Introduced with Server 2008, Microsoft has retained both roles and features in Server 2012 R2, but also included some enhancements. As a recap, a role is a specific function that a server can perform on the network, including file services, terminal services, and certificate services. Active Directory Domain Services (AD DS) is the server role that encompasses all domain control functions. In some cases roles are made up of smaller components that provide a specific function for the parent role. These smaller components are known as role services . A feature is an optional com- ponent that adds a specific function such as the .NET Framework 4.5, BitLocker Drive Encryption, Network Load Balancing, and so on. Certain roles require that specific features be installed, and these are automatically installed when you add a specific role.
Windows Server 2012 R2 Server Roles
Although many roles will be discussed in more detail later, Table 1-3 provides an introductory overview of server roles and outlines the new capabilities for Server 2012 R2.
Table 1-3 Server Roles
Role Description Active Directory
Certificate Services
Server role responsible for public key infrastructure (PKI). This role is used if you need to deploy and manage digital certificates. New capabilities for 2012 R2 include integration with Server Manager, PowerShell management, server core support, support for auto renewal of certificate for computers unjoined to the domain, and so on.
Active Directory Domain Services
The Active Directory Domain Services (AD DS) role is responsible for the creation and management of an active directory database. It allows for the organization of resources, management of authentication, and integration with other services such as Microsoft Exchange.
Enhancements to AD DS include virtual domain controller deployment options, improved domain controller promotion tools, new management procedures, and enhancements to the Kerberos protocol.
ptg14504686 Role Description
Active Directory Federation Services
Previously included as an additional download, Server 2012 R2 now includes Active Directory Federation Services (AD FS) as a role available under Server Manager. It provides a seamless secure method for single sign on (SSO). It enables internal and external user authentication to multiple resources without the hassle of remembering multiple logons. Additional new features include integration with dynamic access control and additional PowerShell cmdlet tools.
Active Directory Lightweight Directory Services
Active Directory Lightweight Directory Services (AD LDS) is a lighter version of AD DS. This role is used in scenarios where standalone servers with limited directory services are required. Active Directory Rights
Management Server
Active Directory Rights Management Services (AD RMS) is the role responsible for managing and controlling embedded file- level policies for encryption and access to data. Changes in 2012 R2 revolve around new requirements for SQL server integration, additional steps for PowerShell deployments, a new process for installation through server manager, server core support, and so on. Application Server The application server role is used in conjunction with custom-
developed applications used by a business. It is typically associated with web servers.
DHCP Server The dynamic Host Configuration Protocol (DHCP) server role is responsible for managing and configuring the automated configuration of IP addresses on clients.
New to Server 2012 R2 is a DHCP failover option allowing two servers to share DHCP configurations for the purpose of redundancy. Secondly, Server 2012 R2 provides support for policy- based DHCP configurations. Clients can be assigned specific IP address ranges based on criteria such as client vendor type. Additional PowerShell options are also available for managing DHCP in 2012 R2.
DNS Server The domain Name Server (DNS) role is responsible for name resolution for the internal network as well as Internet resources. DNS is a critical component for AD DS and other applications or services integrated with the domain.
ptg14504686 Role Description
File and Storage Services (Including File Server Resource Manager)
File and Storage Services provides a central point for storage management for file servers in your organization. File Server Resource Manager provides additional resources to control and manage access to files and resources shared on your server. Windows Server 2012 R2 includes Work Folders. This feature provides a consistent method for users to access their files from different devices. Additional enhancements for 2012 R2 include data deduplication, iSCSI integration, storage virtualization, improved remote management, and additional support for PowerShell cmdlets.
Hyper-V The Hyper-V role is responsible for managing and supporting server virtualization in your organization.
There have been several enhancements and new features incorporated into the 2012 R2 platform. Some of these include a new set of PowerShell cmdlets, a new virtual machine replication feature, resource monitoring, the ability to support SMB3.0, the ability to share virtual hard disks, Storage Quality of Service, virtual machine generation, and so on.
Network Policy and Access Services
The network policy and access services roles provide network access protection (NAP), 802.1X authentication, and central policy management using RADIUS.
Unlike Windows Server 2008 R2, Server 2012 R2 includes PowerShell support for this role.
