McGraw Hill Microsoft Windows Server 2008 The Complete Reference Feb 2008 pdf

866 

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)
(2)

“I’ve had the pleasure of working with Danielle and Nelson on other projects and enjoyed their previous books. When I heard they were working on a new book called MicrosoftWindows Server 2008: The Complete Reference, I was very much looking forward to picking it up. I am impressed with Danielle’s and Nelson’s approach of showing Windows Server 2008 running in and on a virtualized Datacenter and distributing the resources to applications and servers as required. I am a firm believer of the power of virtualization and how businesses of all sizes can leverage it to more efficiently run their business. If you think virtualization is not for you and lives in the realm of test and development—think again. “The Complete Reference” is well worth the read.”

—Rick Claus, IT Pro Advisor, Microsoft Canada, blog: http://blogs.technet.com/canitpro

“I have no hesitation in saying this is a ‘MUST have’ book for any serious Windows Server 2008 implementer. It is equally useful to the managerial cadre planning a Windows Server 2008 deployment as well as the system administrator working to do the actual deployment and the people maintaining the network once the deployment is complete.”

—Dilip Naik, Microsoft File Systems/Storage MVP, author of Inside Windows Storage

“Build your network the right way with expert advice! This book provides real-world help in implementing Windows Server 2008 with attention to the use of Virtualization solutions covering all you need to know in one well-written guide to success.”

—Bob Kelly, AppDeploy.com & Technical Reviewer

“Microsoft Windows Server 2008: The Complete Reference is a one-stop-shop for learning all the essential steps for setting up Window Server 2008—but also a great guide on how to take advantage of Hyper-V virtualization to transform your IT infrastructure into a dynamic computing environment.”

(3)

Throughout her career, she has led change-management processes, developed and delivered training, provided technical writing services, and managed communications programs during complex technology implementation projects. More recently, Danielle has been involved in the design and support of test, development, and production infrastructures based on virtualization technologies. She is familiar with most components of the Microsoft Windows Server System as well as security implementations, Active Directory Domain Services, Exchange Server, interoperability, manageability and virtualization. In addition, one of her best talents is communications through illustration, portraying complex concepts graphically and therefore, facilitating the understanding of these concepts. She is a Microsoft Most Valuable Professional for the Virtual Machine product line.

Nelson Ruest is passionate about doing things right with Microsoft technologies. He is a senior enterprise IT architect with over 25 years’ experience in migration planning and network, PC, server, and overall solution design. He was one of Canada’s first Microsoft Certified Systems Engineers (MCSEs) and Microsoft Certified Trainers. In his IT career, he has been computer operator, systems administrator, trainer, Help desk operator, support engineer, IT manager, project manager, and now, IT architect. He has also taken part in numerous migration projects, where he was responsible for everything from project to systems design in both the private and public sectors. He is familiar with all versions of Microsoft Windows and the Windows Server System, as well as security, Active Directory Domain Services, Exchange Server, systems management, intra- and extranet configurations, collaboration technologies, office automation, and interoperability solutions. He is a Microsoft Most Valuable Professional for the Windows Server product line.

In 2007, Danielleand Nelson released a free eBook: The Definitive Guide to Vista Migration (www.realtime-nexus.com/dgvm.htm). They also completed an Microsoft Press Training Kit: MCITP Self-Paced Training Kit (Exam 70-238) Deploying Messaging Solutions with Microsoft Exchange Server 2007 and wrote the second half of the Deploying and Administrating Windows Vista Bible for Wiley, as well as the MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server® 2008 Active Directory for Microsoft Press. Nelson and Danielle are delivering a multi-city tour on Virtualization: Controlling Server Sprawl (http://events.techtarget.com/virtualization2008) which is designed to help organizations move to a virtual infrastructure.

Both are also co-authors of Preparing for .NET Enterprise Technologies (www.Reso-Net.com/EMF), which, despite its name, focuses on implementing and managing locked-down desktops, Windows Server 2003: Best Practices for Enterprise Deployments(www.Reso-Net.com/WindowsServer), a step-by-step guide for the implementation of an enterprise network, and Windows Server 2003 Pocket Administrator(www.Reso-Net.com/PocketAdmin), a guide for managing a network on a day-to-day basis. Both are involved as freelance writers for several IT publications, as well as producing white papers for various vendors (www.reso-net.com/articles.asp?m=8) and delivering Webcasts and conferences (www.reso-net.com/presentation.asp?m=7).

Nelson and Danielle work for Resolutions Enterprises, a consulting firm focused on IT infrastructure design. Resolutions Enterprises can be found at www.Reso-Net.com.

About the Technical Editor

Bob Kelly has worked in the IT field for over 18 years and has become well known as an expert on the subject of Windows desktop management. He has performed consulting services for a host of government and commercial customers, implementing various systems management solutions, and customizing them to meet their needs. Bob has authored many books and articles on the topics of scripting and desktop management, but is most well known as the founder of the online resource AppDeploy.com (www.appdeploy.com), a thriving community focused on application deployment. He is also author of a scripting column at MCP Magazine (http://mcpmag.com/columns/

(4)

The Complete Reference

Danielle Ruest

Nelson Ruest

(5)

0-07-159646-1

The material in this eBook also appears in the print version of this title: 0-07-226365-2.

All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps.

McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please contact George Hoare, Special Sales, at george_hoare@mcgraw-hill.com or (212) 904-4069.

TERMS OF USE

This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUD-ING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not war-rant or guawar-rantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, conse-quential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise.

(6)

We hope you enjoy this

McGraw-Hill eBook! If

you’d like more information about this book,

its author, or related books and websites,

please

click here.

(7)

This book is dedicated to all of our readers.

We do hope you make the most of it and follow the advice it contains. This has been many years in the making, but you’ll find the content is solid and chock-full of advice on all facets of network implementation.

(8)
(9)

Part

I

Tour Windows Server 2008

1 The Windows Server 2008 Delta . . . 3 2 Interact with Windows Server 2008 . . . 53

Part

II

Plan and Prepare

3 Plan for Windows Server 2008 . . . 77 4 Explore Windows Server 2008 Installation Modes . . . 117

Part

III

Design Server Roles

5 Prepare Your Identity Management . . . 175 6 Build the Windows Server 2008 Network Infrastructure . . . 241

Part

IV

Manage Objects with Windows Server 2008

7 Prepare for Object Management . . . 307 8 Build the Virtual Service Offerings Infrastructure:

File and Print Servers . . . 391 9 Build the Virtual Service Offerings Infrastructure:

Application-Oriented Servers . . . 437

Part

V

Secure Windows Server 2008

10 Design Your Security Infrastructure . . . 491 11 Build for Business Continuity . . . 557

Part

VI

Migrate to Windows Server 2008

12 Put the VSO Network into Production . . . 601

Part

VII

Administer Windows Server 2008

13 Common Administration Tasks . . . 645

Index . . . 787

(10)
(11)

