Networking in Windows Server Technical Preview
A month has already passed since that moment, as the Windows 10 Technical Preview was announced and how the Windows Server Technical Preview was presented. In order to see the changes that have occurred, you don’t even need to dig deep into the systems - the interface is different - the start button is back, there is no start menu ... In fact, our blog has already told about the changes in Windows 10 and in Windows Server Technical Preview and even in System Center. Today I want to talk about the changes that await us in working with the network. Unfortunately, not all of the promised features can be tested for operability in the technical version - but this is also the Technical Preview. Interested waiting under the cut.
Changes and additions that appeared in the Windows Server Technical Preview and relate to networking, relate to the following server components:
')
The new version of the DHCP server no longer supports Network Access Protection (NAP). NAP support was implemented in Windows XP Service Pack 3, Windows Vista and Windows Server 2008, but already in Windows Server 2012 R2 this feature was deprecated, and now in the Windows Server Technical Preview it has been permanently removed. Changes we can see in Group Policy Management:
Now, the DHCP server will not apply NAP policies, and network access protection for DHCP zones will be disabled. How will the interaction with other versions that NAP support? A DHCP client that supports NAP will send a statement of health (SoH). If the DHCP server is running on a server running Windows Server Technical Preview, these requests will be processed as if there is no information about the health status and in this case a normal DHCP lease will be provided. In addition, the Windows Server Technical Preview can be installed on a server that performs the role of a RADIUS proxy and redirects authentication requests to the Network Policy Server (NPS). If the NPS server supports NAP, then NAP clients will be considered incompatible with NAP.
Changes in DNS work affect both the client and server parts. Changes related to DNS client service that were announced in the Windows 10 Technical Preview are also relevant for computers running the Windows Server Technical Preview.
What has changed in the server part of the DNS? Here innovations are divided into two groups. The first part concerned the event log and diagnostics. Moreover, you can get acquainted with these changes in Windows Server 2012 R2, if you install the corresponding hotfix before. But in the Windows Server Technical Preview all features are available without any additional installations.
For the DNS server, the functionality of recording events in the event log and diagnostics has been expanded, namely, audit and analytics events are included. In order to enable this functionality, you must open the Event Viewer , in it go to Application and Services Logs \ Microsoft \ Windows \ DNS - Server . Right-click on the DNS-Server, select View, and then Show Analytic and Debug Logs. As a result, the Analytical log will be displayed; clicking on it selects properties. In the window that appears, select the Do not overwrite events ( Clear logs manually ) item in the When maximum event log size is reached , select the Enable logging checkbox and click OK .
What are the interesting features of this solution. First, the expansion of event logging and diagnostic capabilities has little impact on performance, reducing server load. Secondly, DNS logs are compatible with ETW client applications (logman, tracelog, message analyzer). Using these applications, you can receive, for example, the traces of all analytical and audit events, and analyze the logs already collected using the event log and diagnostics
To the second global innovation in the DNS server can be attributed to a new feature, called the "DNS policy" (DNS Policies). Using DNS policies, the system administrator can configure the DNS servers so that you can monitor the responses to DNS queries. Answers can be based on the client’s common IP address DNS, time of day, and several other parameters. In addition, DNS policies allow you to determine the location of the DNS, manage traffic, load balance, and also promise to implement some other scenarios. However, there is no more specific information; We hope that it will appear closer to the final version.
The Windows Server Technical Preview provides an add-on that allows you to use the GRE (Generic Routing Encapsulation) protocol for Windows Server Gateway. GRE can now be used in the S2S interface (site-to-site). This interface is used to establish a connection between your local and virtual network. In previous versions, when creating an S2S connection, it was possible to establish a secure connection. This solution was not always the most convenient - the need to create separate tunnels for subnets, the impossibility of creating routable interfaces, etc.
Using the GRE protocol allows you to solve these problems. On the one hand, GRE is less secure, but it can be used in conjunction with a secure protocol. On the other hand, when using the GRE tunnel, you are not limited to the type of traffic that can be transmitted over the tunnel. GRE also allows you to route multiple networks without requiring multiple tunnels.
For the GRE protocol, the Windows PowerShell cmdlets that work with the S2S protocol (Add-VpnS2SInterface, Set-VpnS2SInterface, and Get-VpnS2SInterface) have been added. Here are examples of using these cmdlets.
Creating a new tunnel
Modifying an existing tunnel
Remove GRE tunnel
Creating a new tunnel
Modifying an existing tunnel
Remove GRE tunnel
Here the specifics more or less ends. Unfortunately, the capabilities of IPAM and the new role of Network Controller are not yet being tested. I don’t want to turn this post into an even bigger review, so I’ll hide the superficial information about IPAM and Network Controller under the spoilers below - who are interested, take a look:
Well, I hope that you have found something useful for yourself in this article. I continue to wait for new information about Windows Server Technical Preview (I want concreteness already and, preferably, fully and fully working) and I wish you successful experiments in which the existing materials on Habré will help you:
Changes and additions that appeared in the Windows Server Technical Preview and relate to networking, relate to the following server components:
- DHCP
- DNS
- GRE Tunneling
- IPAM
- Network controller
')
1 DHCP
The new version of the DHCP server no longer supports Network Access Protection (NAP). NAP support was implemented in Windows XP Service Pack 3, Windows Vista and Windows Server 2008, but already in Windows Server 2012 R2 this feature was deprecated, and now in the Windows Server Technical Preview it has been permanently removed. Changes we can see in Group Policy Management:
Now, the DHCP server will not apply NAP policies, and network access protection for DHCP zones will be disabled. How will the interaction with other versions that NAP support? A DHCP client that supports NAP will send a statement of health (SoH). If the DHCP server is running on a server running Windows Server Technical Preview, these requests will be processed as if there is no information about the health status and in this case a normal DHCP lease will be provided. In addition, the Windows Server Technical Preview can be installed on a server that performs the role of a RADIUS proxy and redirects authentication requests to the Network Policy Server (NPS). If the NPS server supports NAP, then NAP clients will be considered incompatible with NAP.
2 DNS
Changes in DNS work affect both the client and server parts. Changes related to DNS client service that were announced in the Windows 10 Technical Preview are also relevant for computers running the Windows Server Technical Preview.
What has changed in the server part of the DNS? Here innovations are divided into two groups. The first part concerned the event log and diagnostics. Moreover, you can get acquainted with these changes in Windows Server 2012 R2, if you install the corresponding hotfix before. But in the Windows Server Technical Preview all features are available without any additional installations.
For the DNS server, the functionality of recording events in the event log and diagnostics has been expanded, namely, audit and analytics events are included. In order to enable this functionality, you must open the Event Viewer , in it go to Application and Services Logs \ Microsoft \ Windows \ DNS - Server . Right-click on the DNS-Server, select View, and then Show Analytic and Debug Logs. As a result, the Analytical log will be displayed; clicking on it selects properties. In the window that appears, select the Do not overwrite events ( Clear logs manually ) item in the When maximum event log size is reached , select the Enable logging checkbox and click OK .
What are the interesting features of this solution. First, the expansion of event logging and diagnostic capabilities has little impact on performance, reducing server load. Secondly, DNS logs are compatible with ETW client applications (logman, tracelog, message analyzer). Using these applications, you can receive, for example, the traces of all analytical and audit events, and analyze the logs already collected using the event log and diagnostics
To the second global innovation in the DNS server can be attributed to a new feature, called the "DNS policy" (DNS Policies). Using DNS policies, the system administrator can configure the DNS servers so that you can monitor the responses to DNS queries. Answers can be based on the client’s common IP address DNS, time of day, and several other parameters. In addition, DNS policies allow you to determine the location of the DNS, manage traffic, load balance, and also promise to implement some other scenarios. However, there is no more specific information; We hope that it will appear closer to the final version.
3 GRE Tunneling
The Windows Server Technical Preview provides an add-on that allows you to use the GRE (Generic Routing Encapsulation) protocol for Windows Server Gateway. GRE can now be used in the S2S interface (site-to-site). This interface is used to establish a connection between your local and virtual network. In previous versions, when creating an S2S connection, it was possible to establish a secure connection. This solution was not always the most convenient - the need to create separate tunnels for subnets, the impossibility of creating routable interfaces, etc.
Using the GRE protocol allows you to solve these problems. On the one hand, GRE is less secure, but it can be used in conjunction with a secure protocol. On the other hand, when using the GRE tunnel, you are not limited to the type of traffic that can be transmitted over the tunnel. GRE also allows you to route multiple networks without requiring multiple tunnels.
For the GRE protocol, the Windows PowerShell cmdlets that work with the S2S protocol (Add-VpnS2SInterface, Set-VpnS2SInterface, and Get-VpnS2SInterface) have been added. Here are examples of using these cmdlets.
