This article was originally written as a guest blogger for intense School IT educational services. Since I already discussed BYOD in general and, more specifically, I talked about Citrix XenMobile (see my previous article “BYOD…Beyond the Hype“ I thought it might be a good idea to have a look at some of the daily challenges we face when it comes to securely accessing our corporate data and applications, especially when mobile devices come into play, and to see what Microsoft has to offer as part of its new Windows Server 2012 R2 release to help us overcome some of these challenges.
Last April, Microsoft organized its Microsoft Management Summit in Las Vegas. Thousands of IT enthusiasts gathered to hear what Microsoft had to say about mobility and its management and virtualization in general. There’s no doubt that Microsoft is betting heavily on their cloud services, with Office 365 (hosted Exchange and SharePoint), Azure, and Outlook.com probably being the best known ones. In the opening keynote, Brad Anderson (vice-president of Windows Server and System Center) stated that, “Modern devices should be managed from the cloud,” referring to Microsoft’s System Center 2012, which, as of SP1, released last January, now has BYOD support capabilities for Windows RT, Windows Phone 8, iOS, and Android devices (BlackBerry isn’t supported). This is made possible by the integration of the Cloud-based InTune management service into the System Center product suite.
Next to its newly added mobile management capabilities, System Center 2012 primarily focuses on designing, building and managing private clouds. Using all of these technologies combined offers an impressive list of possibilities when creating private and/or hybrid cloud solutions, the way to go according to Microsoft, I think we all agree on that one. Remember that System Center is a complete suite of management and monitoring products bundled together and sold as such. It consists of: Advisor, App Controller, Virtual Machine Manager, Configuration Manager, Endpoint Protection Manager, Data Protection Manager, Operations Manager, Service Manager, and Orchestrator.
Some numbers: According to Brad Anderson, 420,000 domains are now managed in the Azure Active Directory, which is also used by Office 365, and Office 365 is now used by over 20% of enterprises worldwide, which is impressive, to say the least. In my previous article, I talked about mobility and mobile device management in general and I also emphasized the fact that the number of mobile devices is growing at an enormous rate. However, this doesn’t mean that users will get rid of their “normal” personal and corporate computers, laptops, and who knows what other devices they might have. In fact, according to Gartner, the average knowledge worker today owns up to four devices and, although this is a rough estimate, it does indicate the enormous growth that has taken place in just the last couple of years. If we add in the BYOD concept to this as well, you can probably imagine some of the difficulties that IT has to face. For example, making these devices part of our corporate network is often easier said than done; I mean, iOS devices as part of your Active Directory domain?
This is where Microsoft’s Workplace Join might offer a solution. With Windows Server 2012 R2, Microsoft introduces the possibility for administrators to control who has access to corporate resources, based on applications, users, devices and location, as stated on TechNet. Once set up and configured, users will be able to access data and business applications from everywhere on any device, including single sign-on capabilities. Devices don’t get directly registered in Active Directory; instead, when a device joins a Workplace, it gets known and trusted by their company.
In a nutshell, this is how it works: The main ingredient is the device registration service (DRS), which is part of the Active Directory Federation role in Windows Server 2012 R2. As soon as a device is Workplace-joined, the DRS creates a device object in Active Directory and generates a certificate that is used to represent its identity. DRS can make use of a web application proxy server; this way external devices can join using an Internet connection. In the end, it’s up to IT to assign resources and applications accessible from the Workplace. For now, only Windows Server 2012 R2 Preview, Windows 8.1, and iOS devices are supported.
Mobile Information Management
For years we’ve been using Microsoft’s Offline Files as a way to access our work-related data outside of our corporate network; although this works fine for some, it doesn’t offer the functionality, robustness, and business integration most of us are looking for. Solutions like SkyDrive and DropBox offer similar services, or so it seems. SkyDrive (let’s stick to Microsoft) integrates with the Microsoft’s Office suite and Outlook.com, enabling users to directly upload, save, and edit documents the way they feel is best. It also offers Windows Live Groups integration. Each Live Group within Windows Live Groups is equipped with 5 GB of storage space on SkyDrive, to be shared among the group members. Although it offers a great set of features, it’s still not as enterprise-ready as we would like it to be. For one thing, it gives users a free passage to storing corporate-related data in the cloud without IT being able to manage it, at all! Data storage, encryption, and password policies for example, which are kind of important, are out of your hands. What we need is some kind of hybrid solution giving us the option and flexibility to combine cloud and local storage, giving us full control.
