Windows Server 2019 Failover Clustering Types

The Microsoft Windows Server 2019 Failover Cluster is a new resource management technique that allows Virtual Machines to migrate when operational without interference with systems operations.

The cluster system can create a failover system by pooling hardware resources in a virtual system that allows for the hosting of resources, enabling availability and system resilience.

Windows Server Systems is evolving, judging by the previous releases. The Windows Server 2019 Failover Clustering system is the most powerful to date and can host highly available resources suitable for vital business operations.

The Types of Windows Server 2019 Failover Clusters

The powerful nature of the Windows Server 2019 failover ensures that it supports multiple types of vital business operations. Cluster functions are defined by what they do. Each of these clusters can ensure that the production environment is resilient and always available.

Here are the six types of Windows Server 2019 clusters.

1. Hyper-V Clustering

The Hyper-V cluster configurations run on top of Windows Failover Clusters. When working in a production environment, you need an effective and resilient system that is always available. One such feature is Hyper-V Clustering.

How Do You Create a Hyper-V Cluster?

By default, all Hyper-V clusters connect to a shared storage that allows the Virtual Machines to be on the same location that all hosts can access.

This way, sharing ownership of the various virtual machines is possible. Consequently, when one host fails, healthy hosts will assume the responsibility of the failing host.

The Hyper-V Clusters monitor all hosts, and checks when one goes down, ensuring the movement of the Virtual Machines takes place quickly to a healthy host.

You can achieve this by testing rating the Virtual Machines attached to the working hosts within a cluster. The movement of machines from a failing host to a healthy one is a key characteristic of Windows Failover Clustering.

Apart from being beneficial to various unforeseen issues, clustering also benefits maintenance of the Hyper-V host. Its configuration allows the movement of machines when running the Hyper-V Live Migration. Such safe movement enables the evacuation of workloads from a host, which enhances system maintenance.

Hyper-V Clusters allow for healthy load balancing for Virtual Machines that run on top of Hyper-V hosts, constituting the entire Hyper-V Windows Failover Cluster.

In a similar fashion, in the VMware vSphere DRM mechanism, the Hyper-V evaluates its host’s present load and decides if the workload needs to move to increase efficiency within the Hyper-V cluster configuration.

2. Scale-Out File Server

The default clustering systems for File Services technology does not have enough capacity to handle the demands of a typical enterprise.

Most companies usually demand big storage capacities that can support virtual machines in a Hyper-V Cluster configuration.

Clusters in a File Services technology may be a passive configuration without enough or reliable bandwidth, redundancy, and resiliency on the virtual hard drive files. It is at this point that you need to think of Scale-Out File Server (SOFS) configuration.

The SOFS is for hosting high-performance environments such as the Hyper-V storage. Scale-out File Server supports the needs of a Hyper-V Storage using an active-active configuration of several file servers with persistent connection between them.

If a SOFS is down, another one will pick up the workload without any form of migration or a failover mechanism. Hyper-V virtual machines will remain online even during a crisis when one of the SOFS backup file servers is down.

3. Clustering for File Services

File clusters used in Files Services Clustering technology have been in use for a long time. The original idea of clusters technology emerged from here. The idea, then, was to make resources available when a single server fails.

Clustering for File Services technology is configured to work in an active-passive configuration. Only a single server allows active user connections, such that when the active server is down, the passive server in the cluster takes over as the file server accepting end-user connections.

4. Tiered Clustering

In production environments, what matters to the users of the system and stakeholders in the business is the application.

However, to make sure there is resiliency and redundancy, system administrators use a Tiered clustering configuration that combines the Host Layer Clustering and Application Layer Clustering.

The two techniques work together to give resiliency and redundancy to Virtual Machines. Tiered Clustering allows for the creation of a robust and resilient configuration that ensures optimal uptime and availability for vital business operations.

5. Application Layer Clustering

Application Layer Clustering is utilized in an environment that requires the most uptime irrespective of any impending hardware failures.

It is known that a Hyper-V cluster in a Windows Failover configuration can restart a Virtual Machine in case one host fails. Then, it means that such services will be unavailable when the system restarts.

If the time needed for such an interruption is unacceptable, Application Layer Clustering is a good option. This form of Clustering acts as a “nested” cluster.

Such cluster configurations work by creating a Windows Failover Cluster using Virtual Machines running on hosts that operate on Physical Windows Failover Cluster hosts.

This makes the application to be available, in addition to the backing of the Hyper-V Cluster Virtual Machines provided by the Physical Hyper-V hosts.

6. Host Layer Clustering

The Host Layer Clustering describes the technology used in Hyper-V Clustering.

This cluster involves the physical Windows Server Failover hosts, which allows the cluster of two or more physical servers through the Windows Failover Clustering technology to create and avail different roles.

The most notable role in production data centers is the Hyper-V role.

Final Thoughts

From the days of the legacy Windows Server versions, clustering technology has evolved. The current Windows Server 2019 Failover Clustering types are expanding the use of applications while broadening the scope of enterprises.

Organizations’ functions should be resilient and redundant so that they can fit in today’s fast and web-centric business environment.

Windows Server 2019 Failover Clustering supports a wide range of different cluster types that can ensure businesses stay competitive and take their operations to the next level.

Windows Server 2019 Advanced Networking Features

Connecting on-premise and off-premise facilities via networks allows for the creation of an efficient ‘intelligent cloud’.

Windows Server 2019 is built with a comprehensive list of powerful networking capabilities designed to optimize performance in the intelligent cloud and edge environments.

This article discusses four of the advanced networking features in the Windows Server 2019 release.

1. Network Performance Optimization for Virtual Workloads

Previously, to prevent network processing from causing CPU overhead, high-speed network throughput incurred extra costs in baselining, complex planning, tuning, and monitoring.

Windows Server 2019 is built to allow virtual workloads to reach (and maintain) 40 Gbps peaks, lower CPU utilization, and skip redundant tuning and configuration expenses.

This is achieved by including two features that optimize the network throughput of virtual machines by lowering the operations and maintenance costs and elevating hosts’ available density without constantly tuning the host.

Here is a description of the two features:

a) Receive Segment Coalescing (RSC) min in the vSwitch

The Receive Segment Coalescing (RSC) feature integrated in Windows Server 2019 improves throughput gains and host processing of virtual workloads.

This affects all traffic running via the virtual switch counting Hyper-V compute workloads, Software Defined Networking, and some Storage Spaces Direct patterns.

Windows Server 2019 not only supports RSC in the vSwitch, it’s enabled by default!

RSC in the vSwitch unifies TCP segments from the same TCP-stream into larger, fewer packets headed for a Hyper-V Guest. Processing these fewer (coalesced) packets is easier and more efficient than in segmented packets.

Hence, RSC in the vSwitch leads to major performance leaps in Hyper-V virtual machines.

b) Dynamic Virtual Machine Multi-Queue (d.VMMQ)

Virtual Machine Queue and Virtual Machine Multi-Queue features enable the processing of traffic destined for a vmNIC by one or multiple processor cores.

Windows Server 2019 dynamically tunes hosts for optimal CPU efficiency and consistent virtual machine throughput.

D.VMMQ reduces the OPEX costs in previous Windows OS versions, as it doesn’t require any setup once a supporting driver is installed.

D.VMMQ auto-tunes current workloads, thereby maximizing throughput for all virtual machines.

2. Automatic Connection of On-premise Servers to Azure

Connecting on-premise servers and workloads to Azure resources in previous Windows versions requires Site-to-Site VPN, an Express Route, or Point-to-Site VPN connection.  These options include numerous steps and expertise in network and certificate management, as well as infrastructure setup, upgrade, and maintenance.

The Windows Admin Center in Windows Server 2019 enables one-click configuration for a point-to-site VPN connection between on-premise Windows Servers and Azure Virtual Networks.  This automates the configuration for both on-premise VPN client and the Azure Virtual Network gateway.

Here are some of the improvements:

  • Windows Admin Center: The Windows Admin Center is an ‘all-under-one-roof’ evolution of the Windows Server in-box management tools that consolidates all local and remote server management aspects. It’s a free locally deployed (default) Windows Server 2019 browser-based app for managing servers, Windows 10 PCs, clusters, and hyper-converged infrastructures.
  • Azure Network Adapter: The Azure Network Adapter allows you to set up Point-to-Site VPN connections between your Windows server and Azure. It’s a new Network extension aspect of the Windows Admin Center that enables Point-to-Site connections without a public-facing IP address or a VPN device.

3. Software-Defined Networking (SDN)

Software-Defined Networking offers great performance efficiency, but it is difficult to deploy in previous Windows versions.

Windows Server 2019 provides easy SDN deployment and management via a Windows Admin Center extension and a new user interface.

