A time to replicate
Another key feature is Hyper-V Replica. At its most basic, all you need is two Hyper-V hosts, and you can set up VM replication via a right-click option in the Hyper-V manager. Once initialised, replication only copies differences, and uses VSS (Volume Shadow copy Service) for application-level consistency. Once configured, Hyper-V will failover to the replica if there is a failure.
Hyper-V virtual networks are transformed from the simple affair in earlier versions. Hyper-V now has an extensible virtual switch, which handles network traffic between VMs, the external network, and the host server. You can now create private VLANs (Virtual sub-networks) which are isolated from one another for safe multi-tenancy. Port ACLs (Access Control Lists) let you restrict traffic by source or destination.
Bandwidth control lets you specify maximum and minimum bandwidth per VLAN, which means you can guarantee the level of service for specific customers, or prevent one customer from using too much bandwidth.
Hyper-V virtual networks can also be extended with third-party filters for capturing, filtering or redirecting traffic.
The theme here is obvious: making Windows Server work properly for multi-tenanted hosts.
Desktops in the remote sense
Microsoft's remote desktop services, once known as terminal services, get both usability and feature improvements in Server 8. Microsoft now defines three types of virtual desktop:
- Remote Desktop Session Host (RDSH) is the original lightweight remote desktop based on a user session on the server.
- Pooled Virtual Desktop: each user has their own VM, but are drawn from a pool so they may get a different one on each log-on. In Server 8, both personalization and performance is improved by storing user state separately, so it is no longer solely dependent on what is in the roaming profile. Patching pooled VMs is simplified by use of a golden image VM. To patch the machines, you need only update the golden image. This is then rolled out to users when they log out, or on a schedule, or in emergency as an instant update.
- Personal Virtual Desktop, where users have their own dedicated VM. In this type of VDI (Virtual Desktop Infrastructure), VMs are now treated in a similar way to physical machines, and patching is managed by Windows Software Update Services.
Setting up these VDI options is simplified in Server 8. You need do little more than specify what kind of VDI you want, and a wizard will set it up with default options.
Performance of remote desktops is also improved. Fast graphics and video is possible with a feature called RemoteFX, which can adapt to both software and hardware GPUs depending on what is available, and there is now multi-touch support, perhaps in preparations for Windows 8 VMs.
One thing that Microsoft's VDI offering does not support is the ability to take a VM offline and sync it back later. Microsoft's Remote Desktop program manager Ashwin Palekar told us that he sees no value in offline VDI.
But there is hope for official Remote Desktop clients for non-Microsoft platforms such as iOS and Android. "We are actively evaluating support," said Palekar.
What about VDI licensing? Mike Neil, general manager of Windows Server Planning and Management, admitted: "The feedback we've had from our customers is that our licensing is Byzantine." He stopped short of promising to fix it, but at least the issue is on the table.
The IIS have it
Microsoft's web server has been revamped for better scalability and multi-tenancy. One example of this is in SSL certificate management. In previous versions, certificates are stored in the Windows certificate store and bound individually to websites, with all certificates loaded into memory even when not in use. Microsoft has now figured out that you can simply store SSL certificates on a file server and infer which to use for a particular site by matching the site name. This change lifts the limit of SSL sites on a single server from 500 to 10,000 or more, as well as improving performance.
Another change is better support for NUMA (Non Uniform Memory Access), where memory has an affinity with a specific processor. Apparently IIS handled this badly before, crossing NUMA boundaries in its memory usage so that performance might actually get worse on many core systems. That has been fixed, with systems of greater than 32 cores showing most benefit.
A key feature for multi-tenanted servers is CPU throttling, where you limit the processor time available to specific sites. This feature was present in earlier versions but did not work well, because it averaged CPU usage over a period. The new CPU throttling works as you would expect, letting cloud-hosting providers sell CPU time effectively to their customers, or allowing enterprises to ensure even performance across all sites.
What else is new? Quite a lot.
There's Dynamic Access Control, which is a new approach to authorizing access to shared files and folders. It is based on claims, tags and expressions. A simple example would be to require that users be from the same company department as the file, where "department" is a both tag on a shared folder and a claim in Active Directory.