Managing Disk Quotas on Windows Server 2019

Disk quota management provides a way of controlling the disk space available to users accessing the server and storing files.

When a user exceeds their quota, then they can no longer add additional data.

The File Server Resource Manager (FSRM) feature in Windows Server 2019 gives system administrators the ability to set the storage quota as well as determine the type of files that can be saved on the file server.

What is FSRM in Windows Server?

FSRM is a Windows Server feature which allows you to classify and save data in file servers. FSRM gives you extra control of the data on your computer.

The history of FSRM dates back to 2005 when Microsoft launched the product. It was initially used in the Windows 2003 server R3 edition. The feature provides a one-in-all solution, especially for volumes that keep increasing.

Disk quotas have been there for a long time. Without them, people could upload large volumes of data (mostly pirated videos, movies or MP3 songs) into your servers.

The large volume uploads can slow down your server and increase your operating costs. It also presents a challenge with copyright content.

Some tools, like Windows Explorer, allow you to assign quotas to volumes, but with some limitations.

Administrators can easily switch to Windows Server 2019 via the Storage Migration Service. With a myriad of useful features, Windows Server 2019 is the ultimate server for modern businesses.

You can integrate your server with existing applications and utilize every storage feature of FSRM.

The Storage Migration service identifies your old server’s data and moves it to your new server.

Whether you want to move into the cloud or latest Azure’s servers, this migration service is your best tool.

The migration server works with all servers from Windows Server 2003 to Server 2019.

It has no limitations, and will only require you to domain-link your old and new server. However, it only supports file transfers and not applications; you’ll have to manually reinstall your applications later.

FSRM Features

FSRM has the following five main features that help in accomplishing its tasks:

i. File classification structure

This disk quota feature automates all the data arranging processes. It helps administrators to access and use meaningful data.

In Windows Server 2019, the file classification structure comes with additional features for organizing server data more logically.

Examples of classification structures in Windows Servers include dynamic access control, file expiration, and file encryption. The dynamic access control policy limits users from accessing some files. Windows Server 2019 has complex file encryption techniques that protect your data from unauthorized users.

ii. File management tasks

This feature is available in most Windows Server versions. It assists the admin to apply policies or conditions on the data depending on how they are classified.

Such conditions include file properties, such as the date it was modified, file location, and last access date. The files classification can be done automatically by following the stipulated classification rules.

Alternatively, you can manually classify them by altering the file properties.

iii. Quota management

This feature enables an administrator to limit the size of folders or volumes. It is a useful feature, especially for new volumes and folders.

Besides, you can use this feature to create quota templates, which you can apply later to new folders and volumes.

iv. Storage reports

This component of FSRM is useful in identifying disk usage trends. It also helps administrators to understand how FSRM carries out data classification.

You can use the feature to monitor whether users are uploading unauthorized files.

v. File screening management

End-users may upload large gigabytes of data into your servers, resulting into a slow server with high manageability costs. You may also encounter challenges with compliance due to pirated movies and other content.

The file screening management feature helps you to tackle this problem by allowing you to regulate what end users can upload to your server.

File screening also lets you limit the extensions one can store in your shared files. For instance, you can create a file that prevents users from adding m4a. files on personal folders in the shared server system.

NB: FSRM only supports volumes with NTFS formats. It doesn’t support resilient volume types.

As we’ll demonstrate later, you can configure and manage these features that come with the File Server Resource Manager by using the FSRM app or the Windows PowerShell utility.

What you can do with FSRM

  • Create a policy that allows access to folders and files depending on their organization in the file server
  • Expire a file that has not been modified for a certain period of time
  • Create up to 200 Megabyte (MB) quota for each user and notify them when their storage usage exceeds 180MB
  • Schedule a day for reporting, such as Sundays. From the report, you can gauge the most accessed files in the previous two days before the report.
  • Prevent users from adding music to personal shared folders
  • Generate a file classification rule that categorizes files with more than ten types of information as having identifiable information.

Benefits of FSRM

1. Supports advanced quota management capabilities

Some tools, like Windows Explorer, have lesser capabilities for arranging and managing quotas. FSRM not only brings you a centralized console for managing your quotas per volume, but also per folders and per files. It has on-top notifications that you can use to effectively manage your quotas.

With FSRM quota tools, you can apply quotas on different paths in the same volume. NTFS quotas allow you to apply quotas per volume only and are less useful.

To apply a quota to different paths, you’ll need to set a quota template. Therefore, you can simply modify these quotas by updating the template. You can also create both soft and hard quotas.

2. Regulates server content

Managing quotas is not enough. You may need to keep potentially sensitive data off your servers. Piracy concerns are a major issue and require compliance from all stakeholders. Keep off pirated movies, MP3s or MP4s off your server, as having them could infringe on copyright regulations.

Copyright infringement is a serious offense and could lead to consequences like server closure. So, you need to be on the safe side by enabling the file screening capability. You can introduce file screening on a volume, folder, or file. For instance, you can stop users from saving files with .mp3 extension into C:/Personal finance.

Since the folder belongs only to finance-related files, other items like mp3 songs shouldn’t be allowed in the folder. If a user tries to save the file into the folder, the system generates an error.

The pop-up error will affect all users who want to upload such content to the server. Such users will not upload unwanted content to the site, hence improving your data management strategy. More so, you can monitor users who violate your regulations by posting unauthorized content.

To implement file screening, you will have to use file groups. Besides, you can apply file exclusions when configuring the file groups.

For example, you may want to block video files except those with .mp4 patterns. This way, users will be unable to save files unless they meet your defined pattern requirements. File exclusion is also possible with certain naming formats.

As such, users will be unable to save files unless they match your stipulated naming format.

3. Generates storage utilization reports

FSRM is probably the first tool which provides the data and statistics of volume usage. Microsoft initially perceived the tool to be used as a departmental server.

You can use FSRM to generate the following data reports:

  • File location
  • Duplicate files
  • Last modified date
  • Last access date
  • File type
  • Files and folder by property
  • Folder by property
  • Least and most recently accessed files
  • Quota usage

These properties make FSRM an effective storage resource manager.

4. Locates files easily

FSRM allows you to locate files by sorting them. You can locate files easily by using file properties or performing tasks against these files.

Furthermore, you can search your files by sorting them using the last modified, name, or creation time property. Alternatively, you can use its location or file type property to locate a file easily among many other files.

How to install FSRM step-by-step

FSRM is the best tool for managing quotas and creating file screens. The techniques for installing the tool differ with every Windows Server edition. However, the basic rules apply to Windows Server 2019.

You’ll be required to download FSRM before starting the installation.

There are two main methods for installing FSRM in Windows Server 2019:

  • PowerShell installation
  • Graphical User Interface (GUI) installation

1. PowerShell installation

To install the FSRM role feature, you can follow the steps below:

  1. Open the PowerShell utility by pressing Windows key+ R
  2. Type PowerShell and press OK
  3. In the next window that appears, type the command below and press Enter:

Install-WindowsFeature -Name FS-Resource-Manager, RSAT-FSRM-Mgmt

Entering the code will initiate the installation process for the FSRM role. You don’t have to restart your computer after the installation completes.

The FS-Resource-Manager will install FSRM while RSAT-FSRM-Mgmt will install the FSRM feature. This feature is important for accessing the GUI component, which manages FSRM. With the feature, you can easily run a server without the GUI. You’ll only be required to install the RSAT remotely; you can then access the FSRM system remotely.

2. GUI installation

In case you want to install FSRM using the GUI instead of PowerShell, you’ll use the Server Manager. With the GUI, you’ll have to perform many tasks than when using the PowerShell installation.

Here are the steps for installing FSRM using GUI.

Open Server Manager and click on ‘Add roles and Features’:

On the next Window, click ‘Next’:

On the next screen, choose the “role-based or feature-based” option:

Choose a virtual hard disk or server you want to add its roles and features. Then, click “Next”:

On the “Select server roles” page, expand the File and Storage services tab:

After checking the “File Server Resource Manager” box, click the “Next” button.

The next page will prompt you to install FSRM RSAT tools. Click “Add Features” and proceed:

Confirm the FSRM installation.

After waiting for the installation to complete, you can launch the FSRM from the server manager:

To access FSRM, Go to Tools > File Server Resource Manager:

The FSRM window will open:

Configuring quotas

As mentioned earlier, quotas put a limit on the disk space allowed on a drive or a folder. Importantly, quotas come in handy when sharing a personal drive among many users. For example, you can put a limit of 10 GB on a drive or a folder.