Contents

Foreword . . . xvii

Acknowledgments . . . xix

Introduction . . . xxi

Part

I

Tour Windows Server 2008

1 The Windows Server 2008 Delta . . . 3

Resource Pools vs. Virtual Service Offerings . . . 4

New Feature Listings . . . 4

Build the Windows Server 2008 Network . . . 5

Organization Size Defi nitions . . . 5

Common Networking Functions . . . 7

New Features in Windows Server 2008 . . . 11

Improvements to Operating System Fundamentals . . . 12

Usability . . . 18

Networking Infrastructure . . . 22

Deployment Infrastructure . . . 25

Application Infrastructure . . . 28

Security Infrastructure . . . 38

Disk and File Subsystem . . . 46

The Next Step . . . 52

2 Interact with Windows Server 2008 . . . 53

The User Interface . . . 54

Initial Confi guration Tasks . . . 59

Server Manager . . . 61

Other Ways to Do Things . . . 67

New Ways to Do Things in WS08 . . . 72

Part

II

Plan and Prepare

3 Plan for Windows Server 2008 . . . 77

Build the Foundation of the Network . . . 78

The Server Lifecycle . . . 79

The Service-Offering Lifecycle . . . 83

Benefi t from a Server Construction and Management Model . . . 87

Design the Network Architecture . . . 96

A Structured Approach: Use Standard Operating Procedures . . . 97

(12)

Perform a Situation Review and Needs Analysis . . . 104

Network with Windows Server 2008 . . . 108

Use the Technological Lab as a Testing Ground . . . 111

Use a Structured Testing Strategy . . . 113

Build Your Resource Pool in Support of Virtual Laboratory Testing . . . 113

4 Explore Windows Server 2008 Installation Modes . . . 117

The Installation Process . . . 118

Hardware Requirements . . . 119

Server Sizing for Resource Pools and Virtual Service Offerings . . . . 119

Sizing Recommendations for Resource Pools . . . 125

Dual-Boot Considerations . . . 126

Rely on Installation Documentation . . . 128

Run Through the Installation . . . 130

Automating Installations . . . 152

Preparation and Prerequisites . . . 153

Use Unattended Installations . . . 154

Use Custom System Images . . . 162

Windows Deployment Services . . . 168

Put the Server in Place . . . 171

Part

III

Design Server Roles

5 Prepare Your Identity Management . . . 175

Introduce Active Directory Domain Services . . . 177

New Features for Active Directory . . . 181

The Nature of Active Directory Domain Services . . . 182

Active Directory Federation Services . . . 184

Design the Solution—Use the Active Directory Blueprint . . . 185

ADDS Partitioning . . . 185

ADDS Service Positioning . . . 187

Implementation Plan . . . 188

Put the Blueprint into Action . . . 188

Forest/Tree/Domain Strategy . . . 189

Forest Design . . . 189

Forest Design Example . . . 192

Production Forest Design . . . 193

Domain Strategy . . . 195

Other Forest Domain Designs . . . 198

Forest Design Best Practices . . . 198

Design the Naming Strategy . . . 198

Naming Best Practices . . . 202

Design the Production Domain OU Structure . . . 203

(13)

The PCs Object OU Structure . . . 207

The Virtual Service Offerings Object OU Structure . . . 207

The People Object OU Structure . . . 208

Replicate the OU Structure to Other Domains . . . 210

Production OU Design Best Practices . . . 210

ADDS and Other Directories . . . 212

Microsoft Identity Lifecycle Manager . . . 213

Integrated Applications for Network Operating System Directories . . . 215

ADDS Integration Best Practices . . . 216

Service Positioning . . . 217

Flexible Single Masters of Operations Positioning . . . 217

Global Catalog Server Positioning . . . 219

Domain Controller Positioning . . . 219

DNS Server Positioning . . . 220

Server Positioning Best Practices . . . 221

Server Positioning Scenario . . . 221

Site Topology . . . 227

Site Topology Design . . . 229

Create Site Link Bridges . . . 230

Best Practices for Site Topology Design . . . 231

T&T Corporation’s Site Topology Scenario . . . 232

Schema Modifi cation Strategy . . . 232

Use Active Directory Lightweight Directory Services . . . 236

Schema Modifi cation Strategy Best Practices . . . 237

ADDS Implementation Plan . . . 237

New and Revised ADDS IT Roles . . . 238

The Ongoing ADDS Design Process . . . 238

6 Build the Windows Server 2008 Network Infrastructure . . . 241

Build Your Resource Pool Infrastructure . . . 241

Create the Utility Forest . . . 245

Confi gure the Volume Shadow Copy Service . . . 246

Build Your Virtual Service Offerings . . . 249

Choose the Migration Approach . . . 250

Choose What to Migrate First . . . 252

Choose the Processor Architecture . . . 259

Assign Resources to VSOs . . . 260

Implement the Parallel Network . . . 263

Prepare the Parallel Network . . . 266

Create the Production Active Directory . . . 268

Forest Staging Activities . . . 271

Install the First Server in a Forest . . . 272

(14)

Create the First DC in the Global Child Domain

Production Domain . . . 282

Create the Second DC in the Global Child Production Domain . . . . 284

Connect the Enterprise Network . . . 286

Network Infrastructure Staging Activities . . . 287

Confi gure the First Network Infrastructure Server . . . 287

Confi gure the Second Network Infrastructure Server . . . 295

Move Servers and Confi gure Domain Replication . . . 296

Work with Windows Deployment Services . . . 298

Install WDS . . . 298

Work with WDS . . . 299

Upgrade an Existing Active Directory to WS08 . . . 299

The Upgrade Process . . . 300

Part

IV

Manage Objects with Windows Server 2008

7 Prepare for Object Management . . . 307

Manage Objects with Active Directory Domain Services . . . 308

Group Policy Concepts . . . 308

Group Policy Processing . . . 310

Policy Loopback . . . 317

Policy Filtering . . . 318

Fast Logon Optimization . . . 319

Policy Design . . . 321

Design a GPO Strategy . . . 321

Create an OU Design for PC Management Purposes . . . 323

Centralized PC Administration . . . 323

Decentralized PC Administration . . . 331

Design for Delegation . . . 332

Delegation Within ADDS . . . 332

Design a Delegation Strategy . . . 335

PC Management . . . 337

Software Installations with WS08 . . . 337

Software Delivery in the Network . . . 340

Complete the OU Strategy . . . 344

Put the PC OU Infrastructure in Place . . . 345

Manage User Objects with Active Directory Domain Services . . . 348

The Active Directory Domain Services User Object . . . 349

Use Template Accounts . . . 360

Massive User Management . . . 361

Manage and Administer Groups . . . 362

WS08 Groups Types and Group Scopes . . . 363

Best Practices for Group Management/Creation . . . 371

Create an OU Design for User Management Purposes . . . 377

(15)

