Professional Documents
Culture Documents
MICROSOFT
LEARNING
PRODUCT
6437A
Designing a Windows Server
2008 Applications Infrastructure
ii
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part
of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted
in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for
any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory,
regarding these manufacturers or the use of the products with any Microsoft technologies. The
inclusion of a manufacturer or product does not imply endorsement of Microsoft of the
manufacturer or product. Links may be provided to third party sites. Such sites are not under the
control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link
contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for
webcasting or any other form of transmission received from any linked site. Microsoft is providing
these links to you only as a convenience, and the inclusion of any link does not imply endorsement
of Microsoft of the site or the products contained therein.
2008 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Hyper-V, Internet Explorer, MSDN, Outlook, PowerPoint, SharePoint, SQL
Server, Windows, Windows Media, Windows NT, Windows Server, Windows Server System and
Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
All other trademarks are property of their respective owners.
updates,
supplements,
support services
for this Licensed Content, unless other terms accompany those items. If so, those terms apply.
By using the Licensed Content, you accept these terms. If you do not accept them, do not use
the Licensed Content.
If you comply with these license terms, you have the rights below.
1. DEFINITIONS.
a. Academic Materials means the printed or electronic documentation such as manuals,
workbooks, white papers, press releases, datasheets, and FAQs which may be included in the
Licensed Content.
b. Authorized Learning Center(s) means a Microsoft Certified Partner for Learning Solutions
location, an IT Academy location, or such other entity as Microsoft may designate from time to time.
c. Authorized Training Session(s) means those training sessions authorized by Microsoft and
d. Course means one of the courses using Licensed Content offered by an Authorized Learning
Center during an Authorized Training Session, each of which provides training on a particular
Microsoft technology subject matter.
e. Device(s) means a single computer, device, workstation, terminal, or other digital electronic or
analog device.
f.
Licensed Content means the materials accompanying these license terms. The Licensed
Content may include, but is not limited to, the following elements: (i) Trainer Content, (ii) Student
Content, (iii) classroom setup guide, and (iv) Software. There are different and separate
components of the Licensed Content for each Course.
g.
Software means the Virtual Machines and Virtual Hard Disks, or other software applications that
may be included with the Licensed Content.
h. Student(s) means a student duly enrolled for an Authorized Training Session at your location.
i.
Student Content means the learning materials accompanying these license terms that are for
use by Students and Trainers during an Authorized Training Session. Student Content may include
labs, simulations, and courseware files for a Course.
j.
Trainer(s) means a) a person who is duly certified by Microsoft as a Microsoft Certified Trainer
and b) such other individual as authorized in writing by Microsoft and has been engaged by an
Authorized Learning Center to teach or instruct an Authorized Training Session to Students on its
behalf.
k. Trainer Content means the materials accompanying these license terms that are for use by
Trainers and Students, as applicable, solely during an Authorized Training Session. Trainer Content
may include Virtual Machines, Virtual Hard Disks, Microsoft PowerPoint files, instructor notes, and
demonstration guides and script files for a Course.
l.
Virtual Hard Disks means Microsoft Software that is comprised of virtualized hard disks (such as
a base virtual hard disk or differencing disks) for a Virtual Machine that can be loaded onto a single
computer or other device in order to allow end-users to run multiple operating systems concurrently.
For the purposes of these license terms, Virtual Hard Disks will be considered Trainer Content.
m. Virtual Machine means a virtualized computing experience, created and accessed using
Microsoft Virtual PC or Microsoft Virtual Server software that consists of a virtualized hardware
environment, one or more Virtual Hard Disks, and a configuration file setting the parameters of the
virtualized hardware environment (e.g., RAM). For the purposes of these license terms, Virtual Hard
Disks will be considered Trainer Content.
n.
you means the Authorized Learning Center or Trainer, as applicable, that has agreed to these
license terms.
2. OVERVIEW.
Licensed Content. The Licensed Content includes Software, Academic Materials (online and
electronic), Trainer Content, Student Content, classroom setup guide, and associated media.
License Model. The Licensed Content is licensed on a per copy per Authorized Learning Center
location or per Trainer basis.
either install individual copies of the relevant Licensed Content on classroom Devices only for
use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided
that the number of copies in use does not exceed the number of Students enrolled in and the
Trainer delivering the Authorized Training Session, OR
ii. install one copy of the relevant Licensed Content on a network server only for access by
classroom Devices and only for use by Students enrolled in and the Trainer delivering the
Authorized Training Session, provided that the number of Devices accessing the Licensed
Content on such server does not exceed the number of Students enrolled in and the Trainer
delivering the Authorized Training Session.
iii. and allow the Students enrolled in and the Trainer delivering the Authorized Training Session to
use the Licensed Content that you install in accordance with (ii) or (ii) above during such
Authorized Training Session in accordance with these license terms.
i.
Separation of Components. The components of the Licensed Content are licensed as a single
unit. You may not separate the components and install them on different Devices.
ii. Third Party Programs. The Licensed Content may contain third party programs. These license
terms will apply to the use of those third party programs, unless other terms accompany those
programs.
b. Trainers:
i.
Trainers may Use the Licensed Content that you install or that is installed by an Authorized
Learning Center on a classroom Device to deliver an Authorized Training Session.
ii. Trainers may also Use a copy of the Licensed Content as follows:
A. Licensed Device. The licensed Device is the Device on which you Use the Licensed Content.
You may install and Use one copy of the Licensed Content on the licensed Device solely for
your own personal training Use and for preparation of an Authorized Training Session.
B. Portable Device. You may install another copy on a portable device solely for your own
personal training Use and for preparation of an Authorized Training Session.
4. PRE-RELEASE VERSIONS. If this is a pre-release (beta) version, in addition to the other provisions
in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not
contain the same information and/or work the way a final version of the Licensed Content will. We
may change it for the final, commercial version. We also may not release a commercial version.
You will clearly and conspicuously inform any Students who participate in each Authorized Training
Session of the foregoing; and, that you or Microsoft are under no obligation to provide them with
any further content, including but not limited to the final released version of the Licensed Content
for the Course.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, you give to
Microsoft, without charge, the right to use, share and commercialize your feedback in any way and
for any purpose. You also give to third parties, without charge, any patent rights needed for their
products, technologies and services to use or interface with any specific parts of a Microsoft
software, Licensed Content, or service that includes the feedback. You will not give feedback that is
subject to a license that requires Microsoft to license its software or documentation to third parties
because we include your feedback in them. These rights survive this agreement.
c. Confidential Information. The Licensed Content, including any viewer, user interface, features
and documentation that may be included with the Licensed Content, is confidential and proprietary
to Microsoft and its suppliers.
i.
Use. For five years after installation of the Licensed Content or its commercial release,
whichever is first, you may not disclose confidential information to third parties. You may
disclose confidential information only to your employees and consultants who need to know
the information. You must have written agreements with them that protect the confidential
information at least as much as this agreement.
ii.
protective order or otherwise protect the information. Confidential information does not
include information that
you received from a third party who did not breach confidentiality obligations to
Microsoft or its suppliers; or
d.
Term. The term of this agreement for pre-release versions is (i) the date which Microsoft informs
you is the end date for using the beta version, or (ii) the commercial release of the final release
version of the Licensed Content, whichever is first (beta term).
e.
Use. You will cease using all copies of the beta version upon expiration or termination of the beta
term, and will destroy all copies of same in the possession or under your control and/or in the
possession or under the control of any Trainers who have received copies of the pre-released
version.
f.
Copies. Microsoft will inform Authorized Learning Centers if they may make copies of the beta
version (in either print and/or CD version) and distribute such copies to Students and/or Trainers. If
Microsoft allows such distribution, you will follow any additional terms that Microsoft provides to you
for such copies and distribution.
Software.
ii. Virtual Hard Disks. The Licensed Content may contain versions of Microsoft XP, Microsoft
Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 2000 Advanced
Server and/or other Microsoft products which are provided in Virtual Hard Disks.
A. If the Virtual Hard Disks and the labs are launched through the Microsoft
Learning Lab Launcher, then these terms apply:
Time-Sensitive Software. If the Software is not reset, it will stop running based upon the
time indicated on the install of the Virtual Machines (between 30 and 500 days after you
install it). You will not receive notice before it stops running. You may not be able to
access data used or information saved with the Virtual Machines when it stops running and
may be forced to reset these Virtual Machines to their original state. You must remove the
Software from the Devices at the end of each Authorized Training Session and reinstall and
launch it prior to the beginning of the next Authorized Training Session.
B. If the Virtual Hard Disks require a product key to launch, then these terms
apply:
Microsoft will deactivate the operating system associated with each Virtual Hard Disk.
Before installing any Virtual Hard Disks on classroom Devices for use during an Authorized
Training Session, you will obtain from Microsoft a product key for the operating system
software for the Virtual Hard Disks and will activate such Software with Microsoft using such
product key.
C. These terms apply to all Virtual Machines and Virtual Hard Disks:
You may only use the Virtual Machines and Virtual Hard Disks if you comply with
the terms and conditions of this agreement and the following security
requirements:
o
You may not install Virtual Machines and Virtual Hard Disks on portable Devices or
Devices that are accessible to other networks.
You must remove Virtual Machines and Virtual Hard Disks from all classroom Devices at
the end of each Authorized Training Session, except those held at Microsoft Certified
Partners for Learning Solutions locations.
You must remove the differencing drive portions of the Virtual Hard Disks from all
classroom Devices at the end of each Authorized Training Session at Microsoft Certified
Partners for Learning Solutions locations.
You will ensure that the Virtual Machines and Virtual Hard Disks are not copied or
downloaded from Devices on which you installed them.
You will strictly comply with all Microsoft instructions relating to installation, use,
activation and deactivation, and security of Virtual Machines and Virtual Hard Disks.
You may not modify the Virtual Machines and Virtual Hard Disks or any contents
thereof.
You may not reproduce or redistribute the Virtual Machines or Virtual Hard Disks.
ii. Classroom Setup Guide. You will assure any Licensed Content installed for use during an
Authorized Training Session will be done in accordance with the classroom set-up guide for the
Course.
iii. Media Elements and Templates. You may allow Trainers and Students to use images, clip
art, animations, sounds, music, shapes, video clips and templates provided with the Licensed
Content solely in an Authorized Training Session. If Trainers have their own copy of the
Licensed Content, they may use Media Elements for their personal training use.
iv. iv Evaluation Software. Any Software that is included in the Student Content designated as
Evaluation Software may be used by Students solely for their personal training outside of the
Authorized Training Session.
b. Trainers Only:
i.
Use of PowerPoint Slide Deck Templates. The Trainer Content may include Microsoft
PowerPoint slide decks. Trainers may use, copy and modify the PowerPoint slide decks only for
providing an Authorized Training Session. If you elect to exercise the foregoing, you will agree
or ensure Trainer agrees: (a) that modification of the slide decks will not constitute creation of
obscene or scandalous works, as defined by federal law at the time the work is created; and
(b) to comply with all other terms and conditions of this agreement.
ii. Use of Instructional Components in Trainer Content. For each Authorized Training
Session, Trainers may customize and reproduce, in accordance with the MCT Agreement, those
portions of the Licensed Content that are logically associated with instruction of the Authorized
Training Session. If you elect to exercise the foregoing rights, you agree or ensure the Trainer
agrees: (a) that any of these customizations or reproductions will only be used for providing an
Authorized Training Session and (b) to comply with all other terms and conditions of this
agreement.
iii. Academic Materials. If the Licensed Content contains Academic Materials, you may copy and
use the Academic Materials. You may not make any modifications to the Academic Materials
and you may not print any book (either electronic or print version) in its entirety. If you
reproduce any Academic Materials, you agree that:
The use of the Academic Materials will be only for your personal reference or training use
You will not republish or post the Academic Materials on any network computer or
broadcast in any media;
You will include the Academic Materials original copyright notice, or a copyright notice to
Microsofts benefit in the format provided below:
Form of Notice:
2008 Reprinted for personal reference use only with permission by Microsoft
Corporation. All rights reserved.
Microsoft, Windows, and Windows Server are either registered trademarks or
trademarks of Microsoft Corporation in the US and/or other countries. Other
product and company names mentioned herein may be the trademarks of their
respective owners.
6. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed
Content. It may change or cancel them at any time. You may not use these services in any way that
could harm them or impair anyone elses use of them. You may not use the services to try to gain
unauthorized access to any service, data, account or network by any means.
7. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you
more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that
only allow you to use it in certain ways. You may not
install more copies of the Licensed Content on classroom Devices than the number of Students and
the Trainer in the Authorized Training Session;
allow more classroom Devices to access the server than the number of Students enrolled in and the
Trainer delivering the Authorized Training Session if the Licensed Content is installed on a network
server;
copy or reproduce the Licensed Content to any server or location for further reproduction or
distribution;
disclose the results of any benchmark tests of the Licensed Content to any third party without
Microsofts prior written approval;
reverse engineer, decompile or disassemble the Licensed Content, except and only to the extent
that applicable law expressly permits, despite this limitation;
make more copies of the Licensed Content than specified in this agreement or allowed by applicable
law, despite this limitation;
access or use any Licensed Content for which you (i) are not providing a Course and/or (ii) have not
been authorized by Microsoft to access and use;
use the Licensed Content for commercial hosting services or general business purposes.
Rights to access the server software that may be included with the Licensed Content, including the
Virtual Hard Disks does not give you any right to implement Microsoft patents or other Microsoft
intellectual property in software or devices that may access the server.
8. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and
regulations. You must comply with all domestic and international export laws and regulations that apply
to the Licensed Content. These laws include restrictions on destinations, end users and end use. For
additional information, see www.microsoft.com/exporting.
9. NOT FOR RESALE SOFTWARE/LICENSED CONTENT. You may not sell software or Licensed
Content marked as NFR or Not for Resale.
10. ACADEMIC EDITION. You must be a Qualified Educational User to use Licensed Content marked as
Academic Edition or AE. If you do not know whether you are a Qualified Educational User, visit
www.microsoft.com/education or contact the Microsoft affiliate serving your country.
11. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you
fail to comply with the terms and conditions of these license terms. In the event your status as an
Authorized Learning Center or Trainer a) expires, b) is voluntarily terminated by you, and/or c) is
terminated by Microsoft, this agreement shall automatically terminate. Upon any termination of this
agreement, you must destroy all copies of the Licensed Content and all of its component parts.
12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-
based services and support services that you use, are the entire agreement for the Licensed
Content and support services.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws
of that country apply.
14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the
laws of your country. You may also have rights with respect to the party from whom you acquired the
Licensed Content. This agreement does not change your rights under the laws of your country if the
laws of your country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. The Licensed Content is licensed as-is. You bear the risk of
using it. Microsoft gives no express warranties, guarantees or conditions. You may have
additional consumer rights under your local laws which this agreement cannot change. To
the extent permitted under your local laws, Microsoft excludes the implied warranties of
merchantability, fitness for a particular purpose and non-infringement.
16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT
RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL,
INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to
anything related to the Licensed Content, software, services, content (including code) on third party
Internet sites, or third party programs; and
claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in
this agreement are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en franais.
EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute
utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre
garantie expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont
exclues.
LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES
DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de
dommages directs uniquement hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation
pour les autres dommages, y compris les dommages spciaux, indirects ou accessoires et pertes de
bnfices.
Cette limitation concerne:
tout ce qui est reli au le contenu sous licence , aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers ; et
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel
dommage. Si votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages
indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne
sappliquera pas votre gard.
EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits
prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de
votre pays si celles-ci ne le permettent pas.
xi
Contents
Module 1: Designing IIS Web Farms
Lesson 1: Overview of Hardware and Platform Options
Lesson 2: Design Web Farm Availability and Scalability
Lesson 3: Design Content Storage
Lab: Designing IIS Web Farms
1-3
1-10
1-26
1-31
2-3
2-12
2-19
2-26
2-33
3-3
3-13
3-23
3-32
4-3
4-9
4-15
4-20
4-24
xii
5-3
5-9
5-13
5-16
5-23
5-28
5-35
5-41
6-3
6-7
6-12
6-16
6-20
6-27
7-4
7-14
7-20
7-25
7-29
8-3
8-10
8-14
8-18
xiii
9-3
9-8
9-14
9-17
9-20
xv
Course Description
This three day course will prepare IT professionals for the role of Enterprise
Administrator. Students will learn how to design application infrastructure
solutions based on Windows Server 2008 to meet varying business and technical
requirements.
Audience
The primary audience for this course is IT professionals (including Windows
2000/2003 enterprise administrators) interested in becoming a Windows Server
2008 Enterprise Administrator with a focus on application infrastructure such as
web and terminal services.
The secondary audience for this course is Application Architects who want to know
more about how to integrate Windows Server 2008 technologies into enterprise
applications.
Student Prerequisites
This course requires that you meet the following prerequisites:
Hands-on experience with more than one application service such as:
IIS
Terminal Services
Virtual Server
Hyper-V
Course Objectives
After completing this course, students will be able to:
Course Outline
This section provides an outline of the course:
Module 1, "Designing IIS Web Farms" This module introduces the process of
designing IIS Web Farms.
Module 2, "Optimizing IIS Performance and Stability" This module introduces
Optimizing IIS Performance and Stability.
Module 3, "Designing IIS Security" This module describes the process of designing
IIS Security.
Module 4, "Design IIS Maintenance and UDDI" This module explains the
reliability, recovery, and monitoring for IIS 7.
xvi
xvii
Course Materials
The following materials are included with your kit:
Course Companion CD. The Course Companion CD contains the full course
content, including expanded content for each topic pages, full lab exercises
and answer keys, topical and categorized resources and Web links. It is meant
to be used both inside and outside of the class.
Note: To access the full course content, insert the Course Companion CD into the
CD-ROM drive, and then in the root directory of the CD, double-click StartCD.exe.
Course evaluation. At the end of the course, you will have the opportunity to
complete an online evaluation to provide feedback on the course, training
facility, and instructor.
Role
6437A-NYC-DC1
6437A-NYC-WEB-A
6437A-NYC-WEB-D
6437A-NYC-WEB2
6437A-SEA-DC-01
Software Configuration
The following software is installed on each VM:
Classroom Setup
Each classroom computer will have the same virtual machines configured in the
same way.
xviii
xix
1-1
Module 1
Designing IIS Web Farms
Contents:
Lesson 1: Overview of Hardware and Platform Options
1-3
1-10
1-26
1-31
Module Overview
The best way to guarantee the scalability and availability of your internet service is
to host your site with more than one computer. This module will help students
learn the process of designing IIS Web Farms with Microsoft Windows Server
2008 and IIS 7. You will learn how to select the appropriate hardware and software
platforms. You will learn techniques to leverage Web Farm Availability and
Scalability. You will also learn how to select the proper storage for your content
and other data.
1-2
Lesson 1
This lesson focuses on evaluating 32 bit and 64 bit issues which will aide in
selecting appropriate hardware, OS and IIS Configuration.
1-3
Key Points
Before choosing hardware and software platforms for the web farm, there are
things to consider.
For example on 64-bit Windows, 32-bit processes cannot load 64-bit DLLs, and
64-bit processes cannot load 32-bit DLLs. If you plan to run 32-bit applications on
64-bit Windows, you must plan to create 32-bit IIS worker processes. Once you
have planned to create 32-bit IIS worker processes, you can run the following types
of IIS applications on 64-bit Windows:
ISAPI filters
ASP.net Applications
IIS can, by default, launch Common Gateway Interface (CGI) applications on 64bit Windows, because CGI applications run in a separate process.
1-4
1-5
Question: Do you run these types of IIS applications in your work environment?
Key Points
It is important to plan the right hardware to satisfy the expected file server load,
keeping in mind average load, peak load, capacity, growth plans, and response
times. Hardware bottlenecks will limit the effectiveness of software tuning.
Type of disk controller, number of physical disks and their overall capacity
1-6
1-7
Key Points
After evaluating and selecting the right hardware, you should plan the right
Windows Server and IIS configuration.
Choose between:
You should ensure that you install the 64 bit version Internet Information Services
(IIS) 7.0 Manager on 64 bit operating systems.
1-8
1-9
Question: Which OS and IIS Configuration do you use in your work environment?
Lesson 2
This lesson focuses on the essentials of designing IIS Web Farms. For example
planning Load Balancing, Shared State Requirements and Xcopy Deployment.
1-10
1-11
Key Points
In its simplest terms, a Web farm is a group of Web servers that appear on the
Internet as one Web site. However, making such a simple concept work is more
complex.
Consist of:
Redundant Firewalls
Database Servers
The user sends a request over the Internet to your Web site. Before the request
reaches your Web servers, it must pass through your companys firewalls and into
some kind of load-balancing servers. These servers can be either hardware or
software. Their role is to determine which Web server in your Web farm is best
able to accept the incoming request. The goal of a load balancer is just what its
name suggests: to ensure that each Web server in your Web farm carries an equal
share of the incoming request traffic.
The load-balancing servers then forward the request to one of the Web servers that
run IIS. If necessary, the front-end Web server will contact a back-end database
server to get some data to satisfy the request. Then the Web server will send a
response back out, or it will use a cached version of the response and send that
back out to the client.
Question: What is the difference between a Web Farm and a Web Garden?
1-12
1-13
Key Points
Designing Load Balancing is important because Network Load Balancing scales the
performance of a server-based program, by distributing its client requests across
multiple identical servers within the cluster; you can add more servers to the
cluster as traffic increases. Up to 32 servers are possible in any one cluster.
In planning a load balancing solution it is also important to discuss how to
confirm and monitor network load balancing functionality in IIS 7.0.
1-14
1-15
Key Points
Session states lets you associate a server-side string or object dictionary with a
particular HTTP client session. We will examine the session state requirements for
Web Farms.
The session data is stored on the server side in one of the supported session state
stores.
Using session state in an ASP.NET application for example can add noticeable
overhead to the application performance.
1-16
1-17
Key Points
The Microsoft Distributed File System (DFS) technologies in Windows Server
2008 offer wide area network (WAN)-friendly replication as well as simplified,
fault-tolerant access to geographically dispersed files. Its best to use shared offline
configuration files when it is necessary to ensure front-end use a cached copy of
the applicationHost.config file when the file share is down. It is best to use DFS
when uptime is critical and it is necessary to ensure that the configuration files are
always available.
Pros of Shared Offline Configuration Files:
Changes to configuration arent replicated until the file share is back online
1-18
1-19
Key Points
Plan how DFS can be used to make files that are distributed across multiple
servers. If network resources for a Web site are stored on multiple computers, DFS
allows the network resources to be centralized in a single unified namespace. The
logical namespace remains constant even if you move network resources to either a
different server or a shared folder.
Question: What is a scenario you would use a DFS Enabled Share in your work
environment?
For More Information, see "HOW TO: Configure Microsoft DFS as the
Filing System for IIS" in Knowledge Base.
Key Points
Planning Shared configuration for 2 nodes using IIS 7 Manager makes it easy to
accomplish Web site deployment with web farms.
Site owner can:
Deploy Content
1-20
1-21
Xcopy Deployment
Key Points
When planning to use Xcopy to deploy your server configuration instead of using
the IIS Manager, its important to note a few things. The machine keys are used to
encrypt properties like passwords for application pool identities or anonymous
users. If you installed any custom modules or certificates, they should exist on all
the machines before your share configuration.
You need to install any components on all servers in the farm before sharing their
config. If you install a filter or an IIS component, such as Basic authentication, you
must remove the server from shared configuration and install it locally. Then
ensure it exists on all machines before sharing config.
Question: Have you used Xcopy to deploy sites in your work environment?
1-22
Key Points
Design Deployment and Update solutions to synchronize Web servers
configuration and content between multiple servers.
Question: What Deployment and Update solutions do you use to synchronize
content and configuration in your work environment?
1-23
Key Points
The new FTP service incorporates many new features that enable web authors to
publish content better than before, and offers web administrators more security
and deployment options.
1-24
1-25
For More Information, see "Microsoft FTP Publishing Service for IIS 7.0"
in Communities.
Lesson 3
This lesson focuses on Local Content Storage as well as the Folder Hierarchy and
High Availability RAID Volumes and sizing.
1-26
1-27
Key Points
Local content storage entails storing Web content on the same servers that are
running IIS in your Web farm. The request coming in from the client over the
Internet, through the firewall and load balancer. Then the request is routed to a
server. Each server on the Web farm contains the content of the Web site. There is
isolation between content storeseach server being independent of the othersbut
there is also redundancy. Each server contains exactly the same content as the
others. Any content changes you make to your site must be propagated across all
Web farm servers. Theres a real isolation between each content server.
Question: How is content distributed among servers?
For More Information, see " Web Site Deployment Made Easy" in
Communities.
Key Points
Individual Web sites and applications can be customized to add or remove
capabilities as required via a web.config file, which resides in the Web root or
application root folder.
The site directory hierarchy will look like this. Below the root directory, in our case
named "e:\content", we have a directory for Failed Request Logs (failedreqlogfiles),
a directory for standard log files (logfiles) and a directory for the actual content of
each site (wwwroot).
Question: What is the benefit of planning your file hierarchy?
1-28
1-29
Key Points
You can determine the best RAID level for your file servers by evaluating the read
and write loads of the various data types and then deciding how much you are
willing to spend to achieve the performance and availability/reliability that your
organization requires.
A general guideline is to plan for faster growth in the future than you experienced
in the past. Investigate whether your organization plans to hire a large number of
people, whether any groups in your organization are planning large projects that
will require extra storage, and so on.
You must also take into account the amount of space used by operating system
files, applications, RAID redundancy, log files, and other factors that affect file
server capacity.
For More Information, see "Planning the Layout and RAID Level of
Volumes" in TechNet content.
1-30
1-31
1-32
1-33
Create a design document consisting of multiple web farms with all websites
hosted on each server.
Create a conceptual design diagram consisting of multiple web farms with all
websites hosted on every server.
Results: After this exercise, you should have created a design diagram consisting of
multiple web farms. Evaluated Need for Web Farm and Planned Load Balancing.
1-34
1-35
Design batch files using the new Xcopy command to plan automatic
deployment of website configuration to Windows Server 2008 with IIS
installed.
Results: After this exercise, you should have planned to automatically deploy website
configuration using batch files and Xcopy deployment.
Design batch files using the new Xcopy command to plan automatic
deployment of website content to Windows Server 2008 with IIS installed.
Results: After this exercise, you should have planned to automatically deploy website
content using batch files and Xcopy deployment.
1-36
Review Questions
1.
2.
3.
1-37
2-1
Module 2
Optimizing IIS Performance and Stability
Contents:
Lesson 1: Designing Application Pools
2-3
2-12
2-19
2-26
2-33
Module Overview
2-2
2-3
Lesson 1
Key Points
Question: Do you have multiple applications running under one application pool
in your organization?
2-4
2-5
Key Points
To group sites and applications that run with the same configuration settings.
To isolate sites and applications that run with unique configuration settings.
Question: If you create too many application pools, can it adversely effect Web
server performance?
2-6
2-7
Key Points
Application pools isolate Web sites and Web applications to address reliability,
availability, and security issues.
You can configure the basic settings for the application pool.
Key Points
If you have a problematic application and you cannot easily correct the code
that causes the problems, you can limit the extent of these problems by
periodically recycling the worker process that services the application.
Question: Have you previously recycled application pools using any of these
options?
2-8
2-9
Key Points
You can perform this procedure by using the user interface (UI), by running
IIS 7.0 command-line tool commands in a command-line window, by editing
configuration files directly, or by writing WMI scripts.
Question: What is the default user account used for Application Pool
Authentication?
Key Points
2-10
2-11
Question: Have you used any of these performance settings in a Web site in your
work environment?
Lesson 2
When you want a managed handler on the Web server to handle requests for a
specific file or file name extension, you can create a managed handler mapping.
Managed handlers are written in managed code and respond to specific requests
on the Web server.
2-12
2-13
Key Points
When you want a native handler on the Web server to handle requests for a
specific file or file name extension, you can create a script map. Native
handlers, also known as script engines, are native code .exe or .dll files that
respond to specific requests.
If you map a type of request to an .exe file (the script engine), CgiModule
will load the associated executable when a request enters the server and it
matches the handler mapping.
If you map a type of request to a .dll file (the script engine), IsapiModule
will load the DLL when a request enters the server and it matches the
handler mapping.
Question: What kind of script mapping have you used in your work environment?
For More Information, see "IIS 7.0: Add a Script Map Handler Mapping"
in TechNet content.
2-14
2-15
Key Points
The necessary modules and handlers must be installed on the Web server and
enabled at the level at which you perform this procedure.
If you perform procedures in this section by using IIS Manager, you must be a
server administrator or an IIS Manager user who has been granted permission
to a site or an application in IIS Manager.
Question: In your work environment have you configured handlers at any of these
levels?
2-16
2-17
Key Points
When you want a managed handler on the Web server to handle requests for a
specific file or file name extension, you can create a managed handler
mapping.
When you want a native module on the Web server to handle requests for a
specific file or file name extension, you can create a module handler mapping.
When you want a native handler on the Web server to handle requests for a
specific file or file name extension, you can create a script map. Native
handlers, also known as script engines, are native code .exe or .dll files that
respond to specific requests.
Add a wildcard script map when you want to configure an ISAPI extension to
intercept every request before the request is sent to its mapped handler.
Question: Have you used any of these handlers in Web sites running in your work
environment?
For more information, see "IIS 7.0: Add a Managed Handler Mapping"
in TechNet content.
2-18
2-19
Lesson 3
With Windows System Resource Manager, administrators can control how CPU
resources are allocated to applications, services, and processes. Managing
resources in this way improves system performance and reduces the chance that
applications, services, or processes will interfere with the rest of the system.
Key Points
Question: Have you used WSRM to set CPU allocation in Web sites running in
your work environment?
2-20
2-21
Key Points
Question: Have you used Equal per process or user settings in Web sites in your
work environment?
2-22
2-23
Key Points
You can administer resource policies and monitor resource usage with
Windows System Resource Manager using Microsoft Management Console
(MMC).
You can use these commands to manage Windows System Resource Manager
from the command line. You can automate or script your WSRM commandline operations.
Question: Have you experienced using the MMC and the Command Line Interface
in your work environment?
Key Points
If a process exceeds its target allocation, the service uses the Windows System
Resource Manager dynamic process priority management algorithm to try to
make the process conform to its target allocation.
Question: Have you used the CPU allocation settings on Web sites in your work
environment?
2-24
2-25
Key Points
Processes that are unable to consume their allocated CPU bandwidth, even
after appropriate priority adjustments have been made to the priorities of other
processes, will have their unconsumed allocation re-allocated to other
processes.
This allows competing processes to use the CPU bandwidth equal to the
difference between all remaining CPU bandwidth and the CPU bandwidth
allocated to the process.
Question: Have you used Windows System Resource Manager in your work
environment to manage CPU Bandwidth?
Lesson 4
Effective monitoring and auditing of Web server logs is necessary for maintaining
useful and stable Web sites. The logging options in IIS 7.0 are highly configurable.
2-26
2-27
Key Points
You can collect information about user activity by enabling logging for your
Web sites and servers.
Logging information in IIS 7.0 goes beyond the scope of the simple event
logging or performance monitoring features in Microsoft Windows.
The logs can include information such as who has visited your site, what the
visitor viewed, and when the information was last viewed.
Question: How have you used Web site logging in the past?
Key Points
Locate the log file on a secure, reliable drive and should be stored in a
directory other than systemroot.
Monitor and manage the maximum number of log files to keep and the
maximum size of the log files.
2-28
2-29
Question: Do you know of any other good practices in managing and monitoring
Web site logs.
For More Information, see "IIS 7.0 Beta: Enable Trace Logging for Failed
Requests" in TechNet content.
Key Points
There are many different formats, encoding, and options for Web site logging.
The default logging method for IIS 7.0, the W3C Extended Log File Format is
a standard defined by the World Wide Web Consortium. This logging format
can divulge a large amount of information on the activity of your IIS server,
and IIS lets you drill down to select which options you want to log.
Question: What type of log file rollover setting might be most useful in your
organization?
2-30
2-31
Review Logs
Key Points
The View Log Files option opens the log file directory.
The View Log Files option may be unavailable. If it is not available, you can use
Notepad or a third-party product to view the logs.
Question: What third-party applications can you use for analyzing Web site log
files?
Design Logging
Key Points
Logging options are very customizable in IIS 7.0. There are many fields and
information that can be integrated into the Web site log files.
Effective use of the Logging Options all you to build comprehensive Web logs
that are manageable in size.
Question: What fields might be most useful in reviewing Web site logs?
For More Information, see "W3C Logging Fields Dialog Box" in Help.
2-32
2-33
Application
Comments
ASP.net 1.0
ASP.net 1.1
ASP.net 2.0
2.
2-34
2-35
Create the Application Pool and setting for ASP.NET 1.0 applications.
2.
Create the Application Pool and settings for ASP.net 1.1 applications.
3.
Create the Application Pool and settings for ASP.net 2.0 applications.
4.
Create Application Pool and settings for ASP.net 1.1 Misbehaving applications.
Create scripts to deploy App Pools and settings for each application pool
create in Task 1.
Results: After this exercise, you should have created a drawing showing application
isolation and a document describing automatically deploying application isolation
solution.
2.
Create scripts to automatically deploy Script Mappings for each file type.
Results: After this exercise, you should have created a design document identifying
script mappings as well as a document with plans for auto deployment of script
mappings.
2-36
2-37
2.
2.
Create scripts to automatically deploy logging options for each Web site.
Results: After this exercise, you should have created a design document identifying
logging structure as well as a document with plans for auto deployment of logging
structure and fields.
2-38
2-39
Exercise Overview
In this exercise, you will learn how to create an application pool.
This exercises main tasks are:
1.
2.
3.
Use XCopy to deploy the files from the SalesSupport directory to the
SalesSupport_DE and SalesSupport_Test directories.
4.
5.
6.
7.
8.
2.
3.
2.
f Task 3: Use XCopy to deploy the files from the SalesSupport directory
to the SalesSupport_DE and SalesSupport_Test directories
2.
2-40
2-41
2.
3.
4.
5.
Lab Shutdown
After you complete the lab, you must shut down the virtual machines and discard
any changes.
Review Questions
1.
2.
3.
2-42
3-1
Module 3
Designing IIS Security
Contents:
Lesson 1: Design and Verify Transport Security
3-3
3-13
3-23
3-32
Module Overview
Web servers are often placed in a very precarious position. They are typically
public-facing servers, but they also need to maintain very tight security in order to
maintain the integrity of the server and to ensure confidence to their users.
Microsoft IIS 7.0 provides many tools and techniques for maintaining a highly
secure Web server environment.
3-2
3-3
Lesson 1
There are additional tools and techniques that can be managed to enhance Web
server security. Certificates are a key component of creating a trusted relationship
between the Web client and the Web server.
Key Points
There are many features and tools built in to IIS 7.0 that allow customizing of
Web site and server security. These tools help secure and restrict unauthorized
access to the Web sites and server.
Question: What security features and tools do you use in your work environment?
3-4
3-5
Key Points
Question: Name some common scenarios that use certificates and SSL-encrypted
connections?
Key Points
There are many features that can be used to secure an IIS 7.0 server. Some of
them are designed as part of the IIS 7.0 system and installation process, while
others need to be manually configured and monitored by the administrator.
3-6
3-7
Key Points
Renewing expired certificates is easy. There are several tools and wizards
available in IIS 7.0 for managing certificates.
Question: Do you currently use Web server certificates? Do you plan on deploying
them in the future for new projects?
Key Points
Configure the security settings to match the needs of the sites and
applications.
Question: What are the security needs of the applications in your organization?
3-8
Key Points
Adding security certificates to Web sites is very easy. There are several tools
and wizards available in IIS 7.0 for managing certificates.
Question: Can any of your Web sites benefit from the addition of security
certificates?
3-9
Key Points
Create an SSL Binding and assign it to a Site. By adding a new binding and
choosing HTTPS as the type.
Verify the SSL Binding by clicking the link in the Actions menu browse by
HTTPS.
Configure SSL Settings, you may optionally configure the desired settings.
For More Information, see "How to Setup SSL on IIS 7" in Communities.
3-10
3-11
Key Points
URLScan was a security tool that was provided as an add-on to earlier versions
of IIS so administrators could enforce tighter security polices on their Web
servers.
There are many different filters that can be deployed when managing Request
Filtering.
Question: What aspects of attacks, malware, viruses and worms can be stopped by
implementing aspects of Request Filtering?
Design Security
Key Points
Question: What are some scenarios where delegation and remote administration
would be useful for managing a complex Web server deployment?
For More Information, see "Application & Server Security in IIS 7" in
Communities.
3-12
3-13
Lesson 2
There are many tools and techniques available for securing Web sites and servers.
These include such techniques as restricting certain IP addresses, setting up
authorization rules, and managing authentication. By using these and other
techniques, you can make sure your Web server more secure and highly available.
Key Points
The identity of an application pool is the name of the service account under
which the application pool's worker process runs. By default, application pools
operate under the Network Service user account, which has low-level user
access rights. You can configure application pools to run under one of the
built-in user accounts in the Microsoft Windows Server 2008 operating
system. For example, you can specify the Local System user account, which
has higher-level user privileges than either the Network Service or Local
Service built-in user accounts. However, remember that running an application
pool under an account with high-level user rights is a serious security risk.
3-14
3-15
Question: What are the scenarios in your organization that you might use a
custom identity for an application pool?
Key Points
Question: How do you permit users and groups to connect to sites and
applications?
For More Information, see "IIS 7.0 Beta: Permit a Windows User or
Group to Connect to a Site or an Application" in TechNet content.
3-16
3-17
Plan Access
Key Points
There are many different type of authentication available in IIS 7.0. Different
type of authentication can provide different types of Web site security.
Key Points
ISAPI and CGI restrictions are request handlers that allow dynamic content to
execute on a server.
These restrictions are either CGI files (.exe) or ISAPI extensions (.dll).
For More Information, see "IIS 7.0 Beta: Configure Web Server Security"
in TechNet content.
3-18
3-19
Specify Authentication
Key Points
You can configure IIS to authenticate users before they are permitted access to
a Web site, a folder in the site, or even a particular document contained in a
folder in the site. Authentication in IIS can be used to strengthen the level of
security on sites, folders, and documents that are not to be viewed by the
general public.
Authentication in IIS is critical when resources are not meant for anonymous
or public access, but when the Web server must be accessible to approved
users over the Internet. Examples of Web site applications that require
authentication access control include Microsoft Outlook Web Access (OWA)
and the Microsoft Terminal Services Advanced Client.
Question: When would you configure authentication at the site level versus the
application level?
3-20
3-21
Specify Authorization
Key Points
For More Information, see "IIS 7.0 Beta: Configuring URL Authorization
Rules in IIS 7.0" in TechNet content.
Manage Authentication
Key Points
IIS 7.0 may use authentication to identify users. This information can be
placed in log files or you can use it in combination with authorization plug-ins
to control content access.
IIS 7.0 offers many different types of authentication to optimally customize the
level of security and access to Web sites.
3-22
3-23
Lesson 3
IIS 7.0 can delegate permission in a granular fashion. By using feature delegation,
server administrators can determine which features can be modified by site or
application administrators. This lesson focuses on using feature delegation.
Key Points
IIS 7.0 delegated administration is useful in a multiple scenarios, including the
following:
You are a server administrator and you are not the primary person providing
content on your server.
You are a developer and you want your server administrator to give you more
control over IIS configuration for your application.
Managing the set of site and application users that are permitted to use IIS
Manager to view configuration and set configuration for features with
unlocked configuration sections.
3-24
3-25
Key Points
These files can specify configuration sections which will take effect on their
level in the hierarchy and downwards. The machine administrator has to
explicitly unlock sections at the global level, to enable such delegation. By
default most IIS sections are locked down for delegation, and all .NET
framework sections (including Microsoft ASP.NET) are not locked at the
global level.
Configure the delegation state of site and application features for site and
application administrators to view and configure.
3-26
3-27
Delegate Administration
Key Points
The IIS 7.0 configuration system uses the following files:
Several Web.config files can appear at any level of the URL hierarchy.
The machine.config file defines the properties that are required for all
ASP.NET Framework features.
Configuration file settings inherit from parent to child file from machine.config
down to the last Web.config file (if any) and the effective configuration is
calculated for a given path. Any setting at a lower level in the hierarchy will
override a parent setting defined in a file above the current level.
3-28
3-29
Key Points
IIS 7.0 feature delegation has the following characteristics:
Features which are not delegated are not visible in the UI at site or application
levels.
3-30
3-31
Question: How could your work environment benefit from using Feature
Delegation?
3-32
3-33
2.
2.
3.
3-34
3-35
2.
Plan Permissions.
Plan administrative groups and global groups for IIS Administrators for
website # 1 and 2 on the domain controller.
3-36
3-37
Exercise Overview
In this exercise, you will learn how to create virtual directories and configure
anonymous authentication.
This exercises main tasks are:
1.
2.
3.
Add Windows Integrated and Digest Security features to the IIS Role.
4.
5.
Start 6437A-NYC-DC1.
In Server Manager, enable the local Guest account, and allow Guest to log on
locally.
Open http://localhost/public in the browser to verify that the local guest can
browse to the public directory.
Results: After this exercise, you should have successfully verified that the Public
directory is created. and loaded the IIS Welcome page in Internet Explorer with the
Guest account.
Lab Shutdown
After you complete the lab, you must shut down the virtual machines and discard
any changes.
3-38
Review Questions
1
2.
3.
3-39
4-1
Module 4
Design IIS Maintenance and UDDI
Contents:
Lesson 1: Designing Internet Information Services Backup and Recovery
4-3
4-9
4-15
4-20
4-24
Module Overview
The latest version of IIS, IIS 7.0, expands on IIS with significant changes in
architecture. As a result, planning and deployment of web farms or large-scale web
applications is changed. The shared configuration feature allows the entire web
farm to share the same applicationhost.config file. Changing, maintaining, and
recovering web applications becomes much easier. It is also more capable of
making use of 64 bit architecture, even when running 32 bit applications.
In this module, we will plan for an IIS installation, taking into account these new
features. We will also deploy UDDI services. UDDI is a service location tool that
allows organizations to better collaborate and to reuse existing application
components regardless of the application platform.
4-2
4-3
Lesson 1
In this lesson we will introduce the modular IIS 7.0 architecture, including the
XML file format and ability to share configuration amongst web farm members. We
will then learn how to maintain and plan recovery strategies for an IIS 7.0
installation.
Key Points
With processes separated into WSS and WAS, IIS7 can become more fault
tolerant.
Shared configuration means web farms are easily configured, tested, and
maintained.
4-4
4-5
Key Points
In IIS 5, All websites were run in-process and under the System account.
Configuration was stored in a proprietary Metabase.
In IIS 6, Processes are run under the network service account. XML files
Metabase.xml and MBSchema.xml are used for configuration.
For IIS7, the application Pool, anonymous user, and UNC access use the same
local or AD account. Machine.config, Applicationhost.config, and web.config
all xml.
Key Points
Custom modules must be copied to and enabled on all machines. They can
not be stored centrally.
Before enabling shared config, make sure that all necessary modules are on all
web farm members.
4-6
4-7
Key Points
Key Points
Configuration Files can be backed up from offline files, DFS-R or client side
caching.
Critical content should be stored and backed up using the backup tool of
your choice. Utilizing a VSS solution will reduce the effect of backup on server
performance.
Question: Will your current backup and recovery scheme need to be altered for
IIS7?
4-8
Lesson 2
In this lesson we will learn how to monitor an IIS 7.0 installation. We will learn
how to use the failed request tracing rules, IIS 7.0 logging, and other built in
monitoring capabilities. In addition, we will cover the use of System Center to
manage an IIS 7.0 installation.
4-9
Key Points
A Failed Request event will include the URL, the Site, the application pool, the
process ID, the User, and a time stamp, as well as the failure, time taken and
status code. These are recorded in an XML log which can be read with System
Center Operations Manager, IE, or any type of parsing tool.
4-10
4-11
Question: What problems have you experienced to which you could have applied
Failed Request Tracing?
Key Points
4-12
4-13
Key Points
Get Executing Requests allows the admin to see the requests that are currently
executing in a worker process.
The Get State process reveals whether a worker process is starting, running, or
stopping.
Question: How would you apply these COM APIs in a distributed web farm?
Key Points
Will be able to use the IIS 7 Microsoft System Center Operations Manager
Management Pack to track large scale IIS deployments.
4-14
4-15
Lesson 3
In this lesson we will discuss how to deploy UDDI to allow for developer
collaboration. A UDDI infrastructure consists of a web service and a database that
stores the providers, bindings, and tModels that define UDDI. We will discuss the
authentication methods and security roles. In addition we will demonstrate UDDI
management for the enterprise administrator.
Key Points
4-16
4-17
UDDI Requirements
Key Points
Possibly create a "sandbox" UDDI service using the stand alone installation.
Use the Active Directory security model for better tracking of authentication.
Key Points
Install the UDDI service on a web server, cluster, or farm with the appropriate
level of availability.
4-18
Key Points
Create a backup scheme for the UDDI data stored on the SQL server.
4-19
Lesson 4
In this lesson we will identify application pool issues in IIS 7.0 and how to deal
with them. IIS 7.0 allows the administrator to specify recycling thresholds to better
control the way that an application pool uses memory. However, modifying
recycling thresholds can affect overall performance. In addition, we will discuss the
features of 64 bit architecture that can enhance IIS 7.0 in the enterprise.
4-20
Key Points
Recycling can cause session state data to be lost. Also slows performance.
4-21
Key Points
Question: Are you currently using or planning to use 64 bit architecture for web
services?
4-22
4-23
Key Points
IIS 7.0 can be customized to log events for a variety of conditions, including:
Scheduled Time
Number of Requests
Memory Usage
Application Pool problems are often a result of memory leaks, applications that
fail under certain loads, or insufficient hardware.
4-24
4-25
2.
3.
f Task 1: Specify the servers and storage at New York and London
List the servers necessary to provide the service. For each device, list the
services and applications required.
The content and SQL database need to be highly available, so include a SAN
installation at both sites.
Determine how to best replicate configuration and content between the two
sites.
Now, prepare the two sites for disaster recovery. What items need to be
backed up?
The organization would like to be able to recover either site completely should
the entire location be lost. Prepare a backup scheme that would allow for
either site to be restored completely.
4-26
4-27
2.
Create a deployment plan for monitoring the web services with System Center
Operations Manager.
List those network elements which the web farm relies upon.
All management of the web farm is primarily performed by the New York
administrators. However, the organization would like to be able to monitor
each site should the link between the two fail.
4-28
4-29
2.
You have been tasked with managing the hardware and infrastructure
deployment for UDDI at Woodgrove Bank. Identify what services need to be
deployed or changed.