Windows Server 2019 integrates key features in the Software-Defined Data Center (SDDC) to support software-based networking functions.

This leads to the virtualization and optimization of various networking aspects like switching, load balancing, firewalling with micro-segmentation, and routing to offer better availability and performance.

Here are some improved capabilities:

  • Using Windows Admin Center for SDN management: With Windows Server 2019 Windows Admin Center, SDN has been integrated with the Hyper-Converged Cluster experience. You can easily manage SDN infrastructure and resources via a single application by adding a Network Controller to your Hyper-Converged cluster.
  • Virtual network management: After adding an SDN to your hyper-converged environment, you can then create, configure, and modify virtual networks and consecutive subnets. You can also view the VMs connected to the virtual network subnets. Later versions of the Windows Server 2019 are also set to include complete end-to-end virtual network management for the SDN extension in the Windows Admin Center.
  • SDN infrastructure management: Proper SDN management is crucial for a healthy SDN infrastructure. Individual component failures hardly affect Windows Server SDN workloads. Thus, Windows Server 2019 integrates an easy way to monitor SDN performance. The SDN Monitoring extension enables real-time monitoring of SDN services’ state and infrastructure. For instance, you can monitor the health and performance of your Virtual Gateways, Network Controller, Software Load Balancers, and hosts.  Further, the extension allows for monitoring of Virtual Gateway Pools’ consumption, Private IP Pools, and Public IP Pools.

4. Network Security Integrations

Windows Server 2019 brings a full house of network security improvements.

Here is a description of some of them:

a) Windows Defender Advanced Threat Protection (ATP)

ATP is designed with deep sensors and response mechanisms to swiftly expose memory and kernel-level attacks, then respond by terminating suspect processes and repressing malicious files.

Windows Defender ATP Exploit Guard is built with multiple powerful host-intrusion prevention components with capabilities to fend off malicious attack vectors and malware.

b) Enhancements in Software Defined Networking (SDN) security

Windows Server 2019 comes with a more robust SDN security package than Windows Server 2016. The most visible aspects are:

  • Encrypted networks
  • Egress metering
  • Virtual network peering
  • Firewall auditing

c) Shielded Virtual Machines support improvements

Windows Server 2019 provides shielded support for mixed OS environments. This not only boosts performance efficiency in the virtual machines but also keeps the physical server safe.

  • Linux support: For mixed-OS environments, Windows Server 2019 supports running of Red Hat Enterprise Linux, Ubuntu, and SUSE Linux Enterprise Server in shielded virtual machines
  • Troubleshooting virtual machine improvement: PowerShell Direct and VMConnect Enhanced Session Mode have made troubleshooting of shielded virtual machines convenient. They don’t require configuration but are automatically available when a shielded VM is linked with a Hyper-V host running Windows 2019 Server version 1803 or later.

d) HTTP/2 integration

Windows 2019 integrates with HTTP/2, which improves coalescing of connections, thereby delivering an encrypted and uninterrupted browsing experience.

The upgraded HTTP/2’s server-side cipher suite negotiation is not only easy to deploy but also provides automatic connection failure mitigation.

Summary

Advancements in automatic connection to Azure, network performance optimization for virtual workloads, Software Defined Networking (SDN), and network security optimization are only the icing on the cake.

Microsoft is determined to continue improving cloud-based connectivity to optimize performance and save on-site storage costs.

We are set to see even more releases to augment Windows 2019 advanced networking functions.

Installing and Configuring WSUS on Windows Server 2019

Learn the best practices that help System Administrators avoid settings that lead to poor performance when designing the configurations for Windows Server Update Services.

Windows Server Update Services (WSUS) supports up to 100,000 clients for every server, and the number increases to 150,000 when you use System Center Configuration Manager.

The best way to implement this feature is by using multiple servers that share the same database. The more the sharing of the servers, the safer you are; if one server goes down, your work is still safe.

The safety in numbers prevents what Admins call a “scan stormthat occurs when several clients change the WSUS servers in a scenario where the servers do not share a database.

The Service tracks server activity and alerts the other clients of the last thing that changed, and sends information on updates only.

This article covers the installation and configuration of the Windows Server Update Services on Windows Server 2019.

Different Approaches to Installing WSUS

The Service can download and store the Windows update files locally. Using servers in the network will get the updates from the WSUS servers and not from the Internet. The use of servers to manage the update process saves on bandwidth and Internet speed.

System Administrators can use the servers that update automatically as long as security files are installing from a central location. The configuration gives easy reports on the servers that need patching for a particular update.

Here are the different approaches to installing WSUS:

a) Installing Using the PowerShell

You can experience a fast and an easy way to install WSUS by running this command:

Install-WindowsFeature -Name UpdateServices, UpdateServices-WidDB, UpdateServices-Services, UpdateServices-RSAT, UpdateServices-API, UpdateServices-UI

Using the above command is the same as using Windows Internal Database (WID). With the SQL database, you must include the UpdateServices-DB option and not UpdateServices-WidDB.

b) Installing Using the GUI

WSUS is installable through the Server Manager. If you use this process, you’ll notice that it goes beyond running the PowerShell instruction above.

To start the installation using this method, you can open Server Manager and select Add roles and features.

Once the Add Roles and Feature Wizard shows, click Next.

On the Select installation type window, make sure that the Role-based or feature-based installation type is selected. Then, click Next.

On the Select destination server window, let all default settings remain as is, since the installation takes place on the server. Click Next.

On the next window for Select Server roles, scroll down and select Windows Server Update Services.

Click on the Add Features button to install new features alongside the IIS. Click Next.

The next window will show the automatically selected features from the previous step. Click Next.

On the Windows Server Update Services window, read the given advice indicating that at least one of your servers needs an Internet connection. Click Next.

If the main server can get updates from the Internet, then it is possible for the downstream servers on the Internet to get updates.

On the Role Services window that appears, click Next because you will use the Windows Internet Database (WID). If the intention is to use an SQL database, tick the SQL Server Connectivity option.

The next window is a Content local selection that gives an option of choosing where the WSUS updates will be installed.

It would make more sense if you had a secondary hard disk to keep the updates. The extra disk will save system Admins the headache of filling up the system disk with updates.

The capacity of the hard disk depends on the files chosen for the updates. You can ignore the store updates option to avoid file storage on the local drive.

This is not the recommended choice of action, unless you do not have enough storage space.

Bear in mind that no update will download unless their approval is manual or automatic.

On the Web Server Role (IIS) window, you will see a notification for using IIS 10.0. Click Next.

Select any additional roles that you want for the ISS. In this case, leave the defaults for WSUS and click Next.

On the final screen, confirm the installations by reviewing your choices and clicking the install button.

Configuration of the WSUS

Once the installation is complete, it is time to configure the updates. You need to start by opening the WSUS console from the Tools Menu in the Server Manager.

On the Complete WSUS Installation screen, select the location of the folder where you want to install the updates.

Click on the Run button and let the WSUS configuration Wizard run.

Read the information on the Windows Server Update Services Configuration Wizard and confirm if other windows machines can connect to the server (WSUS). The server can connect to the Internet for updates.

You have a choice of choosing whether you want to be part of the Microsoft Update Improvement Program.

Next, is the selection of the upstream server. If this is your first WSUS server, leave the defaults to synchronize from the updates.

If you have a separate server for updating the files, specify the location to synchronize with it as a downstream server.

You need to specify if the WSUS server should connect to the Internet through a proxy.

The next question is all about connecting to the upstream server directly from the Internet or within the network. The configuration takes some time to complete, so you have to be patient.

Choose the language that the system supports. Any additional languages mean you need more update files. You should only be worried if you are running low on disk space requirements.

On the Choose product screen, select the Microsoft Products within the network that needs WSUS update. Any updates for your selected products are stored on the WSUS server. File selection translates to more disk space.

Choose the types of updates to download. For instance, choose security and critical updates instead of all available updates.

Finally, set the synchronization schedule that will specify when WSUS checks for new updates. The system has a default setting for synchronization. System Administrators can change it to suit their preferences.

On the last screen, you have another option of checking the first synchronization that should start immediately you click the Finish button.

After the first synchronization, you can configure approvals, groups, reporting, and computers.

Conclusion

The installation and configuration of the WSUS server role in the Windows Server 2016 operating system are well covered in this article.

The installation takes place through PowerShell or Graphical User Interface (GUI). If happy with the installation, you can open the WSUS console and finish the configuration.

All the best!

Installation and Configuration of an iSCSI Target on Windows Server 2019

Internet Small Computer Systems Interface (iSCSI) is a storage networking resource that employs Internet Protocol connectivity to link up data storage facilities.

