Windows Server 2008 R2 includes a new version of FTP Server services. These new FTP server services offer the following improvements:
Reduced administrative effort for FTP server services. The new FTP server is fully integrated with the IIS 7.5 administration interface and configuration store, as shown in the following figure. This allows administrators to perform common administrative tasks within one common administration console.
Figure: Integration of the FTP server administration in Internet Information Service Manager
Extended support for new Internet standards. The new FTP server includes support for emerging standards, including:
Improved security by supporting FTP over secure sockets layer (SSL);
Support of extended character sets by including UTF8 support;
Extended IP addressing features provided by IPv6.
Improved integration with web-based applications and services. With the new FTP server, you can specify a, virtual host name for an FTP site. This allows you to create multiple FTP sites that use the same IP address, but are differentiated by using unique virtual host names. This allows you to provide FTP and Web content from the same Web site simply by binding an FTP site to a Web site.
Reduced effort for support and troubleshooting FTP–related issues. Improved logging that now supports all FTP-related traffic, unique tracking for FTP sessions, FTP sub statuses, an additional detail field in FTP logs, and more.
Ability to Extend Functionality and Features
One of the design goals for IIS 7.5 was to make it easy for you to extend the base functionality and features in IIS 7.5 IIS Extensions allow you to build or buy software that can be integrated into IIS 7.5 in such a way that the software appears to be an integral part of IIS 7.5. The following figure illustrates the placement of IIS Extensions in the IIS 7.5 architecture.
Figure: Architecture of IIS Extensions in IIS 7.5 in Windows Server 2008 R2
Extensions can be created by Microsoft, partners, independent software vendors, and your organization. Microsoft has developed IIS Extensions since the RTM version of Windows Server 2008. These IIS Extensions are available for download from http://www.iis.net/extensions . Many of the IIS Extensions developed by Microsoft will be shipped as a part of Windows Server 2008 R2, including:
-
IIS WebDAV;
-
Integrated and enhanced Administration Pack;
-
Windows PowerShell Snap-In for IIS.
Improved .NET Support
The .NET Framework (versions 2.0, 3.0, 3.5.1 and 4.0) is now available on Server Core as an installation option. By taking advantage of this feature, administrators can enable ASP.NET on Server Core which affords them full use of PowerShell cmdlets. Additionally, .NET support means the ability to perform remote management tasks from IIS manager and host ASP.NET Web applications on Server Core as well.
Improved Application Pool Security
Building on the application pool isolation that was available with IIS 7.0 that increased security and reliability, every IIS 7.5 application pool now runs with a unique, less-privileged identity. This helps harden the security of applications and services running on IIS 7.5.
To stay current with new additions to IIS in Windows Server 2008 or Windows Server 2008 R2, make sure to visit the IIS.NET community portal (http://www.iis.net). The site includes update news, in-depth instructional articles, a download center for new IIS solutions and free advice via blogs and technical forums.
Solid Foundation for Enterprise Workloads
Windows Server 2008 R2 has been designed as a best-of-breed enterprise operating platform, capable of handling the most demanding data center workloads and delivering the latest next-gen network productivity experience to end-users across even the largest networks. To address these challenges, Microsoft has designed Windows Server 2008 R2 with several new feature categories in mind, divisible into two basic categories:
-
Scalability and Reliability
-
Better Together with Windows 7.
Scalability and Reliability
Windows Server 2008 R2 is capable of the unprecedented workload size, dynamic scalability and across-the-board availability and reliability. A host of new and updated features contribute to this pillar:
-
Leveraging sophisticated CPU architectures
-
Increased operating system componentization
-
Improved performance and scalability for applications and services
Leveraging Sophisticated CPU Architectures
Windows Server 2008 R2 is the first Windows operating system to be offered for only 64-bit processors. With customers being unable to purchase a 32-bit server CPU for over two years, the performance and reliability advantages to moving to this architecture were too beneficial to ignore.
Additionally, Windows Server 2008 R2 now supports up to 256 logical processor cores for a single operating system instance. Hyper-V™ is able to utilize up to 64 logical cores on a single host. These improvements not only guarantee more bang for your server hardware buck, but also offer better reliability with fewer locks and greater parallelism.