User-Related GPO Concepts . . . 380

Manage User Data . . . 383

Logon and Logoff Scripts . . . 386

Complete the People OU Structure . . . 387

Put the People OU Infrastructure in Place . . . 389

8 Build the Virtual Service Offerings Infrastructure: File and Print Servers . . . 391

Prepare File and Print Servers . . . 393

Share Files and Folders . . . 393

Structure Disk Volumes for Resource Pools . . . 395

Structure Disk Volumes for Virtual Service Offerings . . . 396

Shadow Copies . . . 402

Rely on the Search Service . . . 403

Offl ine File Caching . . . 404

Simple SAN . . . 405

Create the File Server . . . 405

Install the File Server Role . . . 406

Create the Folder Structure . . . 406

Enable File Server Processes . . . 408

Share Folders . . . 409

Publish Shares in Active Directory Domain Services . . . 411

Find Shares in Active Directory Domain Services . . . 412

Manage Folder Availability . . . 413

Work with the Distributed File System . . . 413

Use DFS Replication for Resource Pools . . . 418

Folder Redirection and Offl ine File Settings . . . 419

Share Print Services . . . 421

Integration with Active Directory Domain Services . . . 422

Share Files and Printers for Non-Windows Clients . . . 433

Server Requirements by Role . . . 434

Design the Virtual Service Offerings OU Structure . . . 434

9 Build the Virtual Service Offerings Infrastructure: Application-Oriented Servers . . . 437

Build Application Servers . . . 438

Share Commercial and Corporate Applications . . . 439

Application Development Support . . . 440

Legacy Application and Software Testing . . . 442

Application Server Types . . . 443

Explore Application Virtualization . . . 443

Prepare Web Servers (Dedicated or Application) . . . 445

The IIS 7 Feature Set . . . 446

Install the Application or Dedicated Web Server Role . . . 449

(16)

Prepare Terminal Servers . . . 455

Share Applications with Terminal Services . . . 455

Deploy Terminal Services Applications . . . 469

Create Highly Available Terminal Services . . . 473

The Remote Desktop Console: The Administrator’s Best Friend . . . 474

Collaboration Servers . . . 479

Deploy Windows SharePoint Services . . . 480

Prepare Windows Streaming Media Servers . . . 484

Server Requirements by Role . . . 485

Design the Virtual Service Offerings OU Structure . . . 485

Part

V

Secure Windows Server 2008

10 Design Your Security Infrastructure . . . 491

Security Basics . . . 492

Design a Security Policy . . . 494

The Castle Defense System . . . 494

The Security Plan . . . 496

The Microsoft WS08 Security Guide . . . 499

Windows Server 2008 Security . . . 499

Secure Resource Pools . . . 502

Secure Virtual Service Offerings . . . 504

Apply the Castle Defense System . . . 507

Layer 1 – Critical Information . . . 508

Layer 2 – Physical Protection . . . 509

Layer 3 – Operating System Hardening . . . 510

Layer 4 – Information Access . . . 537

Layer 5 – External Access . . . 549

Manage the Security Policy . . . 556

11 Build for Business Continuity . . . 557

Plan for System Redundancy . . . 558

Protect the Resource Pool . . . 558

Protect the Virtual Service Offerings . . . 561

Prepare for Potential Disasters . . . 562

Use WS08 Clustering Services . . . 562

Cluster Services for Resource Pools . . . 563

Cluster Services for Virtual Service Offerings . . . 564

Network Load Balancing . . . 566

Multicast Versus Unicast Modes . . . 567

Single Affi nity Versus No Affi nity . . . 567

Install and Confi gure NLB Clusters . . . 568

Windows Server Failover Clustering . . . 571

(17)

Server Cluster Concepts . . . 571

Cluster Confi gurations . . . 575

Geographically Dispersed Clusters . . . 576

Resource Pool Failover Cluster Considerations . . . 577

Further Server Consolidation . . . 586

Recovery Planning for Your Network . . . 587

Recovery Strategies for Windows Server 2008 . . . 588

System Recovery Strategies . . . 589

Troubleshooting Techniques . . . 589

Data Protection Strategies for Resource Pools . . . 591

Data Protection Strategies for Virtual Service Offerings . . . 593

Select a Third-Party Backup Tool . . . 594

Physical to Virtual Conversions . . . 595

Finalize Your Resiliency Strategy . . . 597

Part

VI

Migrate to Windows Server 2008

12 Put the VSO Network into Production . . . 601

Considerations for the Migration to the Parallel VSO Network . . . 601

The Server Rotation Process (Resource Pools) . . . 602

The Migration Order (Virtual Service Offerings) . . . 604

Begin the Migration to the Parallel VSO Network . . . 608

Migrate Security Principals . . . 608

Migrate Network Infrastructure Servers . . . 619

Migrate Web Sites . . . 620

Build Terminal Services Servers . . . 621

Migrate File Servers . . . 621

Migrate Print Servers . . . 625

Migrate SharePoint Sites . . . 627

Decommission the Legacy Network . . . 629

Prepare Your New Support Structure . . . 630

New and Revised ADDS IT Roles (VSO Network) . . . 630

New Resource Pool Roles . . . 631

Design the Services Administration Plan . . . 633

Rely on the WS08 Remote Server Administration Tools . . . 636

Build a New Approach to Administration . . . 637

The Administrative Task List . . . 641

Part

VII

Administer Windows Server 2008

13 Common Administration Tasks . . . 645

General Server Administration . . . 649

General Server Administration Activities . . . 649

(18)

Backup and Restore . . . 678

Remote Administration . . . 681

File and Print Server Administration . . . 683

File Service Administration . . . 685

Print Service Administration . . . 696

Cluster Services Management . . . 701

Network Infrastructure Server Administration . . . 704

DHCP/WINS Server Administration . . . 704

Deployment Servers . . . 717

NLB Clusters . . . 718

Network Policy and Access Services . . . 719

Identity Server Administration . . . 722

Domain Controller Administration . . . 725

Namespace Server Management (DNS) . . . 763

Application and Collaboration Server Administration . . . 765

Administration of Dedicated Web Servers . . . 765

Administration of Application Servers . . . 770

Administration of Terminal Services . . . 773

Windows SharePoint Services Administration . . . 777

Performance and Monitoring Administration . . . 781

Final Notes . . . 786

(19)

T

he first time I met Danielle and Nelson Ruest, they drew me a picture of a bullseye and said this was the future of software management. They explained that each circle represented a different part of the computing stack. At the center was the application. In the ring around the center was data, and within the outside ring was the operating system. If we could isolate each of these layers using virtualization, they described, it would make managing software dramatically easier. All the pieces could be put together without the testing and configuration that everyone had come to assume was part of the process. Instead, your management system would know what operating system, data and apps each person needed, and it would shoot out the right bullseye to the right person in real time. We agreed this was an excellent vision for virtualization, but one that would take a number of years to come true.

With the arrival of Windows Server 2008, this dream is one step closer to reality. Windows Server 2008 represents substantial advances around Web and security, but it also includes a brand-new feature: virtualization. Called Hyper-V, this feature means virtualization will be a standard part of using Windows servers. All the benefits of today’s server virtualization— consolidation, power and space savings, and accelerated workload provisioning and business continuity—will now become an integral part of the way companies manage their Windows Server infrastructure.

But this is just the beginning. As more and more servers become virtualized with Hyper-V, the Ruests’ “bullseye” vision for software management will get closer to reality as companies transform their server farms into “hypervisor farms”—pools of computing power defined by the total compute power of all physical servers that have been virtualized. This is the vision of the dynamic datacenter, where workloads are provisioned in real time and moved based on load and priorities, resulting in a more agile IT environment that can respond much faster to a business’ needs. However, virtualization alone will not be enough to make this vision come true. It also requires management.

With virtualization, the role of systems management goes from important to essential. Management shows you where your virtualized resources reside (since they’re no longer installed in one location) and, even more importantly, it enables the real-time allocation of resources—which is one of the core principles of a dynamic datacenter. At Microsoft, we have designed the System Center management suite (made up of Virtual Machine Manager, Operations Manager, Configuration Manager, and Data Protection Manager) to build the foundation for a dynamic datacenter by providing the provisioning, monitoring, and backup tools for both virtual and physical environments, both desktops and servers, both operating system and applications, and across multiple hypervisors—all from a single management console.

