This article was originally written as a guest blogger for intense School IT educational services. Since I already discussed BYOD in general and, more specifically, I talked about Citrix XenMobile (see my previous article โBYODโฆBeyond the Hypeโ I thought it might be a good idea to have a look at some of the daily challenges we face when it comes to securely accessing our corporate data and applications, especially when mobile devices come into play, and to see what Microsoft has to offer as part of its new Windows Server 2012 R2 release to help us overcome some of these challenges.
Summit
Last April, Microsoft organized its Microsoft Management Summit in Las Vegas. Thousands of IT enthusiasts gathered to hear what Microsoft had to say about mobility and its management and virtualization in general. Thereโs no doubt that Microsoft is betting heavily on their cloud services, with Office 365 (hosted Exchange and SharePoint), Azure, and Outlook.com probably being the best known ones. In the opening keynote, Brad Anderson (vice-president of Windows Server and System Center) stated that, โModern devices should be managed from the cloud,โ referring to Microsoftโs System Center 2012, which, as of SP1, released last January, now has BYOD support capabilities for Windows RT, Windows Phone 8, iOS, and Android devices (BlackBerry isnโt supported). This is made possible by the integration of the Cloud-based InTune management service into the System Center product suite.
Next to its newly added mobile management capabilities, System Center 2012 primarily focuses on designing, building and managing private clouds. Using all of these technologies combined offers an impressive list of possibilities when creating private and/or hybrid cloud solutions, the way to go according to Microsoft, I think we all agree on that one. Remember that System Center is a complete suite of management and monitoring products bundled together and sold as such. It consists of: Advisor, App Controller, Virtual Machine Manager, Configuration Manager, Endpoint Protection Manager, Data Protection Manager, Operations Manager, Service Manager, and Orchestrator.
Workplace Join
Some numbers: According to Brad Anderson, 420,000 domains are now managed in the Azure Active Directory, which is also used by Office 365, and Office 365 is now used by over 20% of enterprises worldwide, which is impressive, to say the least. In my previous article, I talked about mobility and mobile device management in general and I also emphasized the fact that the number of mobile devices is growing at an enormous rate. However, this doesnโt mean that users will get rid of their โnormalโ personal and corporate computers, laptops, and who knows what other devices they might have. In fact, according to Gartner, the average knowledge worker today owns up to four devices and, although this is a rough estimate, it does indicate the enormous growth that has taken place in just the last couple of years. If we add in the BYOD concept to this as well, you can probably imagine some of the difficulties that IT has to face. For example, making these devices part of our corporate network is often easier said than done; I mean, iOS devices as part of your Active Directory domain?
This is where Microsoftโs Workplace Join might offer a solution. With Windows Server 2012 R2, Microsoft introduces the possibility for administrators to control who has access to corporate resources, based on applications, users, devices and location, as stated on TechNet. Once set up and configured, users will be able to access data and business applications from everywhere on any device, including single sign-on capabilities. Devices donโt get directly registered in Active Directory; instead, when a device joins a Workplace, it gets known and trusted by their company.
In a nutshell, this is how it works: The main ingredient is the device registration service (DRS), which is part of the Active Directory Federation role in Windows Server 2012 R2. As soon as a device is Workplace-joined, the DRS creates a device object in Active Directory and generates a certificate that is used to represent its identity. DRS can make use of a web application proxy server; this way external devices can join using an Internet connection. In the end, itโs up to IT to assign resources and applications accessible from the Workplace. For now, only Windows Server 2012 R2 Preview, Windows 8.1, and iOS devices are supported.
Mobile Information Management
For years weโve been using Microsoftโs Offline Files as a way to access our work-related data outside of our corporate network; although this works fine for some, it doesnโt offer the functionality, robustness, and business integration most of us are looking for. Solutions like SkyDrive and DropBox offer similar services, or so it seems. SkyDrive (letโs stick to Microsoft) integrates with the Microsoftโs Office suite and Outlook.com, enabling users to directly upload, save, and edit documents the way they feel is best. It also offers Windows Live Groups integration. Each Live Group within Windows Live Groups is equipped with 5 GB of storage space on SkyDrive, to be shared among the group members. Although it offers a great set of features, itโs still not as enterprise-ready as we would like it to be. For one thing, it gives users a free passage to storing corporate-related data in the cloud without IT being able to manage it, at all! Data storage, encryption, and password policies for example, which are kind of important, are out of your hands. What we need is some kind of hybrid solution giving us the option and flexibility to combine cloud and local storage, giving us full control.
