2012

    CIO

    Information Worker


    Windows server 2012

    ID


    Windows server 2012 dac

    Windows Server 2012 DAC

    DAC

    ID

    Dynamic Access Control


    Windows server 2012

    • ......

    • Windows 2

      • ACL

      • Expression

    ID


    Acl access control list

    ACLAccess Control List

    • ACE

    • ACE OR

    ACL

    Resource

    ACE

    ACE

    Read/Write

    OR

    ACE

    A

    OR

    ACE

    ACE

    OR

    ACE

    ReadOnly


    Agdlp

    AGDLP

    A:Account

    G:GlobalGroup

    DL:DomainLocalGroup

    P:Permission

    ACL

    Resource

    ACE

    OR

    ACE

    OR

    ACE

    OR

    ACE

    ReadOnly


    Acl id

    ACL Id

    • ACE

      • ForefrontIdentityManager

    ForefrontIdentityManager

    Active Directory

    A

    workflow


    Expression based

    Expression-Based

    Expression-Based

    • AND

    • =Manager


    Rbac role based access control

    RBACRole-Based Access Control

    ....Windows ....


    Windows server 2012

    RBAC

    • 11 !?

    • ID

    ID ID

    Resource

    ACL

    A

    A

    A

    A

    A

    A

    A

    A

    A

    A

    A

    A

    ACE

    ACE

    Resource

    ACL

    ACE

    ACE


    Expression based access control

    Expression-Based Access Control

    Country= Country

    Department= Department

    Owner=Microsoft

    • Country

    • Department

    • Country

    • Department

    Rules

    • Type

    • Owner


    Dynamic access control

    DynamicAccess Control

    • Expression-BasedAccessControl......

    • ID ID

    ID ID

    A

    Rules

    A

    IT

    A

    Resource

    Read

    ITBackup

    R/W

    IT

    A

    A


    Windows server 2012

    DAC

    • Central Access Policy

    • Central Audit Policy

    • File Classification InfrastructureFCI


    Windows server 2012

    Name = Junichi Anno

    Company = MSKK

    Department = Evangelism

    Title = Evangelist


    Windows server 2012

    DAC

    • DAC

    • =

    • =Kerberos ADDS

    Kerberos ADDS

    Windows Server 2012 Kerberos

    AD DS

    Windows

    Server 2012/8

    Kerberos

    Ticket

    on Windows 8

    Name = Junichi Anno

    Company = MSKK


    Rfc 2113 kerberos armoring

    RFC2113 Kerberos Armoring

    • WindowsServer2012ActiveDirectory

    Whoami /claims


    Pre windows 8

    Pre-Windows8

    Windows7 KerberosADDS

    WindowsServer2003 Service-for-User-to-SelfS4U2Self

    AD DS

    S4U2Self

    Ticket

    Kerberos

    Windows

    Server 2012/8

    Kerberos

    Ticket

    on Pre-Windows 8


    Dac dc

    DAC DC

    • DAC 3


    Windows server 2012

    DAC

    ActiveDirectory GPO

    GPO

    Country

    Country

    Active Directory

    Department

    GPO

    Department


    Active directory

    ActiveDirectory


    Windows server 2012


    Windows server 2012

    Full

    Full

    Full

    Modify

    Modify

    Read

    Modify

    Modify

    None

    [rule ignored not processed]