Increased Operating System Componentization
Microsoft introduced the concept of server roles to allow server administrators to quickly and easily configure any Windows-based server to run a specific set of tasks and remove extraneous OS code from system overhead. Windows Server 2008 R2 further extends this model with support for more roles and a broadening of current role support, like the addition of ASP.NET within IIS 7.5.
Roles have been refined and feature sets redefined as customers have expressed desires for certain capabilities in popular scenarios. The Server Core installation option is an appropriate mention here with new (and much demanded) support for PowerShell scripting made possible by the addition of the .NET Framework to the list of server roles supported in the Server Core installation option.
Improved Performance and Scalability for Applications and Services
Another key design goal was to provide higher performance for Windows Server 2008 R2 running on the same system resources as previous versions of Windows Server. In addition, Windows Server 2008 R2 supports increased scaling capabilities that allow you to support greater workloads than ever before. Windows Server 2008 R2 features that improve performance and scalability for applications and services include:
Support for larger workloads by adding more servers to a workload (scaling out).
Support for larger workloads by utilizing or increasing system resources (scaling up).
Increased Workload Support by Scaling Out
The Network Load Balancing feature in Windows Server 2008 R2 allows you to combine two or more computers in to a cluster. You can use NLB to distribute workloads across the cluster nodes in order to support a larger number of simultaneous users. Network Load Balancing feature improvements in Windows Server 2008 R2 include:
Improved support for applications and services that require persistent connections.
Improved health monitoring and awareness for applications and services running on Network Load Balancing clusters.
Improved Support for Applications and Services That Require Persistent Connections
As illustrated in the following figure, the IP Stickiness feature in Network Load Balancing allows you to configure longer affinity between client and cluster nodes. By default, Network Load Balancing distributes each request to different nodes in the clusters. Some applications and services, such as a shopping cart application, require that a persistent connection be maintained with a specific cluster node.
Figure 27: IP Stickiness feature in Network Load Balancing
You can configure a time-out setting for connection state to a range of hours or even weeks in length. Examples of applications and services that can utilize this feature include:
Universal Access Gateway (UAG), which uses an SSL–based virtual private network (VPN).
Web-based applications that maintain user information, such as an ASP.NET shopping cart application.
Improved Health Monitoring and Awareness for Applications and Services
As illustrated in the following figure, the Network Load Balancing Management Pack for Windows Server 2008 R2 allows you to monitor the health of applications and services running in Network Load Balancing clusters.
Figure 28: Application health monitoring in Network Load Balancing clusters
Increased Workload Support by Scaling Up
Windows Server 2008 R2 includes features that also allow you to support larger workloads on individual computers. Scaling up allows you to reduce the number of servers in your data center and be more power efficient. The features that support scaling up include:
Increased number of logical processors supported. Windows Server 2008 R2 supports up to 256 logical processors.
Reduced operating system overhead for graphical user interface. In addition to reducing the attack surface of the operating system, the Server Core installation option eliminates the graphical user interface, which reduces the amount of processor utilization. The reduction in processor utilization allows more of the processing power to be used for running workloads.
Improved performance for storage devices. Windows Server 2008 R2 includes a number of performance improvements for storage devices connected locally, through iSCSI and other remote storage solutions. For more information on these improvements in storage device performance, see “Improved File Services and Network Attached Storage” later in this guide.
Improved Storage Solutions
The ability to quickly access information is more critical today than ever before. The foundation for this high-speed access is based on file services and network attached storage (NAS). Microsoft storage solutions are at the core of providing high-performance and highly available file services and NAS.
The release version of Windows Server 2008 introduced many improvements in storage technologies. Windows Server 2008 R2 includes additional improvements that enhance the performance, availability, and manageability of storage solutions.
Improved Storage Solution Performance
Windows Server 2008 R2 includes a number of performance improvements in storage solutions, including:
Reduced processor utilization to achieve “wire speed” storage performance. Wire speed refers to the hypothetical maximum data transmission rate of a cable or other transmission medium. Wire speed is dependent on the physical and electrical properties of the cable, combined with the lowest level of the connection protocols. Windows Server 2008 RTM is able to access storage at wire speed, but at a higher processor utilization than Windows Server 2008 R2.