But wait, what about the โProโ version? SkyDrive Pro does offer corporate administration functionality. Itโs part of your companyโs Office365 or SharePoint online services (business) account. It stores your data on SharePoint Online or on SharePoint 2013 servers within your company (on premises) and it can synchronize its libraries with your personal or corporate PC and/or mobile devices supplying you with secure offline access. It runs alongside SkyDrive and, although they share similar functionality and are named the same, there are some distinct differences between the two and therefore they should be seen and treaded as two separate products.
Last year (October 2012) Microsoft acquired StorSimple, a company specialized in offering cloud-integrated storage solutions. It offers a storage appliance that can integrate cloud (Azure storage) and on-premises storage maximizing data protection and flexibility, lowering the TCO by 60 to 80%, or so Microsoft claims on their website. I havenโt had the chance to have a close look myself but, from one Citrix geek to another, this sounds pretty close to ShareFile, doesnโt it? It uses a technique called data tiering, which basically places the most active data on the fastest (local SSD for example) storage available and it divides less active data between slower local storage and the Azure cloud storage. Nice, at least in theory. They havenโt really advertised it yet, or I must have missed something, but Iโm guessing it wonโt be long now. Have a look here if youโre interested in some more detailed information; it sounds promising.
Work Folders
This is another cool new feature which can, and probably will, easily replace Offline Folders. In fact, why even use folder redirection of traditional Home Folders at all? Think about this for a minute. The best thing is, itโs part of the new Windows Server 2012 R2 release at no additional cost. It starts with the file and storage services roles, which are both installed by default. With these two roles, you will be able to use Server Manager or PowerShell to manage your basic storage needs, such as Data Deduplication, iSCSI, NFS, and a few more. Storage Spaces (have a look at this as well, itโs an awesome feature) are also, by default, available for use. If youโd like to implement extra functionality such as DFS namespaces and replication, for example, youโll need to add these roles separately through the โAdd Roles and Features Wizardโ accessible from Server Manager. Work Folders can be enabled in the same way or you can use this PowerShell cmdlet instead: Add-WindowsFeature FS-SyncShareService. Microsoft offers a Windows PowerShell module containing multiple cmdlets to manage your Work Folder systems.
Work Folders enable users to store and access corporate-owned data on their personal PCโs and mobile devices as well as on corporate-owned PCโs, offering a single point of access. Files can be accessed offline and get synchronized as soon as an Internet connection becomes available whether the devices are joined to a domain or not. Can you say BYOD?! Not much is needed; you can use your existing infrastructure and install it on one of your stand-alone file servers or, even better, offer high availability by implementing it on one of your failover cluster file server nodes. Note that your Work Folders systems must be running Windows Server 2012 R2 for this to work. Quotas and data classification can also both be applied if thatโs your thing. Work Folders are integrated with and accessible from the Windows File Explorer, itโs that easy. As opposed to products like SkyDrive, ShareFile, and Google Drive, to name a few, Work Folders contain user data and as such are intended for personal use only.
Another big plus, if we compare Work Folders with SkyDrive or SkyDrive Pro, both mentioned earlier, is that the centralized storage for Work Folders is an on-premises file server running Windows Server 2012 R2, giving you total control of your data, something that, when it comes to corporate data, is a must for a lot of companies. You wouldnโt believe how many companies out there donโt have faith in the cloud. Problem solved! Be aware that, as far as client devices go, only Windows 8.1 preview and the Windows RT 8.1 preview OS are supported. Since, and this is Microsoft talking, itโs not offered as a cloud service/product, perhaps private clouds being the exception, I wouldnโt give up on your SkyDrive Pro and ShareFile accounts just yet. Nevertheless, itโs a great add-on!
Hyper-V
I have already mentioned the Azure cloud platform a few times. I think there arenโt many platforms out there that rely as heavily on Hyper-V as Azure does. And since Hyper-V is, or can be, a big and important part of our private cloud solutions as well, Iโd like to take a minute and talk about Hyper-V in general and do a quick comparison against VMware as far as licensing and pricing goes.
For the record, I donโt have a personal preference when it comes to hypervisors, VMware, Hyper-V, or XenServer for that matter; they all have their strengths and weaknesses. But since there seems to be an everlasting battle between Microsoft and VMware, I decided to do a little research myself. Have a look at the table below, it displays the (financial) differences between the two (which is probably the biggest difference, anyway), and assumes that the host OS has already been paid for. I only looked at their top-notch products, including all features and extras (Microsoft Datacenter OS edition).
Microsoft only has one Hyper-V edition, and thatโs it; the only choice you need to make is whether you buy System Center Datacenter or Standard Edition. This basically means the difference between being able to manage an unlimited amount of virtual operating system environments (OSEs) or just two with the Standard Edition; besides that, theyโre exactly the same and both include Microsoftโs Software Assurance for a period of two years by default. VMware offers three different vSphere editions; next to that they also offers several essential and/or acceleration kits, which differ depending on the underlying vSphere edition. None of this with Microsoft, itโs all or nothing. VMware also offers two separate support and subscription packages (SnS), named โbasicโ and โproduction.โ You will need to purchase SnS for at least one year with each product you order, something to keep in mind, because these SnS packages arenโt cheap. But then again, they (VMware) do seem to live up to their high standards and deliver excellent support. The same can be said for Microsoft support, although I personally donโt have any real-life experience with contacting VMware, so I canโt compare the two. Iโll leave that up to you.
The above has two sides. For one, Microsoft makes the choices you need to make a lot easier, and besides that, they are a whole lot cheaper as well. On the other hand, VMware offers a lot more granularity, you can buy exactly the kind of functionality you need and nothing more, keeping it clean and simple. The above only shows their flagship product and thatโs what you pay for; with Hyper-V, it depends on the amount of VMs youโll need to support and/or how many physical processors your managed server has onboard (although this goes for VMware, as well). Iโm just saying that the price differences as shown above could be a bit smaller, but not much, if you go with one of VMwareโs other editions or kits. In the end, Hyper-V will always be cheaper, and thatโs probably one of the biggest advantages they have over VMware.
Replacing your existing hypervisor isnโt something thatโs easily done and it can be costly, since you already invested a lot of money in your existing environment, which will basically be lost. Youโll have to come up with some valid reasons on why you would like to replace one with the other and convincing your management to do so might just be the hardest part. You also need to consider the fact that your technical staff might need additional training to get to know the new product, something that is often overlooked, and this takes time. On the other hand, if you are going Greenfield you wonโt be wasting any money, so to speak, and this could have a huge impact on your final decision, since technically both products offer similar functionality. Sure, Hyper-V offers some functionality that VMware doesnโt and vice versa, but at this point the differences between the two can almost be neglected, although some of the hypervisor gurus out there will probably not agree with me on that one. VMware has the advantage of time because theyโve been dominating the market for the past 10 years or so, and therefore their product(s) are used by thousands of companies worldwide, making it hard(er) for Microsoft to get their foot in the door but, then again, statistics show that Hyper-V is already becoming the more popular product when it comes to new implementations and designs where a hypervisor still needs to be chosen, especially with smaller and mid-sized companies. Weโll just have to wait and see how all this will unfold in the (near) future.
Conclusion
Microsoft is definitely moving forward and has once again improved their server product with a big focus on mobility, security and bringing your own device. Although, for now, I havenโt discussed their hypervisor product in great detail, I can assure you that theyโre doing an excellent job in pursuing their rivals; the cap is getting closer by the day.
Make sure you get your hands on a test machine of some sort, perhaps build up your own virtual private domain using your preferred hypervisor, install Windows Server 2012 and go from there. Set up a Workplace, enroll your iPhone, and play around with it for a while. Iโm sure youโll end up as excited as me when youโre done. As far as Work Folders goes, this is a must-do technology. Think about how all this new technology can assist you in helping to overcome some of your mobility challenges. It could be that youโre into managing BYOD as well; if so, I can highly recommend having a look at Windows InTune, Microsoftโs 100% cloud-based mobile management solution. Itโs free for 30 days and registering has never been easier.
When compared to other products and vendors, Citrixโs and their ShareFile technology for example, Microsoft still has some ground to cover, but they show great potential and with the acquisition of StorSimple theyโre on the right track for sure. Iโm looking forward to the next few months, letโs wait and see what they come up with next!
Bas van Kaam ยฉ
Reference materials used: Microsoft.com, Technet.com, Vmware.com and Stealthpuppy.com
[twitter-follow screen_name='BasvanKaam']
One response to “Mobility based on Windows Server 2012 R2”
Microsoft Intune Addon Shared Server Open
[…] the differences between the two can almost be neglected, although some of the h […]