(20)

Today, in 2008, industry analysts estimate that less than 10 percent of servers worldwide are virtualized. One of the great things about making virtualization a key feature of Windows Server is that if a company’s IT staff is already trained in Windows, adding virtualization is a natural extension of their skills. This should dramatically accelerate the percentage of servers that will be virtualized over the next few years. And that’s where Danielle and Nelson’s excellent book plays a critical role.

Microsoft Windows Server 2008: The Complete Reference is a one-stop-shop for learning all the essential steps for setting up Window Server 2008—but it’s also a great guide on how to take advantage of Hyper-V virtualization to transform your IT infrastructure into a dynamic computing environment. Danielle and Nelson have infused their bullseye vision into the book, explaining not only the tactical uses for this technology, but also how to think strategically about virtualization with Windows Server 2008.

—David Greschler

(21)

T

hank you to our customers for helping us work with them to learn how best to create fully functional networks with Windows Server technologies. Also, thank you to the organizations who participated with us to flesh out the administrative tasks listed in Chapter 13. This list of tasks has been used as the basis of a training course for over four years. Thank you to the course attendees for their insight and helpful comments.

Together, we created a book that should help you, once and for all, gain control of the unruly Windows environments that seem to populate the world.

Thank you to Bob Kelly for his diligent efforts in proofing our book and making sure that its technical content was as right as could be.

Thank you to David Greschler for taking time out of his busy schedule to review and comment on this work.

Thank you to the editorial and preparation team, especially Lisa McCoy for her eagle eye in editing, Madhu Bhardwaj and Patty Mon for a wonderful preparation experience, and Jane Brownlow and McGraw-Hill for giving us the opportunity to help IT professionals everywhere by writing this book.

(22)
(23)

P

icture a breathtaking alpine setting, a small village nestled among the Pacific coastal mountains. Two chairs run from the base of the mountains—one to Blackcomb, one to Whistler—both offering some of the best skiing in Western Canada and a lonesome pub located at the base of both mountains, the Longhorn Saloon. Here, skiers come to rest after a full day’s run and here is the setting where the software you are preparing to deploy, Windows Server 2008, formerly code-named “Longhorn” Server, first came into being.

Microsoft has parlayed its Windows operating system (OS) into the most popular operating system on the planet, despite the best efforts of its competitors. This applies as much to the desktop as to the server operating system. Now, with the release of a new version of its flagship server OS, Windows Server 2008 (WS08), Microsoft hopes to introduce a new benchmark in ease of use, integrated management capabilities, complete security, and simplicity of deployment, as well as interaction with other operating systems such as UNIX and Linux. Make no mistake. Microsoft has invested heavily in WS08 and has delivered a rock-solid foundation for any network.

WS08 builds on Windows 2000, Windows Server 2003 (WS03), and Windows Server 2003 R2 to provide a complete set of functions and functionalities for both wired and wireless networks of all sizes. Most of you should already be using a version of one of the aforementioned operating systems, so many of the concepts in this book—concepts such as Active Directory, Group Policy, Microsoft Management Console (MMC), and other

management technologies of modern Windows server operating systems—will be familiar to you. If, for some unknown reason, you are still working with Windows NT, you will still find this book highly useful, as it includes several chapters reviewing critical information such as Active Directory design and the usefulness of Group Policy.

Since WS08 is a server operating system, this book is structured around the strategy you would use to build a network from the ground up, relying on the latest and greatest features offered by the new OS. As such, it is divided into seven parts, each focused on one aspect of the implementation of a new server OS. They include:

Part I: Tour Windows Server 2008, which covers the new feature set of Windows Server 2008 as well as the interface changes built into the OS.

Part II: Plan and Prepare, which helps you plan your network migration and begin the server preparation process through a description of the new imaging and staging capabilities in WS08.

(24)

Part III: Design Server Roles, which provides guidelines for the elaboration of network services such as Active Directory, Internet, and remote connectivity, as well as outlining how you put these core services in place.

Part IV: Manage Objects with Windows Server 2008, which outlines the management strategies you should use with WS08 to maintain and offer services to computers, users, and services within your network.

Part V: Secure Windows Server 2008, which focuses on the critical security elements each network must put in place to protect the assets it contains. Even though this section deals specifically with security, standard network security concepts are used throughout the book.

Part VI: Migrate to Windows Server 2008, which focuses on how to migrate existing network components to a WS08-based infrastructure.

Part VII: Administer Windows Server 2008, which provides a comprehensive set of tasks for daily, weekly, and monthly administration of a WS08-based network. Preparing a network is a complex process—even more so now that Windows is in its third post-NT edition. With Windows NT, decisions were relatively simple because the choices were limited. But with Windows Server 2008, this is no longer the case. It’s not surprising, since the network has evolved today from being a loosely coupled series of servers and computers to being an integrated infrastructure providing and supporting the organization’s mission. This evolutionary process is not unlike that of the telephone. At first, telephone systems were loosely coupled. Today, worldwide telecommunications systems have converged with Internet-based systems and are now much more complex and complete.

Similarly, networks are now mission-critical. The new organizational network has become a secure, stable, redundant infrastructure that is completely oriented toward the delivery of information technology services to its client base. These services can range from simple file and print systems to complex authentication systems, collaboration environments, or application services. In addition, these services can be made available to two differing communities of users: internal users, over whom you have complete control of the PC, and external users, over whom you have little or no control.

That’s why moving or migrating to Windows Server 2008 is much more of a network infrastructure design project than one dealing simply with upgrading to a new technology. Each time you change a technology that is as critical as the OS of your network, it is important, if not essential, to use a complete process, one that includes the following steps:

1. Begin by reviewing organizational needs and requirements. Have they changed since the original network was designed? Are there new requirements defined by changing business rules or business environments? Have emerging technologies affected how your organization functions? The answers to these core questions will serve as the initial input into your new and updated network design.

(25)

3. Once you fully understand what you will use from the new OS, move to the design of a comprehensive architecture of the new services you want to take advantage of. WS08 offers many new features that will change the way you work—features such as full IPv6 support, redesigned TCP/IP stack, and improved Terminal Services will have an impact on the way you do things today. Make sure your architecture merges your existing capabilities with those you will add from this new OS. 4. Next, create a proof-of-concept network, one that is designed with the new

architecture in mind. Test, test, and test again to make sure that you fully understand how new features will affect the way you do things today.

5. Once you’re familiar with the way your new architecture will work, move to the creation of an implementation plan. This plan outlines how you want to deploy the new technologies into your network. Take baby steps and focus on “low-hanging fruit,” or features that cost little to implement but provide some immediate returns on investments.

6. Make sure your implementation plan includes a proper deployment strategy, relying on pilot projects first, then moving to full deployment. Pilot projects will help iron out any deficiencies in deployment planning, so don’t skip this important step. 7. Finally, make sure your implementation plan includes lots of time for system

administrator, Help desk, and operator training. These people are the ones who will make your migration a success or a failure, so don’t skimp on the efforts to support them during the migration.

Aligning a project of this magnitude with the business strategies of the organization will make the transition more easily accepted and more profitable for the organization as a whole. Too many organizations cannot fully profit from the benefits of a structured network because they have never taken the time to perform each of these steps. As a result, they don’t benefit from the maximum potential or performance of their network.