It provides block-level access to storage locations via TCP/IP network-carried SCSI commands. The iSCSI target is the network location (storage) and it appears as a local hard drive to the iSCSI initiator.

Basically, an iSCSI initiator is a client that connects to an iSCSI target.

When enabled and configured, an iSCSI Target Server turns a Windows Server OS computer into a network storage device.

Network-accessible storage is important in testing applications before installing them on a Storage Area Network (SAN).

How to install iSCSI target on Windows Server 2019

To perform this installation, you’ll need to have unrestricted administrative privileges to a computer running Windows 2019 server OS.

Step 1: Run the Server Manager on your Windows 2019 server OS

C:\Users\user\Desktop\iSCSI Target\1.jpg

Step 2: Select the ‘Add Roles and Features’ tab

You can choose to skip the ‘Before you begin’ step by checking the small square selection box at the bottom of the page.

Click ‘Next’ to continue the installation wizard.

C:\Users\user\Desktop\iSCSI Target\2.jpg

Step 3: Define the type of iSCSI target installation you want

Here, check the ‘Role-based or Feature-based installation’ button and click ‘Next’ to continue.

C:\Users\user\Desktop\iSCSI Target\3.jpg

Step 4: Select a Host for your iSCSI target’s roles and services

This may be your local server or a virtual hard drive on your server. In our case, we’ll use the local server.

Hit ‘Next’ to continue.

C:\Users\user\Desktop\iSCSI Target\4.jpg

Step 5: Select the iSCSI Server Roles

In this step, we’ll define a list of server roles to install for the iSCSI target.

Click on the “Files and Storage Services” tab to expand it.

Select “File and iSCSI Services” then check the box against “iSCSI Target Server”.

C:\Users\user\Desktop\iSCSI Target\5.jpg

Step 6: Add features for your iSCSI target

When you select “iSCSI Target Server” in the previous step, a pop-up window titled “Add features that are required for iSCSI Target Server?” will open.

Here, click on the “Add Features” tab then hit “Next”.

C:\Users\user\Desktop\iSCSI Target\6.jpg

Step 7: Select features

Check all additional features required to install the iSCSI target server and click ‘Next’.

C:\Users\user\Desktop\iSCSI Target\7.jpg

Step 8: Confirm your installation selections

Confirm that iSCSI Target Server and the other selections you have made in the steps above are listed, then select “Install”.

C:\Users\user\Desktop\iSCSI Target\8.jpg

Step 9: Complete the iSCSI target server installation

When the installation of selected roles, features, and services is complete, click “Close” to complete your installation of iSCSI Target Server.

C:\Users\user\Desktop\iSCSI Target\9.jpg

How to configure iSCSI target on Windows Server 2019

To configure our iSCSI target on Windows Server 2019, we first need to create a folder that initiators will connect to.

You may create a folder or directory in any of your preferred disk partitions.

Step 1: Run your Windows 2019 server manager and select File and Storage Services

C:\Users\user\Desktop\iSCSI Target\New folder\10.png

Step 2: Choose “iSCSI” from the expanded menu on the left of the pane

Click on the “To create an iSCSI virtual disk, start the New iSCSI Virtual Disk Wizard” link on the right of the window and a configuration wizard will pop up.

C:\Users\user\Desktop\iSCSI Target\New folder\11.png

Step 3: Specify the server and disk volume to set the iSCSI disk

In our case, we selected “Type a custom path” then browsed to the folder we created before starting the iSCSI target configuration process.

You can select the folder and hit ‘Next’.

C:\Users\user\Desktop\iSCSI Target\New folder\12.png

Step 4: Specify your virtual disc

Name and describe your virtual disk then click ‘Next’ to proceed.

C:\Users\user\Desktop\iSCSI Target\New folder\13.png

Step 5: Set the iSCSI virtual disk size

Besides determining the size of the virtual disk, choose the most suitable disc mode depending on your iSCSI targets’ needs.

Check one option from the three options and click ‘Next’ to continue.

C:\Users\user\Desktop\iSCSI Target\New folder\14.png

Step 6: Choose the iSCSI target for your virtual disc

Specify the iSCSI target you want to assign your virtual disc.

Since we’re configuring a new iSCSI target, proceed as shown below:

C:\Users\user\Desktop\iSCSI Target\New folder\15.png

Stage 7: Specify the iSCSI target name

Simply name and describe the iSCSI target and proceed with the configuration.

C:\Users\user\Desktop\iSCSI Target\New folder\16.png

Step 8: Specify access servers for this iSCSI target

To control access and maximize security, you should allow iSCSI target access to only known initiators.

Then, select the ‘Add’ tab to continue.

C:\Users\user\Desktop\iSCSI Target\New folder\17.png

Step 9: Choose a verification method for the initiators

Under ‘Type’, choose ‘IP Address’ from the drop-down menu and key in the initiator’s IP address under the ‘Value’ field, then hit ‘OK’.

C:\Users\user\Desktop\iSCSI Target\New folder\18.png

Step 10: Configure an authentication method between the initiator and your iSCSI target

Choose the ‘CHAP’ option, then set a username and password to control the initiator’s connection to the target.

Click ‘Next’ to proceed.

C:\Users\user\Desktop\iSCSI Target\New folder\19.png

Step 11: Confirm selections to finish the iSCSI target configuration

Check that all selections are as you desire, then click ‘Create’.

C:\Users\user\Desktop\iSCSI Target\New folder\20.png

Step 12: Complete the iSCSI target configuration

When all progress bars indicate ‘completed’, click ‘Close’ to wind up the configuration and exit the wizard.

C:\Users\user\Desktop\iSCSI Target\New folder\21.png

Step 13: View the new virtual disc in the Server Manager as shown below

You have successfully installed an iSCSI target Server and created a target virtual disk on Windows Server 2019.

You may now proceed to configure an iSCSI initiator on your Windows 2019 Server.

C:\Users\user\Desktop\iSCSI Target\New folder\22.png

Final Takeaway

The use of iSCSI Target on Windows 2019 Server is a welcome revolution to Storage Area Networks (SAN).

It not only amplifies the efficiency of Network-based and diskless boot performance but also accelerates the process. You can even leverage software loaders or boot-capable network adapters to deploy and use numerous diskless servers.

Opting for differentiating virtual hard disks saves around 90% of storage space consumed by OS images. Further, iSCSI target servers provide constantly available block storage for server applications.

And, if you are looking to optimize sharable server storage, Heterogeneous storage iSCSI target server is your ideal choice, as it allows interaction with even non-Microsoft iSCSI initiators.

Managing Disk Quotas on Windows Server 2019

Disk quota management provides a way of controlling the disk space available to users accessing the server and storing files.

When a user exceeds their quota, then they can no longer add additional data.

The File Server Resource Manager (FSRM) feature in Windows Server 2019 gives system administrators the ability to set the storage quota as well as determine the type of files that can be saved on the file server.

What is FSRM in Windows Server?

FSRM is a Windows Server feature which allows you to classify and save data in file servers. FSRM gives you extra control of the data on your computer.

The history of FSRM dates back to 2005 when Microsoft launched the product. It was initially used in the Windows 2003 server R3 edition. The feature provides a one-in-all solution, especially for volumes that keep increasing.

Disk quotas have been there for a long time. Without them, people could upload large volumes of data (mostly pirated videos, movies or MP3 songs) into your servers.

The large volume uploads can slow down your server and increase your operating costs. It also presents a challenge with copyright content.

Some tools, like Windows Explorer, allow you to assign quotas to volumes, but with some limitations.

Administrators can easily switch to Windows Server 2019 via the Storage Migration Service. With a myriad of useful features, Windows Server 2019 is the ultimate server for modern businesses.

You can integrate your server with existing applications and utilize every storage feature of FSRM.

The Storage Migration service identifies your old server’s data and moves it to your new server.

Whether you want to move into the cloud or latest Azure’s servers, this migration service is your best tool.

The migration server works with all servers from Windows Server 2003 to Server 2019.

It has no limitations, and will only require you to domain-link your old and new server. However, it only supports file transfers and not applications; you’ll have to manually reinstall your applications later.

FSRM Features

FSRM has the following five main features that help in accomplishing its tasks:

i. File classification structure

This disk quota feature automates all the data arranging processes. It helps administrators to access and use meaningful data.

In Windows Server 2019, the file classification structure comes with additional features for organizing server data more logically.

Examples of classification structures in Windows Servers include dynamic access control, file expiration, and file encryption. The dynamic access control policy limits users from accessing some files. Windows Server 2019 has complex file encryption techniques that protect your data from unauthorized users.

ii. File management tasks

This feature is available in most Windows Server versions. It assists the admin to apply policies or conditions on the data depending on how they are classified.