There are two types of quotas:

  • Quota on the path—this is a scenario where quota is applied on the main folder only
  • Auto apply template and create quota—this is where the main folder together with the sub folders are all under a defined quota. That is, if you apply a quota of 10 GB on the parent folder, each of the subfolders will have a quota of 10 GB

Creating quota templates

Before embarking on creating quotas, let’s talk about how to create quota templates or predefined templates. Here are the steps.

First, right click on Quota Templates and click on ‘Create Quota Template’ option:

Specify the quota name and the quota limit, as shown below. A hard quota implies that you cannot exceed the limit. For soft quota, you get notified when you exceed the limit.

When all is done, click ‘OK’:

If you wish to send notifications via email, click the ‘Add’ button:

Then, fill out all the necessary details, such as the threshold for getting notifications and the administrator’s email.

Then click “OK”:

How to configure FSRM

Configuring FSRM is a piece of cake that consists of three main areas:

  • Quota management
  • File screening
  • Storage reporting

1. How to create and manage quotas

In a shared server system, users can add their files to the server. To prevent overwhelming the server, the administrator can use quotas to allocate each user a storage portion.

There are two main types of quotas:

  • Soft quotas whereby users can exceed the set limit. The administrator assesses the users in a specific path and their current storage usage; and, once the soft limit is passed, the server sends a usage warning or generates event logs.
  • Hard quotas whereby a user cannot exceed the set limit. Once a user reaches the limits, they will be unable to store more data to the file path.
How to create a quota

First, go to the FSRM management interface and select “Quotas”. Then, Select the “Create Quota” option:

Next, you can create a new quota by specifying various options, such as:

  • The path for new quota—indicates the path for your new quota. Alternatively, you can apply it to existing folders and subfolders.
  • Custom quota properties—you can choose soft and hard quota limits. For a soft limit, you’ll need to enter a warning notification.

Lastly, click the Create button.

Finally, the quota will now be created, and you can see it from the console, as shown below:

2. Configuring file screening

File screening is restricting some file formats from being stored in a path. It is only possible with file names and not file contents.

FSRM comes with two categories of file screening:

  • Active screening—does not allow users to save restricted files
  • Passive screening—enables users to save restricted data but with monitoring
How to configure file screening template

If you want to create a file screening template, right click on the File Screen Template option:

In the pull-down menu, click on “Create File Screen Template”. Then, fill all the required details in the Template Window:

3. Generating reports

FSRM allows you to generate various reports that assist with your file server management tasks. You can schedule these reports over a certain period to monitor disk usage trends.

The reports can help you to monitor a user or groups of users who may attempt to store unauthorized files on your server. The FSRM tool allows you to generate such reports instantly.

To access your reports, you can open the file report tasks. Click “generate report” and press “OK”. The system will generate a DHTML report and prompt you to open it.

Conclusion

Those are the everyday tasks you can perform with the File Server Resource Manager 2019. You can also perform complex tasks such as File Server Classification.

Do you have any comments or questions?

Please post them below.

Report the NTFS Permissions of Folders and Shares – fast and simple to use!

Protect yourself and your clients against security leaks and get your free trial of the easiest and fastest NTFS Permission Reporter now!

Windows Server Core vs. Graphical User Interface (GUI) Debate

Windows servers in most environments allow for two forms of installation: the Server Core and the Desktop Experience, also known as the Graphical User Interface (GUI).

The main difference between the two installation options is that the Server Core does not have the GUI shell packages; the Server Core is simply the Windows Server Shell Package.

The PowerShell approach implies that there may be a simple way of switching between the two forms of installation, if all are available in a single Server installation.

Some IT professionals argue that the introduction of the Windows Admin Centre is a move in the right direction and it is a step closer to boosting the mass adoption of the Server Core.

However, this does not free the IT administrators from encountering more challenges.

Are We Ready for the Server Core to Take centre stage?

Windows Server Admins who are not sure where to place their feet in the Server Core vs. GUI debate should consider new positions. Microsoft has come up with new ways of running Windows Server in lightweight mode.

Microsoft, in an attempt to move towards the Server Core, still leaves some Administrators comfortable with the use of the full Windows Server installation because it gives access to the easy-to-use point-and-click GUI menus and tools.

Theoretically, managing many servers with a single or few lines of PowerShell sounds impressive until there is a lot of workload and pressure pile up. Even experienced IT administrators will run to what they have been using ever since—the GUI.

It is this lack of configuration options and the less capability of the shell programs that keep Server Administrators away from installing or using Server Core as a preferred line of defense when working on network issues.

The release of Windows Admin Centre came in at the same time when Windows Server 2019 Long Term Servicing Channel release hit the market. The development of this new tool came from customer feedback: to lower the hindrances to Server Core deployment.

The Windows Server 2019 made a debut with the Server Core App Compatibility Feature on Demand to increase the functionalities that some apps need to run.

During this time, Microsoft added support for Server Core as a deployment option for Exchange Server 2019.

What are the Effects of These Changes on the Server Core vs. GUI Debate?

For administrators who are still in doubt, Server Core is capable of handling infrastructure roles such as Active Directory Domain Controllers and Domain Name System Servers.

In the next session, we’re going to feature a seasoned IT director at the Canadian Museum for Human Rights in an interview that highlights some Server Core advantages and disadvantages.

He is also going to talk about why he thinks containers might tip the balance towards the Server Core in some organisations.

  • What deployment method do you use?

The Server Core 2016 is the base system that we use to implement three clusters that run Windows Server 2019 right now. The 2019 version is still new in the market, and the department decided to use GUI as the last emergency option in a crisis. Within six months to a year, we will phase out nodes running 2019 with GUI to 2019 Server Core.

  • Why did your organisation decide to use Server Core?

The advantage is dealing with smaller footprints for patches and resources. Server Core does not demand as many resources to run, but you can get more by running it.

There are fewer incidences of security attacks on the Server Core, and that is something we needed to consider.

  • Why is Microsoft pushing Server Core when administrators prefer to use GUI, do you have any challenges using Server Core?

Server Core will make an Administrator’s life easier. Windows Admin Centre happens to be better than the Remote Server Administration Tools (RSAT). RSAT gave a single panel for server management.

However, we are still to get a complete toolset. As it is, we may get into GUI for one or two reasons. Microsoft needs to be creative on that aspect and make Server Core a reality for all Administrators.

We are using Server Core 2016 and using GUI as necessary, but with some management challenges, though we take it as a learning curve.

Windows Admin Centre is an excellent place to start but still far from being the perfect replacement Microsoft was hoping would happen. Some of the Admin tools are not coming up as fast as I would like, meaning we are still using GUI more than our liking.

When you are in a production server environment that needs quick troubleshooting, you will struggle with the PowerShell tools or remote management tools like the Windows Admin Centre, but your managers may not give you enough time to solve the problem, so you end up going back to the GUI approach. Using PowerShell in such an environment offers no comfort zone.

The IT community is trying to adapt to the methodology of not relying on GUI to manage the Server. You can either use the GUI tool like the Windows Admin Centre from a management machine or use a remote PowerShell session. Consequently, PowerShell is a steep learning curve.

  • Is Server Core easier to manage with patches and security?

Yes, with the new patches, you will see Windows Server with GUI ending up being like 15 patches and 2 for Server Core. It is easy to find patches on other applications than it is to find consistency in patch releases for the Server Core.

  • Which applications did you use with Server Core that never worked? What are the functions that require PowerShell skills, even when using the Windows Admin Centre?

When we sought proposals for the purchase of the ticketing system, our specification was Server Core; unfortunately, they could not support it.

The Windows Admin Centre still does not support many features, even though they have come a long way, and they add new features in every release.

For instance, there are some things in Failover Cluster Manager that you need to do on the console using GUI. Reason being the feature is absent. This has increasingly necessitated System Administrators to keep pushing Microsoft to develop all tools in Windows Admin Centre and then offer support for the GUI.

  • Do you think Server Core is ready for the market?

The answer differs from one organisation to another; our organisation is not so huge, but we made a lot of progress on the learning curve. We managed to install Server Core as production servers on the new 2019 clusters within a year. Whereas embracing Server Core could be more fulfilling in the long term, most organisations are slow in taking on the new technology.

The biggest challenge to Server Core mass adoption is due to the players in the industry fear of taking risks, or they are not as fast as Microsoft would want them to be. The majority of the workforce does not have the day-to-day experience needed to set up and run the Server Core.

Most IT practitioners who take on Server Core installation and Administration tasks are those working in smaller organisations. A large organisation will always look ready and aggressive to take on new technology, but making the first step is the biggest challenge.

That explains why it is important to encourage people to try out the beta program as much as possible. In our case, we have a corporate plan of testing production workloads in a beta environment. Very few places have a testing environment, which is everything needed for the Windows Server Core to be in the mainstream.