    Modify

    Modify

    Read

    Modify

    None

    Read


    Windows server 2012

      • to

      • to


    Windows server 2012

    DAC

    ITID

    • ID

    • ID


    Windows server 2012

    DAC

    • AD DS FSRM

    Dynamic Access Control

    FSRM Protocol

    ActiveDirectoryDomainService

    FileServer

    ResourceManager

    FSRM

    GPO

    GLOBAL Classification Attributes

    A


    Windows server 2012

    FSRM

    • FCI

    Global ResourceProperty

    FSRM Protocol

    FileServer

    ResourceManager

    Property

    Schema


    Windows server 2012

    • /

        • FSRM WindowsPowerShell

        • ActiveDirectory GPO Schema

    • Update-FsrmClassificationPropertyDefinition

    FSRM

    Fsrm protocol

    Schema

    Local

    Global


    Windows server 2012

    AD


    Windows server 2012

    • ADDS FSRM WindowsServer2012 Windows8

    • R_Country

    • R_Department

    FSRM

    AD DS

    Fsrm protocol

    Update-FsrmClassificationPropertyDefinition

    Schema

    Global

    Windows Server2012orWindows8


    Windows server 2012

    PAC


    Windows azure active directory

    (WindowsAzureActive Directory


    Identity technology

    IdentityTechnology

    • ROI

    Forefront Identity Manager

    PIN

    CHAP

    802.1x

    OTP

    ACL

    Provisioning

    ACE

    ldap

    Active Directory

    NTLM

    SAML

    WS-Federation

    SCIM

    IRM

    ServiceforUNIX

    radius

    Kerberos

    Nis+

    OpenID

    nis

    IC

    SMB

    ACS

    OAuth

    IdM

    SSO

    NDS

    ACE

    2

    OpenIDConnect

    WS-Trust

    ADSI


    Identity solution cloud single sign on with access control

    Windows AzureActive Directory20134

    Identity Solution: Cloud Single Sign-on with Access Control

    • IdMasaService

    • HUB

    • ID

    • RESTAPI

    External IdP

    LIVE

    Access Control

    Sync

    Directory

    GraphAPI

    3rd PartyServices

    Windows Server

    Active Directory

    or

    Shibboleth

    or

    PingFederate

    Windows AzureActive Directory

    Auth. Library

    Apps in Azure


    Windows server 2012

    WindowsAzureActiveDirectory

    definitely not!

    WindowsServer Active Directory

    (on premise / on Azure IaaS)


    Coreio core infrastructure optimization

    CoreIOCoreInfrastructureOptimization

    • ID

    • EndtoEnd

    • IdM

    • IdM

    • DigitalIdentity Provisioning

      • Create

      • Retrieve(Read)

      • Update

      • Delete

    • IdM

    Network

    Devices

    Users, Devices, Services

    Groups

    Attributes

    IdM

    DigitalIdentity

    Data

    Services


    Id domain based identity management

    ID Domain-based Identity Management

    • ID

    Firewall

    Active Directory


    Windows server 2012

    IdP

    ...........

    ...

    Metadata


    Windows server 2012

    • ActiveDirectory

    ServiceProvider:SP

    Active Directory

    Active Directory


    Windows server 2012

    • SaaSOffice365, GAE, Saleceforce

    • SNS

    ServiceProvider:SP

    WebService

    WebService

    WebService

    office365

    WebService

    WebService

    Active Directory

    WebService

    WebService

    Google.com

    Outlook.com

    Salesforce.com

    Facebook.com


    Windows server 2012

    • IdPIdentityProvider

    • Identity

    • SPRP

    • !?

    • Digital Identity

      • !


    Identity federation model

    IdentityFederationModel

    • !

    • ID

    SPRP

    IdPCP

    PROVESWHOSHEIS

    CLAIMS

    WHOAMI?


    Windows server 2012

    IdP

    SP

    IdP

    SP


    Windows server 2012

    • SP

    Token

    Claims

    IdP

    SP

    mail

    name

    company

    title


    Windows server 2012

    • Firewall

      • SAML2.0WS-FederationWS-Trust&

      • SAML1.1SAML2.0

    • IdP

    SAML2.0

    IdP

    STS

    SecurityTokenServiceSTS

    SAML2.0

    SP STS IdP STS IdP

    SP IdP

    SAML2.0

    B IdP

    STS

    A IdP

    WS-Fed

    WS-Fed

    CRM

    WS-Fed

    STS

    STSSecurityTokenService


    Ad fs sts id

    ADFSSTS ID

    Domain-BasedIdentityManagement

    ActiveDirectory

    ADonIaaS

    STS

    ADFS

    (STS)