In fact, planning and preparing for the implementation of Windows Server 2008 should be 80 percent planning, preparing, and testing, and 20 percent implementation. We use this rule to emphasize just how important it is to prepare and test before you implement. We guarantee it. If you use the 80/20 processes outlined in this book, your network will just run. It’s as simple as that. This applies to you whether your organization has one or one million users. If your organization is an organization of one, you’ll still want to take the time to prepare properly, but you probably won’t take the time to invest in automating procedures; you’ll still want standard operating procedures, but you probably won’t involve a series of technicians and architects to validate them; and, you’ll still want to design based on architectural models, but you won’t take the time to create them yourself.

Building a network with Windows Server 2008 consists of designing the network architecture and its implementation procedure while identifying opportunities for and relying on standard operating procedures. The network infrastructure is divided into specific service delivery areas that must be supported by a structure for network

administration and management. For each aspect of this infrastructure, it is essential to have a complete understanding of the features that WS08 offers in this area. It is also important to identify which of these features offer the best cost/benefit scenario for the enterprise.

(26)

authentication and authorization services than to keep them distributed through the use of workgroups, because if a change is required, you only have to make it in one central place. Thus, the organization that requires a business-level network infrastructure will not invest in workgroups; they will invest directly in Active Directory, bypassing workgroups altogether. This business-level approach is the one that will be used throughout this book in an effort to facilitate your implementation of Windows Server 2008.

Use a Parallel Network

Building a network based on a server operating system is no small task. Worse, it seems you have to start over every time the server operating system changes. This book provides a structured approach that lets you create a brand-new network that fits your organization’s size and needs, and that is built on the best features of Microsoft’s new Windows Server 2008 operating system. Ideally, this network will be built in a parallel environment that does not affect your current production network. But if you cannot afford the additional hardware required to build the core set of features into the parallel network, it also outlines how to integrate new features into existing environments without disrupting production environments. We strongly recommend the use of the parallel network approach for several reasons:

• First, when you move to a new operating system, especially a new server operating system, you need to make sure that you do not carry over any legacy components on the servers because they may affect their proper operation. This is why new installations are recommended, even though Microsoft has endeavored to finally make the upgrade process work properly.

• Second, as server operating systems evolve, the manufacturer often discovers new ways of doing things, replacing the old way with a brand-new technology—a technology that often works in a completely different manner. A good example is the comparison of home directories, which are a legacy from the Windows NT days, with the use of folder redirection, which was introduced with Group Policy in Windows Server 2003. Using a parallel network, you can move to the new feature and have no carry-over from the old feature in the new network.

• Third, preparing the new network in parallel lets you ensure that everything is working as expected before loading it up with users. In addition, if problems arise, you can simply tear down the new systems and replace them completely—a luxury you simply do not have when integrating new systems into an existing network. Then, when you’re ready to make the migration, this book outlines how to take security principals, documents, data, and applications and move them from your legacy network to the new, parallel environment. This way, you can immediately begin to profit from the best of this powerful OS. Finally, this book outlines how to administer the network once it is in place.

TIP

(27)

To achieve this goal, the book is divided into seven parts, each building on the concepts of the previous parts to finally cover all of the elements required to build your new network. The core concept of this book is its focus on business features—only those features that are relevant to a business environment. Windows Server 2008 is not intended for the home, but if you want to rely on this powerful operating system to build a home network, look for the recommendations for small business networks that are outlined throughout the book. Similarly, medium and large organizations will find recommendations for implementations that fit their needs.

Windows Server 2008 Editions

Ever since the release of Windows NT, Microsoft has been publishing its server operating systems in editions. In Windows Server 2003, there were at first four (then more) editions. Today, WS03 includes Web, Standard, Enterprise, and Datacenter editions, as it did from the very beginning, but it also includes new editions, such as Windows Storage Server 2003, Windows Small Business Server 2003, and Windows Compute Cluster Server 2003—all specialized editions of the server OS that are designed to play specific roles in organizations of various sizes.

Windows Server 2008 will continue this tradition and will also include several different editions. Note that this book focuses on the core editions of Windows Server 2008 only and does not cover editions such as Small Business or Compute Cluster. This book covers the following WS08 editions:

• Windows Server 2008, Standard edition • Windows Server 2008, Enterprise edition • Windows Server 2008, Datacenter edition • Windows Server 2008, Web edition

• Windows Server 2008 for Itanium-Based Systems • Windows Server 2008 Standard without Hyper-V • Windows Server 2008 Enterprise without Hyper-V • Windows Server 2008 Datacenter without Hyper-V

Note that each version that includes Hyper-V is designed to run on 64-bit infrastructures. Most of these systems run on x64 processor architectures, not Itanium, though there is an Itanium version as well. Microsoft has already announced that the next release of Windows Server 2008, release 2 (R2) will only run on 64-bit processors and will no longer be available for 32-bit systems.

NOTE

(28)

Each version includes specific feature sets, which are described as follows:

• Windows Server 2008, Standard edition, is designed for most networking tasks. It is aimed at file and printer sharing, Internet connectivity, small-scale application deployment, and collaboration scenarios. It is designed to provide low-cost networking services, where a single machine can operate independently of others. It is often used as a domain controller in an Active Directory deployment, as a stand-alone file and print server in branch offices or in small to medium organizations, as the basis for collaboration services through Windows SharePoint Services (WSS), and as the front end to any application environment.

• Windows Server 2008, Enterprise edition, provides more robust support for service scenarios that require continuous availability. The Enterprise edition also supports the Microsoft Cluster Service, which lets you connect up to eight systems together to provide high availability for specific services. The Enterprise edition is aimed at infrastructure support, as well as application and Web services support, and is often used to protect systems such as Microsoft Exchange Server or Microsoft SQL Server. • Windows Server 2008, Datacenter edition, is usually provided by original

equipment manufacturers, though it is available as a software OS as well, and is aimed at very large organizations that require constant operation of their most mission-critical applications. It is aimed at business-critical and mission-critical applications demanding the highest level of scalability and availability.

• Windows Server 2008, Web edition, is specifically focused on providing a trimmed-down and secure Web server supporting ASP.NET. This edition does include the Network Load Balancing (NLB) service, so it can be used to provide protection for front-end systems in a high-availability scenario.

New to Windows Server 2008 is the Server Core. This toned-down edition of Windows Server is most famous for its complete lack of graphical interface. Server Core provides the same functionality as the full installation, but does not support all of its scenarios. Server Core includes support for nine server roles. It does include many of the core security features inherent in WS08, such as BitLocker full drive encryption, and will also support the read-only domain controller (RODC). Server Core is a low-maintenance version of Windows that can provide good functionality in key situations. When launched, Server Core only provides access to a command shell window. Scripters and command-line aficionados will delight in this version.

32- and 64-bit Versions

Several editions of Windows Server 2008 support both 32- and 64-bit processors. In fact, these editions will support both x64 and IA64 processors. This book covers both 32-bit, which are called x86, and 64-bit, or x64 processors. IA64 is based on the Itanium microchip from Intel—Itanium is a 64-bit reduced instruction set computer (RISC) processor—and while it is in use in very large organizations, has a very small following. As such, it is not covered in this book, although, since it basically offers the same capabilities as other versions of WS08, the guidance in this book still applies to this version of Windows Server.

