October 31, 2014 at 09:18

Networking in Windows Server Technical Preview

    A month has passed since the moment Windows 10 Technical Preview was announced and how Windows Server Technical Preview was presented. In order to see the changes that have taken place, you don’t even need to delve deeply into the systems - the interface is already different - the start button has returned, there is no start menu ... In fact, our blog already talked about the changes in both Windows 10 and Windows Server Technical Preview , and even in System Center. Today I want to talk about the changes that await us in working with the network. Unfortunately, not all the promised features can be checked for performance in the technical version - but this is also the Technical Preview. Interested in waiting under the cut.




    Changes and additions that appeared in the Windows Server Technical Preview and relate to working with the network relate to the following server components:
    1. DHCP
    2. DNS
    3. GRE Tunneling
    4. Ipam
    5. Network controller
    Official sources (read: developer blogs and forums ) report that the new IPAM features do not work in Windows Server Technical Preview, and you cannot fully configure and test Network Controller. But you can not just read about changes in the operation of DHCP, DNS and VPN tunnels, but you can also experiment with these services on your own (experiments are best done in a test environment). Let's look at all the changes in order.

    1 DHCP


    In the new version of the server, DHCP no longer supports Network Access Protection (NAP). NAP support was implemented in Windows XP Service Pack 3, Windows Vista and Windows Server 2008, but already in Windows Server 2012 R2 this function was deprecated, and now in Windows Server Technical Preview it has been completely removed. We can see the changes in Group Policy Management:



    Now, the DHCP server will not apply NAP policies, and network access protection for DHCP zones will be disabled. How will interaction with other versions that support NAP? A DHCP client that supports NAP will send Statement of Health (SoH) information. If the DHCP server is running on a server running Windows Server Technical Preview, then these requests will be processed as if there is no information about the health status and in this case a normal DHCP lease will be provided. In addition, Windows Server Technical Preview can be installed on a server that acts as a RADIUS proxy and redirects authentication requests to the Network Policy Server (NPS). If the network policy server will support NAP,

    2 DNS


    Changes in the operation of DNS affect both the client and server parts. Changes regarding the DNS client service that were announced in Windows 10 Technical Preview are also relevant for computers with Windows Server Technical Preview installed.
    What has changed in the server side of DNS? Here innovations are divided into two groups. The first part dealt with the event log and diagnostics. Moreover, these changes can be found in Windows Server 2012 R2, if you install the corresponding hotfix before that. But in Windows Server Technical Preview all the features are available without any additional installations.



    The functionality for recording events in the event log and diagnostics has been expanded for the DNS server, namely, audit and analytics events are included. In order to enable this functionality, you must open the Event Viewer , in it go to Application and Services Logs \ Microsoft \ Windows \ DNS - Server . Right-clicking on the DNS-Server, select View, and then Show Analytic and Debug Logs. As a result, the Analytical log will be displayed ; clicking on it, select the properties. In the window that appears, select Do not overwrite events ( Clear logsmanually ) in the When maximum event log size is reached item , select the Enable logging checkbox and click OK .



    What are the interesting features of this solution. First, expanding the capabilities of event logging and diagnostics have little effect on performance, reducing the load on the server. Secondly, DNS logs are compatible with ETW client applications (logman, tracelog, message analyzer). Using these applications, you can receive, for example, traces of all analytical and audit events, and analyze already collected logs using the event log and diagnostics
    The second global innovation in the DNS server is a new feature called DNS Policies. Using DNS policies, the system administrator can configure the DNS server so that it can control the responses to DNS queries. Responses can be based on the client’s common IP address, time of day, and several other parameters. In addition, DNS policies allow you to determine the location of DNS, manage traffic, balance loads, and also promise to implement some other scenarios. However, more specific information is not yet available; We hope that it will appear closer to the final version.

