Windows Server 2012 Release Preview: Compelling new features

Much easier DirectAccess deployment and a full-scale dynamic access control system are among the key benefits.

1 2 3 Page 2
Page 2 of 3

The central access and audit policies work with these tags to determine, along with the file system ACLs, what access can be granted to whom and on what conditions. For example, if you classify a certain folder as HIPAA-sensitive because it contains patient medical data, then the central access policy would glom on to that tag and activate when users attempt to access HIPAA information that the policy says should be restricted.

The audit policy would also key in to this activity and record the attempts, either successful or unsuccessful, for further monitoring. In addition, Windows Server 2012 can now encrypt files automatically based on their classification, so that all files with the HIPAA tag get encrypted automatically as soon as the tag is applied. That encryption is maintained and can also be audited for compliance purposes.

Hands on

This suite of facilities really enhances the way you can control access to information. It's no longer about taking files or folders and making decisions about "yes, these people can" and "no, these people can't."

It's about abstracting away the individual data and making larger assignments about the types of data that live on your system, and the types of users that should and should not have access to it. It's a new way of thinking that very much complements the strong abilities of the file system to secure data.

To take full advantage of these additions, you'll need to make minimal schema additions to Active Directory. You can begin using the lion's share of the feature set of DAC with just a Windows Server 2012 file server and a domain controller -- it's not a wholesale upgrade. It's a helpful addition to Windows Server 2012.

Virtual Desktop Infrastructure improvements

RemoteFX technology, which has been part of Windows Server for some time, brings local-quality graphics to hosted sessions over the Remote Desktop Protocol (RDP).

One of the big wins in Windows Server 2012 is the elimination of the requirement for physical GPU cards and video cards in servers to take advantage of RemoteFX. This was expensive and tough to scale; you essentially needed a dedicated GPU in a server in a data center for every graphics-oriented user you had on a virtual desktop of a hosted Remote Desktop session.

Now, virtualized GPUs that take on much of this work are available, and standard server boxes with no special video equipment can host high-performance sessions.

Indeed, in side-by-side tests I witnessed at the recent TechEd conference, a Windows 8 RDP session hosted on a Windows Server 2012 unit with no special hardware worked dramatically better than a Windows Server 2008 R2-based session with a physical GPU using RemoteFX. The graphics were smooth, the latency was nearly nonexistent, and there were no gaps in audio playback. 3D rendering also worked smoothly with keyboard and mouse and touch interaction. A lot of work was done to the RDP protocol itself in Windows Server 2012 to improve remote multitouch events with as little overhead and as much responsiveness as possible. The payoff shows.

Windows Server 2012 - user profile disks
The operating system creates a separate virtual hard disk (VHD) file that stores user personalization information. When users log in to a pooled desktop, Windows will stream this personal VHD to create a personalized experience.

In addition, USB support over an RDP session has been further enhanced such that if a device works locally on the Windows client, it will work over an RDP session with no special drivers required. Previously, only a small subset of Windows-compatible USB devices could be "sent" over an RDP connection, making the VDI deployment choice limited for shops where users have a lot of local peripherals. Smart card readers, webcams, games and so on work seamlessly as long as a driver is available to the local client -- the remote process is all taken care of by RDP.

There is also a new "Fair Share" technology that manages the allocation of CPU, memory, disk space and network bandwidth among all running sessions on a host. It prevents one user from hogging resources and limits users to a certain percentage of available resources.

You can configure caps on each of the items globally and then those percentages are applied evenly across all running settings. You can't specify that one user can have twice as much network space as another by default, for example, which is why the technology is known as Fair Share. But it's a good way to ensure one user doesn't degrade the VDI experience for everyone by streaming a high-definition movie.

In addition, a big disadvantage of the pooled desktops has been removed. In the past, when users were assigned a pooled virtual machine, they had a degraded experience. Whenever they made changes to preferences, settings or saved data locally to the pooled machine, those settings were destroyed upon logout since the pooled image remained static. (This didn't apply to personal virtual desktops that were preserved individually for each user.)

1 2 3 Page 2
Page 2 of 3
9 steps to lock down corporate browsers
Shop Tech Products at Amazon