Microsoft broke its own rules for server rollout timing, but Windows 8 breaks most rules for Microsoft anyway. More than any time in the past decade, Microsoft has taken great pains to give notice that an upcoming operating system edition has major changes inside—and targets them against the competition. One of the main competitors that Microsoft targets is VMware, and the one-upmanship contest going on benefits us all.
Windows 8 is different and Windows 8 Server editions, are still more different. That’s not bad news, but if the ideas shown in the pre-beta experience hold through the testing cycle through to production, you will appreciate the increased heads-up time.
In this article I focus on server issues. You may also be interested in the companion article, Windows 8 Client Pre-Beta: Five Important Implications.
1. It’s All Pre-Beta
The logic behind revealing so much so soon is to allow systems planners, network engineers, compliance officers, and support personnel to prepare for what amounts to an ideological forklift upgrade that Windows 8 Server can represent. You can ease into the transition, but as with the last big server shift to Windows 2000, Microsoft adds many compelling and unified services structures, especially the Hyper-V switch, to consider.
There are 66 pages of exceptions and how to handle them within the contents of the Microsoft-supplied preview, which arrives in the form of a virtual hard drive. At this writing, Windows Server 8 is barely “pilot,” and certainly not close to production. The exceptions listed are largely not fatal, merely the ones known at release time. You’ll undoubtedly find unknown issues; this is normal and not alarming for anyone who has used pre-beta software.
There are no ports of the Windows 8 server editions for the ARM processor, which means there are two kernel trees, one for Intel and one for ARM. There are currently no ARM 64-bit processors that Microsoft has publicly certified; this fact will change as hefty ARM processors are announced, so for now, it’s all x86/x64 code.
2. Windows 8 Server is philosophically different than prior editions
From an administrative perspective, Windows 8 does its work by sewing together numerous technologies, which now fit together more precisely and predictably. It can handle a wide variety of API sets, perhaps more than can the Windows 8 client.
Note in Figure 1 that traditional GUI-based management tools are still available, but PowerShell becomes increasingly more important. Scripting methods based on PowerShell command (lets) are becoming more powerful to use than the GUI. Windows Management Interface (WMI) GUIs can become cumbersome in many operations, and part of the drive behind Windows 8 is to get administrators accustomed to using scripts as scripting languages can accomplish more work.
The drill, familiar for Unix/Linux/Solaris admins, becomes editing and cutting-and-pasting information into activities. It also means that feedback based on what you just did with a PowerShell script doesn’t come as quickly to the administrator executing the script. WMI users will need to get used to that as they manage day-to-day functions, as the CLI-like scripting method executes, rather than providing a visually interactive environment.
The control issues are important, because Windows 8 Server has a heavy emphasis on flexibility and extensibility of policy control and audit compliance. Microsoft places a special emphasis on access methodology, and the authentication mechanisms behind Windows 8 from a serving perspective, towards client (and Web) access.
3. Served Data Accessibility Is Huge
Policies (human and technical) are the result of initiatives for conformance, and in Windows 8 Server the implementation of the policies are a prime directive. New file metadata within Windows 8 “Dynamic Access” constructs permit manual (actually embedded by client applications) file or content tagging, classification, and application asset identification.
In turn, IT departments can apply overarching, metadata-based policies. The policies control access to the assets. Access is audited based on the same criteria so that businesses can provide compliance and regulatory proof. The same data can then become the crux of (or fodder for) file indexing, analytics, and client access control methods.
Applications can use the user/owner tags data, policies control access (which can be audited), and Rights Management Services. Of course, Microsoft Office will be the first one compatible with this scheme. The overall concept is rich in control, has few close analogs in third party management schemes—and Microsoft is very proud of it.
Figure 2: The setup for policy controls is comparatively simple; Microsoft’s and third party applications can use it as a first-line access control method. (Credit: Microsoft)
Organizations scrambling for compliance will find this method comparatively easy to implement, even on existing SAN infrastructure. The specific requirements for Patriot Act, HIPAA, EU Privacy regulations, and other compliance and regulatory requirements remain to be seen, but the primitives are there and easy to “slide into.” It’s something also implemented in Solaris, Linux, and LDAP, but isn’t often spelled out into the form of product methodologies. Perhaps Microsoft will win this race towards verified audit and compliance.
4. Cloud for Windows 8 Means Eventual Multi-Tenancy Platform-as-a-Service
Microsoft is betting that most installations will be hybrids of on and off-premises infrastructure. The “off-prem” will likely be set, so the thinking goes, in disparate data centers, where other tenants will live. Windows 8 Server Editions are supposed to live up to the ideals of what Microsoft calls the “Highly Successful Cloud/Datacenter” with the goals of manageability at the core of isolation, reliability, performance, flexibility, extensibility, and predictability. I know this because I stole it from one of their PowerPoint slides.
The elements behind this philosophy are compelling. The virtualized instances of Windows 8 Server can be isolated from a networking standpoint so that next door neighbors can’t snack resources from a standing tenant pool. A Hyper-V virtual network switch appliance can manage bandwidth. The same virtual switch also allocates and throttles traffic, as well as performing traffic inspection for appropriateness to augment extensibility and predictability. Similarly, the switch allows for multiple tenants to highly isolate virtual networks within a data center without a physical connection through VLAN switching. Dedicated hardware isolation ostensibly becomes unnecessary—but you’ll need to convince me that the protocols are bulletproof.
5. Increased Network Security Infrastructure
You, like many, probably haven’t implemented DNSSec, DHCP scope control, and advanced IP address management. Windows 8 has these and switch fabric controls that will make a few router vendors gnash their teeth. What Microsoft has also done is to allow Windows 8 clients to “ease into” IPv6 along with the deployment of important security steps such as DNSSec.
A significant amount of the implementation belongs to using Hyper-V, and the aforementioned Hyper-V virtual networking switch. The isolation promised if the switch isn’t implemented is left to the auspices of other vendors. In the case of those using implementations of VMware or XenServer, each of those vendors has data switch partners that implement things like DNSSec, VLANs, IPv6 controls, and even IP address management.
Network designers are left up to their own devices (no pun intended) to cobble together these crucial security components. Microsoft hopes to compel and spur the sales of Hyper-V based infrastructure based on the convenience of including these components, and adding the values of file/content asset controls, to make itself a one-stop-shop. Convenience has its value, but keeping its clientele corralled can be an obsession at Microsoft.
See also:
