Windows Server 2012

Azure Backup for Windows Server 2012 Essentials

Richard Green on

Last night, I posted saying that I think Microsoft had missed a trick in not taking advantage of the Windows Azure Cloud Backup features in Windows Server 2012 Essentials, and today it looks like I must eat a slice of humble pie.

After some reading on the subject this evening, it appears that Microsoft are actually incorporating it, but not natively. To access the feature, you need to install a plugin. A blog post on the Small Business Server TechNet Blog details the installation steps to get the plugin installed and working (http://blogs.technet.com/b/sbs/archive/2012/09/18/windows-azure-online-backup-and-windows-server-2012-essentials.aspx).

Users of Windows Server 2012 Essentials can get a free six month trial for the service, however information on pricing is hard to find and understand: There is nothing on the trial signup page which offers an insight into what you will pay beyond the trial? Using the extremely complicated (and for good reason due to its capability and scale) Azure Pricing Calculator gives you a hint as to what you will pay but I think Microsoft need to provide some confirmation around the storage options.

Storage is offered in two different flavours: Geo Redundant and Local Redundant with the former seeing your data replicated throughout the Azure global infrastructure and the latter seeing your data only being replicated within your geographic region, but I can’t seem to find anything that states whether either option is valid for the backup service, or if you must use a particular option? Geo Redundant storage is £7.58 per month for 100GB, while Local Redundant is £5.64 per month for 100GB to give it some context.

The two storage types will have implications on your views on the United States and their laws such as the Patriot Act. If you are precious about your data (you should be) and don’t want these authorities to be able to view it under law without your consent which is essentially what the Patriot Act boils down to, then you may want to consider against the Geo Redundant option as after all, Local Redundant still gives you way more availability than your single on-site server. The region that your data is stored in is determined by the country you select during registration, so make sure you set it correctly.

Compare the above prices to those of one of the most popular Windows Home Server cloud backup solutions, Cloudberry and Azure directly looks good. For the same 100GB of storage, you will pay $9.30 a month for Amazon S3 or $12 a month for Google Cloud Storage, plus a $29.99 license cost for the Cloudberry product.

The thing to be conscious of, is this small catch: retrieving the data. Azure provides free unlimited inbound (upload) traffic so you pay nothing to upload your backups, but download is priced per gigabyte per billing cycle. If your server was to fail and you need to pull down your 100GB of data back to the server once it is recovered, then in a single billing period then you will pay £6.55 for 95GB (the first 5GB is free), but the key to remember is that this is a one time cost if and when the server fails. This price also will vary based on your geography. The price I’ve shown is for US and European egress data. If you like in another location, then the price is £10.37 instead, so bear this in mind.

Looking at this as a home user and not an SMB, I think paying £5.64 a month is a very small price to pay for piece of mind that all of my family pictures and important documents can be protected to a much higher degree than I can do at home with a Mirror Storage Space and an external USB or eSATA disk on-site backing up the server. From the perspective of an SMB then your data is your business so only you can value what your data is worth, but I would guess a lot. If you are an SMB without the luxury of a full time IT professional or a well managed agreement with a Microsoft Partner for supporting your environment, then I would guess that this service could one day prove invaluable.

Windows Server 2012 Essentials Storage Spaces Vs. RAID

Richard Green on

In Windows Server 2012 Essentials as with the whole Windows 6.2 kernel family, Storage Spaces and Storage Pools re-invent the concept of Drive Extender from Windows Home Server v1. With several options for resiliency in Storage Pools, I thought I would touch on what bang you will get for your buck with each protection level and compare it to physical RAID levels.

For all the examples, I will be using 2 500GB disks unless the example requires more such as RAID 5 or 10 where I will use the minimum number required to achieve the set. If you are using 1TB, 2TB or greater sized disks, then simply multiply the figures here to work out your gains.