Gateway on the cloud side
Creating a new tunnel
Add-VpnS2SInterface –Name GreCloudToEnt1 –Destination <Destination IP> -IPv4Subnet “10.1.1.0/24:1000” –GRETunnel –GREKey “12345” –SourceIP: <public interface IP> -RoutingDomain Rd1 Modifying an existing tunnel
Get-VpnS2SInterface –Name GreCloudToEnt1 | Set-VpnS2SInterface –EnableQos Disabled –GRETunnel –RoutingDomain Rd1 Remove GRE tunnel
Get-VpnS2SInterface –Name GreCloudToEnt1 | Set-VpnS2SInterface –AdminStatus $false – GRETunnel –RoutingDomain Rd1 Enterprise Gateway
Creating a new tunnel
Add-VpnS2SInterface –Name GreEnt1ToCloud –Destination <Destination IP> -IPv4Subnet “10.1.2.0/24:1000” –GRETunnel –GREKey “12345” –SourceIP: <Enterprise_IP> Modifying an existing tunnel
Get-VpnS2SInterface –Name GreEnt1ToCloud | Set-VpnS2SInterface –EnableQos Disabled – GRETunnel Remove GRE tunnel
Get-VpnS2SInterface –Name GreEnt1ToCloud | Set-VpnS2SInterface –AdminStatus $false -GRETunnel Here the specifics more or less ends. Unfortunately, the capabilities of IPAM and the new role of Network Controller are not yet being tested. I don’t want to turn this post into an even bigger review, so I’ll hide the superficial information about IPAM and Network Controller under the spoilers below - who are interested, take a look:
4 IPAM
The new version of Windows Server also suggests improvements in IPAM. IPAM capabilities are enhanced for scenarios such as handling internal addresses and finding free IP addresses of subnets and ranges in blocks of IP addresses. Also added are some new features for integrated lifecycle management operations, such as visualizing all DNS resource records that relate to an IP address, automated IP address inventory based on DNS resource records, and managing IP address lifecycle for operations like DNS, and DHCP.
Also promise and new features. For example, IPAM will support the management of DNS resource records and DNS zones for both domain-joined Active Directory servers and DNS servers stored in files. Also, if you install IPAM on your server running Windows Server 2012 R2, your data will be saved and migrated when upgrading to a new version of Windows Server.
Also promise and new features. For example, IPAM will support the management of DNS resource records and DNS zones for both domain-joined Active Directory servers and DNS servers stored in files. Also, if you install IPAM on your server running Windows Server 2012 R2, your data will be saved and migrated when upgrading to a new version of Windows Server.
5 Network Controller
Already in Windows Server 2012, a number of new features were presented for building various virtual networks, with the help of which clients could connect to their own isolated virtual networks using multi-tenant VPN. In the Windows Server Technical Preview, all this functionality is combined into a new role, called Network Controller.
Network Controller provides the ability to automate the configuration of physical and virtual networks. Using Network Controller, you can manage your data center using various management applications, such as System Center 2012 R2 Virtual Machine Manager or System Center 2012 R2 Operations Manager. This is possible because the Network Controller allows you to configure, configure, monitor, and solve problems that arise across the entire network infrastructure that is controlled by the Network Controller.
The diagram below shows the operation of the Network Controller. The administrator uses a management tool that is directly connected to the Network Controller. The Network Controller, in turn, provides information about the network infrastructure, including both virtual and physical network objects.
Network Controller provides the ability to automate the configuration of physical and virtual networks. Using Network Controller, you can manage your data center using various management applications, such as System Center 2012 R2 Virtual Machine Manager or System Center 2012 R2 Operations Manager. This is possible because the Network Controller allows you to configure, configure, monitor, and solve problems that arise across the entire network infrastructure that is controlled by the Network Controller.
The diagram below shows the operation of the Network Controller. The administrator uses a management tool that is directly connected to the Network Controller. The Network Controller, in turn, provides information about the network infrastructure, including both virtual and physical network objects.
Well, I hope that you have found something useful for yourself in this article. I continue to wait for new information about Windows Server Technical Preview (I want concreteness already and, preferably, fully and fully working) and I wish you successful experiments in which the existing materials on Habré will help you:
- First look at Windows Server Technical Preview
- How to try a new Windows Server Technical Preview without installation
- First look at System Center Virtual Machine Manager Technical Preview
useful links
- Try Azure for free for 30 days!
- Microsoft Azure Development Center (azurehub.ru) - scripts, tutorials, examples, design recommendations
- Twitter.com/windowsazure_ru - the latest Microsoft Azure news
- Microsoft Azure Community on Facebook - experts, questions
- Explore Microsoft Virtual Academy courses on cloud and other technologies
- Business and the cloud: best practices solutions
- Windows 8.1 Update for large organizations. Beginning of work
- Microsoft Hybrid Cloud: Typical Solutions Guide
- Toolkit for preparing users for Windows 8.1
- Introduction to the Win2D Graphic Library
- Download free or trial Visual Studio
- Become a universal Windows application developer
Source: https://habr.com/ru/post/242053/
All Articles