ClusterFunk

Here are my notes from this session. They are the key point to take away from this session.

Trends. These are the key areas Microsoft has identified for attention in the next gen infrastructure

1) Greater use of “simple” lightweight protocols such as HTTP/HTTPS

2) Multi-Server and Remote Server Management is easy with 2008

3) Virtualisation with HA

• This is achieved with clustering in Hyper-V 1 and is greatly improved with CSV (Cluster Shared Volumes) in R2

4) Lower Cost Remote Workforce (including Branch Offices)

So  how are these addressed with Windows 2008 Server & beyond?

REMOTE WORKERS

Read only Domain
Allows for secure deployment of AD and Global Catalogue at Branch offices. In a R/O configuration passwords do not replicated by default. So if you configure an account in your head office that user will not be able to authenticate against the branch AD if connectivity is lost. There is a group policy to enable this and you need to configure machine accounts as well as user accounts.

if you for example, provide a new laptop and pre-cache the user account but leave the machine account unset no login for that user or any user on that machine.   

Delegate AD roles
Another function that further enhances AD security while simplifying administration is the ability to delegate AD tasks. A word of warning, Domain Admin credentials cannot be cached and it is possible to find yourself in a situation were nobody can authenticate against a R/O AD server even with valid credentials due to the restrictions that can be placed on admin accounts.    

Terminal Services Gateway

Has two Configure Polices

1) Connection authorisation policy:  Defines who can connect
2) Resource authorisation policy: Define what they can connect to

TS Gateway works as a proxy to the back-end server. Thus removing the need for VPN connectivity.

Works via HTTPS

Installing TS Web Access allows you to connect via browser rather than TSclient

When the gateway web site is created it needs configuring to activate.  IIS needs configuration as the TSGateway hostname isn’t populated by default in the website config.

Set DefaultTSGateway to the host that is the TS Gateway

TSRemote App

Provides terminal services at the application level. The application looks like it is running local e.g. Printing is redirected to local printer, however the application is actually been processed on the remote server. 

BranchCache

This is a proxy technology that reduces the amount of bandwidth utilised by branch offices. On the first request for a file a hash is generated for that file, this effectively makes the file a target for the cache. On the second request a copy is either storing on a central proxy location at the branch office or advertised by the host receiving the file (via its hash value). On the third request for the file depending on the configured method the file is either provided from the central cache or provided from a local peer. Any authentication required to access the file is conducted prior to the file been made available to the client

DATA CENTRE

Unified Management

The use of RPC requires (without modification of registry) high ports to be opened on firewall/s. 

ServerCore
This is a stripped back version of the OS that is managed via a command line and very limited set of gui’s (notepad, regedit etc). As the name suggest ServerCore is a collection of core components  such as DNS, DHCP, WIN, FileServer and AD. ServerCore has a number of limitations and as a result cannot be used to for all the applications that the full server can provided e.g. currently does not provide ASP.NET functionality.

PowerShell
PowerShell is the scripting language used to managed just about every aspect of Windows 2008 Server and associated server products. Targeted at simplifying the management of deployments of servers.  

HA for Virtualisation

Hyper-V relies on Windows Cluster Services to provide HA. Limitation in R1 is the requirement for a one LUN per VM to mitigate the risk to other VMs in the event of failure that requires the migration of VM to HA cluster partner. W2K8 R2 introduces the concept of Clustered Shared Volume. This technology allows for multiple hosts to connect to a LUN at the same time enabling VMs to be managed by separate hosts sharing the same storage.