  • Do you think containers might tip the balance towards the Server Core in some organisations?

Another thing that will force people to embrace Server Core is the use of containerisation. A container does not give room for GUI. Therefore, Windows Server for containers seems to be the likely place where Server Core is expected to flourish.

Server Core is the middle step between full-blown physical servers and virtual server containers. The Server Core App Compatibility Feature on Demand is bringing in the ability to include features without the need of installing them.

For example, if you need a .NET framework for any application, you will not install the entire .NET framework, as it will bring up the server in a container only for the features you need.

Do you know who has access to your data on Windows Servers?
Are you able to easily analyze NTFS permissions of your data?

Protect yourself and your clients against security leaks and get your free trial of the easiest and fastest NTFS Permission Reporter now!



New Features and Enhancements in Windows Server 2019

If you haven’t tried Windows Server 2019, it’s time you do so.

Windows Server 2019 is ideally a Windows Server 2016 improvement that comes with a ton of nifty and useful features.

Microsoft is touting Server 2019 as its Long-Term Service Channel (LTSC), which has a myriad of new features, including releases from the Semi-Annual (SAL) channel.

Generally, there are four main categories of innovative new features:

  • Application platform
  • Hybrid cloud
  • Security
  • Hyper-converged infrastructure

Let’s talk about the new features, including some general improvements.

1. General improvements

  • Desktop experience

Server 2019, as an LTSC release, features a new desktop experience. By design, the Semi-Annual releases have no desktop experience; for example, server 2016 comes only as a Nano server or server core. However, Windows Server 2019 provides users with an option of server core or server with desktop installations.

  • Windows admin center

Windows admin center is a ready-to-deploy and browser-based app used for managing servers and clusters. You can install the app for free in Windows Server 2019 and use it to manage your servers and clusters. Windows admin center also works in Windows 10, as well as earlier versions of Windows.

  • System insights

System insights is a predictive analytics feature in Windows Server 2019 that analyzes past usage trends and use them as a basis for predicting future consumptions.

The predictive analytics employs modern AI techniques like machine learning to analyze server system data. It uses the data to suggest ways to improve your server and solve issues with server deployment.

2. Application platform enhancements

  • Linux containers in Windows—Windows Server 2019 allows you to run Windows and Linux-based containers in one container host; all this is possible with one Docker Daemon. This improvement gives developers flexible choices.
  • Support for Kubernetes—Server 2019 features improvements to Kubernetes in Windows. For example, container networking improves the usability of the feature in Windows. Furthermore, the deployed network loads feature uses embedded tooling to protect the network security of Windows and Linux.
  • Container improvements—Windows Server 2019 has a new container improvement, which makes it more reliable. These improvements ensure higher integrated identity, better application compatibility, reduced size, and higher performance.

3. Hybrid cloud

Windows Server 2019 has incorporated hybrid capabilities to the Windows admin center.

Microsoft is also making moves to integrate their Azure cloud platform with Server 2019 to enhance the integration of hybrid environments.

The feature on demand (FOD) is a server app compatibility feature for the Server 2019 release.

It enhances the compatibility of the server core installation option by including a set of binaries and components from the Windows Server desktop experience.

FOD does not include the graphical interface of the server, which makes the server core leaner.

The FSO feature is optional in ISO. It can be added to the Windows server core installation by using the Deployment Image Servicing and Management Tool (DISM).

4. Security

With costly data breaches in interconnected networks, Microsoft is taking no chances at enhancing server security.

Security is essential for the top-notch operations of any system-grade technological company.

With regards to device security, Microsoft is applying a 3-pronged approach of “protect, detect, and respond” to Server 2019.

Here are some of the top security features in Server 2019:

  • Windows Defender Advanced Threat Protection (ATP)

ATP has deep sensors for performing server searches for malicious files. The advanced protection features can expose and suppress malicious files and operations in memory and kernel, which in turn prevents the attack of the two key server components.

  • Windows Defender Exploit Guard

Exploit Guard refers to a set of host intrusion prevention capabilities. The four components that comes with Windows Defender Exploit Guard locks down the device from malware attacks, enabling you to balance between server productivity and security.

These four components are:

i. Network Protection—The Network Protection component uses the Windows Defender Smart screen to protect the endpoint from web-based threats. It achieves this by blocking the device interaction with untrusted hosts or IP addresses.

ii. Attack Surface Reduction—It’s a set of controls that prevents malicious files from getting into a machine.

iii. Exploit Protection—Exploit Protection is a feature for assessing machine vulnerabilities. It replaces EMET, allowing you to make configurations that suit your system and applications.

iv. Controlled Folder Access—It’s a feature which protects sensitive data in folders. It blocks ransomware from accessing the protected files by terminating any untrusted processes from reaching the protected folders.

The Windows Defender Control feature is available on Server 2016 and onwards. However, many users complained of challenges in deploying the feature.

Therefore, Windows Server 2019 comes with default CI policies, which allow Microsoft programs and box files to access the CI. The feature also blocks untrusted applications that can bypass CI.

  • Linux shielded VMS

Shielded VMS has been a popular feature in Windows Server 2016, but only with Windows as the guest-host system. They protect virtual machines from the users of a host server, including those with local administrator privileges.

Shielded VMS prevent rogue admins or users accessing virtual hard disks and VMS from instant migration or running shutdown and restart commands.

Windows Server 2019 now makes it possible to run VMS with Linux as a guest operating system.

5. Hyper-converged infrastructure

Hyper-converged infrastructure (HCI) is one of the most popular keywords in the IT sector now. Top tech brands like Hewlett Packard, Dell, and Huawei are increasingly adopting HCI in their products.

Microsoft is taking notice and it’s focusing on software-defined programs to improve its HCI ratings.

Microsoft has improved HCI in its Server 2019. The company has built Azure on a Windows Server, which connects to local storage via Ethernet and software-defined computing with networking.

The use of cheap components is in contrast to Microsoft’s previous policy of using expensive SANs for its data centers.

Microsoft has also been supporting Azure Stack and Windows-Server Defined Solutions (WSSD) for quite a long time.

While the Azure Stack and WSSD were primarily present from Server 2016, the Server 2019 versions come with improvements for enhancing its management and performance.

Conclusion

Windows Server 2019 comes with a myriad of new features, with some of them set to be released during Semi-Annual releases.

These improvements will boost manageability and reliability of its services.

 You need to make the shift to Windows Server 2019 today!

 

Protect yourself! Discover all security holes in the folder hierarchy on your Windows fileservers!

Get your free trial of the easiest and fastest NTFS Permission Reporter now!

Windows Server Deduplication: An Essential Introduction

Deduplication is one of the useful features of Windows Server since the launch of the 2008 R2 version.

It is a native feature added through the server manager that gives system administrators enough time to plan server storage and network volume management.

Most Server administrators rarely talk about this feature until it is time to address the organization’s storage crunch.

Data deduplication works by identifying similar data blocks and saving a copy as the central source, thus  reducing the spread of data all over the storage areas. Deduplication takes place on a file or block level, giving you more space in the server.

Special hardware components, which are relatively expensive, are required to explore the block level deduplication. The reason behind extra hardware is the complex processing requirements involved.

The file level deduplication is not complicated and, thus, does not require the additional hardware. As such, in most cases, administrators implementing deduplication prefer the file approach.

When to Apply Windows Server Deduplication

Since Windows Server file deduplication works on the file level, its operations work on a higher level than a block level, as it tries to match chunks of data.

File deduplication is an operating system level, meaning that you can enable this feature within a virtual guest in a hypervisors environment.

Growth in industries is also driving the demand for deduplication, although storage hardware components are becoming bigger and affordable.

Deduplication is all about fulfilling this growing demand.

Why is Deduplication Feature Found on Servers?

Severs are central to any organization’s data, as users store their information on repositories. Not all users embrace new technology on how to handle their work, while others feel safe making multiple copies of the same work.

Since most Server administrators do the work of  managing and backing up users’ data, using the Windows deduplication feature greatly enhances their productivity.

Data deduplication in a straightforward feature and will take a few minutes to make it active.

Deduplication is one of the server roles found on Windows Servers, and you do not need a restart for it to work.

However, it is safe to do so to make sure the entire process is configured correctly.

Preparing for Windows Server Duplication

  • Click on start
  • Click on the run command window
  • Enter the following command and press enter (this command runs against selected volume to analyze potential space for storage): DDEval.exe
  • Right click on the volume in Server Manager to activate data deduplication

The following wizard will guide you through the deduplication process depending on the type of server in place. (Choose a VDI or Hyper-V configuration or File Server)

Set up The Timing for Deduplication

Deduplication should run on scheduled time to reduce the strain on existing resources. You should not aim to save storage space at the expense of overworking the server.