(29)

64 bits actually offer significantly more processing power than simply doubling the capability of 32 bits. According to Bill Gates, the coming of 64-bit computing will break all the barriers we face today. That may be true. One thing is certain: x64 machines provide a lot more horsepower than x86 machines. x64 systems run a series of different processors from the two microprocessor manufacturers: from AMD, the Opteron or the Athlon 64; and from Intel, the 64-Bit Xeon or the Pentium with EM64T. What’s exciting about these processors is that they are a lot more affordable than the I64 systems. In addition, you have a much larger variety of operating systems to choose from: Windows Vista 64-bit edition, as well as Windows Server 2008 Standard, Enterprise, and Datacenter editions.

There are two ways to work with an x64 system: run native 64-bit software, or run software that is compatible but runs in 32-bit mode. You might think that because the x64 versions of Windows Server and Windows Vista have only been out for a little while that there might not be a lot of applications available for this version of the OS. But that’s not the case. According to the Microsoft Web site (see the Windows Server Catalog of Tested Products at www.windowsservercatalog.com), there are hundreds of applications that run in native x64 mode and more are coming. In addition, several more can run in 32-bit compatible mode.

So how does x64 measure up? The first thing you’ll notice is that everything—yes, everything—runs faster. That is as you would expect, but it is surprising to see that even applications that aren’t designed for the x64 system run faster. Just like the 32-bit version of the operating system, x64 runs a special Windows on Windows (WOW) session that lets 32-bit applications run inside the 64-bit operating system. WOW32 sessions provide better performance than even native 32-bit systems. Why is that? Because of the limitations that x64 finally breaks.

Previously, with a 32-bit system, you needed to use at least Windows Server 2003 Enterprise edition to gain access to more than 4 gigabytes (GB) of random access memory (RAM), then add the /PAE (physical address expansion switch) to the Boot.INI file that controls how the operating system is launched. Although this gave you access to more than 4 GB of RAM, it only fools the system, because a 32-bit machine is limited to a 4-GB address space in the first place. With x64, this limitation changes to 32 GB for Windows Vista and the Standard edition of Window Server, but jumps to 1 terabyte (TB) when running the more advanced editions of the Windows Server operating system. In addition, there is less reliance on the page file for virtual memory expansion in a 64-bit system. This means less disk activity for memory-intensive applications.

These are not the only benefits of x64. It also provides faster input and output (I/O) because it can take advantage of larger data blocks. It provides higher data transfer rates because it can run more concurrent processes. More client connections can be set for a given server, breaking the limits of Transmission Control Protocol/Internet Protocol (TCP/IP) on 32-bit. In fact, Microsoft states that it has been able to vastly reduce the number of servers running Microsoft Update, the Web site providing patch downloads, because each 64-bit server can manage vastly more connections per server. But these file system changes have an impact. For example, your 32-bit third-party backup and restore tool will not work with a 64-bit machine because the file I/O driver is completely different from the 32-bit version.

(30)

This is exactly the way it was when 32-bit machines were introduced. One thing is certain: What does work on 64-bits will always work faster. Our advice: If you need speed and you know that your core applications are ready to run on x64, take the plunge. Costs are not that far off from 32-bit systems, and the advantages are far-reaching. If you’re buying hardware today and you want to make it last, buy x64 machines.

The Perfect Client: Windows Vista

Microsoft Windows Server 2008 is based on the same code that built Windows Vista. In fact, the code is so similar that Microsoft’s releases of this software uses the single-instance store principle—only one copy of a file if it is the same in two or more sources—to giving them the ability to put Vista and Windows Sever 2008 on the same DVD. Therefore, it goes without saying that they are designed to work together better than any other versions of Windows. Of course, you can continue to rely on Windows Server 2003, especially the R2 edition, and on Windows XP with Service Pack 2 or later to run your network. But if you are building a new network based on the feature set that Windows Server 2008 can provide, you should consider upgrading all clients to Windows Vista as well. If you do so, you will gain the following benefits:

• A simplified maintenance model, because both the server and the client use the same mechanism for service packs and updates.

• Central monitoring and reporting, because Vista clients can monitor specific events and report them to a central WS08 server.

• Increase the ease of operating system deployment through Windows Deployment Services (WDS) on WS08. Note that WDS will also run on WS03 with the proper update. • Increase network protection through the integration of Network Access Protection

(NAP) in Windows Server 2008 to ensure that Vista clients are compliant with all security policies and updates before they can access network resources.

• Clients will also have improved performance through the capability of rendering print jobs locally and then sending them on to the server for impression.

• In addition, Vista can cache server resources locally, so the client always stays working, whether the server resource is available or not. Then, once connectivity is restored, the resources update automatically.

• Both Vista and WS08 can take advantage of the new New Technology File System (NTFS) Transactional File System (TFS) to increase disk storage reliability and provide rollback in the event of a failure to write in either the file system or the registry. • Clients and servers can rely on Quality of Service (QoS) policies to ensure that

critical applications benefit from prioritized bandwidth.

• Search is integrated between the client and the server to improve users’ ability to locate server resources.

• IPv6 is integrated with both the client and the server, and both use the newly rewritten TCP/IP stack, ensuring better network communications scalability. • The new Server Message Block (SMB) version 2.0 will provide better performance

(31)

• Terminal Services running on Windows Server 2008 can provide Vista clients with access to applications through the Hypertext Transfer Protocol (HTTP) gateway. In addition, remote applications will operate seamlessly, letting users believe they are actually using local applications.

These are only a few of the features and benefits users of both WS08 and Vista will gain. In addition, there are increased Group Policy settings that are only available between the two updated versions of Windows. Finally, both use the same new interface and rely on the same access to resources through integrated search capabilities. If you want the most of your new WS08 network, you should seriously consider working with Vista as the client.

TIP

TIP

For more information on migrating to Windows Vista, look up the free eBook, The Definitive Guide to Vista Migration, by Ruest and Ruest at www.realtime-nexus.com/dgvm.htm.

TIP

TIP

For more information on Windows Server 2008, rely on the Windows Server 2008 Documentation Survival Guide on Microsoft TechNet at http://technet2.microsoft.com/ windowsserver2008/en/library/6c504a47-4a82-459f-8755-fe59630f4e1d1033.mspx.

Build the Dynamic Datacenter

In addition, this book is focused on building the dynamic datacenter. A dynamic datacenter is one where all resources are divided into two categories:

Resource Pools consist of the hardware resources in your datacenter. These hardware resources are made up of the server hardware, the network switches, and the power and cooling systems that make the hardware run.

Virtual Service Offerings consist of the workloads that each hardware resource supports. Workloads are virtual machines that run on top of a hypervisor—a code component that exposes hardware resources to virtualized instances of operating systems.

In this datacenter, the hardware resources in the resource pool are host systems that can run between 10 and 20 guest virtual machines that make up the virtual service offerings.

