Network Management Introduction to Windows Server 2003.

Network ManagementIntroduction to Windows Server 2003

Versions of Server 2003

• There are versions of Server 2003 that support the either 32 or 64 bit machines (Both Enterprise and Data Center support 64 bit processors.

• The different versions of Server 2003 include• Web Edition• Standard Edition• Enterprise Edition• Datacenter Edition

Web Edition

• Supports up to 2 processors

• Supports up to 2 Gigs of Main Memory

• Can never be a domain controller, but can be added to active directory

• The standard client access model does not Apply to IIS (Internet Information Services)

• There is a limit of 10 concurrent users that may connect to the server for file and print sharing.

Web Edition continued

• Does not include Internet Connection Firewall (ICF) and Internet Connection Sharing (ICS) which prevents the server from acting like an Internet Gateway.

• Cannot act as a DHCP (Dynamic Host Configuration Protocol) server.

• Cannot act as a fax server

• Does not support Microsoft SQL Server.

• Remote Desktop is supported for remote administration of the server.

• Web Edition cannot run non Web serving applications.

Web Edition Continued

• The Web addition supports • all html webpages• Java and JavaScript content• ASP .net Applications

• There are a separate set of credentials that can be set for end users of the server that can be set both in active directory or within the IIS console snap in.

• The access control that is provided is access to web content only and does not include access to file and print services on the server

• Application Pools are also managed through the IIS console and refer to the ASP .net Applications that are being published.

• The web addition also includes Network Load Balancing (NLB).

Web Edition availability

• The Web edition cannot be purchased through retail.

• Can only be purchased through an Enterprise license

• Can also be purchased through Special Licensing Agreements

• IT is also provided through OEM Licensing (Sold with Internet Information Appliances.

• This enables companies to run all Web content on a Web server only machine and not have to purchase more expensive Licenses.

Microsoft Best Practices

• Often in class I will mention Microsoft’s Best Practices.

• These are common sense rules that do not only apply to Microsoft Products.

• Microsoft Suggest to “not place all your eggs in one basket” (My Words not theirs).

• In other words you should never set up one server that does everything.

• Thus the need to have a separate web server and database server as well as a different domain controller.

Standard Edition

• Intended for small to medium Businesses

• Can be used as a Domain Controller (Active Directory) and therefore provides directory services.

• Provides Internet Services• All the features of the Web Edition• Include FTP, NLB ,etc

• Infrastructure Services• Domain Name Services• DHCP• Windows Internet Information Services (WINS)

Standard Edition Continued

• TCP/IP routing• Can function as a router• Internet Access routing• Remote Access routing• Routing and Remote Access Services (RRAS)• NAT• Internet Authentication Services (IAS)• Routing Information Protocol (RIP)• And Open Shortest Path First protocol (OSPF)

Standard Edition Continued

• Includes File and Print Services • A client access license (CAL) must be purchased for each user

that connects to the server.• The server comes packaged with 5,10 or more CALS• If additional users must connect to the server, then additional

licenses are required.

• Terminal Server• Clients can connect to the server and run a windows session

on the server• All execution of applications occur on the server.• Clients for this server require a separate license than the

standard CAL.• Two license are provided by default to provide a means of

remote administration.

Standard Edition Continued

• Security Services• Includes Encrypted File System (EFS)• Public Key Infrastructure (PKI)• IPSec (IP Security)

• Supports up to 4 CPUs

• Supports up to 4 Gigs of RAM

Enterprise Edition

• Supports up to 8 Processors

• Supports up to 32 Gigs of RAM

• Targeted for medium to large scale businesses

• Come with all the features of the Standard Edition.

• Includes Support for MMS (Microsoft Metadirectory Services)• A directory of directories• Makes it possible to combine active directory information• The actual MMS software must be obtained from

Microsoft. It is not included with the server installation.

Enterprise Edition Continued

• Server Clustering• Multiple servers on a network that act as one server• Each server within the cluster is called a node.• If one server fails in a cluster, the overall operation of

the cluster is not effected.

• Hot Add Memory –Adding memory without powering down the server.

• Windows System resource Manager• Specify resources such as processors, RAM, etc. to

specific applications.• Can set resource limits on applications that may be

resource intensive.

