What's new in windows server 2012 networking (Part 1)
Introduction
Given that Windows Server 2012 became available in final release this month, I thought that an article about what's new in Windows Server 2012 networking might be in order. If you haven’t had a chance to check out Windows Server 2012 yet, I think you're in for a pleasant surprise; there are so many new features and capabilities that to say it’s “mind boggling” would not be doing it justice.
Some of the major investments in Windows Server 2012 have been in the areas of failover clustering, virtualization and file services. While these are all networking-related, at first glance it might seem that not so much work has gone into the pure Windows networking features. One of the reasons for that is that Microsoft is increasingly interested in cloud computing and providing an operating system that cloud service providers will be interested in adopting, or that consumers of the cloud service will be able to deploy in a cloud environment. I believe that is what is driving Microsoft’s primary investments in new technologies. In the future, we’ll probably see some more networking technologies added if there is a strong “cloud angle” for adding them.
All that said, let's take a look at what is new in networking for Windows Server 2012. Check out this list of improved and/or enhanced features:
- 802.1x Authenticated Wired and Wireless Access
- BranchCache
- Data Center Bridging (DCB)
- Domain Name System (DNS)
- DHCP
- Hyper-V network virtualization
- IP Address Management (IPAM)
- Low Latency Workloads technologies
- Network Load Balancing
- Network Policy and Access Services
- NIC Teaming
- Windows QoS
- DirectAccess and Unified RRAS
- Windows Firewall with Advanced Security
Let's dive a little deeper and look at what the improvements are all about.
802.1x Authenticated Wired and Wireless Access
Windows Server 2012 has a new authentication protocol that's called Tunneled Transport Layer Security or EAP-TTLS. You can use this with any server or client other than Windows Server 2012 and Windows 8. This is a new way to do EAP type authentication that is more secure than previous versions of EAP-TLS authentication. For more information on how this works, check out this link for wired access and this link for wireless access.
BranchCache
Sure, we know BranchCache is not new. And I admit that I sometimes wonder if anyone is deploying BranchCache, because you just don’t' hear that much about it anymore. It’s a great technology that isn’t all that difficult to set up, so maybe that’s why I don’t hear a lot about BranchCache. If something’s good and easy to use, it just works and it’s "set it and forget it." In Windows Server 2012, the goodness continues and expands. You get quite a few new features, including the following:
- No limits on office sizes or on the number of branch offices
- No requirement for a Group Policy Object for each office location
- Client computer configuration is now automatic
- BranchCache features and capabilities are more integrated with the Windows file server role
- Duplicate content is stored and downloaded only once
- Reduced bandwidth is required to enable small changes to large files
- Offline creation of content information
- Automatic encryption of cached content
- You can now manage BranchCache using PowerShell and WMI (but you don’t have to, thank goodness!)
- Improved database performance
- No server certificate requirement
For more information on what’s new with BranchCache, check out this link.
Data Center Bridging
This is an interesting new technology that is included with Windows Server 2012, which can significantly improve network bandwidth in your data center. What it does is allow quality of service calculations and policy to be offloaded from the main processor and onto the NIC. This is similar to what you see with IPsec Talk Offload for IPsec related calculations. In a cloud or virtualized data center environment, the end result is that you end up with greater VM density, since you have more cycles available to run the virtual machine workloads and don’t have to spend so many cycles processing QoS policy, since the NIC is taking care of that for you.
Some things you need to know about DCB:
- It provides interoperability between DCB enabled NICs and DCB switches. This means that both the NIC and the switches on the network will need to be DCB aware.
- Priority based flow control is used and the priorities are based on policy.
- Traffic control is accomplished by leveraging 802.1p.
- You can control traffic based on TCP or UDP port.
- Management can be done through PowerShell or WMI. Sadly, there is no graphical user interface for DCB.
- DCB management options are available through Group Policy Objects.
- DCB works together with Windows Server Quality of Service.
For more information on DCB, head on over to this site.
Domain Name System
We definitely know that DNS is not new in Windows Server 2012 :) DNS has been around since the beginning of time. Well, okay – since 1982, but that seems like the beginning of time. Even though it's still the same old DNS that we know and love (and sometimes hate), there have been a few improvements that I think you’ll find interesting. From the DNS server perspective, the new and improved features include:
- Support for Active Directory integrated DNS zones and dynamic updates to DNSSEC zone
- Support for updated standards to the DNSSEC protocol
- Trust anchor is automatically distributed through Active Directory
- Rollover support for trust anchor is now automated
- There is a greatly improved user interface; you don’t need to get bogged down in the command line, and this significantly reduces errors
- Records signed with updated DNSSEC standards
- New PowerShell stuff that allows you to do almost complete configuration in PowerShell (if the command line is what floats your boat).
On the client side (Windows 8), there are also a few new things that you might find interesting:
- Link-local multicast name resolution (LLMNR) outbound queries not send on mobile broadband or VPN interfaces (hurray!)
- NetBIOS outbound queries are not sent on mobile broadband interfaces (double hurray!)
- Link-local multicast name resolution timeout has been increased to 410 ms for the first retry and 410 ms for the second retry. This makes the total timeout period 820 ms instead of the former 300 ms. The reason they changed this is that there were issues with computers that were in power saving mode and the timeout happened too quickly because of the time it took to get out of power saving mode.
- Both Link-local multicast name resolution and NetBIOS queries are sent at the same time for both IPv4 and IPv6 protocols
- Optimized binding order so that interfaces are divided into networks and can send parallel DNS queries and prefer binding order responses
- Support for protocol reordering so that if one of the interfaces appears to be hijacking DNS names, then in the situation of single label name on those networks, Link-local multicast name resolution and NetBIOS queries will be sent at the same time with DNS queries for the Link-local multicast name resolution and NetBIOS responses being preferred
For more information on what’s new in DNS, check out this link.
Dynamic Host Configuration Protocol
Yes, our beloved DHCP has received a tune-up in Windows Server 2012. Some of the new and improved things on the server side include DHCP failover, policy based assignment and PowerShell support for all DHCP configuration tasks.
The PowerShell stuff aside, the other two new features are most welcome. With DHCP failover, you can have continuous availability of DHCP services for two or more DHCP servers that are handling the same scopes. This is accomplished by having the DHCP servers share information about the IP addressing information they have leased out with one another. You can also configure the DHCP servers that are set up for failover to load balance the requests as well. Find out more about this here.
The policy based assignment feature allows the DHCP server to take a look at the requests it receives from the DHCP clients and apply the policy to the requests that control the responses. Policy can be based on:
- Device types. You can assign different address ranges to different device types, such as printers, phones, desktops, etc. You can even add vendor classes, such as “HP-JetDirect” and control the IP addressing information for machines that include that string in their request.
- Multiple roles. Different clients might need different lease durations. A desktop client that never leaves the building can have a long lease duration, while a phone that goes in and out of the building will need a very short lease duration. You can do this with the new Windows Server 2012 DHCP server.
- Virtualization. Virtual machines often join and leave the network. They also often are assigned different routing information than physical machines. What you can do is assign the MAC addresses you use for your VMs to a policy and then those VMs will get specific IP addressing information from the DHCP server.
For more information regarding what’s new in the Windows Server 2012 DHCP server, please see this link.
Summary
In this article, we got a good start on a first look at what’s new in Windows Server 2012 networking. We saw that there have been some nice improvements in 802.1x authenticated wired and wireless access, BranchCache, Data Center Bridging or DCB, the Domain Name System Server and client and the DHCP server and client. In Part 2 of this series, we’ll continue to look at additional new and improved features in Windows Server 2012 networking.