What's New in Networking in Windows Server 2012
Published: June 26, 2013
Updated: June 26, 2013
Applies To: Windows 8, Windows Server 2012
The following networking technologies are new or improved in Windows Server® 2012.
For Windows Server 2012 and Windows® 8, 802.1X Authenticated Wired and Wireless Access provide the Extensible Authentication Protocol (EAP) authentication type Tunneled Transport Layer Security, or EAP-TTLS. EAP-TTLS is new in Windows Server 2012 and Windows 8 and is not available in other versions of Windows Server.
EAP-TTLS is a standards-based EAP tunneling method that supports mutual authentication. EAP-TTLS provides a secure tunnel for client authentication using EAP methods and other legacy protocols. EAP-TTLS also provides you with the ability to configure EAP-TTLS on client computers for network access solutions in which non-Microsoft Remote Authentication Dial In User Service (RADIUS) servers that support EAP-TTLS are used for authentication.
For more information about 802.1X Authenticated Wired Access, see 802.1X Authenticated Wired Access Overview.
For more information about 802.1X Authenticated Wireless Access, see 802.1X Authenticated Wireless Access Overview.
BranchCache is a wide area network (WAN) bandwidth optimization technology that is included in some editions of the Windows Server 2012 and Windows 8 operating systems. To optimize WAN bandwidth when users access content on remote servers, BranchCache copies content from your main office or hosted cloud content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN.
BranchCache improvements in Windows Server 2012 include automatic BranchCache client computer configuration, deep integration with the Windows file server, the ability to cache small updates to files, resulting in more bandwidth savings, security improvements, simplification of hosted cache server deployment, and much more. For more information, see What's New in BranchCache.
DCB is introduced as a new technology in Windows Server 2012. DCB is a suite of Institute of Electrical and Electronics Engineers (IEEE) standards that enable Converged Fabrics in the data center, where storage, data networking, cluster IPC and management traffic all share the same Ethernet network infrastructure. DCB provides hardware-based bandwidth allocation to a specific type of traffic and enhances Ethernet transport reliability with the use of priority-based flow control.
Hardware-based bandwidth allocation is essential if traffic bypasses the operating system and is offloaded to a converged network adapter, which might support Internet Small Computer System Interface (iSCSI), Remote Direct Memory Access (RDMA) over Converged Ethernet, or Fiber Channel over Ethernet (FCoE). Priority-based flow control is essential if the upper layer protocol, such as Fiber Channel, assumes a lossless underlying transport. For more information, see Data Center Bridging (DCB) Overview.
The Domain Name System (DNS) is used in TCP/IP networks for naming computers and network services. Using DNS, computers are able to locate devices and services on a network through user-friendly names.
DNS in Windows includes the DNS Client service and the DNS Server service. Windows Server 2012 and Windows 8 include several enhancements to DNS. For more information see What's New in DNS.
DHCP is an Internet Engineering Task Force (IETF) standard designed to reduce the administration burden and complexity of configuring hosts on a TCP/IP-based network, such as a private intranet. Using the DHCP Server service, the process of configuring TCP/IP on DHCP clients is automatic. Windows Server 2012 provides several enhancements to the DHCP Server service, including DHCP failover and DHCP policy based assignment. For more information see What's New in DHCP in Windows Server 2012.
With the success of virtualized datacenters, IT organizations and hosting providers (providers who offer colocation or physical server rentals) have begun offering more flexible virtualized infrastructures that make it easier to offer on-demand server instances to their customers. This new class of service is referred to as Infrastructure as a Service (IaaS). Windows Server 2012 provides all the required platform capabilities to enable enterprise customers to build private clouds and transition to an IT as a service operational model. Windows Server 2012 also enables hosters to build public clouds and offer IaaS solutions to their customers. When combined with System Center to manage Hyper-V Network Virtualization policy, Microsoft provides a powerful cloud solution.
Windows Server 2012 Hyper-V Network Virtualization provides policy-based, software-controlled network virtualization that reduces the management overhead that is faced by enterprises when they expand dedicated IaaS clouds, and it provides cloud hosters better flexibility and scalability for managing virtual machines to achieve higher resource utilization.
For more information, see Hyper-V Network Virtualization Overview.
The Hyper-V virtual switch is a virtual layer-2 network switch that provides programmatically managed and extensible capabilities to connect virtual machines to the physical network. Hyper-V virtual switch provides policy enforcement for security, isolation, and service levels. Additionally, the Hyper-V virtual switch in Windows Server® 2012 introduces a number of new and enhanced capabilities for tenant isolation, traffic shaping, protection against malicious virtual machines, and simplified troubleshooting. For more information, see What's New in Hyper-V Virtual Switch in Windows Server 2012.
IPAM in Windows Server 2012 is an entirely new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). For more information, see IP Address Management (IPAM) Overview.
Low latency computing environments typically contain applications that require very fast inter-process communication (IPC) and inter-computer communications, a high degree of predictability regarding latency and transaction response times, and the ability to handle very high message rates.