Improved storage input/output process performance. One of the primary contributors to storage performance improvements in Windows Server 2008 R2 is the improvement in the storage input/output process, known as NTIO. The NTIO process has been optimized to reduce the overhead in performing storage operations.
Improved performance when multiple paths exist between servers and storage. When multiple paths exist to storage, you can load-balance storage operations by load-balancing the storage requests. Windows Server 2008 R2 supports up to 32 paths to storage devices, while Windows Server 2008 RTM only supported two paths. You can configure load-balancing policies to optimize the performance for your storage solution.
Improved connection performance for iSCSI attached storage. The iSCSI client in Windows Server 2008 R2 has been optimized to improve performance for iSCSI attached storage.
Improved support for optimization of the storage subsystem. The storage system has been designed to allow hardware vendors to optimize their storage mini-driver. For example, a vendor could optimize the disk cache for their storage mini-driver.
Reduced length of time for operating system start. Chkdsk is run during the operating system start when an administrator has scheduled a scan of a disk volume or when volumes were not shut down properly. Chkdsk performance has been optimized to reduce the length of time required to start the operating system. This allows you to recover faster in the event of an abnormal shutdown of the operating system (such as a power loss).
Improved Storage Solution Availability
Availability of storage is essential to all mission-critical applications in your organization. Windows Server 2008 R2 includes the following improvements to storage solution availability:
Improved fault tolerance between servers and storage. When multiple paths exist between servers and storage, Windows Server 2008 R2 can failover to an alternate path if the primary path fails. You can select the failover priority by configuring the load-balancing policies for your storage solution.
Improved recovery from configuration errors. An error in the configuration of the storage subsystem can negatively affect storage availability. Windows Server 2008 R2 allows you to take configuration snapshots of the storage subsystem (for example, the iSCSI configuration). In the event of a subsequent configuration failure, you can quickly restore the configuration to a previous version.
Improved Storage Solution Manageability
Management of the storage subsystem is another design goal for Windows Server 2008 R2. Some of the manageability improvements in Windows Server 2008 R2 include:
Automated deployment of storage subsystem configuration settings. You can automate the storage subsystem configuration settings in Windows Server 2008 R2 by customizing the Unattend.xml file.
Improved monitoring of the storage subsystem. The storage subsystem in Windows Server 2008 R2 includes the following improvements that help in monitoring:
New performance counters that help reduce the support and troubleshooting effort for storage subsystem–related issues.
Extended logging for the storage subsystem, including storage drivers.
Health-based monitoring of the entire storage subsystem.
Improved version control of storage system configuration settings. Windows Server 2008 R2 allows you to take configuration snapshots of the storage subsystem. This allows you to perform version control of configuration settings and to quickly restore to a previous version in the event of a configuration error.
Improved Protection of Intranet Resources
The Network Policy Server (NPS) is a Remote Authentication Dial-In User Service (RADIUS) server and proxy and Network Access Protection (NAP) health policy server. NPS evaluates system health for NAP clients, provides RADIUS authentication, authorization, and accounting (AAA), and provides RADIUS proxy functionality.
NAP is a platform that includes both client and server components to enable fully extensible system health evaluation and authorization for a number of network access and communication technologies, including:
Internet Protocol security (IPsec)-protected communication
802.1X-authenticated access for wireless and wired connections
Remote access virtual private network (VPN) connections
Dynamic Host Configuration Protocol (DHCP) address allocation
Terminal Service (TS) Gateway access
The improvements to NPS in Windows Server 2008 R2 include:
Automated NPS SQL logging setup. This new feature automatically configures a SQL database, required tables, and store procedure for NPS accounting data, which significantly reduces the NPS deployment effort.
NPS logging improvements. The logging improvements enable NPS to simultaneously log accounting data to both a file and a SQL database, support failover from SQL database logging to file logging, and support logging with an additional file format that is structured similar to SQL logging.
NAP multiple configurations of a system health validator (SHV), When you configure a health policy, you can select an SHV in a specific configuration. This allows you to specify different sets of health requirements based on a specific configuration of the SHV. For example, you can create a network policy that specifies that intranet-connected computers must have their anti-virus software enabled and a different network policy that specifies that VPN-connected computers must have their anti-virus software enabled and anti-malware installed.