Such conditions include file properties, such as the date it was modified, file location, and last access date. The files classification can be done automatically by following the stipulated classification rules.

Alternatively, you can manually classify them by altering the file properties.

iii. Quota management

This feature enables an administrator to limit the size of folders or volumes. It is a useful feature, especially for new volumes and folders.

Besides, you can use this feature to create quota templates, which you can apply later to new folders and volumes.

iv. Storage reports

This component of FSRM is useful in identifying disk usage trends. It also helps administrators to understand how FSRM carries out data classification.

You can use the feature to monitor whether users are uploading unauthorized files.

v. File screening management

End-users may upload large gigabytes of data into your servers, resulting into a slow server with high manageability costs. You may also encounter challenges with compliance due to pirated movies and other content.

The file screening management feature helps you to tackle this problem by allowing you to regulate what end users can upload to your server.

File screening also lets you limit the extensions one can store in your shared files. For instance, you can create a file that prevents users from adding m4a. files on personal folders in the shared server system.

NB: FSRM only supports volumes with NTFS formats. It doesn’t support resilient volume types.

As we’ll demonstrate later, you can configure and manage these features that come with the File Server Resource Manager by using the FSRM app or the Windows PowerShell utility.

What you can do with FSRM

  • Create a policy that allows access to folders and files depending on their organization in the file server
  • Expire a file that has not been modified for a certain period of time
  • Create up to 200 Megabyte (MB) quota for each user and notify them when their storage usage exceeds 180MB
  • Schedule a day for reporting, such as Sundays. From the report, you can gauge the most accessed files in the previous two days before the report.
  • Prevent users from adding music to personal shared folders
  • Generate a file classification rule that categorizes files with more than ten types of information as having identifiable information.

Benefits of FSRM

1. Supports advanced quota management capabilities

Some tools, like Windows Explorer, have lesser capabilities for arranging and managing quotas. FSRM not only brings you a centralized console for managing your quotas per volume, but also per folders and per files. It has on-top notifications that you can use to effectively manage your quotas.

With FSRM quota tools, you can apply quotas on different paths in the same volume. NTFS quotas allow you to apply quotas per volume only and are less useful.

To apply a quota to different paths, you’ll need to set a quota template. Therefore, you can simply modify these quotas by updating the template. You can also create both soft and hard quotas.

2. Regulates server content

Managing quotas is not enough. You may need to keep potentially sensitive data off your servers. Piracy concerns are a major issue and require compliance from all stakeholders. Keep off pirated movies, MP3s or MP4s off your server, as having them could infringe on copyright regulations.

Copyright infringement is a serious offense and could lead to consequences like server closure. So, you need to be on the safe side by enabling the file screening capability. You can introduce file screening on a volume, folder, or file. For instance, you can stop users from saving files with .mp3 extension into C:/Personal finance.

Since the folder belongs only to finance-related files, other items like mp3 songs shouldn’t be allowed in the folder. If a user tries to save the file into the folder, the system generates an error.

The pop-up error will affect all users who want to upload such content to the server. Such users will not upload unwanted content to the site, hence improving your data management strategy. More so, you can monitor users who violate your regulations by posting unauthorized content.

To implement file screening, you will have to use file groups. Besides, you can apply file exclusions when configuring the file groups.

For example, you may want to block video files except those with .mp4 patterns. This way, users will be unable to save files unless they meet your defined pattern requirements. File exclusion is also possible with certain naming formats.

As such, users will be unable to save files unless they match your stipulated naming format.

3. Generates storage utilization reports

FSRM is probably the first tool which provides the data and statistics of volume usage. Microsoft initially perceived the tool to be used as a departmental server.

You can use FSRM to generate the following data reports:

  • File location
  • Duplicate files
  • Last modified date
  • Last access date
  • File type
  • Files and folder by property
  • Folder by property
  • Least and most recently accessed files
  • Quota usage

These properties make FSRM an effective storage resource manager.

4. Locates files easily

FSRM allows you to locate files by sorting them. You can locate files easily by using file properties or performing tasks against these files.

Furthermore, you can search your files by sorting them using the last modified, name, or creation time property. Alternatively, you can use its location or file type property to locate a file easily among many other files.

How to install FSRM step-by-step

FSRM is the best tool for managing quotas and creating file screens. The techniques for installing the tool differ with every Windows Server edition. However, the basic rules apply to Windows Server 2019.

You’ll be required to download FSRM before starting the installation.

There are two main methods for installing FSRM in Windows Server 2019:

  • PowerShell installation
  • Graphical User Interface (GUI) installation

1. PowerShell installation

To install the FSRM role feature, you can follow the steps below:

  1. Open the PowerShell utility by pressing Windows key+ R
  2. Type PowerShell and press OK
  3. In the next window that appears, type the command below and press Enter:

Install-WindowsFeature -Name FS-Resource-Manager, RSAT-FSRM-Mgmt

Entering the code will initiate the installation process for the FSRM role. You don’t have to restart your computer after the installation completes.

The FS-Resource-Manager will install FSRM while RSAT-FSRM-Mgmt will install the FSRM feature. This feature is important for accessing the GUI component, which manages FSRM. With the feature, you can easily run a server without the GUI. You’ll only be required to install the RSAT remotely; you can then access the FSRM system remotely.

2. GUI installation

In case you want to install FSRM using the GUI instead of PowerShell, you’ll use the Server Manager. With the GUI, you’ll have to perform many tasks than when using the PowerShell installation.

Here are the steps for installing FSRM using GUI.

Open Server Manager and click on ‘Add roles and Features’:

On the next Window, click ‘Next’:

On the next screen, choose the “role-based or feature-based” option:

Choose a virtual hard disk or server you want to add its roles and features. Then, click “Next”:

On the “Select server roles” page, expand the File and Storage services tab:

After checking the “File Server Resource Manager” box, click the “Next” button.

The next page will prompt you to install FSRM RSAT tools. Click “Add Features” and proceed:

Confirm the FSRM installation.

After waiting for the installation to complete, you can launch the FSRM from the server manager:

To access FSRM, Go to Tools > File Server Resource Manager:

The FSRM window will open:

Configuring quotas

As mentioned earlier, quotas put a limit on the disk space allowed on a drive or a folder. Importantly, quotas come in handy when sharing a personal drive among many users. For example, you can put a limit of 10 GB on a drive or a folder.

There are two types of quotas:

  • Quota on the path—this is a scenario where quota is applied on the main folder only
  • Auto apply template and create quota—this is where the main folder together with the sub folders are all under a defined quota. That is, if you apply a quota of 10 GB on the parent folder, each of the subfolders will have a quota of 10 GB

Creating quota templates

Before embarking on creating quotas, let’s talk about how to create quota templates or predefined templates. Here are the steps.

First, right click on Quota Templates and click on ‘Create Quota Template’ option:

Specify the quota name and the quota limit, as shown below. A hard quota implies that you cannot exceed the limit. For soft quota, you get notified when you exceed the limit.

When all is done, click ‘OK’:

If you wish to send notifications via email, click the ‘Add’ button:

Then, fill out all the necessary details, such as the threshold for getting notifications and the administrator’s email.

Then click “OK”:

How to configure FSRM

Configuring FSRM is a piece of cake that consists of three main areas:

  • Quota management
  • File screening
  • Storage reporting

1. How to create and manage quotas

In a shared server system, users can add their files to the server. To prevent overwhelming the server, the administrator can use quotas to allocate each user a storage portion.

There are two main types of quotas:

  • Soft quotas whereby users can exceed the set limit. The administrator assesses the users in a specific path and their current storage usage; and, once the soft limit is passed, the server sends a usage warning or generates event logs.
  • Hard quotas whereby a user cannot exceed the set limit. Once a user reaches the limits, they will be unable to store more data to the file path.
How to create a quota

First, go to the FSRM management interface and select “Quotas”. Then, Select the “Create Quota” option:

Next, you can create a new quota by specifying various options, such as:

  • The path for new quota—indicates the path for your new quota. Alternatively, you can apply it to existing folders and subfolders.
  • Custom quota properties—you can choose soft and hard quota limits. For a soft limit, you’ll need to enter a warning notification.

Lastly, click the Create button.

Finally, the quota will now be created, and you can see it from the console, as shown below:

2. Configuring file screening

File screening is restricting some file formats from being stored in a path. It is only possible with file names and not file contents.

FSRM comes with two categories of file screening:

  • Active screening—does not allow users to save restricted files
  • Passive screening—enables users to save restricted data but with monitoring
How to configure file screening template

If you want to create a file screening template, right click on the File Screen Template option:

In the pull-down menu, click on “Create File Screen Template”. Then, fill all the required details in the Template Window:

3. Generating reports

FSRM allows you to generate various reports that assist with your file server management tasks. You can schedule these reports over a certain period to monitor disk usage trends.