This approach addresses resource fragmentation. Today, many datacenters that are not running virtual machines will most often have a utilization that can range from 5 to perhaps 15 percent of their actual resources. This means that each physical instance of a server is wasting more than 80 percent of its resources while still consuming power, generating heat, and taking up space. In today’s green datacenters, you can no longer afford to take this approach. Each server you remove from your datacenter will save up to 650,000 kilowatt-hours per year. By turning your hardware resources into host systems, you can now recover those wasted resources and move to 65 to 85 percent utilization. In addition, the dynamic datacenter will provide you with the following benefits:

(32)

Resource optimization By working with virtual workloads, you can ensure that you make the most of the hardware resources in your datacenter. If one virtual offering does not have sufficient resources, fire up another hardware host and move it to that host, providing the required resources when the workload demands it. • Scalability Virtualization provides a new model for scalability. When your

workloads increase, you can add the required physical resources and control growth in an entirely new manner.

Serviceability Because of built-in virtualization features, your hosts can move one virtual workload from one host to another with little or no disruption to end users. This provides new serviceability models where you can manage and maintain systems without having to cause service disruptions.

Cost savings By moving to virtualization, you will earn savings in hardware reductions, power reductions, and license cost reductions.

The result is less hardware to manage and a leaner, greener datacenter.

Run Physical or Virtual Machines

With the coming of Windows Server 2008 and its embedded virtualization technology, or hypervisor, you need to rethink the way you provide resources and build the datacenter. With the advent of powerful new 64-bit servers running either WS08 Enterprise or

Datacenter edition, it has now become possible to virtualize almost every server type, with little or no difference in performance, especially if you base your host server builds on Server Core. Users do not see any difference in operation, whether they are on a virtual or physical machine. And with the advent of the new hypervisor built into WS08, the virtual-versus-physical process becomes completely transparent. That’s because unlike previous Microsoft virtualization technologies, which actually resided over the top of the operating system, the new hypervisor resides below the operating system level (see Figure 1).

In addition, the WS08 hypervisor has a very small footprint and does not need an additional operating system to run. When you install the WS08 Hyper-V role with Server Core, the hypervisor is installed directory on top of the hardware. An advantage this model gives you is that all system drivers reside in the virtual machine itself, not in the hypervisor.

FIGURE 1

(33)

All the hypervisor does is expose hardware resources to the virtual machine (VM). The VM then loads the appropriate drivers to work with these hardware resources. VMs have better access to the host system’s resources and run with better performance because there are fewer translation layers between them and the actual hardware.

To further support the move to the dynamic datacenter, Microsoft has changed the licensing mode for virtual instances of Windows Server. This change was first initiated with WS03 R2. In WS03 R2, running an Enterprise edition version on the host system

automatically grants four free virtual machine licenses of WS03 R2 Enterprise edition (EE). Add another WS03 R2 EE license, and you can build four more VMs. On average,

organizations will run up to 16 virtual machines on a host server, requiring only four actual licenses of WS03 R2 EE.

Microsoft carries over this licensing model with WS08. The first Enterprise edition license grants one license for the host and four licenses for VMs. Each other license grants four more licenses for VMs. If you purchase the WS08 Datacenter edition, you can run an unlimited number of VMs on that host. Remember also that the licenses for VMs support any version of Windows Server. This means you can run Windows NT, Windows 2000, or Windows Server 2003, as well as WS08.

Virtualization provides great savings and decreases general server provisioning timelines, as well as reducing management overhead. For example, one system administrator can manage well over 100 virtualized servers, as well as the hosts required to run them.

TIP

TIP

For more information on the benefits of server consolidation and optimization, download a presentation called “Consolidation Roadmap—Improving Your Infrastructure” from www.reso-net.com/presentation.asp?m=7. Microsoft also offers planning and design guidance on virtualization, especially how to decide which Windows technologies to virtualize at http://technet.microsoft.com/en-us/library/bb969099.aspx.

Push the Virtualization Envelope

WS08 is designed from the ground up to support virtualization. This means that you have the opportunity to change the way you manage servers and services. With the WS08 hypervisor, Hyper-V, there is little difference between a machine running physically on a system and a machine running in a virtual instance. That’s because the hypervisor does the same thing as a physical installation would by exposing hardware to VMs. The real difference between a physical installation and a VM running on the hypervisor is access to system resources. That’s why we propose the following:

• The only installation that should be physical is the hypervisor or the Windows Server Hyper-V role. Everything else should be virtualized.

• Instead of debating whether service offerings—the services that interact with end users—should be physical versus virtual installations, make all of these installations virtual.

• The only installation that is not a VM is the host server installation. It is easy to keep track of this one installation being different.

(34)

• Creating a source VM is easier than creating a source physical installation because you only have to copy the files that make up the VM.

• The difference between a traditional “physical” installation and a virtual installation is the amount of resources you provide the VM running on top of the hypervisor. • All backups are the same—each machine is just a collection of files, after all. In addition,

you can take advantage of the Volume Shadow Copy Service to protect each VM. • All service-offering operations are the same because each machine is a VM. • Because all machines are virtual, they are transportable and can easily be moved

from one host to another.

• Because VMs are based on a set of files, you can replicate them to other servers, providing a quick and easy means of recovery in the event of a disaster. More on this will be covered in Chapter 11.

• You can segregate the physical and virtual environments, giving them different security contexts and making sure they are protected at all times.

• You can monitor each instance of your “physical” installations, and if you see that it is not using all of the resources you’ve allocated to it, you can quickly recalibrate it and make better use of your physical resources.

• Every single new feature can be tested in VMs in a lab before it is put into

production. If the quality assurance process is detailed enough, you can even move the lab’s VM into production instead of rebuilding the service altogether.

• You are running the ultimate virtual datacenter, because all systems are virtual and host systems are nothing but resource pools.

With this in mind, this book divides the tasks of preparing your new network into resource pool and virtual service offering tasks. To facilitate this, the inside front cover includes a Resource Pool table of contents that lets you move directly to the content that will help you prepare hardware resources. This facilitates your move to the dynamic datacenter.

TIP

TIP

Microsoft offers the Microsoft Assessment and Planning Solution (MAPS) which will automatically scan your network to propose migration and virtualization strategies. Look for MAPS on www.microsoft.com/downloads.

Manage as a Project

(35)

This is why you should run this implementation as a project and make sure your project team includes all of the right players. These should focus on at least two groups: one that will work on the elaboration of the network architecture and one that will focus on the preparation of installation procedures and perform the installation itself. The technical project team should include architects, system administrators, installers, user

representatives, support personnel, developers, and project managers, or at least personnel whose role is to wear these hats in the organization. You should make sure you involve your current administrative and operational staff in this project. This will help you recover the best of the existing network and help them learn more about the new operating system they will soon be using. Depending on the size of your organization, you may consider hiring replacement staff to free up your existing personnel to work on this project.

In addition, you need to make sure that you involve the right stakeholders. Not having the right stakeholders can be as disastrous as not making the right technical decisions.

Finally, managing a project of this magnitude can be complex and can give you the impression it is never-ending, unless you structure it properly. To facilitate the process, each chapter has been designed to help you structure the technical activities needed to perform the migration. This does not mean that every chapter needs to be addressed in a sequential order. Though this is possible, and even appropriate in some cases, in very large

organizations, it would improperly stretch the project timeline. Some chapters require the participation of your entire technical project team, but others do not because they are focused on specific areas of technical expertise.

Figure 2 illustrates a sample timeline distribution for the activities required to migrate to this OS. It lets you divide the technical project team in appropriate subgroups to shorten the overall project timeline while still achieving your goal: doing the best implementation you

(36)

can so that all can profit from an improved networking environment. More on this timeline will be discussed in appropriate portions of this book. Note that this timeline is focused on virtual service offerings or the services your end users will interact with.