NPS templates. NPS templates separate common RADIUS configuration elements such as RADIUS shared secrets, IP filters, RADIUS clients, and others from the configuration that is running on the server. When referenced, the NPS setting inherits the values configured in the specified template. A change in the template changes the corresponding value in all of the places in which the template is referenced. For example, a single RADIUS shared secret template can be referenced for multiple RADIUS clients and servers. When you change the RADIUS shared secret template, the change is inherited by all of the RADIUS clients and servers in which that RADIUS shared secret template is referenced. NPS template settings can easily synchronized across multiple NPS servers running Windows Server 2008 R2.
Migration of Windows Server 2003 Internet Authentication Service (IAS) servers. This feature allows you to migrate the configuration settings of an IAS server running on Windows Server 2003 to an NPS server running on Windows Server 2008 R2.
Improved Management of File Services
Storage is no longer a marginal expense. Nor is managing storage any longer simply about volume and availability; organizations need to manage their data more effectively as well as more efficiently. Only by gaining insight into their data can companies reduce the cost of storing, maintaining, and managing data. Only by enforcing company policies and knowing how storage is utilized can administrators efficiently use their storage and mitigate the risks of leaking data. The next frontier for administrators is to be able to manage data based on business value.
Windows Server® 2008 R2 File Classification Infrastructure (FCI) provides insight into your data by automating classification processes so that you can manage your data more effectively and economically. FCI does this by enabling to automatically classify files based on properties defined by administrators (such as whether or not a file contains personally identifiable information) and performing administrator-specified actions based on that classification (backing up files containing personal information to an encrypted store, for example). These mechanisms are included in the box as well as provided by extensible interfaces that allow IT organizations and partners to build rich end to end solutions for classifying and applying policy based on classification. FCI helps customers save money and reduce risk by managing files based on their business value and business impact.
You can use the Windows File Classification Infrastructure to identify files that:
Contain sensitive information and are located on servers with lower security and move the files to servers with higher security.
Contain sensitive information and encrypt those files.
Are no longer essential and automatically remove the files from servers.
Are not accessed frequently and move the files to slower, more affordable storage solutions.
Require different backup schedules and backup the files accordingly.
Require different backup solutions based on the sensitivity of the information in the files.
The Windows File Classification Infrastructure allows you to:
Centrally define policy-based classification of the files stored in your intranet.
Perform file management tasks based on the file classification that you define, rather than on only simple information such as the location, size, or date of the file.
Generate reports about the types of information stored in the files in your intranet.
Notify content owners when a file management task is going to be performed on their content.
Create or purchase custom file management solutions based on the Windows File Classification Infrastructure.
Improved Policy-based Classification of Files in the box
One of the key advantages to the Windows File Classification Infrastructure is the ability to centrally manage the classification of the files by establishing classification policies. This centralized approach allows you to classify user files without requiring their intervention.
With no additional third-party applications, FCI provides the following benefits:
-
Getting insight to data on file server — Administrators can create automatic classification rules that classify files according to the location or content of the files. As a result, a new layer of efficiency is added, driving down the typical costs associated with managing and protecting the file server.
-
Reduce storage costs and eliminate old documents with no business value — Storing stale, unused data can grow to be a major expense for organizations. Indeed, IDC estimates that 60-80 percent of file data has no legal or business value. Expiring files based on usage and business value can reduce both the cost (storage and management) and risk (information leakage) on file servers. The in-box FCI solution provides automatically scheduled tasks that expire files based on age, location, or other classification categories.
-
Mitigate risk by customizing how and where your data is stored — FCI empowers administrators to run custom commands that automate management tasks based on file name, age, location, or other classification categories of files. For example, IT administrators can automatically move data based on policies for either centralizing the location of sensitive data or for moving data to a less expensive storage facility.
-
Easily track files — Reports can provide administrators with a powerful tool to assess the risk of the wrong files being in the wrong place on their servers. Using the built-in capabilities of FCI, administrators can create reports in a variety of formats that contain details—including location—about files that have a particular classification. The FCI reporting infrastructure can also be used to generate information that can be used by another application.