The reports can help you to monitor a user or groups of users who may attempt to store unauthorized files on your server. The FSRM tool allows you to generate such reports instantly.

To access your reports, you can open the file report tasks. Click “generate report” and press “OK”. The system will generate a DHTML report and prompt you to open it.

Conclusion

Those are the everyday tasks you can perform with the File Server Resource Manager 2019. You can also perform complex tasks such as File Server Classification.

Do you have any comments or questions?

Please post them below.

Report the NTFS Permissions of Folders and Shares – fast and simple to use!

Protect yourself and your clients against security leaks and get your free trial of the easiest and fastest NTFS Permission Reporter now!

Windows Server Core vs. Graphical User Interface (GUI) Debate

Windows servers in most environments allow for two forms of installation: the Server Core and the Desktop Experience, also known as the Graphical User Interface (GUI).

The main difference between the two installation options is that the Server Core does not have the GUI shell packages; the Server Core is simply the Windows Server Shell Package.

The PowerShell approach implies that there may be a simple way of switching between the two forms of installation, if all are available in a single Server installation.

Some IT professionals argue that the introduction of the Windows Admin Centre is a move in the right direction and it is a step closer to boosting the mass adoption of the Server Core.

However, this does not free the IT administrators from encountering more challenges.

Are We Ready for the Server Core to Take centre stage?

Windows Server Admins who are not sure where to place their feet in the Server Core vs. GUI debate should consider new positions. Microsoft has come up with new ways of running Windows Server in lightweight mode.

Microsoft, in an attempt to move towards the Server Core, still leaves some Administrators comfortable with the use of the full Windows Server installation because it gives access to the easy-to-use point-and-click GUI menus and tools.

Theoretically, managing many servers with a single or few lines of PowerShell sounds impressive until there is a lot of workload and pressure pile up. Even experienced IT administrators will run to what they have been using ever since—the GUI.

It is this lack of configuration options and the less capability of the shell programs that keep Server Administrators away from installing or using Server Core as a preferred line of defense when working on network issues.

The release of Windows Admin Centre came in at the same time when Windows Server 2019 Long Term Servicing Channel release hit the market. The development of this new tool came from customer feedback: to lower the hindrances to Server Core deployment.

The Windows Server 2019 made a debut with the Server Core App Compatibility Feature on Demand to increase the functionalities that some apps need to run.

During this time, Microsoft added support for Server Core as a deployment option for Exchange Server 2019.

What are the Effects of These Changes on the Server Core vs. GUI Debate?

For administrators who are still in doubt, Server Core is capable of handling infrastructure roles such as Active Directory Domain Controllers and Domain Name System Servers.

In the next session, we’re going to feature a seasoned IT director at the Canadian Museum for Human Rights in an interview that highlights some Server Core advantages and disadvantages.

He is also going to talk about why he thinks containers might tip the balance towards the Server Core in some organisations.

  • What deployment method do you use?

The Server Core 2016 is the base system that we use to implement three clusters that run Windows Server 2019 right now. The 2019 version is still new in the market, and the department decided to use GUI as the last emergency option in a crisis. Within six months to a year, we will phase out nodes running 2019 with GUI to 2019 Server Core.

  • Why did your organisation decide to use Server Core?

The advantage is dealing with smaller footprints for patches and resources. Server Core does not demand as many resources to run, but you can get more by running it.

There are fewer incidences of security attacks on the Server Core, and that is something we needed to consider.

  • Why is Microsoft pushing Server Core when administrators prefer to use GUI, do you have any challenges using Server Core?

Server Core will make an Administrator’s life easier. Windows Admin Centre happens to be better than the Remote Server Administration Tools (RSAT). RSAT gave a single panel for server management.

However, we are still to get a complete toolset. As it is, we may get into GUI for one or two reasons. Microsoft needs to be creative on that aspect and make Server Core a reality for all Administrators.

We are using Server Core 2016 and using GUI as necessary, but with some management challenges, though we take it as a learning curve.

Windows Admin Centre is an excellent place to start but still far from being the perfect replacement Microsoft was hoping would happen. Some of the Admin tools are not coming up as fast as I would like, meaning we are still using GUI more than our liking.

When you are in a production server environment that needs quick troubleshooting, you will struggle with the PowerShell tools or remote management tools like the Windows Admin Centre, but your managers may not give you enough time to solve the problem, so you end up going back to the GUI approach. Using PowerShell in such an environment offers no comfort zone.

The IT community is trying to adapt to the methodology of not relying on GUI to manage the Server. You can either use the GUI tool like the Windows Admin Centre from a management machine or use a remote PowerShell session. Consequently, PowerShell is a steep learning curve.

  • Is Server Core easier to manage with patches and security?

Yes, with the new patches, you will see Windows Server with GUI ending up being like 15 patches and 2 for Server Core. It is easy to find patches on other applications than it is to find consistency in patch releases for the Server Core.

  • Which applications did you use with Server Core that never worked? What are the functions that require PowerShell skills, even when using the Windows Admin Centre?

When we sought proposals for the purchase of the ticketing system, our specification was Server Core; unfortunately, they could not support it.

The Windows Admin Centre still does not support many features, even though they have come a long way, and they add new features in every release.

For instance, there are some things in Failover Cluster Manager that you need to do on the console using GUI. Reason being the feature is absent. This has increasingly necessitated System Administrators to keep pushing Microsoft to develop all tools in Windows Admin Centre and then offer support for the GUI.

  • Do you think Server Core is ready for the market?

The answer differs from one organisation to another; our organisation is not so huge, but we made a lot of progress on the learning curve. We managed to install Server Core as production servers on the new 2019 clusters within a year. Whereas embracing Server Core could be more fulfilling in the long term, most organisations are slow in taking on the new technology.

The biggest challenge to Server Core mass adoption is due to the players in the industry fear of taking risks, or they are not as fast as Microsoft would want them to be. The majority of the workforce does not have the day-to-day experience needed to set up and run the Server Core.

Most IT practitioners who take on Server Core installation and Administration tasks are those working in smaller organisations. A large organisation will always look ready and aggressive to take on new technology, but making the first step is the biggest challenge.

That explains why it is important to encourage people to try out the beta program as much as possible. In our case, we have a corporate plan of testing production workloads in a beta environment. Very few places have a testing environment, which is everything needed for the Windows Server Core to be in the mainstream.

  • Do you think containers might tip the balance towards the Server Core in some organisations?

Another thing that will force people to embrace Server Core is the use of containerisation. A container does not give room for GUI. Therefore, Windows Server for containers seems to be the likely place where Server Core is expected to flourish.

Server Core is the middle step between full-blown physical servers and virtual server containers. The Server Core App Compatibility Feature on Demand is bringing in the ability to include features without the need of installing them.

For example, if you need a .NET framework for any application, you will not install the entire .NET framework, as it will bring up the server in a container only for the features you need.

Do you know who has access to your data on Windows Servers?
Are you able to easily analyze NTFS permissions of your data?

Protect yourself and your clients against security leaks and get your free trial of the easiest and fastest NTFS Permission Reporter now!



New Features and Enhancements in Windows Server 2019

If you haven’t tried Windows Server 2019, it’s time you do so.

Windows Server 2019 is ideally a Windows Server 2016 improvement that comes with a ton of nifty and useful features.

Microsoft is touting Server 2019 as its Long-Term Service Channel (LTSC), which has a myriad of new features, including releases from the Semi-Annual (SAL) channel.

Generally, there are four main categories of innovative new features:

  • Application platform
  • Hybrid cloud
  • Security
  • Hyper-converged infrastructure

Let’s talk about the new features, including some general improvements.

1. General improvements

  • Desktop experience

Server 2019, as an LTSC release, features a new desktop experience. By design, the Semi-Annual releases have no desktop experience; for example, server 2016 comes only as a Nano server or server core. However, Windows Server 2019 provides users with an option of server core or server with desktop installations.

  • Windows admin center

Windows admin center is a ready-to-deploy and browser-based app used for managing servers and clusters. You can install the app for free in Windows Server 2019 and use it to manage your servers and clusters. Windows admin center also works in Windows 10, as well as earlier versions of Windows.

  • System insights

System insights is a predictive analytics feature in Windows Server 2019 that analyzes past usage trends and use them as a basis for predicting future consumptions.

The predictive analytics employs modern AI techniques like machine learning to analyze server system data. It uses the data to suggest ways to improve your server and solve issues with server deployment.