The timing should be set when there is little strain on the server to allow for quick and effective deduplication.

Deduplication is a task that requires more CPU time because of the numerous activities and processes taken by each job.

Other deduplication demands include optimization, integrity scheduling, and garbage collection. All these deduplication activities should be running at peak hours unless the server has enough resources to withstand system slowdowns.

The capacity that deduplication reclaims varies depending on server use and storage available.

General files, ISOs, office applications files, and virtual disks usually consume much of the storage allocations.

Benefits of Windows Server Deduplication

Windows Server deduplication brings several benefits to an organization, including the following:

  • Reduced storage allocation

Deduplication can reduce storage space for files and backups. Therefore, an enterprise can get more storage space, reducing the annual cost of storage hardware. With enough storage, there is a lot of efficiency and speed, which eliminates the need for installing backup tapes.

  • Efficient volume replication

Deduplication ensures that only unique data is written to the disk, which reduces network traffic.

  • Increasing network bandwidth

If deduplication is configured to run at the source, then there is no need to transfer files over the network.

  • Cost-effective solution

Since power consumption is reduced, there is less space required for extra storage of both local and remote locations. The organization buys and spends less on storage maintenance, thus reducing the overall storage costs.

  • Fast file recovery process

Deduplication ensures faster file recoveries and restorations without straining the day’s business activities.

Features of Deduplication

1. Transparency and Ease of Use

Installation is straightforward on the target volume(s). Running applications and users will not know when deduplication is taking place.

The file system works well with NTFS file requirements. However, files using the encryption mode, Encrypted File System (EFS), files that have a capacity smaller than 32KB, or those with Extended Attributes (EAs), cannot be processed during deduplication.

In such cases, file interaction takes place through NTFS, and not deduplication. A file with an alternative data stream will only have its primary data stream deduplicated, as the alternative will be left on the disk.

2. Works on Primary Data

This feature, once installed on the primary data volumes, will operate without interfering with the server’s primary objective.

This feature will ignore hot data (active files at the time of deduplication) until it reaches a given number of days. The skipping of such files maintains consistency of the active files and shortens the deduplication time.

This feature uses the following approach when processing special files:

  • Post procession: when new files are created, the files go directly to the NTFS volume where they are evaluated on a regular schedule. The background processing confirms file eligibility for deduplication, every hour, by default. The scheduling for confirmation time is flexible
  • File age: a setting on the deduplication feature called MinimumFileAgeDays controls how long a file should stay on the queue before it is processed. The default number of days is 5. The administrator can configure it to 0 to process all files.
  • Type of file and location exclusions: you can instruct the deduplication feature not to process specific file types. You can choose to ignore CAB files, which do not help the process in any way as well as any other file type that requires a lot of compression space such as PNG files. There is an option of directing the feature not to process a particular folder.

3. Portability

Any volume that is under deduplication runs as an automatic unit. The volume can be backed up and moved to a different location.

Moving it to another server means that anything that was in that file is accessible on its new site.

The only thing that you need to change is schedule timings because the native task scheduler controls the scheduler.

If the new server location does not have a running deduplication feature, you can only access the files that have not been deduplicated.

4. Minimal Use of Resources

The default operations of the deduplication feature use minimal resources on the primary server.

In case the process is active, and there is a shortage of resources, deduplication will surrender the resources to the active process and resumes when enough is available.

Here’s how storage resources are utilized:

  • The hash index storage method uses low resources and reduces read/write operations to scale large datasets and deliver high edit/search performance. The index footprint left behind is excessively low and uses a temporary partition.
  • Deduplication verifies the amount of space before it executes. If no storage space is available, it will keep trying at regular intervals. You can schedule and run any deduplication tasks during off-peak hours or during idle time.

5. Sub-file Segmentation

The process segments files into different sizes, such as between 32 to 128 KB using an innovative algorithm developed by Microsoft and other researchers.

The segmentation splits each file into a sequence depending on its content. A Rabin fingerprint, which is a system based on the sliding Window hash, helps to identify the chunk boundaries.

The average size of every segment is 64KB and it is compressed and placed into a chunk store that is hidden in a folder located at the System Volume Information (SVI) folder.

A reparse point, which is a pointer to the map of all data streams, helps in replacing the normal files when requested.

6.BranchCache

Another feature you can get from deduplication is that sub-file segmentation and indexing engine is shared with BranchCache feature.

This sharing is important because when a Windows Server is running and all the data segments are already indexed, they can be quickly sent over the network as needed, consequently saving a lot of network traffic within the office or the branch.

How Does Deduplication Affect Data Access?

The fragmentations created by deduplication are stored on the disk as file segments that are spread all over, increasing the seek time.

Upon the processing of each file, the filter driver will work overtime to maintain the sequence by keeping the segments together in a random fashion.

Deduplication keeps a file cache to avoid repeating file segments, helping in their quick access. In case multiple users access the same resource simultaneously, that access pattern enables speeding up of the deduplication for each user.

Here are some important points to note:

  • No much difference is noted when opening an Office document; users cannot tell whether the feature is running or not
  • When copying one bulky file, deduplication will send end-to-end copy that is likely to be 1.5 times faster than it would take a non-deduplicated file.
  • During the transfer of multiple bulky files simultaneously, cache helps to transfer the file 30% times faster
  • When the file-server load simulator (File Server Capacity Tool) is used to test multiple file access scenarios, a reduction of about 10% in the number of users supported will be noticed.
  • Data optimization increases between 20-35 MB/Sec per job that easily translates to 100GB/hour for a single 2TB volume running on one core CPU with a 1GB RAM. This is an indicator that multiple volumes can be processed if additional CPU, disk resources, and memory allocations are available.

Reliability and Risk Preparedness

Even when you configure the server environment using RAID, there is still the risk of data corruption and loss attributed to disk malfunctioning, control errors, and firmware bugs.

Other environmental risks to stored data include radiation or disk vibrations.

Deduplication raises the risk of disk corruption, especially when one file segment referring to thousands of other files is located in a bad sector.

Such a scenario gives a possibility of losing thousands of users’ data.

Backups

Using the Windows Server Backup tool runs a selective file restore API to enable backup applications to pull files out of the optimized backup.

Detect and Report

When a deduplication filter comes across a corrupted file or section of the disk, a quick checksum validation will be done on data and metadata.

This validation helps to recognize any data corruption during file access, hence reducing accumulated failures.

Redundancy

An extra copy of critical data is created, and any file segment with more than 100 references is collected as most popular chunks.

Repair

Once the deduplication process is active, scanning and fixing of errors becomes a continuous process.

Inspection of the deduplication process and host volumes takes place on a regular basis to scrub any logged errors and fix them from alternative copies.

An optional deep scrubber will walk through the whole data set by identifying errors and fixing them, if possible.

When the disk configurations are set to mirror each other, deduplication will look for a better copy on the other side and use it as a replacement.

If there are no other alternatives, data will be recovered from an existing backup.

Verdict on Deduplication

Some of the features described above does not work in all Window Server 2012 editions and may be subject to limitations.

Deduplication was built for volumes that support the NTFS data structure.

Therefore, it cannot be used with Cluster Shared Volumes (CSV).

Also, Live Virtual Machines (VMs) and active SQL databases are not supported by deduplication.

Deduplication Data Evaluation Tool

To get a better understanding of the deduplication environment, Microsoft created a portable evaluation tool that installs into the \Windows\System32\ directory.

The tool can be tested on Windows 7 and later Windows operating systems.

It is installed through the DDPEval.exe and supports local drives, mapped, unmapped, and remote shares.

If you are using Windows NAS or an EMC /NetApp NAS, you can test it on a remote share.

Conclusion

The Windows Server native deduplication feature is now becoming a popular feature.

It mirrors the needs of a typical server administrator working in production deployments.

However, planning for deduplication before implementation is necessary because of the various  situations in which its use may not be applicable.

Upgrade and Conversion Options for Windows Server 2016 / 2019

It is always a good idea to start a new Windows Server 2016 / 2019 installation on a new slate. However, in some instances, you may be working on a site that will force you to upgrade from the current installation to the latest version.

The routines described here apply to the server versions of Windows 2016 and 2019. This article describes moving to Windows Server 2016 / 2019 from different lower server platforms.

The path to the new Operating System (OS) depends on the current system and configurations that you are running.

That being the case, the following terms define activities you are likely to encounter when deploying the 2016 Server.

Installation

The simplest way of installing a new OS to work on your hardware, and get a clean installation, demands that you delete the previous Operating System.