RAID 0 (Stripe – No Resiliency in Disks, Two Disks Required)
1TB Raw / 1TB Usable

RAID 1 (Mirror – Single Disk Resiliency, Two Disks Required)
1TB Raw / 500GB Usable

RAID 5 (Stripe with Parity – Single Disk Resiliency, Three Disks Required)
1.5TB Raw / 1TB Usable

RAID 10 (Mirror of Stripes – One Disk in Either Stripe or Both Disks in One Strip May Fail, Four Disks Required)
2TB Raw / 1TB Usable

Storage Space Simple (Equivalent to RAID 0 – No Resiliency in Disks, One Disk Required)
500GB Raw / 500GB Usable

Storage Space Two Way Mirror (Equivalent to RAID 1 – Single Disk Resiliency, Two Disks Required)
1TB Raw / 500GB Usable

Storage Space Three Way Mirror (Equivalent to RAID 1 with a 2nd Mirror – Two Disk Resiliency, Three Disks Required)
1.5TB Raw / 500GB Usable

Storage Space Parity (Equivalent to RAID 5 – One Disk Resiliency, Three Disks Required)
1.5TB Raw / 1TB Usable

The thing to be clear on Storage Pools and Storage Spaces over traditional RAID is that RAID consumes the entire disk, obscuring it to the physical operating system and limits you to the capacity of the underlying disk subsystem. This makes adding new disk to an existing RAID set and extending it’s capacity challenging unless you are using RAID 5 whereby you can simply add disk and extend capacity. Storage Pools and Storage Spaces are different in that the Pool amalgamates the capacity of the underlying disks together, then pools overlay the disks to provide the availability. This allows you to do clever things like use three disks in a single Pool to provide both a Two Way Mirror to provide protection to read/write files such as documents and a Parity to provide protection to read only workloads such as video or music files, maximising the yield from your disk investment. With RAID, so achieve these separate protection levels, you would need five disk instead of three.

I think the only challenge with Storage Pools and Storage Spaces is going to be to calculate the capacity requirements and optimising the use of the disks: In my scenario I have 6 2TB disks and trying to decide what levels to protect the different content types at and whether to split each workload type into a dedicated Storage Space or whether to Pool Spaces between workloads is interesting as I want to make sure that my content is protected as effectively as I need it, but at the same time, as a consumer, I can’t afford to blow £150-£200 on new disks all the time so I need to maximise my investments.

The core advantage of Storage Pools and Storage Spaces for me over RAID is that it does allow you to fine-grain control your disks making the most out of them, thin-provisioning (over provisioning as it actually should be called) allows me to design the disks for future expansion ahead of time and it allows me to add disks and expand pools (online) without complicated RAID array configurations, changes and scary thoughts of migrating RAID levels (if you have a controller which supports such a thing).

I’ll be doing another post in the coming days on my options for Storage Pools and Storage Spaces, and where I am leaning and why.

Windows Server 2012 Essentials Initial Admin Thoughts

Richard Green on

I spend my days working with Windows Servers and more increasingly Windows Server 2012. Whilst I may not know everything there is to know (and who does after all), I like to think I know quite a bit on the subject and therefore my understanding of what’s good and proper is generally sound. Once the installation of Windows Server 2012 Essentials completed I was drilling through some of the back-end interfaces to dig up parts of how it worked and was strung together and these are my opinions based on those views as an administrator.

Active Directory Domain Services (ADDS)

As we know, Windows Server 2012 Essentials unlike Windows Home Server 2011 creates a domain. It does this with the greatest of ease for the end-user driving the install, but with ease, you lack control, evident here.

The domain is created with a Windows Server 2012 Domain and Forest Functional Level which is good, however the Active Directory Recycle Bin feature, added in Windows Server 2008 R2 ADDS is disabled which I think it should be to help people out who accidently delete users or computer accounts.

The domain is created with a .local domain suffix which for me is not nice as they can end up causing you problems depending on what you are trying to do with the domain environment. If you read some of the literature for Office 365 they don’t support federation using ADFS with .local domains.

The case sensitivity of the installer has big implications on the domain name created. I personally like to see a lowercase domain name (FQDN) with an uppercase Pre-Windows 2000 domain name (NetBIOS) but the installer uses the same name for both. From my previous post on installing Windows Server 2012 Essentials, whatever you type in the Internal Domain Name text field will be used for both, so be careful with that. You can change the Pre-Windows 2000 domain name using Active Directory Users and Computer (ADUC) or the PowerShell Cmdlets, but whether this will have implications for the Dashboard and other Essentials functionality is not clear without testing.

When new users and computers are added/connected to the domain using the dashboard and the client computer connector software, the new objects are placed in the Users and Computers containers respectively. I tried using redirusr and redircmp to move the new object creation to an OU, but this didn’t work and everything still hits the containers. Manually moving the objects later seems to cause no issues, but I think it’s very bad that the installer doesn’t at least create initial OUs for these objects as objects in containers can’t be linked to GPOs.