Improved File Management Tasks
The Windows File Classification Infrastructure allows you to perform file management tasks based on the classifications that you define. You can use the Windows File Classification Infrastructure to help you perform common file management tasks, including:
Grooming of data. You can automatically delete data by using policies based on data age or classification properties to free valuable storage space and intelligently reduce storage demand growth.
Custom Tasks. Execute custom commands based on age, location or other classification categories. For example, IT administrators are able to automatically move data based on policies for either centralizing the location of sensitive data or for moving data to a less expensive storage resource.
Archiving files. You can automatically determine the best archival method based on the classification of files.
The Windows File Classification Infrastructure allows you to automate any file management task by using the file classifications you establish for your organization.
Improved Reporting on Information Stored in Files
Most IT organizations have no easy method of providing information about the types of files that are stored and managed. Without classification of the files, there is minimal information that can be used to help identify the usage of the files, the sensitivity of the files, and other relevant information about the files.
The Windows File Classification Infrastructure allows you to generate reports in multiple formats that can provide statistical information about the files stored on each file server. You can use the reporting infrastructure to generate information that can be used by another application (such as a comma separated variable format text file that could be imported into Microsoft Excel).
Improved Development of File Management Tasks
There are many solutions on the market that provide data management and solutions that classify and protect information, each dealing with specific aspects of the challenges presented by data growth. FCI provides an extensible infrastructure to allow these solutions to work with one another and empower companies to craft rich, end-to-end data-management solutions that meet their specific business objectives. FCI persists file classification between different ISV offerings so that products that classify files can work with products that consume file classifications. For example, if a data leakage–prevention product classifies files as containing personal information, then a backup product can back it up to an encrypted store rather than the regular store. Moreover, IT administrators can build in-house solutions that plug into the classification infrastructure and interoperate with ISV product offerings.
Improvements in Backup and Recovery
Backup and recovery features are very important for the continued operation of the services and applications running on Windows Server 2008 R2. Windows Server 2008 R2 includes a number of improvements that are related to backup and recovery, including improvements in:
The Windows Server Backup utility.
Recovering from total failures of disk volumes by using LUN synchronization.
Integration with System Center Data Protection Manager 2007.
Improvements in Windows Server Backup
Windows Server 2008 R2 includes a new version of the Windows Server Backup utility. This new version of Windows Server Backup allows you to:
Backup specific files and folders. In Windows Server 2008 RTM you had to backup and entire volume. In Windows Server 2008 R2, you can include or exclude folders or individual files. You can also exclude files based on the file types.
Perform incremental backup of system state. Previously, you could only perform a full backup of the system state by using the wbadmin.exe utility. Now you can perform incremental backups of the system state by using Windows Server Backup utility, the wbadmin.exe utility, or from a PowerShell cmdlet.
Perform scheduled backups to volumes. You can perform a scheduled backup to existing volumes in Windows Server 2008 R2. In Windows Server 2008, you had to dedicate an entire physical disk to the backup (the target physical disk was partitioned and a new volume was created previously).
Perform scheduled backups to network shared folders. You can now perform scheduled backups to a network shared folder, which was not possible in the previous version.
Manage backups by using PowerShell. You can manage backup and restore tasks by using PowerShell (including all PowerShell remoting scenarios). This includes the management of on-demand and scheduled backups.
Improvements in Full Volume Recovery
Windows Server 2008 R2 includes support for LUN resynchronization (also known as LUN resynch or LUN revert). LUN resynchronization creates hardware-based shadow copies that allow you to recover a volume from an existing shadow copy of the volume.
LUN resynchronization is a method for quickly restoring volumes that leverages the capabilities of storage arrays (such as SANs). This allows you to create shadow copies of entire LUNs and then restore from those shadow copies (using the inherent snapshot or copying features in the storage array). You can use LUN resynchronization to help you recover from data loss or to help quickly create duplicates of productions LUNs for use in a storage environment.
Comparison of LUN Resynchronization and Traditional Volume Shadow Copy Service
Window Server 2008 R2 LUN resynchronization support is an extension of the features provided by the Volume Shadow Copy Service in Windows Server 2008 R2. LUN resynchronization uses the same application programming interfaces (APIs) that are used by the Volume Shadow Copy Service.