    3 GRE Tunneling


    The Windows Server Technical Preview introduces an add-on that allows you to use the capabilities of the GRE (Generic Routing Encapsulation) protocol for the Windows Server Gateway. Now GRE can be used in the S2S (site-to-site) interface. This interface is used to establish a connection between your local and virtual network. In previous versions, when creating an S2S connection, a secure connection could be established. This solution was not always the most convenient - the need to create separate tunnels for subnets, the inability to create routable interfaces, etc.
    Using the GRE protocol can solve these problems. On the one hand, GRE is less secure, but it can be used in conjunction with a secure protocol. On the other hand, when using the GRE tunnel, you are not limited by the type of traffic that can be transmitted through the tunnel. GRE also allows you to route multiple networks without having to create multiple tunnels.
    For the GRE protocol, Windows PowerShell cmdlets that work with the S2S protocol (Add-VpnS2SInterface, Set-VpnS2SInterface and Get-VpnS2SInterface have been supplemented. The following are examples of the use of these cmdlets).

    Cloud Side Gateway

    Create a new tunnel
    Add-VpnS2SInterface –Name GreCloudToEnt1 –Destination  -IPv4Subnet “10.1.1.0/24:1000” –GRETunnel –GREKey “12345” –SourceIP:  -RoutingDomain Rd1

    Modify an Existing Tunnel
    Get-VpnS2SInterface –Name GreCloudToEnt1 | Set-VpnS2SInterface –EnableQos Disabled –GRETunnel –RoutingDomain Rd1

    Removing GRE Tunnel
    Get-VpnS2SInterface –Name GreCloudToEnt1 | Set-VpnS2SInterface –AdminStatus $false – GRETunnel –RoutingDomain Rd1


    Enterprise Gateway

    Create a new tunnel
    Add-VpnS2SInterface –Name GreEnt1ToCloud –Destination  -IPv4Subnet “10.1.2.0/24:1000” –GRETunnel –GREKey “12345” –SourceIP:

    Modify an Existing Tunnel
    Get-VpnS2SInterface –Name GreEnt1ToCloud | Set-VpnS2SInterface –EnableQos Disabled – GRETunnel

    Removing GRE Tunnel
    Get-VpnS2SInterface –Name GreEnt1ToCloud | Set-VpnS2SInterface –AdminStatus $false -GRETunnel


    Here the specifics more or less end. Unfortunately, the capabilities of IPAM and the new role of Network Controller have not yet been tested. I don’t want to turn this post into an even bigger review, so I’ll hide very superficial information about IPAM and Network Controller under the spoilers below - who cares, look:

    4 IPAM
    The new version of Windows Server also expects improvements in IPAM. IPAM capabilities for scenarios such as processing internal addresses and finding free IP addresses of subnets and ranges in blocks of IP addresses are improving. Also added several new features for integrated life cycle management operations, such as visualization of all DNS resource records related to an IP address, automated inventory of IP addresses based on DNS resource records, and IP address life cycle management for operations like DNS, so is DHCP.
    Also promise new features. For example, IPAM will support the management of DNS resource records and DNS zones for both Active Directory servers included in a domain and DNS servers stored in files. Also, if you install IPAM on your server running Windows Server 2012 R2, your data will be saved and migrated when upgrading to a new version of Windows Server.


    5 network controller
    Already in Windows Server 2012, a number of new features were introduced for building various virtual networks, with which clients could connect to their own isolated virtual networks using a multi-tenant VPN. In Windows Server Technical Preview, all this functionality is combined into a new role called Network Controller.

    Network Controller provides the ability to automate the settings of physical and virtual networks. Using Network Controller, you can manage your data center using various management applications, for example, System Center 2012 R2 Virtual Machine Manager or System Center 2012 R2 Operations Manager. This is possible because the Network Controller allows you to configure, configure, monitor, and solve emerging problems of the entire network infrastructure that is controlled by the Network Controller.
    The diagram below shows the operation of Network Controller. The administrator uses a management tool that is directly connected to the Network Controller. Network Controller, in turn, provides information about the network infrastructure, including both virtual and physical network objects.



    Well, I hope that you have found something useful in this article. I continue to wait for new information about the Windows Server Technical Preview (I want to have specifics and, preferably, completely and completely working) and wish you successful experiments in which the existing materials on Habr will help you:
    1. First look at the Windows Server Technical Preview
    2. How to try the new Windows Server Technical Preview without installing
    3. First look at the System Center Virtual Machine Manager Technical Preview


    useful links


    Tags:

    Also popular now: