Using Windows Server 2008 to Improve Systems Management and Operations at Microsoft
Technical Case Study
Published: May 2008
The following content may no longer reflect Microsoft’s current position or infrastructure. This content should be viewed as reference documentation only, to inform IT business decisions within your own company or organization.
The Windows Server 2008 operating system provides features that help organizations maximize control over their computer networks. Microsoft Information Technology (Microsoft IT) takes advantage of these features to make the IT infrastructure at Microsoft more manageable, reliable, and secure than ever before.
Technical Case Study, 359 KB, Microsoft Word file
Products & Technologies
As a constantly growing enterprise, Microsoft faces many network operation and administration challenges, including server sprawl, storage management, server security, server uptime, and remote management of servers and clients.
The following Windows Server 2008 features have greatly benefitted the operations and management of Microsoft information systems:
Microsoft IT has deployed Windows Server 2008 on a number of infrastructure and application servers as part of the initiative to move the IT infrastructure to the newest Microsoft network operating system. This paper details five key features of Windows Server 2008 that have provided a more efficient and effective system of managing and operating the network infrastructure at Microsoft.
This paper is for IT directors, solutions architects, enterprise decision makers, and chief information officers who are considering the deployment of Windows Server 2008 features for manageability and operations in their own environments.
Like many organizations, Microsoft IT has felt the pains of managing and operating a large network infrastructure. Among those pains are common problems like:
- Growing costs due to data-center expansion and corresponding server operation costs.
- Long deployment times for provisioning new servers.
- Security concerns for servers deployed in remote sites.
- Comprehensive and consistent management across servers, desktop computers, and portable computers.
Because Microsoft contains one of the largest IT infrastructures in the world in number of servers and number of users, Microsoft IT must constantly take strides toward making the infrastructure more manageable, knowing that continued growth is inevitable. Part of Microsoft IT's mission is to use Microsoft technologies to solve its own business problems. This mission extends to the need to overcome stagnation in the operations and management of the network environment.
Microsoft IT is transitioning its server infrastructure to Windows Server 2008 server by server, knowing that as the new operating system becomes the dominant platform, the infrastructure will become more manageable, more efficient, and more economical. The following sections describe five features that have become strong catalysts for the migration to Windows Server 2008.
Windows Server 2008 Hyper-V
The feature with the greatest potential impact on the landscape of the Microsoft IT infrastructure is Windows Server 2008 Hyper-V™ technology. This feature is the Microsoft virtualization platform for running multiple operating system environments on the same physical hardware components. It is the foundational core of the virtualization initiative at Microsoft.
Unlike its predecessor, Microsoft® Virtual Server 2005 R2 with Service Pack 1 (SP1), Windows Server 2008 Hyper-V is a micro-kernelized hypervisor platform. The hypervisor is a thin layer that separates physical hardware components like CPU, random access memory (RAM), hard disk drives, and network adapters from the logical operating systems that run atop of them.
As shown in Figure 1, Hyper-V sits between the physical hardware and the virtual machines running guest operating systems, and it manages the virtual machines' access to hardware.
Figure 1. Position of Hyper-V between virtual machines and physical hardware
Microsoft IT has identified some aggressive goals for virtualization in an effort to capitalize on the server consolidation benefits of Hyper-V. The hope is that Microsoft IT will achieve an 80/20 virtual-to-physical ratio. This means that Microsoft IT wants 80 percent of its Windows Server instances to reside as virtual machines, leaving the other 20 percent as physical servers that are not viable virtualization candidates.
Despite the strong goals, Microsoft is proceeding with virtualization in a manner that will help manage the scalability of the virtual infrastructure and not cause or even allow for the phenomenon of virtual machine sprawl. The move to a highly virtualized data center is forcing Microsoft IT to become more rigid in terms juggling budgetary concerns with each business unit in Microsoft. Microsoft IT is adamant about not allowing resource utilization on the virtual infrastructure to grow out of control and jeopardize any gains achieved with virtualization.