2. Application platform enhancements

  • Linux containers in Windows—Windows Server 2019 allows you to run Windows and Linux-based containers in one container host; all this is possible with one Docker Daemon. This improvement gives developers flexible choices.
  • Support for Kubernetes—Server 2019 features improvements to Kubernetes in Windows. For example, container networking improves the usability of the feature in Windows. Furthermore, the deployed network loads feature uses embedded tooling to protect the network security of Windows and Linux.
  • Container improvements—Windows Server 2019 has a new container improvement, which makes it more reliable. These improvements ensure higher integrated identity, better application compatibility, reduced size, and higher performance.

3. Hybrid cloud

Windows Server 2019 has incorporated hybrid capabilities to the Windows admin center.

Microsoft is also making moves to integrate their Azure cloud platform with Server 2019 to enhance the integration of hybrid environments.

The feature on demand (FOD) is a server app compatibility feature for the Server 2019 release.

It enhances the compatibility of the server core installation option by including a set of binaries and components from the Windows Server desktop experience.

FOD does not include the graphical interface of the server, which makes the server core leaner.

The FSO feature is optional in ISO. It can be added to the Windows server core installation by using the Deployment Image Servicing and Management Tool (DISM).

4. Security

With costly data breaches in interconnected networks, Microsoft is taking no chances at enhancing server security.

Security is essential for the top-notch operations of any system-grade technological company.

With regards to device security, Microsoft is applying a 3-pronged approach of “protect, detect, and respond” to Server 2019.

Here are some of the top security features in Server 2019:

  • Windows Defender Advanced Threat Protection (ATP)

ATP has deep sensors for performing server searches for malicious files. The advanced protection features can expose and suppress malicious files and operations in memory and kernel, which in turn prevents the attack of the two key server components.

  • Windows Defender Exploit Guard

Exploit Guard refers to a set of host intrusion prevention capabilities. The four components that comes with Windows Defender Exploit Guard locks down the device from malware attacks, enabling you to balance between server productivity and security.

These four components are:

i. Network Protection—The Network Protection component uses the Windows Defender Smart screen to protect the endpoint from web-based threats. It achieves this by blocking the device interaction with untrusted hosts or IP addresses.

ii. Attack Surface Reduction—It’s a set of controls that prevents malicious files from getting into a machine.

iii. Exploit Protection—Exploit Protection is a feature for assessing machine vulnerabilities. It replaces EMET, allowing you to make configurations that suit your system and applications.

iv. Controlled Folder Access—It’s a feature which protects sensitive data in folders. It blocks ransomware from accessing the protected files by terminating any untrusted processes from reaching the protected folders.

The Windows Defender Control feature is available on Server 2016 and onwards. However, many users complained of challenges in deploying the feature.

Therefore, Windows Server 2019 comes with default CI policies, which allow Microsoft programs and box files to access the CI. The feature also blocks untrusted applications that can bypass CI.

  • Linux shielded VMS

Shielded VMS has been a popular feature in Windows Server 2016, but only with Windows as the guest-host system. They protect virtual machines from the users of a host server, including those with local administrator privileges.

Shielded VMS prevent rogue admins or users accessing virtual hard disks and VMS from instant migration or running shutdown and restart commands.

Windows Server 2019 now makes it possible to run VMS with Linux as a guest operating system.

5. Hyper-converged infrastructure

Hyper-converged infrastructure (HCI) is one of the most popular keywords in the IT sector now. Top tech brands like Hewlett Packard, Dell, and Huawei are increasingly adopting HCI in their products.

Microsoft is taking notice and it’s focusing on software-defined programs to improve its HCI ratings.

Microsoft has improved HCI in its Server 2019. The company has built Azure on a Windows Server, which connects to local storage via Ethernet and software-defined computing with networking.

The use of cheap components is in contrast to Microsoft’s previous policy of using expensive SANs for its data centers.

Microsoft has also been supporting Azure Stack and Windows-Server Defined Solutions (WSSD) for quite a long time.

While the Azure Stack and WSSD were primarily present from Server 2016, the Server 2019 versions come with improvements for enhancing its management and performance.

Conclusion

Windows Server 2019 comes with a myriad of new features, with some of them set to be released during Semi-Annual releases.

These improvements will boost manageability and reliability of its services.

 You need to make the shift to Windows Server 2019 today!

 

Protect yourself! Discover all security holes in the folder hierarchy on your Windows fileservers!

Get your free trial of the easiest and fastest NTFS Permission Reporter now!

Windows Server Deduplication: An Essential Introduction

Deduplication is one of the useful features of Windows Server since the launch of the 2008 R2 version.

It is a native feature added through the server manager that gives system administrators enough time to plan server storage and network volume management.

Most Server administrators rarely talk about this feature until it is time to address the organization’s storage crunch.

Data deduplication works by identifying similar data blocks and saving a copy as the central source, thus  reducing the spread of data all over the storage areas. Deduplication takes place on a file or block level, giving you more space in the server.

Special hardware components, which are relatively expensive, are required to explore the block level deduplication. The reason behind extra hardware is the complex processing requirements involved.

The file level deduplication is not complicated and, thus, does not require the additional hardware. As such, in most cases, administrators implementing deduplication prefer the file approach.

When to Apply Windows Server Deduplication

Since Windows Server file deduplication works on the file level, its operations work on a higher level than a block level, as it tries to match chunks of data.

File deduplication is an operating system level, meaning that you can enable this feature within a virtual guest in a hypervisors environment.

Growth in industries is also driving the demand for deduplication, although storage hardware components are becoming bigger and affordable.

Deduplication is all about fulfilling this growing demand.

Why is Deduplication Feature Found on Servers?

Severs are central to any organization’s data, as users store their information on repositories. Not all users embrace new technology on how to handle their work, while others feel safe making multiple copies of the same work.

Since most Server administrators do the work of  managing and backing up users’ data, using the Windows deduplication feature greatly enhances their productivity.

Data deduplication in a straightforward feature and will take a few minutes to make it active.

Deduplication is one of the server roles found on Windows Servers, and you do not need a restart for it to work.

However, it is safe to do so to make sure the entire process is configured correctly.

Preparing for Windows Server Duplication

  • Click on start
  • Click on the run command window
  • Enter the following command and press enter (this command runs against selected volume to analyze potential space for storage): DDEval.exe
  • Right click on the volume in Server Manager to activate data deduplication

The following wizard will guide you through the deduplication process depending on the type of server in place. (Choose a VDI or Hyper-V configuration or File Server)

Set up The Timing for Deduplication

Deduplication should run on scheduled time to reduce the strain on existing resources. You should not aim to save storage space at the expense of overworking the server.

The timing should be set when there is little strain on the server to allow for quick and effective deduplication.

Deduplication is a task that requires more CPU time because of the numerous activities and processes taken by each job.

Other deduplication demands include optimization, integrity scheduling, and garbage collection. All these deduplication activities should be running at peak hours unless the server has enough resources to withstand system slowdowns.

The capacity that deduplication reclaims varies depending on server use and storage available.

General files, ISOs, office applications files, and virtual disks usually consume much of the storage allocations.

Benefits of Windows Server Deduplication

Windows Server deduplication brings several benefits to an organization, including the following:

  • Reduced storage allocation

Deduplication can reduce storage space for files and backups. Therefore, an enterprise can get more storage space, reducing the annual cost of storage hardware. With enough storage, there is a lot of efficiency and speed, which eliminates the need for installing backup tapes.

  • Efficient volume replication

Deduplication ensures that only unique data is written to the disk, which reduces network traffic.

  • Increasing network bandwidth

If deduplication is configured to run at the source, then there is no need to transfer files over the network.

  • Cost-effective solution

Since power consumption is reduced, there is less space required for extra storage of both local and remote locations. The organization buys and spends less on storage maintenance, thus reducing the overall storage costs.

  • Fast file recovery process

Deduplication ensures faster file recoveries and restorations without straining the day’s business activities.

Features of Deduplication

1. Transparency and Ease of Use

Installation is straightforward on the target volume(s). Running applications and users will not know when deduplication is taking place.

The file system works well with NTFS file requirements. However, files using the encryption mode, Encrypted File System (EFS), files that have a capacity smaller than 32KB, or those with Extended Attributes (EAs), cannot be processed during deduplication.

In such cases, file interaction takes place through NTFS, and not deduplication. A file with an alternative data stream will only have its primary data stream deduplicated, as the alternative will be left on the disk.

2. Works on Primary Data

This feature, once installed on the primary data volumes, will operate without interfering with the server’s primary objective.

This feature will ignore hot data (active files at the time of deduplication) until it reaches a given number of days. The skipping of such files maintains consistency of the active files and shortens the deduplication time.