Datacenter Edition

• Cannot be purchased on its own.

• Its licensing is much the same as the Web Edition.

• Can support up to 64 Gigs of RAM

• Can support up to 32 processors.

• It provides mush of the same features of the Enterprise Edition.

• Main purpose is to be used for Microsoft SQL server (separate software that must be purchased and then installed).

Installing Windows Server 2003

• Two modes of installation• GUI mode(Graphical User Interface)• Text mode

• Text mode is exactly like the command prompt under MS DOS.• It uses less memory • Uses less resources

• GUI mode is exactly like windows.

• The installation process of the server is exactly like the process you have experienced with the work stations.

Installation continued

• An answer file can be used • A script that can be used to answer all the questions during the

installation process• This is the same type of answer file that is used for the

installation of windows workstations.• Answer files speed up the installation process of multiple

servers.

• Disk image is a bit by bit copy of a computer running the server OS. This image can then be deployed bit by bit to install on other machines. This can be done by using the Remote installation services software provided with Server 2003 (also used for workstation).

• Just like with windows workstation, you must activate your copy of server 2003.

Roles of a windows server

• After the installation process of the server software, you then need to configure the server for use on your network.

• This includes deciding what roles your server will be providing on the network.

• These roles include• File Server• Print Server• Application Server (IIS, ASP .net)• Mail Server (SMTP)• Terminal Server• Remote Access / VPN server.

Roles continued

• DC (Domain Controller)• DNS Server• DHCP Server• Streaming Media Server• WINS Server

• When initial installing your first Windows on the server, it is simple.

• The server becomes the first DC in your newly created tree in your newly created forest.

Active Directory Explained

• A directory service is a digital resource that provides a list of resources available on your network.

• Windows supports two directory service models• The work group• The domain

• Active directory is a database • Containing information that pertains to the access of

network resources• It manages permissions to objects in its directory

structure including users, computers, servers, groups, etc.

Active directory continued

• It utilizes • LDAP (lightweight directory access protocol).• Kerberose security protocol• File replication service (FRS)

• It includes all the tools needed by a network administrator to manage the Domain.

• In previous versions of windows networking you had a PDC (Primary Domain Controller) and a BDC (Backup Domain controller)

Domain controllers explained further

• The Primary Domain Controller on older networks was the primary data store for all user and group permissions.

• The Backup Domain Control was the Backup of this data share.

• Networks were able to have only one Primary Domain Control and a couple of Backup Domain Controller.

• Became difficult include a new PDC when the old one failed due to this restrictions.

Domain Controllers today

• Today all servers (that can be AD servers as explained earlier) can be promoted to be a Domain Controller.

• Each domain controller then contain a copy of the directory services in their data store.

• This is more flexible than the older system where each server will act as a Domain Controller and take over the job when one drops out.

• More protection from failure in the domain and more capabilities in adding replacement servers.

• Microsoft Best Practices. You should always have more than one Domain Controller in your network.

Domains, Forests and Trees Oh My

• Multiple Domains may exist in a Business network.

• Multiple Domains that share a common root in their DNS are called trees.

• Example

ncc.edu and matcmp.ncc.edu may exist in the same tree in a windows network.

• Different trees that do not share the same root, but exist in the same active directory is called a Forrest.

Domains, Forest and Trees Continued

• In the previous example you can see that both domains share the common root of ncc.

• Forests are always created with the first domain controller in your network.

• When you promote your first domain controller, it becomes part of your forest, tree, and domain.

• Multiple trees in a forest often occur in networks that inherit other trees from company acquisitions.

• Sometimes networks with in a business are also subdivide according to company functionality or purpose or company sub division.

Active Directory OU

Organizational Units are used to give a logical hierarchy to your

domain structure.

They are considered to be container objects since you can

have other objects inside of them

Permissions that are set at the OU filter down to objects within

that portion of the directory tree.

Ou s Continued

• Objects that contain other objects in the directory are Organizational Units(OU)

• Users and groups are considered to be leaves

• OU s can be organized by location, department, or other organizational details that cause computers and or users to be logically grouped together.

• In other words, Objects inherit permissions from their parent.