Month: May 2012

Whats new and changed in Windows Server 2012

What’s new and changed in Windows Server 2012 RC.

  • What’s New in AD CS? Active Directory Certificate Services (AD CS) in Windows Server 2012 provides multiple new features and capabilities over previous versions. This document describes new deployment, manageability, and capabilities added to AD CS in Windows Server 2012.
  • What’s new in Active Directory Domain Services (AD DS) Active Directory Domain Services (AD DS) in Windows Server 2012 includes new features that make it simpler and faster to deploy domain controllers (both on-premises and in the cloud), more flexible and easier to both audit and authorize access to files, and easier to perform administrative tasks at scale, either locally or remotely, through consistent graphical and scripted management experiences.
  • What’s New in Active Directory Rights Management Services (AD RMS)? Active Directory Rights Management Services (AD RMS) is the server role that provides you with management and development tools that work with industry security technologies—including encryption, certificates, and authentication—to help organizations create reliable information protection solutions.
  • What’s New in BitLocker BitLocker encrypts the hard drives on your computer to provide enhanced protection against data theft or exposure on computers and removable drives that are lost or stolen.
  • What’s New in BranchCache BranchCache in Windows Server 2012 and Windows 8 Release Preview provides substantial performance, manageability, scalability, and availability improvements.
  • What’s New in Failover Clustering Failover clusters provide high availability and scalability to many server workloads. These include file share storage for server applications such as Hyper-V and Microsoft SQL Server, and server applications that run on physical servers or virtual machines.
  • What’s New in File Server Resource Manager File Server Resource Manager provides a set of features that allow you to manage and classify data that is stored on file servers.
  • What’s New in Hyper-V The Hyper-V role enables you to create and manage a virtualized computing environment by using virtualization technology that is built in to Windows Server 2012. Hyper-V virtualizes hardware to provide an environment in which you can run multiple operating systems at the same time on one physical computer, by running each operating system in its own virtual machine.
  • What’s New in Kerberos Authentication The Microsoft Windows Server operating systems implement the Kerberos version 5 authentication protocol and extensions for public key and password-based authentication. The Kerberos authentication client is implemented as a security support provider (SSP) and can be accessed through the Security Support Provider Interface (SSPI).
  • What’s New for Managed Service Accounts Standalone Managed Service Accounts, which were introduced in Windows Server 2008 R2 and Windows 7, are managed domain accounts that provide automatic password management and simplified SPN management, including delegation of management to other administrators.
  • What’s New in Remote Desktop Services The Remote Desktop Services server role in Windows Server 2012 provides technologies that enable users to connect to virtual desktops, RemoteApp programs, and session-based desktops. With Remote Desktop Services, users can access remote connections from within a corporate network or from the Internet.
  • What’s New in Security Auditing Security auditing is one of the most powerful tools to help maintain the security of an enterprise. One of the key goals of security audits is to verify regulatory compliance.
  • What’s New in Smart Cards Smart cards and their associated personal identification numbers (PINs) are an increasingly popular, reliable, and cost-effective form of two-factor authentication. With the right controls in place, a user must have the smart card and know the PIN to gain access to network resources.
  • What’s New in TLS/SSL (Schannel SSP) Schannel is a Security Support Provider (SSP) that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. The Security Support Provider Interface (SSPI) is an API used by Windows systems to perform security-related functions including authentication.
  • What’s New for Windows Deployment Services Windows Deployment Services is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a network-based installation.

Public voting now open on papers for VMworld – Symantec Papers

As this years VMworld draws near, time has come to start preparing for the event and for those who have answered the “Call for papers” its time for the nervous bit when public voting opens and selection for content begins.

Anyone with a VMworld user account has the ability to mark their choices and with a plethora of topics available there’s definitely something that will spark an interest for everyone.

There are a number of Symantec sessions that I would ask for your consideration if you would be so kind to vote that would be great too 🙂

Special mention goes to session 2554, if you want to hear about something really special then its one not to miss, so please vote..

To access the public voting please visit. http://www.vmworld.com/www.vmworld.com/cfp.jspa

Thanks for voting…

Symantec Sessions:

How to Configure Hyper-V v3 & Windows Server 2012 “8” 8250 nested inside ESXi 5.0

Here is an update to the previous blog http://goo.gl/II3gf regarding nested VMs inside ESX 5.0, I wanted to give an update on how to install the Beta of Windows Server 2012 “8” 8250 build and more importantly how to enable Hyper-V role inside the nested VM.

For the majority of the installation of this build the steps remain the same as with Windows 2008 R2 but with a couple of additions.

First make sure you are either runnning ESX 5.0 Update 1 or atleast have patch ESXi500-201112001 http://goo.gl/oWZXV installed against ESX 5.0

1. You need to enable hardware virtualization by modifying the etc/vmware/config file. Enable SSH via tech support mode and putty to the ESX5i server

2. Once connected with putty  :

# echo ‘vhv.allow = “TRUE” ‘ >> /etc/vmware/config

3. Next create your Virtual Machine hardware, I personally used hardware version 8 to make things easier with configuration.

4. Before you get to booting up the VM and installing Hyper-V you need to add three lines the virtual machines config file .vmx

You can either add these via the vSphere Client in the settings of the virtual machine > Configuration Parameters, or doing it from command-line

To add them using command-line move back in SSH > change into the directory where you Hyper-V VM is installed

For example config file where my VM is located is called Hyper-V.vmx. Type the following commands:

# echo ‘monitor.virtual_exec = “hardware” ‘ >> Hyper-V.vmx

# echo ‘hypervisor.cpuid.v0 = “FALSE” ‘ >> Hyper-V.vmx

# echo ‘mce.enable = “FALSE” ‘ >> Hyper-V.vmx

5. Next there are a couple of changes to be made with the CPU configuration.

in the VM settings > Options > CPU/MMU Virtualization make sure you select the option to pass the Intel EPT feature.

6. Next move to the Options area > CPUID Mask click on Advanced

Add the following CPU mask Level ECX: —- —- —- —- —- —- –H- —-

8. Finally you are now ready to install Beta Windows 2012 “8” and enable the Hyper-V role.

Additional Notes: Watch out for blank screens once VMtools are installed, if this happens then enable 3D support for your Video card in the VM settings  – See VMware KB http://kb.vmware.com/kb/2006859

Also when configuring your VM use the E1000 network driver type and not the VMXNET3 as this driver does not work.

Once the Windows server is installed, just enable the Hyper-V role and your all set to start exploring the world of Hyper-V v3.

How to enable SSH on ESX 5 via vSphere Client

OK, so this is probably one of the easiest tasks to perform but its strange how many times I get asked how to enable this for remote access. I guess, most things people are really interested in are the new features which each version of ESX brings and may forget about the mundane stuff you may need for day to day admin.

  • First start the vSphere Client
  • Select the ESXi host in the configurations tab
  • Select Security Profile

  • Click on Properties in the upper right corner and you will get the a popup with all the services on this ESXi 5.0 hosts. Select the SSH service and press the Options button.

  • Now you can start the services and set the startup options

  • press okay and you are done..

that was easy wasn’t it

How to create a bootable USB disk for VMware ESX 5.x installation

UPDATED Content now at https://virtuallylg.com/index.php/2012/05/18/how-to-create-a-bootable-usb-disk-for-vmware-esx-5-0-installation/

 

One question that I get asked alot is how to create a bootable USB disk especially for installation for ESX and Linux distros. There are probably multiple ways to do this but I effectly use a free tool call UNetbootin, this utility has binaries for Windows, Linux and Mac so works great whatever your desktop of choice, now burning CDs becomes a thing of the past.

1. Download UNetbootin and run the software (WindowsMac OS XLinux).

2. Download the VMware vSphere 5 ISO file -> VMware Download Center.

3. Start the UNetbootin application and choose Diskimage (ISO) and browse to the downloaded ISO file.

4. Choose Type: USB Drive and choose the correct USB drive letter that you want the bootable installer to be installed to( make sure your USB drive is formatted as FAT32 and not NTFS)

5. You are now done! Just make sure you select the correct boot sequence in your BIOS so that the USB drive boots first.