But wait, what about the “Pro” version? SkyDrive Pro does offer corporate administration functionality. It’s part of your company’s Office365 or SharePoint online services (business) account. It stores your data on SharePoint Online or on SharePoint 2013 servers within your company (on premises) and it can synchronize its libraries with your personal or corporate PC and/or mobile devices supplying you with secure offline access. It runs alongside SkyDrive and, although they share similar functionality and are named the same, there are some distinct differences between the two and therefore they should be seen and treaded as two separate products.
Last year (October 2012) Microsoft acquired StorSimple, a company specialized in offering cloud-integrated storage solutions. It offers a storage appliance that can integrate cloud (Azure storage) and on-premises storage maximizing data protection and flexibility, lowering the TCO by 60 to 80%, or so Microsoft claims on their website. I haven’t had the chance to have a close look myself but, from one Citrix geek to another, this sounds pretty close to ShareFile, doesn’t it? It uses a technique called data tiering, which basically places the most active data on the fastest (local SSD for example) storage available and it divides less active data between slower local storage and the Azure cloud storage. Nice, at least in theory. They haven’t really advertised it yet, or I must have missed something, but I’m guessing it won’t be long now. Have a look here if you’re interested in some more detailed information; it sounds promising.
This is another cool new feature which can, and probably will, easily replace Offline Folders. In fact, why even use folder redirection of traditional Home Folders at all? Think about this for a minute. The best thing is, it’s part of the new Windows Server 2012 R2 release at no additional cost. It starts with the file and storage services roles, which are both installed by default. With these two roles, you will be able to use Server Manager or PowerShell to manage your basic storage needs, such as Data Deduplication, iSCSI, NFS, and a few more. Storage Spaces (have a look at this as well, it’s an awesome feature) are also, by default, available for use. If you’d like to implement extra functionality such as DFS namespaces and replication, for example, you’ll need to add these roles separately through the “Add Roles and Features Wizard” accessible from Server Manager. Work Folders can be enabled in the same way or you can use this PowerShell cmdlet instead: Add-WindowsFeature FS-SyncShareService. Microsoft offers a Windows PowerShell module containing multiple cmdlets to manage your Work Folder systems.
Work Folders enable users to store and access corporate-owned data on their personal PC’s and mobile devices as well as on corporate-owned PC’s, offering a single point of access. Files can be accessed offline and get synchronized as soon as an Internet connection becomes available whether the devices are joined to a domain or not. Can you say BYOD?! Not much is needed; you can use your existing infrastructure and install it on one of your stand-alone file servers or, even better, offer high availability by implementing it on one of your failover cluster file server nodes. Note that your Work Folders systems must be running Windows Server 2012 R2 for this to work. Quotas and data classification can also both be applied if that’s your thing. Work Folders are integrated with and accessible from the Windows File Explorer, it’s that easy. As opposed to products like SkyDrive, ShareFile, and Google Drive, to name a few, Work Folders contain user data and as such are intended for personal use only.
Another big plus, if we compare Work Folders with SkyDrive or SkyDrive Pro, both mentioned earlier, is that the centralized storage for Work Folders is an on-premises file server running Windows Server 2012 R2, giving you total control of your data, something that, when it comes to corporate data, is a must for a lot of companies. You wouldn’t believe how many companies out there don’t have faith in the cloud. Problem solved! Be aware that, as far as client devices go, only Windows 8.1 preview and the Windows RT 8.1 preview OS are supported. Since, and this is Microsoft talking, it’s not offered as a cloud service/product, perhaps private clouds being the exception, I wouldn’t give up on your SkyDrive Pro and ShareFile accounts just yet. Nevertheless, it’s a great add-on!
I have already mentioned the Azure cloud platform a few times. I think there aren’t many platforms out there that rely as heavily on Hyper-V as Azure does. And since Hyper-V is, or can be, a big and important part of our private cloud solutions as well, I’d like to take a minute and talk about Hyper-V in general and do a quick comparison against VMware as far as licensing and pricing goes.
For the record, I don’t have a personal preference when it comes to hypervisors, VMware, Hyper-V, or XenServer for that matter; they all have their strengths and weaknesses. But since there seems to be an everlasting battle between Microsoft and VMware, I decided to do a little research myself. Have a look at the table below, it displays the (financial) differences between the two (which is probably the biggest difference, anyway), and assumes that the host OS has already been paid for. I only looked at their top-notch products, including all features and extras (Microsoft Datacenter OS edition).
Microsoft only has one Hyper-V edition, and that’s it; the only choice you need to make is whether you buy System Center Datacenter or Standard Edition. This basically means the difference between being able to manage an unlimited amount of virtual operating system environments (OSEs) or just two with the Standard Edition; besides that, they’re exactly the same and both include Microsoft’s Software Assurance for a period of two years by default. VMware offers three different vSphere editions; next to that they also offers several essential and/or acceleration kits, which differ depending on the underlying vSphere edition. None of this with Microsoft, it’s all or nothing. VMware also offers two separate support and subscription packages (SnS), named “basic” and “production.” You will need to purchase SnS for at least one year with each product you order, something to keep in mind, because these SnS packages aren’t cheap. But then again, they (VMware) do seem to live up to their high standards and deliver excellent support. The same can be said for Microsoft support, although I personally don’t have any real-life experience with contacting VMware, so I can’t compare the two. I’ll leave that up to you.
The above has two sides. For one, Microsoft makes the choices you need to make a lot easier, and besides that, they are a whole lot cheaper as well. On the other hand, VMware offers a lot more granularity, you can buy exactly the kind of functionality you need and nothing more, keeping it clean and simple. The above only shows their flagship product and that’s what you pay for; with Hyper-V, it depends on the amount of VMs you’ll need to support and/or how many physical processors your managed server has onboard (although this goes for VMware, as well). I’m just saying that the price differences as shown above could be a bit smaller, but not much, if you go with one of VMware’s other editions or kits. In the end, Hyper-V will always be cheaper, and that’s probably one of the biggest advantages they have over VMware.
Replacing your existing hypervisor isn’t something that’s easily done and it can be costly, since you already invested a lot of money in your existing environment, which will basically be lost. You’ll have to come up with some valid reasons on why you would like to replace one with the other and convincing your management to do so might just be the hardest part. You also need to consider the fact that your technical staff might need additional training to get to know the new product, something that is often overlooked, and this takes time. On the other hand, if you are going Greenfield you won’t be wasting any money, so to speak, and this could have a huge impact on your final decision, since technically both products offer similar functionality. Sure, Hyper-V offers some functionality that VMware doesn’t and vice versa, but at this point the differences between the two can almost be neglected, although some of the hypervisor gurus out there will probably not agree with me on that one. VMware has the advantage of time because they’ve been dominating the market for the past 10 years or so, and therefore their product(s) are used by thousands of companies worldwide, making it hard(er) for Microsoft to get their foot in the door but, then again, statistics show that Hyper-V is already becoming the more popular product when it comes to new implementations and designs where a hypervisor still needs to be chosen, especially with smaller and mid-sized companies. We’ll just have to wait and see how all this will unfold in the (near) future.
Microsoft is definitely moving forward and has once again improved their server product with a big focus on mobility, security and bringing your own device. Although, for now, I haven’t discussed their hypervisor product in great detail, I can assure you that they’re doing an excellent job in pursuing their rivals; the cap is getting closer by the day.
Make sure you get your hands on a test machine of some sort, perhaps build up your own virtual private domain using your preferred hypervisor, install Windows Server 2012 and go from there. Set up a Workplace, enroll your iPhone, and play around with it for a while. I’m sure you’ll end up as excited as me when you’re done. As far as Work Folders goes, this is a must-do technology. Think about how all this new technology can assist you in helping to overcome some of your mobility challenges. It could be that you’re into managing BYOD as well; if so, I can highly recommend having a look at Windows InTune, Microsoft’s 100% cloud-based mobile management solution. It’s free for 30 days and registering has never been easier.
When compared to other products and vendors, Citrix’s and their ShareFile technology for example, Microsoft still has some ground to cover, but they show great potential and with the acquisition of StorSimple they’re on the right track for sure. I’m looking forward to the next few months, let’s wait and see what they come up with next!
Bas van Kaam ©
Reference materials used: Microsoft.com, Technet.com, Vmware.com and Stealthpuppy.com