The following table lists the differences between LUN resynchronization and current features in Volume Shadow Copy Service.
Table 11: Comparison of LUN Resynchronization and Traditional Volume Shadow Copy Service
LUN Resynchronization
|
Traditional Volume Shadow Copy Service
|
Recovers entire LUN (which may contain multiple volumes).
|
Recovers only a volume.
|
Performed by storage array hardware.
|
Performed by server computer.
|
Typically takes less time than restoring by using traditional Volume Shadow Copy Service.
|
Typically takes more time than restoring by using LUN resynchronization.
|
Comparison of LUN Resynchronization and LUN Swap
LUN Swap is a fast volume recovery scenario that has supported since Windows Server 2003 Service Pack 1. In LUN swap, a shadow copy version of a LUN is exchanged with the active
The following table lists the differences between LUN resynchronization and LUN Swap.
Table 12: Comparison of LUN Resynchronization and LUN Swap
LUN Resynchronization
|
LUN Swap
|
Source (shadow copy) LUN remains unmodified after the resynchronization completes.
|
Source (shadow copy) LUN becomes the active LUN and is modified.
|
Destination LUN contains the same information as the source LUN, but also any information written during the resynchronization.
|
Contains only the information on the source LUN.
|
Source LUN can be used for recovery again.
|
Must create another shadow copy to perform recovery.
|
Requires the destination LUN exists and is usable.
|
Destination LUN does not have to exist or can be unusable.
|
Source LUN can exist on slower, less expensive storage.
|
Source LUN must have the same performance as the production LUN.
|
Benefits of Performing Full Volume Recovery Using LUN Resynchronization
The benefits of LUN resynchronization include the following:
Perform recovery of volumes with minimal disruption of service. After the recovery of a volume using LUN resynchronization is initiated, users can continue to access data on the volume while the synchronization is being performed. Although there may be a reduction in performance, users and applications are still able to access their data.
Reduce the workload while recovering volumes. Because the hardware storage array is performing the resynchronization, the server hardware resources are only minimally affected. This allows the server to continue processing other workloads with the same performance while the LUN resynchronization process is completing.
Integration with existing volume recovery methods. The APIs used to perform LUN resynchronization are the same APIs that are used to perform traditional Volume Shadow Copy Service recovery. This helps ensure that you can the same tools and processes that you are currently using for traditional Volume Shadow Copy Service recovery.
Compatibility with future improvements. Because LUN resynchronization uses published, supported APIs in Windows Server 2008 R2, future versions of Windows Server will also provide support for LUN resynchronization.
Process for Performing Full Volume Recovery Using LUN Resynchronization
Before you can perform a full volume recovery using LUN synchronization, you need to have a hardware shadow copy (snapshot) of the LUN. You can make full or differential shadow copies of the LUN.
The follow is the sequence of events when performing a full volume restore using LUN synchronization:
The source and destination LUNs are identified.
-
The LUN resynchronization is initiated between the source (shadow copy) and destination LUNs.
During the LUN resynchronization users are able to access the volume being accessed by the following methods:
For read operations, volume requests are directed to the source LUN.
For write operations, volume requests are directed to the destination LUN.
The LUN resynchronization continues by performing a block-level copy from the source (shadow copy) LUN to the destination LUN.
The LUN resynchronization completes and all user requests are now performed from the destination LUN.
Note: At the end of the LUN resynchronization process, the source LUN is unmodified and the destination LUN contains the same information as the source LUN plus any data that was written to the destination LUN during the LUN resynchronization process.
You can find more information about how these steps are performed by viewing the Volume Shadow Copy Service APIs on MSDN and on the Windows Software Development Kit (SDK) for Windows 7 and Windows Server 2008 R2.
Improvements in Data Protection Manager Integration
Service Pack 1 for Microsoft System Center Data Protection Manager 2007 provides continuous data protection for Windows application and file servers using seamlessly integrated disk and tape media and includes the following expanded capabilities:
Protection of files, configuration, and other information stored on Windows Server 2008 R2.
Protection of Hyper-V™ virtualization platforms, including both Windows Server 2008 R2 Hyper-V and the Microsoft Hyper-V Server, has been added to the existing set of protected workloads.
|