Print and Document Services
The print and document services role provides the ability to share and manage printers on the network.
New functionality for 2012 R2 include the ability to support direct printing to branch offices, secure printing, high availability printing, and so on.
Remote Access (Including Routing)
The remote access role provides the ability for DirectAccess and RRAS. DirectAccess provides a seamless remote access method without requiring a virtual private network (VPN). The remote access server role allows for centralized administration, configuration, and monitoring of DirectAccess and any VPN-based services.
Some differences in 2012 R2 include support for multiple domains, load balancing, support for Server Core and PowerShell, and so on.
ptg14504686 Role Description
Remote Desktop Services Remote Desktop Services provide mobile support and the ability for users to connect to desktops and applications from virtually anywhere.
Several improvements have been made to this service since Windows Server 2008. Some of these include a simple virtual desktop infrastructure (VDI), centralized publishing of resources, improved USB device support through the virtual session, multitouch/gestures, smoother audio/video playback, and so on. Enhancements in Windows Server 2012 R2 include the ability to monitor and control sessions, improved performance accessing common data, improved reconnection capabilities, reduced requirements for network bandwidth, increased support for additional remote desktop clients such as handheld/mobile devices, and so on.
Streaming Media Services Provides support and management for the delivery of digital media to many clients over a web browser.
Volume Activation Services
Enables the automation and management of volume licenses for your organization. Key management services (KMS) as well as Active Directory–based activation further simplify the management of license activations across the organization.
Web Server (IIS) Provides the ability to create and manage websites. In this new release of Internet Information Services (IIS), now at version 8.5, Microsoft has provided the ability for centralized SSL certificates for your web server farm, the ability to restrict connections based on IP addresses, FTP logon restrictions, CPU and bandwidth throttling, plus many more.
Windows Deployment Services
The Windows Deployment Services (WDS) role enables you to configure, manage, and deploy images for Windows operating systems over the network. WDS uses the preboot execution environment (PXE) function of network adapters.
In the new release, Microsoft has included support for the latest operating systems, including Windows 8.1 and Server 2012 R2. Also included is improved support for virtual images, multicasting, driver provisioning, PowerShell scripting support, and so on. Windows Server Update
Services
The Windows Server Update Services (WSUS) role provides a centralized tool to manage and deploy the latest Microsoft product updates, security updates, and patches for your organization. In previous releases, WSUS was available via download. In 2012 R2 Microsoft has included this as an optional role available using Server Manager. New functionality for 2012 R2 includes PowerShell support, additional security including a SHA256 hash capability, and the separation of client and server using different versions of the windows update agent (WUA).
ptg14504686 Role Migration
You probably have an existing server implementation but are looking to make the move to Server 2012 R2, or perhaps you have physical 2003 servers and are look- ing to implement a virtual presence. In many cases this can be a tedious task to say the least. How do you successfully move your services from one installation to another without the headache and with as little downtime as possible? By using the Windows Server Migration Tool and doing some planning, an administrator can migrate roles, features, operating system settings, user data, and shares from a previ- ous installation to Windows Server 2012 R2.
As shown in Figure 1-7 , the Windows Server Migration Tools are available as an installable feature using Server Manager. It can also be installed via PowerShell using the command Install-WindowsFeature Migration –ComputerName.
Figure 1-7 Add Roles and Features Wizard: Windows Server Migration Tools.
NOTE For more information on server roles and new capabilities for 2012 R2, refer to “Server Roles and Technologies in Windows Server 2012R2 and Windows Server 2012” at http://technet.microsoft.com/en-us/library/hh831669.aspx .
ptg14504686 Once installed, the migration tools are accessible to those with administrator privi-
leges via the Start screen or through a PowerShell session. When using the Win- dows Server Migration Tools, it is important to understand the following points: ■ You should be familiar with using PowerShell and Server Manager.
■ Features must be installed on both source and destination computers.
■ Source operating system must be at least Windows Server 2003 (x86 or x64).
■ Server Core 2008 R2 is supported as a source operating system.
■ The destination will support Server 2012 R2 full and Core (x64) installation
options.
■ Supports migrations between subnets.
■ Supports both physical and virtual servers.
■ Migration between different language installations is not supported.