Deployment Process for Virtual Machines
Hyper-V, in conjunction with the new smaller footprint provided by the Server Core installation option of Windows Server 2008, has enabled Microsoft to drastically reduce the amount of time it takes to add a virtual machine on a production network. The default base virtual machine that Microsoft IT deployed has the following characteristics:
- A single CPU
- 1 gigabyte (GB) of RAM
- 70-GB virtual hard disk drive
- One virtual network adapter
Based on the role of the virtual machine, Microsoft IT may grant additional resources. Within the virtualization architecture, Microsoft IT fronts the cost of the hardware and maintains ownership of the physical hosts that run Hyper-V. It then sells resources of the Hyper-V host to the various business units that consume a percentage of resources dictated by the amount of monthly billing. Additional resource needs like RAM, CPU, network interface cards (NICs), or storage result in an incremental cost back to the business unit.
This type of procedure ensures that business units, treated as customers in this case, can receive the resources that they are entitled to. Assuming no physical capacity restraints, when a request arrives for a new server, Microsoft IT can deliver a virtual machine in less than one day. Considering that with traditional practices, provisioning a new physical system can take three to six weeks, it is easy to see why virtualization is perhaps the cornerstone of Microsoft IT's shift to Windows Server 2008.
The resources sold back to the various business units are allocated from physical hosts with Hyper-V installed. Currently, the typical Hyper-V host contains the following physical resources:
- Dual quad-core CPUs
- 32 GB of RAM
- Two onboard network adapters
- Two Fibre Channel (FC) host bus adapters (HBAs)
- Two dual-port network adapters
The two onboard network adapters provide virtual machine connectivity to the rest of the IP network. Meanwhile, the FC adapters and the quad-port cards offer access to FC and Internet small computer system interface (iSCSI) storage, respectively.
Management of Virtual Machines
To support the availability needs of the business units that rely on the virtualization strategy, Microsoft IT uses intra-site host clustering. This results in a drastic reduction in downtime for scenarios that involve both planned and unplanned maintenance. As the infrastructure grows and Hyper-V becomes a more integral component, Microsoft IT will revisit the existing disaster recovery and business continuity strategy for the business units. For now, the virtual machine owners will treat the virtual machines like physical servers and maintain the time-tested practice of performing data backups.
Microsoft IT, in true Microsoft fashion, intends to take advantage of other Microsoft products like Microsoft System Center Data Protection Manager to make the infrastructure more manageable, more efficient, and more reliable for all the business units that it services.
Like the small-business IT pro, the midsize IT team, and the Fortune 100 enterprise IT staff, Microsoft IT understands the impact of patch management and the frequent provisioning of servers. The component-based architecture in Windows Server 2008 addresses both of these issues. That is, the operating system has been designed to ensure that only those components required to deliver the desired server functionality need to be installed. This reconstruction represents a significant departure from the architecture of any previous version of the Windows® operating system.
Because of this radical change in the architecture of the operating system, Microsoft has drastically reduced the number of restarts required after the installation of software updates. Any pieces of the operating system that must undergo an update are now capable of being updated offline while the server continues to run.
The component-based architecture of Windows Server 2008 has also been the driving force behind the more simplified installation procedure that has dramatically reduced the amount of time needed to install and provision a new computer. Microsoft IT has defined a base operating system installation for each resource request. However, not every situation calls for just a standard build. Therefore, Microsoft IT has developed well-defined configurations and policies that govern the deployment of new systems.
With the reduced-footprint installation, Microsoft can rapidly deploy new systems and then customize the installation by using the Server Manager tools, component management interfaces, inbox command-line executable files, and scripting in the Windows PowerShell™ command-line interface. Microsoft IT uses these techniques as appropriate to install and configure any additional roles, features, or services that a newly deployed system might require. Windows PowerShell, in-particular, offers Microsoft IT a new standard in scripting that reaches beyond Windows Server 2008 and into other Microsoft products like Microsoft Exchange Server 2007, Microsoft System Center Virtual Machine Manager, and Microsoft System Center Operations Manager.
As a global organization, Microsoft has about a hundred field offices where servers are deployed to provide operational support to the local staff. With this many remote systems, Microsoft IT has a big challenge in overseeing the physical security of the servers deployed at each remote office. Imagine for a moment the malicious user who gains physical access to a server in a remote field office and removes a hard disk drive. Such an event might result in not just loss of data, but also a breach in the confidentiality of sensitive data that gives Microsoft a competitive edge, or trade secrets that make products successful, or personal information about employees.
The advent of Windows BitLocker™ Drive Encryption has provided Microsoft IT with a new standard in data encryption that helps protect data from offline attacks. BitLocker prevents drive use even when removed from one computer and inserted into another computer. It prevents a malicious user from accessing the drive by starting another operating system or running a software hacking tool in an attempt to break in to the Windows Server 2008 file system. Attackers commonly use these methods to perform offline viewing of the files that are stored on the drive.
The feature ideally uses Trusted Platform Module (TPM) version 1.2 to help protect data and to help ensure that no one tampered with a computer that is running Windows Server 2008 while the system was offline. BitLocker enhances data protection by bringing together two major components: full drive encryption and the integrity checks during the Windows startup process. Figure 2 highlights how BitLocker works with TPM to provide full volume encryption and integrity checks.
Figure 2. Full volume encryption and integrity checks via BitLocker Drive Encryption
Although some of the newer server deployments at Microsoft might include the TPM used for natively supporting BitLocker, Microsoft IT is using BitLocker and internal universal serial bus (USB) devices to help secure servers that do not include TPM. By encrypting the system and data volumes, BitLocker effectively makes it more difficult for malicious users to obtain corporate data from remote sites where physical security is limited.
For a company the size of Microsoft, managing the local and network storage devices is a tremendous task that requires effort from many people. Microsoft IT must deploy, provision, and manage storage on the thousands of server systems that the various business units across the organization require. Microsoft IT manages 5 petabytes (PB)—that is, 5 quadrillion bytes—of storage area network (SAN)-based storage and reports annual growth of 89 percent. Of the 5 PB of data that five full-time operations personnel manage, 3 PB are live data and 2 PB provide the destination for disk-to-disk backups.
Fibre Channel Storage
The typical server deployed at Microsoft has relied on a 72-GB RAID-1 mirror constructed on local hard disks. Of that space, Microsoft IT allocates 50 GB to the installation of the operating system and the remaining space as a tool or application partition. Any servers that require more storage receive it from a SAN. At present, the bulk of the storage presented comes from an FC storage device over the FC switched fabric.
With any storage architecture that offers allocations of storage to remote systems, an organization must ensure that the server can access the storage in the event of failure. In fact, one of the factors that drive up the cost of an FC storage architecture is the redundant hardware at each level of the architecture. Figure 3 outlines a redundant FC architecture that includes multiple FC HBAs in the server, multiple FC switches, and multiple storage processors in the disk array enclosure (DAE).
Figure 3. A redundant FC storage architecture
The addition of native multipath I/O (MPIO) in Windows Server 2008 has enabled Microsoft IT to reduce the amount of time required to configure servers in order to support redundant paths to the storage architecture. MPIO is a feature that can be installed on a Windows Server 2008-based system in order to allow the system to use multiple data paths to a storage device. Multipathing with the native MPIO feature increases availability by providing multiple paths and path failover from a server (or cluster) to a SAN device.
Although the FC storage architecture will continue to dominate the storage at Microsoft, Microsoft IT has found strong business cases for the use of iSCSI. Microsoft IT feels that iSCSI is an excellent fit for virtual machines where the guest operating system must be presented with additional storage. With the enhancements and integration of the Microsoft iSCSI initiator, Microsoft IT will be able to natively provide the necessary storage into virtual machines running Windows Server 2008.
Reclamation of Storage
One of the biggest challenges to Microsoft IT over the years has been the reclamation of storage when an allocation of storage has resulted in granting more than was necessary. For example, a business unit might request the provisioning of a new server with 500 GB of storage to be used for a Microsoft SQL Server® database. Microsoft IT would deploy the server and provision a 500-GB logical unit number (LUN) from the FC storage device to the server. The business unit would then perform its database installation. However, as time passes, the business unit might determine that the database will not consume more than 100 GB of space. This scenario, perhaps too common, results in an over-allocation of 400 GB of storage space that in all likelihood will not be used.
The traditional Microsoft IT solution to this scenario was to allocate another LUN (of a more appropriate size), migrate all the data to the new LUN, and then reclaim the large LUN as available space on the SAN. However, Windows Server 2008 includes new storage management features that make that solution unnecessary. Particularly, the ability for Windows Server 2008 to dynamically grow and shrink volumes without downtime or special consideration offers a faster solution. With Windows Server 2008, when an over-allocation of storage occurs, Microsoft IT can now simply shrink the volume in question to reclaim the storage space on the SAN.
Windows Firewall Management
Windows Firewall has been greatly enhanced in the Windows Vista® and Windows Server 2008 operating systems. Among the many improvements are the more detailed inbound and outbound rules that can be created and the integration of the IP security (IPsec) protocol into the firewall.
However, more features do not mean more difficult management. Windows Firewall with Advanced Security comes with corresponding Group Policy objects (GPOs) to manage firewall settings across an entire enterprise. Microsoft IT is capitalizing on the strong security of Windows Firewall and the ease of managing that security via GPOs in Active Directory® Domain Services. Figure 4 shows the Local Security Policy editor used to create custom policies for managing Windows Firewall with Advanced Security.
Figure 4. Custom policy in Local Security Policy editor
Microsoft IT enables Windows Firewall as part of its standard Windows Vista and Windows Server 2008 build. The standard build includes firewall exceptions for remote administration to avoid limiting Microsoft IT's ability to remotely manage a fresh server deployment. After the server becomes part of the domain, it receives additional firewall policy configuration from the domain-level GPOs.
The GPOs for managing Windows Firewall do not allow the end user to disable Windows Firewall for any system that is part of the managed domain. There are no exceptions. Attempts to circumvent the policy by disabling the Windows Firewall service will meet the goal of disabling the firewall but at the same time will cease the ability to negotiate IPsec communications and therefore cause greater communication problems for the system.
IPsec is extremely prevalent within the Microsoft corporate environment to help protect the managed environment from unmanaged systems. Microsoft deploys and manages connection policies that define IPsec via GPOs to allow managed systems to access unmanaged systems but to prevent the unmanaged systems from accessing the managed systems.
Microsoft IT has clearly benefited from the enhancements in Windows Server 2008. Each of the features described in this paper has a direct impact on the day-to-day duties of Microsoft IT and the long-term solutions that Microsoft IT can offer to the various business units that it supports. In addition, Windows Server 2008 reduces the financial outlay on the part of the business units that require the Microsoft IT services.
Specific benefits include the following:
- Cost savings from server consolidation with Hyper-V. These cost savings extend beyond the simple reduction in the number of physical hosts in the data center. The intrinsic savings that come from reduced power consumption, reduced cooling needs, and reduced physical space can add up to huge savings.
- Reduction of the time to deploy, configure, and update systems. Quicker deployments and less initial security configuration in light of the reduced footprint of the default Windows Server 2008 installation enable Microsoft IT to focus efforts on more important tasks and spend less time deploying and configuring new systems. Microsoft IT has enjoyed a reduction in downtime due to patch management because of the componentized architecture of Windows Server 2008 and its ability to unload binaries as part of the update process.
- Improved protection against offline attacks. By using the BitLocker Drive Encryption feature, Microsoft IT can now be more confident about the data security for systems deployed in remote offices where physical security can be a challenge. BitLocker helps protect these systems against offline attack, thereby helping to protect sensitive corporate data.
- Efficient reclamation of storage. Microsoft IT can easily reclaim gigabytes, if not terabytes, of unused storage from Window Server 2008-based computers that have been over-allocated disk space. Without the need to manually migrate data, storage units can be managed more fluidly without impact to the server owner or its end-user community.
- Simplified security management. Using GPOs to centrally manage Windows Firewall with Advanced Security helps Microsoft IT be confident in the local protection of every system that resides in the Microsoft corporate infrastructure.
Windows Server 2008 has provided Microsoft IT with powerful new tools that simplify the management and operations of one of the largest IT infrastructures in the world. From saving money via virtualization, to saving time via the minimal footprint of Windows Server 2008, to helping to protect data via BitLocker, to saving space via storage management, to maintaining security via GPOs, Microsoft IT is experiencing tangible business benefits from deploying the operating system.
For More Information
For more information about Microsoft products or services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada information Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information via the World Wide Web, go to:
© 2008 Microsoft Corporation. All rights reserved.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, BitLocker, Hyper-V, SQL Server, Windows, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.