Migration

To move system settings to the new Windows Server using a virtual machine is what we call migration. The process also varies depending on the roles and system configurations already running.

Cluster OS Rolling Upgrade

This feature is new in Windows Server 2016, and its role is to make sure the Administrator can upgrade the Operating System of all nodes running Windows Server 2012 R2 to Windows Server 2016, without interfering with the Hyper-V or Scale-Out File Server workloads.

The feature also helps in reducing downtime, which may affect Service Level Agreements.

License Conversion

Some Operating Systems use releases that allow the conversion of one edition to another without so much struggling.

What you need is a simple command issued alongside a license key, and you end doing the license conversion.

Upgrade

When you want to use the latest software that comes with the newer versions, then you have to do an upgrade.

In-place upgrades mean using the same hardware for installing the new Operating System. For example, you can upgrade from evaluation to retail version or from a volume license to an ordinary retail edition.

NOTE 1: An upgrade will work well in virtual machines if you do not need specific OEM hardware drivers.

NOTE 2: Following the Windows Server 2016 release, you can only perform an upgrade on a version installed using the Desktop Experience (not a server core option).

NOTE 3: If you use NIC teaming, disable it before you perform an upgrade; and when the upgrade is complete, re-enable it.

Upgrade Retail Versions of Windows Server to Windows Server 2016 / 2019

Note the following general principles:

  • Upgrading a 32-bit to 64-bit architectures is not possible. Note that all Windows Server 2016 versions are only available in 64-bit.
  • You cannot upgrade from one language to another.
  • If you are running a domain controller, make sure you can handle the task, or read the following article: Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012.
  • You cannot upgrade from a preview version.
  • You cannot switch from Server Core installation to a Server with a Desktop installation.
  • You cannot upgrade from a Previous Windows Server installation to an evaluation copy of Windows Server.

You can read from the table below that shows a summary of Windows Operating Systems available for upgrade. If you are unable to upgrade your current Windows version, then upgrading to Windows Server 2016 is impossible

Current Windows Edition Possible Upgrade Edition
  • Windows Server 2012 Standard
  • Windows Server 2016 Standard or Datacenter
  • Windows Server 2012 Datacenter
  • Windows Server 2016 Datacenter
  • Windows Server 2012 R2 Standard
  • Windows Server 2016 Standard or Datacenter
  • Windows Server 2012 R2 Datacenter
  • Windows Server 2016 Datacenter
  • Windows Server 2012 R2 Essentials
  • Windows Server 2016 Essentials
  • Windows Storage Server 2012 Standard
  • Windows Storage Server 2016 Standard
  • Windows Storage Server 2012 Workgroup
  • Windows Storage Server 2016 Workgroup
  • Windows Storage Server 2012 R2 Standard
  • Windows Storage Server 2016 Standard
  • Windows Storage Server 2012 R2 Workgroup
  • Windows Storage Server 2016 Workgroup

Per-Server-Role Considerations for Upgrading

It’s important to consider server roles before performing an upgrade.

For example, some server roles are part of the newer Windows versions and may only need additional preparation or actions to get the desired intent.

Converting Current Evaluation Version to Current Retail Version

It is possible to convert the trial version of Windows Server 2016 Standard to a Data 2016 Standard Server or a Datacenter version. The two conversions can be retail versions. You can also convert Windows Server 2016 Datacenter to the retail version.

Before making any conversion attempts to the retail version, ensure that your server is running an evaluation version; you can confirm this by following these steps:

  • From the administrator’s command prompt, run
slmgr.vbs /dlv;
  • The evaluation versions will include “EVAL” as the output
  • Open the control panel
  • Then click on System and Security
  • Click on System
  • View the activation status found on the activation area of the System page
  • Click view details, and you will see more information on your Windows Status
  • If your Windows is activated, you will see information showing the remaining time for the evaluation period.

If you are running a retail version, you will see the “Upgrading previous retail versions of Windows Server 2016” message prompting you to upgrade to Windows Server 2016.

In Windows Server 2016 Essentials, the conversion to retail version is possible if you have a retail volume license or OEM key in the command slmgr.vbs

In case you are running an evaluation version of Windows Server 2016 Standard or Windows Server 2016 Datacenter, the following conversions can help you:

  • If the server is a domain controller, it cannot change to the retail version. First, install another domain controller on a server that runs a retail version and remove the AD DS from the domain controller that has the evaluation version.
  • Read the license terms
  • From the administrator’s command prompt, enter this command to get the current edition:
DISM /online /Get-CurrentEdition

Note the edition ID, the abbreviation form of the edition name, and then run the following command:

DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula

Once you get the ID and product key, the server should restart twice.

You can convert the evaluation version of Windows Server 2016 Standard to the retail version of Windows Server 2016 Datacenter using the same command and product key.

Converting Current Retail Edition to a Different Current Retail Edition

After successful installation of Windows Server 2016, you can run setup to repair the installation using a process called “repair in place” that converts it to a different edition.

In case of Windows Server 2016 Standard, you can convert the system to Windows Server 2016 Datacenter by:

  • From the administrator’s command prompt, use the following command to determine the existing edition:
DISM /online /Get-CurrentEdition
  • Run this command to get the ID of the edition you want to upgrade to:
DISM /online /Get-TargetEditions
  • Note the ID edition, the name of the edition, and then run this command:
DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula
  • Once you get the ID and product key, the server should restart twice.

Converting Current Retail Version to Current Volume Licensed Version

Once you have Windows Server 2016 running, you can convert it to a retail version, an OEM version, or a volume-licensed version. The edition will not change.

If the starting point was an evaluation version, change it to retail version and then do as follows:

  • From the administrator’s command, run this command:
slmgr /ipk <key>
  • Insert the appropriate volume license, OEM or retail key instead of <key>

Conclusion

Upgrading Windows Server is a complicated process; therefore, Microsoft suggests that you migrate all roles and settings to Windows Server 2016 to avoid costly mistakes.

An Introduction to Windows Server 2019 Windows Defender Advanced Threat Protection

Security is one of the biggest investments that Microsoft has made to its latest Windows Servers releases.

Notably, the Windows Server 2019 biggest security feature is the support for Windows Defender Advanced Threat Protection (ATP).

ATP is a technology that Microsoft provides for preventive protection of users’ devices. It conducts  automated security investigations and responds accordingly.

The ATP is a unified platform that offers a preventive and automated response.

This support feature was only available for Windows 10 devices; and now, it can be accessed on the WS2019 platform, as well as other latest Server versions.

How Windows Defender Advanced Threat Protection Provides Security

Here are some methods that ATP uses to maximize the security of the Windows Server 2019.

1. Robust Cloud Control Services

This security platform offers a complete solution through cloud control with no additional deployments or infrastructural requirements.

There are no delay experiences, and the system will always remain up to date, without bringing any  complications related to incompatibility.

The platform offers intelligent protection and response measures. It plays a pivotal role in actively protecting cyber threats, detecting potential data breaches, automating security incidents, and improving the security environment.

Here are some tasks that the Windows Server ATP cloud control services do to enhance security.

  • Reduces the total surface area of attack by eliminating all available loopholes and pathways that hackers can utilize.
  • The Intelligent Security Graph (ISG) gives all the resources needed for offering protection against the most advanced ransomware and other forms of attacks.
  • Endpoint detection and response helps to monitor behaviors by using machine learning and security analytics that stop possible threats.
  • Performs automatic investigations and resolutions that give specific course of actions for diffusing complex threats in minutes.
  • Provides real-time visibility into how the system security performs. By assessing the risks, you get the best recommendation to increase resilience.
  • Implements flexible queries between endpoints and gives historical data for building and enabling custom detection.

2. Automated Security Measures

The automated security measures increase the security of your platform by performing several background checks and delivering notifications without human intervention.

This pre-breach protection feature works through the following ways:

  • Protects the network by scanning the connected devices automatically.
  • Blocks all unpatched security risks such as zero-day vulnerabilities.
  • All files and devices with no clear reputation are blocked from accessing the network.
  • Devices are protected when web-based threats and hardware are isolated.
  • The malware defense strategies of all applications running on the system are updated frequenlty to avoid a possible breach.
  • The dynamism of the cloud unattended approach defends the machine against known and unknown malware threats.
  • Behavioral monitoring blocks malicious and suspicious activities using advanced runtime analysis

3. Innovative Endpoint Detection and Response (EDR)

The Innovative EDR feature ensures that your system is protected using any or all of the following approaches:

  • Using advanced behavioral analytics and machine learning technologies to detect unseen security threats, spot attacks, and discover zero-day vulnerabilities.
  • Investigating security evidences across endpoints and uncovering the magnitude of security breaches via the security center.
  • Using six months of historical data to carry out interactions and search for possible exploits. Data collection is done in seconds, saving a lot of time in tracking and resolving errors.
  • Using customized Indicators of Compromise (IOC) to get alerts on the specific threats.
  • Performing deep inspection of suspicious files and preparing a full analysis within minutes.

4. Clear Visuals of Security Threats

This built-in feature in Windows enables the exchange of signals to take place between each application and the Microsoft Intelligent Security Graph, providing enhanced visibility to security threats.

5. Synchronization of Defense Needs

Whenever Microsoft 365 shares your detection and exploration controls across the network, it ensures that all your defense needs are managed from a central location.

Synchronization speeds up the response and recovery time.

Moving from Windows Server 2019 to Windows Server Defender Advanced Threat Protection

If your current setup is using ATP, you can preview some of its features by installing the build preview of the Windows Server, and test it on the Windows Defender ATP.

You can follow the following procedure to onboard your machine:

  1. Go to the Windows Defender Security Center
  2. Click on settings
  3. Here, you will have an option of selecting the Operating System that you will use for the onboarding process. After selecting your preferred option, you will receive a confirmation to that effect.
  4. You can leave the chosen deployment method as the default one, which enables the machine to run the onboarding scripts locally. Note that every deployment can run on a limited number of computers.
  5. Download the Package by clicking on the link shown on the wizard
  6. Run a detection test (this will test all the deployed machines as earlier indicated).
  7. Once the verification process is completed, you will see a confirmation message.

The verification that a particular machine has been properly onboarded and responds to the new service is done by running a detection script, as described below:

  1. Open the command prompt window
  2. At the command prompt, apply the command below:
powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\test-WDATP-test\invoice.exe');Start-Process 'C:\test-WDATP-test\invoice.exe'

3. Once the script executes, the command window  closes automatically

A successful execution marks the test as complete, which triggers a confirmation message that is sent in a few minutes.

An Overview of the Windows Defender ATP for Windows Server 2019

The use of ATP on the Windows Server 2019 is straightforward. After the onboarding process, you will see new alerts and recommendations on the dashboard.

To keep the alerts active, you can create a test alert after onboarding. The test alert also helps to monitor the connections at any given time.

There are several filters, actions, and events in the Windows Defender Security Center, which you can use to make the most of your server security settings.

Conclusion

With the introduction of the Windows Server 2019 Windows Defender ATP, users have a single solution that protects, detects, and responds to advanced threats.

Microsoft Server 2019 takes customer security seriously and prioritizes every effort to prevent unauthorized penetration.

What’s New in Storage in Windows Server 2019 and 2016

Window Server Edition 2016 and 2019 have new features, which have made it possible to use storage migration capabilities for storing data.

The migration service helps in keeping inventory when moving from one platform to another.

This article will try to explain what is new in the storage systems of Windows Server 2016, Windows Server 2019, and other semiannual releases.

We will start by highlighting some of the key features added in the two server systems.

Managing Storage with Windows Admin Center

The Windows Admin Center is a new feature that runs on Windows Server 2019 and some latest versions of Windows.

It is the central location where an App handles the server functions, clusters, and hyper-converged infrastructure containing storage locations.

The Admin Center does this as part of the new server configurations.

Storage Migration Service

The Storage Migration Service is the latest technology that makes it easy to move servers from old to new server versions.

All the events take place via a graphical interface that displays data on the servers and transfers data and configurations to the new servers; thereafter, it optimally moves old server identities to the new ones, ensuring the settings for apps and users are matched.

Storage Spaces Direct Improvements (Available in Server 2019 only)

Several improvements have been made to Storage Spaces Direct in Server 2019, though they are not available in Windows Server, Semi-Annual channel.

Here are some of the improvements:

1. Deduplication and Compression of ReFS Volume

You will be able to store up to 10X more data on the same storage space using deduplication and compression of the ReFS system.

You only need to turn on this feature, using a single click, on the Windows Admin Center.

The increase in storage sizes, with an option to compress data, amplifies the saving rates.

Furthermore, the multi-threaded post processing feature assists in keeping performance impact low.

However, it supports a volume of up to 64TB and with each file reaching 1TB.

2. Native Support for Persistent Memory

Windows Server 2019 comes with native support for persistent memory.  This allows you to speed up performance for the continuous creation of memory modules, including the Intel Optane DC PM and NVDIMM-N.

You can use persistent memory as your cache to accelerate the active working set or use it as an extra space needed to facilitate low latency.

Of course, you can manage persistent memory the same way you can manage any other storage device in Windows Admin Center or PowerShell.

3. Nested Resiliency for Two-Node Hyper-Converged Infrastructure on the Edges

The all new software resiliency option, inspired by RAID 5 + 1, helps in surviving two hardware failures.

The nested resiliency for the two-node Storage Spaces Direct cluster offers continuous accessible storage for programs and virtual machines, even when one server node fails.

4. Two-Server Cluster Using USB Flash Drive as a Witness

You an use a low-cost USB flash plugged into your router to act as a witness between two servers in a cluster.

If the server is down, the USB will know which of the servers has more data.

5. Improved Windows Admin Center

The opportunity to manage and monitor Storage Spaces Direct with the newly built dashboard lets you create, delete, open, and expand volumes, with a few clicks.

You can follow performances of IOPS and IO latency, from the entire clusters to the individual hard disks and SSDs.

6. Increased Performance Logs Visibility

You can use the built-in history feature to see your server’s resource utilization and performance capabilities.

It has more than 50 counters that automatically collect  memory, computation, storage and network data, and store them in the cluster for a full year.

This feature works without the need to install or configure anything.

7. Scale up to 4PB for Every Cluster

The Windows Server 2019 Storage Spaces Direct feature supports up to 4 petabytes (PB) (4,000 terabytes).

This way, you can get to the level of multi-petabyte scale, which makes sense in media servers for backup and archiving purposes.

Other capacity guides are increased as well; for instance, you can create volumes reaching 64, and not 32.

More so, the clusters can be stitched together into a set to make the scaling that fits within one storage namespace.

8. Accelerated Parity is now 2X Faster

You can now create Storage Spaces Direct Volumes that are part mirror and part parity.

For example, you can mix RAID-1 and RAID -5/6 to harness the advantages of both.

In Windows Server 2019, the performance of mirror accelerated parity is twice that of Windows Server 2016, due to optimizations.

9. Drive Latency Outline Detection

Using proactive monitoring and the built-in outlier detection, which is an inspiration from Microsoft Azure, you can know which drives have abnormal latency.

You can see the failing drives that have been labeled automatically in the PowerShell and Windows Admin Center.

10. Manual Delimiting of Volume Allocations to Increase Fault Tolerance

In Storage Spaces Direct, the Admin can now manually change the limit of volume allocations.

Delimiting is usually done to increase fault tolerance in specific circumstances that consider management  complexities.

Storage Replica

The Storage Replica has the following improvements:

1. Introduction of Storage Replica in Windows Server, Standard Edition

It is now possible to use Storage Replica with Windows Server, Standard Edition, as well as the Datacenter editions.

Running Storage Replica on Windows Server, Standard Edition has the following weaknesses:

  • Storage replica can replicate a single volume and not an unlimited volume number
  • Volume varies with some taking up to 2TB, instead of taking an unlimited size

2. Storage Replica Log Performance Improvements

The Storage Replica comes with improvements that enhance the tracking of logs.

To get the increased performance, all members of the replication group must run Windows Server 2019.

3. Test Failover Improvements

You can mount a temporary snapshot of the replicated storage on destination server for testing or backing up purposes.

4. Windows Admin Center Support

Support for the graphical management of replication is made possible via the Server Manager Tool.

This involves server-to-server replication, cluster-to-cluster, and stretch cluster replication.

5. Miscellaneous Improvements

Storage Replica also has the following improvements:

  • Changes to asynchronous stretch cluster behaviors for automatic failover to take place.
  • Multiple bug fixes

SMB

SMB1 and Guest Authentication Removal

Windows Server does not install the SMB1 client and server by default, while, at the same time, the ability to authenticate guests in SMB2 if off by default.

SMB2/SMB3 Security and Compatibility

More options for security and applications compatibility were added, including disabling opLocks in SMB2+ for old applications.

This also covers the need for signing encryption on every connection from the client.

Data Deduplication

Data Deduplication Supports ReFS

You’ll not need to choose between the advantages of a modern file system with ReFS and Data Deduplication.

Anytime you enable Data Deduplication, enabling ReFS is also possible now.

Data Port API for Optimized Ingress/egress to Deduplicated Volumes

As a developer, you’ll now enjoy the advantages of data deduplication and possibilities of storing data in an efficient manner

File Server Resource Manager

The Windows Server 2019 can prevent the File Resources Manager service from creating a change (USN) journal on storage volumes.

This is to create and conserve more space on every volume; however, it will disable real-time classification.

This is the same effect that takes place in Windows Storage Server, Version 1803.

What’s New in Storage in Windows Server, Version 1709

Server Version 1709 is the first Windows Server release with a Semi-Annual Channel, which is a channel that is fully supported in production for 18 months, with a new version coming in every six months.

Storage Replica

Disaster recovery and protection is an added function of the Storage Replica, which is now expanded to include:

  • Test Failover

You now have an option of mounting the destination storage through a test failover.

You can also mount the snapshots temporarily for both testing and backup purposes.

  • Windows Admin Center Support

Thee is support for the graphical applications that are managing replications. You can access it via the  Server Manager Tool.

Storage Replica also has the following improvements:

  • Changes to asynchronous cluster behaviors to enable automatic failover
  • Multiple bug fixes

What’s New in Storage in Windows Server 2016

1. Storage Spaces Direct

The Storage Spaces Direct feature facilitates the availability and scalability of storage using servers with local storage.

This implies that it’s now possible to deploy and manage software that control storage systems, unlocking the use of new classes of storage devices.

These devices include SATA, SSD, and NVMe disks. Achieving such storage capabilities may not be possible using clustered Storage Spaces with Shared Disks.

What Value Does this Change Add?

Storage Spaces Direct allows service providers and enterprises to use industry standard servers with local storage.

The idea is to build highly available and scalable software-defined storage.

The use of servers with local storage decreases complexity, as it increases scalability and allows the use of storage devices such as SATA solid state disks. This lowers the cost of flash storage or NVMe sold state Disks

Storage Spaces Direct Removes the need to have a shared SAS fabric, which simplifies deployment and configuration.

This means that the server uses the network as the storage fabric while leveraging the SMB3 and SMB Direct (RDMA) for both high speed and low latency, as well as good use of the processing unit.

Adding more servers to the configuration increases storage capacity and input and output performance.

The Windows Server 2016 Storage Spaces Direct works differently, as explained below.

2. Storage Replica

It enables the storage, block-level stretching of failover clusters between sites, as well as the synchronous replication between servers.

Synchronous replication enables mirroring of data in physical sites with consistent volumes to ensure no data is lost at the file system level.

Asynchronous replication may increase the possibility of data loss.

What Value Does this Change Add?

It provides a single vendor disaster recovery solution for both planned and unplanned power loss situations.

You can use SMB3 transport and gain from proven performance, scalability, and reliability.

It will help you to:

  • Stretch Windows failover clusters further
  • Use Microsoft end-to-end software for storage and clustering, such as Hyper-V, Scale-Out File Server, Storage Replica, Storage Spaces, ReFS/ NTFS, and deduplication

It helps in reducing complexity costs by:

  • Being hardware agnostic with no specific requirements for storage configurations like DAS or SAN
  • Allowing for the storage of commodities and network technologies
  • Featuring easy graphical management interface for nodes and clusters through failover cluster manager
  • Including comprehensive and large scale scripting options through the Windows PowerShell
  • Helping in the reduction of downtimes and enhancing  large scale productivity
  • Providing supportability and performance metrics and diagnostic capabilities

What Works Differently

The functionality is new in Windows Server 2016

3. Storage Quality of Service

In Windows Server 2016, you can use the Storage Quality of Service (QoS) feature as a central monitor for end-to-end storage performance and developing management policies using Hyper-V and CSV clusters.

What Value Does this Change Add?

You can change the QoS policies in a CSV and assign one or more virtual disks on Hyper-V machines.

The storage automatically adjusts itself to meet the fluctuating policies and workloads.

This way, each policy can give a minimum reserve or create a maximum to be used when collecting data.

For example, a single virtual hard disk, a tenant, a service or a virtual machine can be used.

You can use Windows PowerShell or WMI to perform the following:

  • Create policies on CSV cluster
  • Assign the policies to virtual hard disks
  • Enumerate policies on the CSV clusters
  • Monitor flow performance and status of the policies

If you have several virtual hard disks sharing the same policy and performance is shared to meet the demands within the policy’s minimum and maximum settings, it means that the policy can manage virtual hard disks and a single or multiple virtual machines that constitute a service owned by a tenant.

What Works Differently

This is a new feature in Windows Server 2016.

The management of minimum reserves and monitoring the flow of all virtual disks over a cluster using a single command and central policy-based management are not possible in the previous Server releases.

4. Data Deduplication

Function

New or Updated

Description

Support large volumes

Updated Before Windows Server 2016, you had to specify sizes. Anything above 10TB did not qualify for deduplication. Server 2016 supports deduplication sizes of up to 64TB

Large file support

Updated Before Windows Server 2016, files with 1TB could not deduplicate. Server 2016 supports deduplication of files up to 1TB.

Nano Server Support

New Deduplication is available and fully supported for Server 2016

Simple Backup Support

New Windows Server 2012 R2 supported Virtual backups using the Microsoft’s Data Protection Manager. Windows Server 2016 simple backup is possible and is seamless

Cluster OS Rolling Upgrades Support

New Deduplication supports Cluster OS Rolling Upgrade and is available in Windows Server 2016

5. SMB Hardening Improvements for SYSVOL and NETLOGON Connections

Windows 10 and Windows Server 2016 client connections to the Active Directory Domain Service, the SYSVOL, and NETLOGON now all share domain controllers that require SMB signing and authentication via Kerberos.

What Value Does this Change Add?

It reduces the possibility of man-in-the-middle attacks

What Works Differently?

If the SMB and mutual authentication are not available, Windows 10 or Server 2016 will not access the domain-based Group Policy Scripts.

It is also good to note that the registry values of the settings are not present by default; the hardening rules will apply until a new policy change comes in through Group Policy or any relevant registry values.

6. Work Folders Improvements

The added changes to notifications are there when the Work Folder server is running on Windows Server 2016, and the Work Folder is on a client running Windows 10.

What Value Does this Change Add?

In Windows Server 2012 R2, when the changes in files are synchronized to the Work Folder, clients will get notified of the impending changes and wait for at least 10 minutes for the update to materialize.

When running Windows Server 2016, the Work Folders will immediately notify the Windows 10 client, and the synchronization changes take effect immediately.

What Works Differently

This is a new feature in Windows 2016.

For this feature to work, the client accessing the Work Folders must be a Windows 10.

In case you are using older clients, or if the Work Folder is on Windows Server 2012 R2, the client will poll every 10 minutes for any new changes.

7. ReFS Improvements

The ReFS (Resilient File System) offers support for large scale data storage allocation with varying workloads, reliability, resiliency, and scalability.

What Values Does this Change Add?

ReFS brings in the following improvements:

  • Implementing new storage tiers that help in delivering fast performance and increased capacity
  • Multipling resiliency on the same virtual disk through mirroring and parity tiers
  • Enhancing responsiveness to drifting working sets
  • Introducing a block of cloning and improvements to VM operations such as vhdx checkpoint merge operations
  • Helping in the recovery of leaked storage and keeping them from being corrupted

What Works Differently?

These functionalities are new in Windows Server 2016.

Conclusion

With so many features available in Windows Server 2019, this article covered the fully supported features.

At the time of writing this post, some features were partially supported in earlier versions but are getting full support in the latest Server versions.

From this read, you can see that Windows Server 2019 is a good upgrade experience.

What’s New in Windows Server 2019 Essentials?

The Windows Server 2019 Essentials does what the current version of Windows Server 2016 was designed to do: answering the needs of small businesses employing between 25 users or using a total of 50 devices.

The latest Windows Server 2019 Essentials was developed after broad consultations to understand the needs of small companies.

For a long time, small business customers have been embracing cloud services. However, business premises still need servers as valued assets that help in supporting the operations that are not yet compatible with cloud technology.

The Windows Server 2019 Essentials is another on-site version that small business users will find appropriate.

There are indications from Microsoft that the Windows Server 2019 Essentials could be the last edition of Windows Server Essentials.

Nonetheless, the company will continue its Server Essentials support based on the existing service schedule.

A word from Microsoft also indicates that the new release will have the same technical and licensing specifications as the earlier versions.

If you intend to use Windows Server 2019 as a Domain Controller, Windows Server 2019 Essentials must be the only Domain Controller and be flexible enough to run all Flexible Master Operations (FSMO) roles and allow only two-way trusts with other Active Directory Domains.

The New Approach

The new Windows Server 2019 Essentials will support new features and hardware such as Storage Migration Services and System Insights, without the inclusion of the Essentials Experience role.

Some of the removed features leave system administrators and small businesses unattended because they will no longer support these features:

  • Remote web access to the server
  • Centralized client PC backups
  • Office 365 integration

With the above features missing, some of the key stakeholders consulted before the introduction of Windows Server 2019 Essentials expressed their dissatisfaction with the new implementation because the new release looks like a foundation server, and it is not set up to run like a complete Essentials.

In response to such claims, Microsoft suggests that System Administrators should use the Windows Admin Center as part of a replacement to the lost features.

They also recommend the use of Microsoft Business Licensing bundle to access hosted services on Microsoft data centers, instead of running applications and storing their files.

The use of Office365 as a file sharing option and collaboration tool is complete when you consider Office Applications, intelligent solutions, Windows 10, security, and Enterprise Mobility.

Other features supported by Office 365 include e-mail, cloud storage, calendar, data protection, and more.

Those who may not see the need to move to the new Windows Server 2019 Essentials can still access their Windows Server 2016 Essentials through the Long-Term Servicing Channel (LTSC) timeline.

The same applies to those who chose to update from the current server installation to the 2019 edition.

What Do We Have in Windows Server 2019 Essentials?

Even though the new Essentials will have the same characteristics as the ones in earlier versions, the following stand out:

  • A single license, including Client Access Licenses (CAL) for 50 devices or 25 users
  • Reduced costs
  • Ability to run traditional applications such as file sharing and print sharing

The idea behind Microsoft’s decision to reduce the functionalities of Windows Server Essentials for the 2019 Server edition may not be clear to everyone.

However, the general assumption has been to bring small businesses aboard the Microsoft 365 Business platform.

The business platform is based on subscriptions that include Windows 10, Enterprise Mobility and Security, and Office 365.

How To Upgrade Windows Server 2019

In-place upgrading of a Windows Server Operating System allows the Administrator to upgrade the existing installation of Windows Server to a new version without changing the existing settings and features.

The Windows Server 2019 In-Upgrade feature allows you to upgrade the existing The Long-Term Servicing Channel (LSTC) release like the Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. The in-place upgrade service allows organizations to handle upgrades to newer versions within the shortest time possible. The direct upgrade is possible even when your existing Server Installation requires some dependencies before an upgrade.

Clients who do not document server installations or do not have the infrastructure or code for deployment will find it hard to upgrade to new Window Server versions. Without the Windows Server 2019 In-Place upgrade feature, you will miss many improvements on WS2019.

How to Upgrade to Windows Server 2019

Using the in-place upgrade to move to Windows 2019, use the Windows Server 2019 media on a DVD, USB or any appropriate method of installation. Start the setup.exe

The existing installation will be discovered, and you can perform the in-place upgrade. The installation should not take more than five minutes, but it all depends on the speed of the server and running roles and features.

The following example shows an in-place upgrade from Windows 2016 to Windows 2019 from an ISO file.

  1. Mount the ISO file and click on setup
  2. Accept defaults and click next (Download and install updates as the default option)
  3. On the next screen we will specify the product key and click next – the key can activate unlimited upgrades
  4. Select the edition with the desktop experience option and click next
  5. Accept user license terms and click accept
  6. Select the option for keeping personal files and programs because we intend to upgrade the Server. Click on Next.
  7. Windows will take time collecting updates and when done click on next when done (this depends on the speed of your internet)
  8. A warning will pop up about upgrading to a new Windows Version. Read the message and if you are okay with it click on confirm.
  9. The next step requires that you click on FlightSigning to enable it. (FlightSigning enables you to trust Windows Insider Previews builds that have signed certificates but not trusted by default.
  10. Click on install to initiate the installation process.

Once the upgrade is finished, you will notice some new features

  • The PowerShell replaces CMD
  • The Apps and Features open the settings panel and not Programs and Features as it in Windows Server 2016, which opens Control Panel where you can uninstall or change program and settings instead of the control panel.
  • Windows Defender Security Center has all the security settings.

Installing the Active Directory Domain System on Windows Server 2019

There is no much difference experienced if you have installed an Active Directory Directory Services on Windows Server 2016.

Run the server manager

  1. Click on Manage
  2. Roles and Features
  3. Follow the wizard and install AD DS
  4. Click on the link to promote the Server to a Domain Controller

Selecting Server Roles

  1. Click on the Add Roles and Features Wizard
  2. On the resulting wizard click on the roles, you want to add and click next

Creating a New Forest

  1. Click on the active directory domain service configuration Wizard
  2. On the deployment configuration wizard, choose the option to add a new forest
  3. Specify the domain information for the forest
  4. Click next

The Forest Functional Level (FFL) and the Domain Functional Level (DFL) are named Windows Servers in preview versions; use the Active Directory Service Configuration wizard to promote the server.

The Domain Controller options wizard will take you through the Server promotion wizard.

If you need more configuration options such as the Hyper-V installations, you can use the preview version for Windows Server 2019, which is 8.3

At the moment, most developers are still running tests on servers using the kind of hardware you will find in a professional environment. Testing using the Virtual Machines could also give good results however a server operating system should be verified using hardware deployments.

Windows Server 2019 System Insights

The responsibility of any system or IT administrator managing a server environment is to make sure that everything runs as expected. All activities and components that determine things like disks running out of space, the capacity of the memory used in processing connected hosts, know when to plan for new Virtual Machines, etc.

The proposed Windows Server 2019 system insights are available in the preview that helps in the analysis of the capabilities of Windows Server 2019. The capabilities are supported through machine learning, analysis of server system data like performance counters and events that give accurate predictions. The highly accurate predictions will help you to cut down on operational expenses that run into the management of the Windows Server 2019 instances.

The Windows Server 2019 also enables IT administrators to be proactive when it comes to detecting possible problems within the Windows Server environment. All the analysis is collected locally without the need for a specialized storage server or cloud configuration. Those using the Azure Log Analytics (OMS), can view all events on the Azure log Analytics.

What Are the Windows Server 2019 System Insights Capabilities?

The Windows Server System Insights 2019 (WS2019) has an almost similar interface to that of your mailbox. With such features, you only wish to see them extended when the trial period is over. Here are some of what to expect:

Browse

Going through the predictive capabilities, you can activate some features on demand or configure them to run on a given schedule.

Visualization

The expected outcomes can be visualized to enable the understanding of consumption levels and trends

Customization of Restorative Services

Restorative services can be customized to run automatically after a particular result is obtained. This automation is supposed to help users to solve issues automatically the moment it is noted.

Viewing Trends

You can view and understand how individual Windows Servers are trending with their capacity predictions.

Using PowerShell Remotely

Activating the PowerShell remotely, to sum up, all prediction outcomes of all related Windows Server instances. Examples of such instances include cluster, rack, tier, application, and data center. If you want to know how the overall fleet is trending, compute storage or network capacity dimensions.

The WS2019 introduces four capabilities that run based on capacity forecasting:

  • Forecast CPU storage for CPU capacity forecasting
  • Forecasts network for each network port to monitor networking capacity forecasting
  • Forecasts cumulative storage consumption on all local drives to monitor total storage consumption
  • Forecasts consumption of storage on each volume used in volume consumption forecasting

You can set custom rules to extend the capabilities.

Management of System Insights

Windows Server System insights have two centers of management. Using the Windows Admin Center through its web interface, or manage the insights through the PowerShell directly.

Windows Admin Center System Insights

Managing the server insights from the Windows Admin Center is by adding the extension associated the System Insights to the server that is to be managed. Through this interface, you can enable or disable System Insights. The Admin Center installs the System Insights on the local server.

Managing Windows Server 2019 System Insights from the PowerShell

As an alternative to the Windows Admin Center, the Windows PowerShell can also be used to enable and Manage System Insights. Enabling System Insights on Windows Server, you have to install System insights feature using the command:

Install-WindowsFeature System-Insights

Once the feature is installed, use the Get-InsightsCapability to give you all the options. You can look at the two examples below on how you can enable and disable capabilities.

Enable-InsightsCapability – Name “CPU capacity forecasting.”

Disable_InsightsCapability -Name “Network capacity forecasting.”

The results are visible by using the Get-InsightsCapabilityResult command. It is good to note that the information from this command is not instant. By default, you will get the predictions of the first five days after activating the feature.

Overhead and Performance

The next question likely to come from you should be how much overhead or resources that these features add to the server system. Look at the answer from the developers:

“Not every capability requires many resources to run. Each one will take longer to run as more data is collected, but you should see results within seconds.”