You will also need to test each new service you deploy. Because you are moving to the dynamic datacenter, you will be able to facilitate the testing process. Use the following strategy:

• Begin by building a core set of hardware resources. Rely on the Resource Pool table of contents to do so.

• Use this core set of resources as the basis of your testing lab, and begin to create the virtual service offerings you require on top of this core resource pool.

• If you make mistakes, either rely on the snapshot feature of Windows Server Hyper-V to undo the changes you made to virtual machines or simply scrap the VM and return to the beginning.

• When you feel you have it right, move the VM hosting the new service to the new production network. In most cases, you will be able to simply move the VM instead of having to re-create it.

You’ll soon become familiar with the concept of working with resource pools and virtual service offerings, and once you do, you’ll never go back.

The Companion Web Site

Throughout the book, you’ll find that each chapter includes both discussion points and step-by-step implementations. Each chapter is chock-full of best practices, checklists, and processes. In addition, relevant figures and tools can be found on the Companion Web site (www.reso-net.com/livre.asp?p=main&b=WS08). It lists dozens of job aids, forms, checklists, blueprints, spreadsheets, and other tools that are designed to help you in your network migration. All are readily available to everyone. These tools are listed on a per-chapter basis to help you locate them more easily. Make sure you connect and download these items; they will definitely simplify your migration project.

Note that you will need to register to access the contents of the site.

Move On

(37)

I

Tour Windows Server 2008

T

his section serves to prepare system administrators for Windows Server 2008. You will learn what to expect from this new version of Windows Server. It also addresses the core structure of the book: a division according to the size of organization you are in and a division according to the process of deploying new network service offerings based on Windows Server 2008. This section helps you to identify which features best meet the needs of your organization.

C

HAPTER 1

The Windows Server 2008 Delta

C

HAPTER 2

Interact with Windows Server 2008

(38)

Figure

FIGURE 2 The Windows Server 2008 migration timeline
FIGURE 2 The Windows Server 2008 migration timeline. View in document p.35
FIGURE 1-1 Graphical legend for network server types
FIGURE 1 1 Graphical legend for network server types. View in document p.46
TABLE 2-1 Available Features in WS08
TABLE 2 1 Available Features in WS08. View in document p.99
FIGURE 3-10 A testing lab should be as complete as possible.
FIGURE 3 10 A testing lab should be as complete as possible . View in document p.148
FIGURE 4-17 The remote
FIGURE 4 17 The remote . View in document p.206
TABLE 5-3 Domain Objects
TABLE 5 3 Domain Objects. View in document p.237
TABLE 5-5 OU Structure in Other Domains
TABLE 5 5 OU Structure in Other Domains. View in document p.246
FIGURE 6-4 The Parallel Network Migration Approach
FIGURE 6 4 The Parallel Network Migration Approach. View in document p.287
TABLE 6-5 Shared- or Single-VM Recommendations for the Parallel Network
TABLE 6 5 Shared or Single VM Recommendations for the Parallel Network. View in document p.299
FIGURE 6-10 WS08 VSO network infrastructure server roles
FIGURE 6 10 WS08 VSO network infrastructure server roles. View in document p.302
FIGURE 7-10 Assigning OU
FIGURE 7 10 Assigning OU . View in document p.372
TABLE 7-4 User Object Properties
TABLE 7 4 User Object Properties. View in document p.387
TABLE 7-7 Group Name Examples
TABLE 7 7 Group Name Examples. View in document p.410
Table 7-7 lists some sample names for different groups.Using such a naming strategy will greatly reduce group management headaches
Table 7 7 lists some sample names for different groups Using such a naming strategy will greatly reduce group management headaches. View in document p.410
TABLE 7-9 A People Administration OU Structure
TABLE 7 9 A People Administration OU Structure. View in document p.423
FIGURE 7-22 GPO application and delegation in the People OU structure
FIGURE 7 22 GPO application and delegation in the People OU structure. View in document p.425
TABLE 8-1 Folder and Share Structure
TABLE 8 1 Folder and Share Structure. View in document p.434
TABLE 8-5 Adding the Print Services Role
TABLE 8 5 Adding the Print Services Role. View in document p.464
FIGURE 9-2 The IIS 7 management console
FIGURE 9 2 The IIS 7 management console. View in document p.482
TABLE 10-7 Authentication in IIS
TABLE 10 7 Authentication in IIS. View in document p.582
TABLE 11-1 WS08 Clustering Services for VSOs
TABLE 11 1 WS08 Clustering Services for VSOs. View in document p.601
FIGURE 11-6 The NLB Manager interface
FIGURE 11 6 The NLB Manager interface. View in document p.606
FIGURE 13-3 Working with AdminScriptEditor from iTripoli
FIGURE 13 3 Working with AdminScriptEditor from iTripoli. View in document p.685

References

  1. osoft Canada, blog: http://blogs.technet.com/canitpro
  2. (www.realtime-nexus.com/dgvm.htm). They also completed an
  3. Server Sprawl (http://events.techtarget.com/virtualization2008) which is designed to help
  4. (www.Reso-Net.com/EMF),
  5. (www.Reso-Net.com/WindowsServer), a
  6. (www.Reso-Net.com/PocketAdmin), a guide for managing a network on a day-to-day
  7. papers for various vendors (www.reso-net.com/articles.asp?m=8) and delivering W
  8. ences (www.reso-net.com/presentation.asp?m=7).
  9. e design. Resolutions Enterprises can be found at www.Reso-Net.com.
  10. .com (www.appdeploy.com), a thriving community focused on application deployment.
  11. (http://mcpmag.com/columns/columnist.asp?ColumnistsID=24). Bob is pr
  12. Admin Script Editor (www.adminscripteditor.com), a unique and full-featur
  13. e on Bob, visit www.bkelly.com.
  14. 2008: The Complete Reference
  15. oducts at www.windowsservercatalog.com), ther
  16. echNet at http://technet2.microsoft.com/
  17. (www.reso-net.com/livre.asp?p=main&b=WS08). It lists dozens of job aids, forms,
  18. can be obtained at www.microsoft.com/windowsserversystem/updateservices/downloads/WSUS.mspx. Registration is r
  19. ista client, go to www.realtime-vista.com/
  20. T on www.microsoft.com/downloads.
  21. irtualization Calculators at www.microsoft.com/windowsserver2003/howtobuy/licensing/calculator.mspx.
  22. osoft IT service lifecycle model can be found at www.microsoft.com/
  23. omote can be found at www.dmtf.org.
  24. irtual Machine Manager (SCVMM at www.microsoft.com/systemcenter/scvmm/default.mspx)
  25. www.microsoft.com/whdc/default.mspx.
  26. indows Server 2008,” which can be found at www.microsoft.com/downloads/details.aspx?FamilyID=173E6E9B-4D3E-4FD4-A2CF-73684FA46B60&displaylang=en.
  27. s memo, see www.whitehouse.gov/omb/memoranda/
  28. e information on WFP can be found at www.microsoft.com/whdc/device/network/WFP.mspx.
  29. osoft Deployment guidance can be found at http://technet.microsoft.com/
  30. Planning and Design can be found at www.microsoft.com/downloads/