In Active Directory Sites and Services, no IP Subnets are configured to link to the site and the site is left with the standard name of Default-First-Site-Name. I don’t see any problems in renaming this and adding the subnets.

DNS

The DNS role is installed as a requirement for ADDS. The installation is basic, very basic. One Forward Lookup Zone is created for the DNS domain name specified in the installer, but no Reverse Lookup Zone. No Forwarders are configured so all recursive lookups will be hitting the Root Hints servers unless you are configuring the Essentials server to use the ISP router as its DNS server, which brings the next point, linked to DHCP. Clients will be receiving DHCP leases normally from a self-bought or an ISP router which will be configuring the clients with itself as the sole DNS server.

Unless the connecter client does something very nasty like configure a static DNS server on the NIC in use for the Essentials server, how will it be able to resolve DNS records on the server as it will be relying on the records from the router?

Lastly on DNS is that Scavenging is disabled, so if you do use DHCP and have your clients leasing addresses directly from the Essentials server (which I would recommend) then the stale records won’t get cleaned up.

Certificate Authority (CA)

The installer configures an Enterprise Root CA on the server which is an online root and issuing CA in this instance. Anyone who knows PKI knows that an online root CA is bad news. I know it’s the only option as you can’t expect people to drop two servers, one to remain powered off for it’s life as an offline root CA, but doesn’t stop it from being horrid.

The most annoying thing here is the name that the CA is given. [DomainName]-[ServerName]-CA. This is totally unfriendly and looks ghastly in any of your certificates. The CA isn’t configured to grant the account you specify as the administrator account during the installer as a KRA or a DRA so hope that nobody in your house or office tries to be clever and EFS encrypt their documents before losing the private key to open them.

Network Access Protection (NAP)

This role is installed to assign policy for the VPN and Remote Web Access. The administrative console for it is not installed to keep your blind to its configuration, but you can easily install this using Server Manager by adding the RSAT Feature for NAP.

Remote Desktop Services (RDS) Gateway

This component is used for the Remote Web Access. As with NAP, the console is not installed to keep you in the dark, but you can again install this using Server Manager by adding that RSAT Feature for RDS Gateway Tools.

Oddbox

Other random bits and pieces I noticed whilst poking around where as follows:

  • Memory Usage for the base install is 1.4GB and CPU Usage while idle was 4% on my Hyper-V 3.0 VM from my Core i3 desktop PC. It will be interesting to see how my physical AMD E-350 Zacate Home Server processor handles it or how the processor in the HP Microserver would fare?
  • No Group Policy Objects are configured aside from the two default domain policies. Do not rename either of the default policies as options in the Dashboard update the configuration of the policies and if the dashboard is looking for them based on name and not GUID, then you will hit problems.
  • The Server Backup feature  within the dashboard relies on a dedicated and assigned local disk. There is no option for making use of Windows Azure Cloud Backup which is now supported in the Windows Server 2012 iteration of Windows Server Backup. I think Microsoft are missing a trick here as there are other 3rd parties already cashing in on the cloud backup market a la Windows Home Server 2011, such as Cloudberry.
  • Deleting any of the default server shares such as Recorded TV or Company (if you aren’t a company and you aren’t using Media Center for Live TV Archiving to the Essentials Server) for example causes warnings of missing folders in the Dashboard and causes Critical status alerts in the alert panel. There is a workaround for this courtesy of  Philip Churchill at http://www.mswhs.com/2012/09/remove-default-shares-in-ws2012-essentials/.

Windows Server 2012 Essentials Installation Screenshots

Richard Green on

I took an hour out today to do an installation of Windows Server 2012 Essentials inside a Hyper-V 3.0 VM so that I could familiarise myself with it a little before I consider porting my existing Windows Home Server 2011 install over. I’m not a Windows Server 2012 virgin as I’ve been working with it for a while in my capacity at work so I was primarily interested in the experiences of the Essentials edition compared with the Standard and Datacenter editions for enterprise.

Before you begin anything, it’s worth checking the system requirements at http://technet.microsoft.com/en-us/library/jj200132.aspx. The biggest point here is a minimum of a 160GB disk for the operating system installation which can be partitioned into a 60GB operating system volume and a 100GB data volume. This is a bummer for some people who may have taken the decision to run their OS on SSD as one of the most common sized SSD drives around and at an affordable price is a 128GB drive. I think Microsoft should have lowered the disk requirement to cater for this 128GB SSD market, but that’s just my opinion as the majority of people will likely be using 1TB or greater disks in their builds to get the storage capacity and density.