This feature uses the following approach when processing special files:

  • Post procession: when new files are created, the files go directly to the NTFS volume where they are evaluated on a regular schedule. The background processing confirms file eligibility for deduplication, every hour, by default. The scheduling for confirmation time is flexible
  • File age: a setting on the deduplication feature called MinimumFileAgeDays controls how long a file should stay on the queue before it is processed. The default number of days is 5. The administrator can configure it to 0 to process all files.
  • Type of file and location exclusions: you can instruct the deduplication feature not to process specific file types. You can choose to ignore CAB files, which do not help the process in any way as well as any other file type that requires a lot of compression space such as PNG files. There is an option of directing the feature not to process a particular folder.

3. Portability

Any volume that is under deduplication runs as an automatic unit. The volume can be backed up and moved to a different location.

Moving it to another server means that anything that was in that file is accessible on its new site.

The only thing that you need to change is schedule timings because the native task scheduler controls the scheduler.

If the new server location does not have a running deduplication feature, you can only access the files that have not been deduplicated.

4. Minimal Use of Resources

The default operations of the deduplication feature use minimal resources on the primary server.

In case the process is active, and there is a shortage of resources, deduplication will surrender the resources to the active process and resumes when enough is available.

Here’s how storage resources are utilized:

  • The hash index storage method uses low resources and reduces read/write operations to scale large datasets and deliver high edit/search performance. The index footprint left behind is excessively low and uses a temporary partition.
  • Deduplication verifies the amount of space before it executes. If no storage space is available, it will keep trying at regular intervals. You can schedule and run any deduplication tasks during off-peak hours or during idle time.

5. Sub-file Segmentation

The process segments files into different sizes, such as between 32 to 128 KB using an innovative algorithm developed by Microsoft and other researchers.

The segmentation splits each file into a sequence depending on its content. A Rabin fingerprint, which is a system based on the sliding Window hash, helps to identify the chunk boundaries.

The average size of every segment is 64KB and it is compressed and placed into a chunk store that is hidden in a folder located at the System Volume Information (SVI) folder.

A reparse point, which is a pointer to the map of all data streams, helps in replacing the normal files when requested.

6.BranchCache

Another feature you can get from deduplication is that sub-file segmentation and indexing engine is shared with BranchCache feature.

This sharing is important because when a Windows Server is running and all the data segments are already indexed, they can be quickly sent over the network as needed, consequently saving a lot of network traffic within the office or the branch.

How Does Deduplication Affect Data Access?

The fragmentations created by deduplication are stored on the disk as file segments that are spread all over, increasing the seek time.

Upon the processing of each file, the filter driver will work overtime to maintain the sequence by keeping the segments together in a random fashion.

Deduplication keeps a file cache to avoid repeating file segments, helping in their quick access. In case multiple users access the same resource simultaneously, that access pattern enables speeding up of the deduplication for each user.

Here are some important points to note:

  • No much difference is noted when opening an Office document; users cannot tell whether the feature is running or not
  • When copying one bulky file, deduplication will send end-to-end copy that is likely to be 1.5 times faster than it would take a non-deduplicated file.
  • During the transfer of multiple bulky files simultaneously, cache helps to transfer the file 30% times faster
  • When the file-server load simulator (File Server Capacity Tool) is used to test multiple file access scenarios, a reduction of about 10% in the number of users supported will be noticed.
  • Data optimization increases between 20-35 MB/Sec per job that easily translates to 100GB/hour for a single 2TB volume running on one core CPU with a 1GB RAM. This is an indicator that multiple volumes can be processed if additional CPU, disk resources, and memory allocations are available.

Reliability and Risk Preparedness

Even when you configure the server environment using RAID, there is still the risk of data corruption and loss attributed to disk malfunctioning, control errors, and firmware bugs.

Other environmental risks to stored data include radiation or disk vibrations.

Deduplication raises the risk of disk corruption, especially when one file segment referring to thousands of other files is located in a bad sector.

Such a scenario gives a possibility of losing thousands of users’ data.

Backups

Using the Windows Server Backup tool runs a selective file restore API to enable backup applications to pull files out of the optimized backup.

Detect and Report

When a deduplication filter comes across a corrupted file or section of the disk, a quick checksum validation will be done on data and metadata.

This validation helps to recognize any data corruption during file access, hence reducing accumulated failures.

Redundancy

An extra copy of critical data is created, and any file segment with more than 100 references is collected as most popular chunks.

Repair

Once the deduplication process is active, scanning and fixing of errors becomes a continuous process.

Inspection of the deduplication process and host volumes takes place on a regular basis to scrub any logged errors and fix them from alternative copies.

An optional deep scrubber will walk through the whole data set by identifying errors and fixing them, if possible.

When the disk configurations are set to mirror each other, deduplication will look for a better copy on the other side and use it as a replacement.

If there are no other alternatives, data will be recovered from an existing backup.

Verdict on Deduplication

Some of the features described above does not work in all Window Server 2012 editions and may be subject to limitations.

Deduplication was built for volumes that support the NTFS data structure.

Therefore, it cannot be used with Cluster Shared Volumes (CSV).

Also, Live Virtual Machines (VMs) and active SQL databases are not supported by deduplication.

Deduplication Data Evaluation Tool

To get a better understanding of the deduplication environment, Microsoft created a portable evaluation tool that installs into the \Windows\System32\ directory.

The tool can be tested on Windows 7 and later Windows operating systems.

It is installed through the DDPEval.exe and supports local drives, mapped, unmapped, and remote shares.

If you are using Windows NAS or an EMC /NetApp NAS, you can test it on a remote share.

Conclusion

The Windows Server native deduplication feature is now becoming a popular feature.

It mirrors the needs of a typical server administrator working in production deployments.

However, planning for deduplication before implementation is necessary because of the various  situations in which its use may not be applicable.

Upgrade and Conversion Options for Windows Server 2016 / 2019

It is always a good idea to start a new Windows Server 2016 / 2019 installation on a new slate. However, in some instances, you may be working on a site that will force you to upgrade from the current installation to the latest version.

The routines described here apply to the server versions of Windows 2016 and 2019. This article describes moving to Windows Server 2016 / 2019 from different lower server platforms.

The path to the new Operating System (OS) depends on the current system and configurations that you are running.

That being the case, the following terms define activities you are likely to encounter when deploying the 2016 Server.

Installation

The simplest way of installing a new OS to work on your hardware, and get a clean installation, demands that you delete the previous Operating System.

Migration

To move system settings to the new Windows Server using a virtual machine is what we call migration. The process also varies depending on the roles and system configurations already running.

Cluster OS Rolling Upgrade

This feature is new in Windows Server 2016, and its role is to make sure the Administrator can upgrade the Operating System of all nodes running Windows Server 2012 R2 to Windows Server 2016, without interfering with the Hyper-V or Scale-Out File Server workloads.

The feature also helps in reducing downtime, which may affect Service Level Agreements.

License Conversion

Some Operating Systems use releases that allow the conversion of one edition to another without so much struggling.

What you need is a simple command issued alongside a license key, and you end doing the license conversion.

Upgrade

When you want to use the latest software that comes with the newer versions, then you have to do an upgrade.

In-place upgrades mean using the same hardware for installing the new Operating System. For example, you can upgrade from evaluation to retail version or from a volume license to an ordinary retail edition.

NOTE 1: An upgrade will work well in virtual machines if you do not need specific OEM hardware drivers.

NOTE 2: Following the Windows Server 2016 release, you can only perform an upgrade on a version installed using the Desktop Experience (not a server core option).

NOTE 3: If you use NIC teaming, disable it before you perform an upgrade; and when the upgrade is complete, re-enable it.

Upgrade Retail Versions of Windows Server to Windows Server 2016 / 2019

Note the following general principles:

  • Upgrading a 32-bit to 64-bit architectures is not possible. Note that all Windows Server 2016 versions are only available in 64-bit.
  • You cannot upgrade from one language to another.
  • If you are running a domain controller, make sure you can handle the task, or read the following article: Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012.
  • You cannot upgrade from a preview version.
  • You cannot switch from Server Core installation to a Server with a Desktop installation.
  • You cannot upgrade from a Previous Windows Server installation to an evaluation copy of Windows Server.

You can read from the table below that shows a summary of Windows Operating Systems available for upgrade. If you are unable to upgrade your current Windows version, then upgrading to Windows Server 2016 is impossible

Current Windows Edition Possible Upgrade Edition
  • Windows Server 2012 Standard
  • Windows Server 2016 Standard or Datacenter
  • Windows Server 2012 Datacenter
  • Windows Server 2016 Datacenter
  • Windows Server 2012 R2 Standard
  • Windows Server 2016 Standard or Datacenter
  • Windows Server 2012 R2 Datacenter
  • Windows Server 2016 Datacenter
  • Windows Server 2012 R2 Essentials
  • Windows Server 2016 Essentials
  • Windows Storage Server 2012 Standard
  • Windows Storage Server 2016 Standard
  • Windows Storage Server 2012 Workgroup
  • Windows Storage Server 2016 Workgroup
  • Windows Storage Server 2012 R2 Standard
  • Windows Storage Server 2016 Standard
  • Windows Storage Server 2012 R2 Workgroup
  • Windows Storage Server 2016 Workgroup

Per-Server-Role Considerations for Upgrading

It’s important to consider server roles before performing an upgrade.