    STS

    VPN

    STS

    IDSSO


    Identity

    Identity

    IdMas a Service

    CoreIO

    • IdP

    • ID

    Network

    Devices

    Web Service

    IdM

    DigitalIdentity

    Web Service

    Data

    Services

    Web Service


    Identity solution cloud single sign on with access control1

    Windows AzureActive Directory

    Identity Solution: Cloud Single Sign-on with Access Control

    • IdMasaService

    • HUB

    • ID

    • RESTAPI

    External IdP

    LIVE

    Access Control

    Sync

    Directory

    GraphAPI

    3rd PartyServices

    Windows Server

    Active Directory

    or

    Shibboleth

    or

    PingFederate

    Windows AzureActive Directory

    Auth. Library

    Apps in Azure


    Waad directory service

    WAADDirectoryService

    DirectoryService

    SAML2.0

    WS-Fed

    Graph

    RESTAPI

    Federation Gateway

    STS

    IDStore

    Application

    WebService

    OAuth 2.0

    SAML 2.0

    WS-Fed

    STS

    • Windows Server Active Directory

    • Shibboleth

    • PingFederate

    IdP


    Windows server 2012

    http://msdn.microsoft.com/en-us/library/windowsazure/dn151789.aspx


    Waad directory service 2

    WAADDirectoryService2

    • WindowsAzureActiveDirectory

    • WAAD

    SP

    Token

    Token

    DirectoryService

    Access

    IE

    ID/Password

    PhoneFactor

    Application

    WebService

    #


    Identity solution cloud single sign on with access control2

    Identity Solution: Cloud Single Sign-on with Access Control

    WAAD Access Control Service

    • IdP SP

    • ActiveDirectory ID

    Directory

    Service

    OpenID

    Oauh2.0

    STS

    AccessControlService

    IP

    Application

    SP

    WS-Fed

    WAAD

    WS-Fed

    STS

    Application

    OAuthWrap

    IdP

    WS-Fed IdP


    Access control

    Access Control

    Graph API

    • API OAuth2.0

    • RESTful Graph API Directory

      • JSON/XML

    • API

    Token Request

    OAuth 2.0 Endpoint

    LOB

    JWT

    Graph APIEndpoint

    Request w/ JWT

    Check

    Response

    Windows AzureActive Directory


    Windows server 2012

    • IdMaaS

    • DigitalIdentity Service API API

    • EnterpriseSocialNetwork


    Windows server 2012

    IdMaaS

    Enterprise Social Network

    IdMaaS

    Partners

    IdM

    Customers

    DigitalIdentity

    Employees


    Kerberos windows

    Kerberos Windows


    Kerberos kdc key distribution center

    Kerberos KDCKeyDistribution Center

    • KDC

    ANSIX9.17KDC

    KDC


    Windows server 2012

    KDC

    • KDC

    KDC

    DB


    Windows server 2012

    KDC

    • PC

    • KDC KDCNeedham-Schroeder

    KDC

    DB

    ID/Password

    KDC

    KDC

    User

    Mail Server


    Windows server 2012

    User

    Server

    123456789123456789

    User

    Server

    (123)

    -1

    -1

    (122)


    Kerberos

    Kerberos

    • 1983 MIT Project Athena

    • KDC

    • Kerberos v5

    • TGT

    User

    KDC

    Ticket

    Ticket

    DB


    Tgt ticket granting tickets

    TGTTicket-GrantingTickets

    • TGT

    • TGT

    TGT

    TGT

    User

    KDC

    User

    KDC

    TGT

    PC

    PC

    Mail

    File

    Mail

    DB

    DB

    File

    PC

    MailServer

    FileServer

    PC

    MailServer

    FileServer


    Windows pc

    Windows PC

    KerberosActiveDirectory

    KDC

    TGT

    DB

    • PCPC

    TGT

    PC

    KerberizedPC

    User

    Ticket


    Windows server 2012

    ITCAMP


  • Login