After being asked the usual language questions and if you want to modify the disk partition layout, the installation is complete pretty quick as is with new Windows releases and the Essentials Setup Wizard commences.

After the updating and preparing your server phase, the server will reboot twice. One of these will almost certainly be to bring online the Active Directory Domain Services role, but the other I’m not sure what causes that? The quick observers among you will also notice that very briefly, the server logs on automatically as the Administrator account, displaying the Modern UI Start Menu, before once again, the Essentials Setup Wizard resumes. Once complete, you will see a final screen of the wizard, hopefully with a nice green tick stating that the installation is complete and the server is ready to be used. The URL for connecting clients and the usernames you specified are confirmed here too.

It’s worth pointing out that at the phase where you are asked to provide a username, you cannot use the username Administrator. It appears that Windows Server 2012 Essentials keeps this one up it’s sleeve for it’s own use and you aren’t told the password for it at any stage. Once the installation completed, I took a quick dive through all of the screens in the Windows Server 2012 Essentials Dashboard to see what options are available and configured as default. These are all shown in the image gallery below.

 

KMS Activating Windows Server 2012 and Windows 8

Richard Green on

In our environment, we have a Windows Server 2008 R2 virtual guest serving as our KMS host. With the recent RTM releases of Windows Server 2012 and Windows 8, we wanted to be able to activate our hosts and guests using KMS. If you try to activate one of these new Windows editions using a Windows Server 2008 R2 KMS host, then you will likely encounter the following error:

Error: 0xC004F050 The Software Licensing Service reported that the product key is invalid.

Luckily, Microsoft have released an update for the Windows Server 2008 R2 KMS host services to support the application of new KMS keys and to accept the KMS activation requests from these operating systems. You can download the update from http://support.microsoft.com/kb/2691586/EN-US and register to receive the hotfix.

Something you should note which I ran into which is not explicitly defined in the article is that this update only applies to Windows Server 2008 R2 with Service Pack 1. Trying to apply this update to the RTM release of Windows Server 2008 R2 produces an Windows Update error that this update is not applicable to this system.

After applying the SP1 update to the KMS host, I was able to install the update, and after a reboot, we were nearly ready to start activating. The final step is to update the KMS key, which is something not terribly well explained on the web either. You will have a KMS host key if you are a Microsoft Volume License customer, and you will have a Windows 8 or a Windows Server 2012 KMS key if you subscribe to Software Assurance for the products.

If you subscribe to Software Assurance for Windows 7 client operating systems, but not for Windows Server 2008 or 2008 R2, then you will receive a Windows 8 KMS key via your Volume License Servicing Center, but not a Windows Server 2012 KMS key. If you subscribe to Software Assurance for Windows Server 2008 or 2008 R2 then you will receive a Windows Server 2012 KMS key via your Volume License Servicing Center. One thing you need to be aware of regarding KMS is how the down-level clients are licensed.

On a KMS host, you can only apply one license key. If you install a Windows 8 KMS key, then you will be able to activate Windows Vista, 7 and 8 clients, but will not be able to activate any edition of any server operating system. In you install a Windows Server 2012 KMS key, then you will be able to activate any combination of Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Vista, 7 and 8.

In my scenario, our VLSC site showed a KMS key for Windows Server 2012 and Windows 8, so I used the Windows Server 2012 key. On the KMS host, first uninstall the old KMS key using the following command:

cscript slmgr.vbs -upk

You will receive a message that the key was successfully uninstalled, after which you can enter the new key.

cscript slmgr.vbs -ipk XYZXY-XYZXY-XYZXY-XYZXY-XYZXY

You should now receive a notification that the key was successfully installed onto the server. Lastly, you need to activate the key which requires going out to the Microsoft activation service, so if you use a proxy server for internet access, be sure that you allow this user and host combination to do that.

cscript slmgr.vbs -ato

Once all the above was complete, I entered the KMS client key for Windows 8 onto my Windows 8 Enterprise desktop and it successfully activated, as did a Windows Server 2012 Datacenter virtual machine which I deployed a couple of days ago. If you need the KMS client keys to get you back to a KMS state after you may have MAK activated your machines to get you up and running, you can get them from the TechNet page at http://technet.microsoft.com/en-us/library/jj612867.aspx.