For example, some server roles are part of the newer Windows versions and may only need additional preparation or actions to get the desired intent.

Converting Current Evaluation Version to Current Retail Version

It is possible to convert the trial version of Windows Server 2016 Standard to a Data 2016 Standard Server or a Datacenter version. The two conversions can be retail versions. You can also convert Windows Server 2016 Datacenter to the retail version.

Before making any conversion attempts to the retail version, ensure that your server is running an evaluation version; you can confirm this by following these steps:

  • From the administrator’s command prompt, run
slmgr.vbs /dlv;
  • The evaluation versions will include “EVAL” as the output
  • Open the control panel
  • Then click on System and Security
  • Click on System
  • View the activation status found on the activation area of the System page
  • Click view details, and you will see more information on your Windows Status
  • If your Windows is activated, you will see information showing the remaining time for the evaluation period.

If you are running a retail version, you will see the “Upgrading previous retail versions of Windows Server 2016” message prompting you to upgrade to Windows Server 2016.

In Windows Server 2016 Essentials, the conversion to retail version is possible if you have a retail volume license or OEM key in the command slmgr.vbs

In case you are running an evaluation version of Windows Server 2016 Standard or Windows Server 2016 Datacenter, the following conversions can help you:

  • If the server is a domain controller, it cannot change to the retail version. First, install another domain controller on a server that runs a retail version and remove the AD DS from the domain controller that has the evaluation version.
  • Read the license terms
  • From the administrator’s command prompt, enter this command to get the current edition:
DISM /online /Get-CurrentEdition

Note the edition ID, the abbreviation form of the edition name, and then run the following command:

DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula

Once you get the ID and product key, the server should restart twice.

You can convert the evaluation version of Windows Server 2016 Standard to the retail version of Windows Server 2016 Datacenter using the same command and product key.

Converting Current Retail Edition to a Different Current Retail Edition

After successful installation of Windows Server 2016, you can run setup to repair the installation using a process called “repair in place” that converts it to a different edition.

In case of Windows Server 2016 Standard, you can convert the system to Windows Server 2016 Datacenter by:

  • From the administrator’s command prompt, use the following command to determine the existing edition:
DISM /online /Get-CurrentEdition
  • Run this command to get the ID of the edition you want to upgrade to:
DISM /online /Get-TargetEditions
  • Note the ID edition, the name of the edition, and then run this command:
DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula
  • Once you get the ID and product key, the server should restart twice.

Converting Current Retail Version to Current Volume Licensed Version

Once you have Windows Server 2016 running, you can convert it to a retail version, an OEM version, or a volume-licensed version. The edition will not change.

If the starting point was an evaluation version, change it to retail version and then do as follows:

  • From the administrator’s command, run this command:
slmgr /ipk <key>
  • Insert the appropriate volume license, OEM or retail key instead of <key>

Conclusion

Upgrading Windows Server is a complicated process; therefore, Microsoft suggests that you migrate all roles and settings to Windows Server 2016 to avoid costly mistakes.

An Introduction to Windows Server 2019 Windows Defender Advanced Threat Protection

Security is one of the biggest investments that Microsoft has made to its latest Windows Servers releases.

Notably, the Windows Server 2019 biggest security feature is the support for Windows Defender Advanced Threat Protection (ATP).

ATP is a technology that Microsoft provides for preventive protection of users’ devices. It conducts  automated security investigations and responds accordingly.

The ATP is a unified platform that offers a preventive and automated response.

This support feature was only available for Windows 10 devices; and now, it can be accessed on the WS2019 platform, as well as other latest Server versions.

How Windows Defender Advanced Threat Protection Provides Security

Here are some methods that ATP uses to maximize the security of the Windows Server 2019.

1. Robust Cloud Control Services

This security platform offers a complete solution through cloud control with no additional deployments or infrastructural requirements.

There are no delay experiences, and the system will always remain up to date, without bringing any  complications related to incompatibility.

The platform offers intelligent protection and response measures. It plays a pivotal role in actively protecting cyber threats, detecting potential data breaches, automating security incidents, and improving the security environment.

Here are some tasks that the Windows Server ATP cloud control services do to enhance security.

  • Reduces the total surface area of attack by eliminating all available loopholes and pathways that hackers can utilize.
  • The Intelligent Security Graph (ISG) gives all the resources needed for offering protection against the most advanced ransomware and other forms of attacks.
  • Endpoint detection and response helps to monitor behaviors by using machine learning and security analytics that stop possible threats.
  • Performs automatic investigations and resolutions that give specific course of actions for diffusing complex threats in minutes.
  • Provides real-time visibility into how the system security performs. By assessing the risks, you get the best recommendation to increase resilience.
  • Implements flexible queries between endpoints and gives historical data for building and enabling custom detection.

2. Automated Security Measures

The automated security measures increase the security of your platform by performing several background checks and delivering notifications without human intervention.

This pre-breach protection feature works through the following ways:

  • Protects the network by scanning the connected devices automatically.
  • Blocks all unpatched security risks such as zero-day vulnerabilities.
  • All files and devices with no clear reputation are blocked from accessing the network.
  • Devices are protected when web-based threats and hardware are isolated.
  • The malware defense strategies of all applications running on the system are updated frequenlty to avoid a possible breach.
  • The dynamism of the cloud unattended approach defends the machine against known and unknown malware threats.
  • Behavioral monitoring blocks malicious and suspicious activities using advanced runtime analysis

3. Innovative Endpoint Detection and Response (EDR)

The Innovative EDR feature ensures that your system is protected using any or all of the following approaches:

  • Using advanced behavioral analytics and machine learning technologies to detect unseen security threats, spot attacks, and discover zero-day vulnerabilities.
  • Investigating security evidences across endpoints and uncovering the magnitude of security breaches via the security center.
  • Using six months of historical data to carry out interactions and search for possible exploits. Data collection is done in seconds, saving a lot of time in tracking and resolving errors.
  • Using customized Indicators of Compromise (IOC) to get alerts on the specific threats.
  • Performing deep inspection of suspicious files and preparing a full analysis within minutes.

4. Clear Visuals of Security Threats

This built-in feature in Windows enables the exchange of signals to take place between each application and the Microsoft Intelligent Security Graph, providing enhanced visibility to security threats.

5. Synchronization of Defense Needs

Whenever Microsoft 365 shares your detection and exploration controls across the network, it ensures that all your defense needs are managed from a central location.

Synchronization speeds up the response and recovery time.

Moving from Windows Server 2019 to Windows Server Defender Advanced Threat Protection

If your current setup is using ATP, you can preview some of its features by installing the build preview of the Windows Server, and test it on the Windows Defender ATP.

You can follow the following procedure to onboard your machine:

  1. Go to the Windows Defender Security Center
  2. Click on settings
  3. Here, you will have an option of selecting the Operating System that you will use for the onboarding process. After selecting your preferred option, you will receive a confirmation to that effect.
  4. You can leave the chosen deployment method as the default one, which enables the machine to run the onboarding scripts locally. Note that every deployment can run on a limited number of computers.
  5. Download the Package by clicking on the link shown on the wizard
  6. Run a detection test (this will test all the deployed machines as earlier indicated).
  7. Once the verification process is completed, you will see a confirmation message.

The verification that a particular machine has been properly onboarded and responds to the new service is done by running a detection script, as described below:

  1. Open the command prompt window
  2. At the command prompt, apply the command below:
powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\test-WDATP-test\invoice.exe');Start-Process 'C:\test-WDATP-test\invoice.exe'

3. Once the script executes, the command window  closes automatically

A successful execution marks the test as complete, which triggers a confirmation message that is sent in a few minutes.

An Overview of the Windows Defender ATP for Windows Server 2019

The use of ATP on the Windows Server 2019 is straightforward. After the onboarding process, you will see new alerts and recommendations on the dashboard.

To keep the alerts active, you can create a test alert after onboarding. The test alert also helps to monitor the connections at any given time.

There are several filters, actions, and events in the Windows Defender Security Center, which you can use to make the most of your server security settings.

Conclusion

With the introduction of the Windows Server 2019 Windows Defender ATP, users have a single solution that protects, detects, and responds to advanced threats.

Microsoft Server 2019 takes customer security seriously and prioritizes every effort to prevent unauthorized penetration.