In Windows Server 2012, low latency workloads technologies include Data Center Bridging (DCB), Kernel Mode Remote Direct Memory Access (kRDMA), NIC Teaming, NetworkDirect, TCP Loopback Optimization, and more. For more information, see Low Latency Workloads Technologies.
The Network Load Balancing (NLB) feature distributes traffic across several servers by using the TCP/IP networking protocol. By combining two or more computers that are running applications in Windows Server 2012 into a single virtual cluster, NLB provides reliability and performance for web servers and other mission-critical servers.
The servers in an NLB cluster are called hosts, and each host runs a separate copy of the server applications. NLB distributes incoming client requests across the hosts in the cluster. You can configure the load that is to be handled by each host, and you can also add hosts dynamically to the cluster to handle increased load. NLB can also direct all traffic to a designated single host, which is called the default host.
|The NLB functionality in Windows Server 2012 is generally the same as in Windows Server® 2008 R2, however some task details are changed in Windows Server 2012. For information on new ways to do tasks, see Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012.|
For more information on NLB, see Network Load Balancing Overview.
Network Policy and Access Services in Windows Server 2012 includes the Network Policy Server (NPS), Health Registration Authority (HRA), and Host Credential Authorization Protocol (HCAP) role services. You can use the Network Policy and Access Services server role to deploy NPS as a Remote Authentication Dial-In User Service (RADIUS) server and RADIUS proxy that performs authentication and authorization for connection requests from RADIUS clients, such as 802.1X capable Ethernet switches and wireless access points. In addition you can configure Network Access Protection (NAP) health policies in NPS.
You can now use Windows PowerShell to automate the installation of the Network Policy and Access Services server role. You can also deploy and configure some aspects of NPS by using Windows PowerShell.
For more information, see Network Policy and Access Services Overview.
Network Interface Card (NIC) Teaming is introduced as a new technology in Windows Server 2012. NIC Teaming, also known as load balancing and failover (LBFO), allows multiple network adapters on a computer to be placed into a team for the following purposes:
Traffic failover to prevent connectivity loss in the event of a network component failure
For more information, see NIC Teaming Overview.
QoS is a set of technologies for managing network traffic in a cost effective manner, to enhance user experiences in enterprise environments, as also in home and small offices. QoS technologies allow you to measure bandwidth, detect changing network conditions (such as congestion or availability of bandwidth), and prioritize or throttle traffic. For example, you can use QoS to prioritize traffic for latency-sensitive applications (such as voice or video), and to control the impact of latency-insensitive traffic (such as bulk data transfers).
In Windows Server 2012, QoS includes new bandwidth management features that enable cloud hosting providers and enterprises to provide services that deliver predictable network performance to virtual machines on a server running Hyper-V. In hosted environments, Hyper-V QoS enables hosting providers to guarantee specific performance levels based on service level agreements (SLAs). Hyper-V QoS helps ensure that no customer is impacted or compromised by other customers on their shared infrastructure, which includes computing, storage, and network resources.
Some additional new features for QoS include providing you with the ability to enforce minimum bandwidth for a traffic flow, to configure rate limiting on a Hyper-V virtual switch per switch port by using either Windows PowerShell or Windows Management Instrumentation, and to enforce QoS policies on Single Root I/O Virtualization (SR-IOV)-capable network adapters that support bandwidth reservation per Virtual Port.
For more information, see Quality of Service (QoS) Overview.
Remote Access in Windows Server 2012 combines two networking services into one unified server role:
Windows Server® 2008 R2 introduced DirectAccess, a new remote access feature that allows connectivity to corporate network resources without the need for traditional Virtual Private Network (VPN) connections. DirectAccess provides support only for domain-joined Windows 7 Enterprise and Ultimate edition clients. The Windows Routing and Remote Access Server (RRAS) provides traditional VPN connectivity for legacy clients, non-domain joined clients, and third party VPN clients. RRAS also provides site-to-site connections between servers. RRAS in Windows Server 2008 R2 cannot coexist on the same edge server with DirectAccess, and must be deployed and managed separately from DirectAccess.
Windows Server 2012 combines the DirectAccess feature and the RRAS role service into a new unified server role. This new Remote Access server role allows for centralized administration, configuration, and monitoring of both DirectAccess and VPN-based remote access services. Additionally, Windows Server 2012 DirectAccess provides multiple updates and improvements to address deployment blockers and provide simplified management. For more information, see Remote Access (DirectAccess, Routing and Remote Access) Overview.
The following are some of the new capabilities in Windows Firewall with Advanced Security:
IKEv2 for IPsec transport mode is added to Windows Server 2012, which provides interoperability for Windows with other operating systems using IKEv2 for end-to-end security. This adds support for Suite B (RFC 4869) requirements.
Administrators can custom configure Windows Firewall to fine tune network access if they desire more control of their Windows Store applications.
Windows PowerShell has extensive cmdlets to allow Windows Firewall configuration and management.
For more information, see Windows Firewall with Advanced Security Overview.