For the two UDDI services (testing and enterprise), list the security groups
and place the following roles in the appropriate place:
Domain Users
Developers
UDDI developer
Network Administrator
One stand alone UDDI can serve as the testing UDDI. It can be internal to the
network with no access to the internet. The UDDI service can be deployed on the
existing web farm.
Security
Group
Testing Server
Role
Enterprise Server
Role
Domain Users
None
User
Authorized
Web users
None
User
Developers
Publisher (can be
user for greater
control)
Coordinator
UDDI
Developer
Coordinator
Coordinator
Network
Administrator
Administrator
Administrator
Create a plan to deploy both UDDI services in the enterprise. Identify security,
network, and process changes.
Develop a process for testing, approving, and migrating UDDI objects to the
enterprise UDDI service.
Results: After this exercise you will have developed a UDDI deployment plan that
accounts for security, infrastructure, and process.
4-30
4-31
Identify and resolve the application pool problem at the Paris site.
The New York and London sites are running identical applications to the Paris
site and experiencing no problems. As a result, we can conclude that the
applications do not have any memory leaks or other flaws.
Although the Paris site was originally built with repurposed hardware, the
problem is such that the organization needs to resolve the problem and is
willing to invest in a solution.
Create a plan to resolve the application pool issue on the Paris web farm.
The applications and server load require the expanded memory thresholds of
64 bit hardware. Replace the older hardware in the Paris web farm with 64 bit
servers.
Create a plan to deploy both UDDI services in the enterprise. Identify security,
network, and process changes.
Develop a process for testing, approving, and migrating UDDI objects to the
enterprise UDDI service.
Results: After this exercise you will have identified the problem with the Paris servers
and created a plan for resolving their performance issues.
4-32
4-33
2.
3.
Start 6437A-NYC-DC1.
Server: NYC-WEB-D
Password: Pa$$w0rd
f Task 2: Add the second Web server to use the Shared Configuration
Server: NYC-WEB2
Password: Pa$$w0rd
Server: NYC-WEB-D
Name: test.html
4-34
4-35
2.
3.
4.
Server: NYC-WEB-D
Host: NYC-WEB-D
f Task 2: Add the second host to the Network Load Balancing cluster
Using Network Load Balancing Manager, add the second host to the cluster.
Host: NYC-WEB2
f Task 3: Add the second server to the Network Load Balancing cluster
Using Network Load Balancing Manager, add the second server to the cluster.
Server: NYC-WEB2
Server: NYC-WEB2
Server: NYC-WEB-D
Server: NYC-WEB-D
Results: After this exercise, you should have successfully restored a Web site to a
second server. Provide the results of the exercise so students will know when and if
they have completed the lab exercise successfully.
Lab Shutdown
After you complete the lab, you must shut down the virtual machines and discard
any changes.
4-36
Review Questions
1.
2.
3.
4-37
Troubleshooting tip
Memory Leaks
Repair application
Insufficient memory
A company needs to test a web application and then roll it out to an existing
IIS 7.0 web farm. What is the best method to transport the application and
settings from the development platform to the working web farm?
2.
4-38
5-1
Module 5
Designing a Terminal Services Infrastructure
Contents:
Lesson 1: Design Terminal Services Licensing
5-3
5-9
5-13
5-16
5-23
5-28
5-35
5-41
Module Overview
5-2
Lesson 1
In this lesson we will review Terminal Services licensing. Next, we will review a
checklist of tasks to be completed to install and configure Terminal Services
licensing. Finally, we will introduce Terminal Services License Server Discovery
and discuss the different Terminal Services license server discovery options
available to administrators.
5-3
Overview of TS Licensing
Key Points
Question: Where should the TS Licensing role service be installed for small
deployments? For large ones?
Question: What is the TS Licensing grace period and when does it end?
5-4
Key Points
A TS license server must be activated in order to certify the server and allow
the license server to issue TS CALs.
After you have installed and configured the Terminal Services license server,
you need to configure the Terminal Services licensing mode and then the
license server discovery mode on your terminal server.
5-5
Question: What are the three methods by which you activate a Terminal Services
license server?
Question: What are the three methods by which you can install Terminal Services
client access licenses (TS CALs)?
5-6
5-7
Key Points
5-8
5-9
Lesson 2
In this lesson we will review the concepts of Remote Desktop Connection Display
and will also introduce single sign-on for Terminal Services. We will also discuss
the Terminal Services Easy Print driver.
Key Points
The Remote Desktop Users group on a terminal server is used to give users
and groups permission to remotely connect to a terminal server.
Question: How are users and groups added to the Remote Desktop Users group?
5-10
5-11
Key Points
Key Points
The Terminal Services Easy Print driver enables users to reliably print from a
Terminal Services RemoteApp program or from a terminal server desktop
session to the correct printer on their client computer.
The TS Easy Print driver offers support for legacy and new printer drivers
without the need to install those drivers on the print server.
5-12
5-13
Lesson 3
In this lesson, we will discuss plug and play device redirection in remote sessions.
We will also briefly discuss Microsoft Point of Service for .NET device redirection.
Key Points
Plus and Play devices can be added to remote sessions using the Remote
Desktop Connection dialog box under Start, All Programs, Accessories.
After the redirected Plug and Play device is installed on the remote computer,
the Plug and Play device is available for use in your session with the remote
computer.
For More Information, see "Plug and Play Device Redirection for Media
Players and Digital Cameras" online.
5-14
5-15
Key Points
Configuring a terminal server for Microsoft POS for .NET Device Redirection
requires that you first install Microsoft POS for .NET 1.11, then install the
.NET service objects or configuration files for the device, finally restart the
Terminal Services UserMode Port Redirector service.
Microsoft POS for .NET devices, by default, are not listed under Local devices
and resources on the Local Resources tab in Remote Desktop Connection, and
the Remote Desktop Protocol (.rdp) file that you use to connect to the terminal
server must be edited to enable redirection.
For More Information, see "Microsoft Point of Service for .NET Device
Redirection" online.
Lesson 4
In this lesson we will review Terminal Services Gateway, including prerequisites for
TS Gateway functionality. We will also introduce Terminal Services Connection
Authorization Policies. Finally, we will introduce Terminal Services Remote Access
Policies.
5-16
5-17
Overview of TS Gateway
Key Points
You can use TS Gateway server with Microsoft Internet Security and
Acceleration (ISA) Server to enhance security.
Question: How can you monitor TS Gateway connection status, health, and
events?
5-18
5-19
Key Points
TS Gateway transmits all RDP traffic (that typically would have been sent over
port 3389) to port 443 by using an HTTPS tunnel. This also means that all
traffic between the client and TS Gateway is encrypted while in transit over the
Internet.
Question: What requirements must the externally trusted SSL certificate meet?
5-20
5-21
Key Points
Users are granted access to a TS Gateway server if they meet the conditions
specified in the TS CAP.
Key Points
When you create a TS RAP, you can create a computer group (a list of
computers on the internal network to which you want the remote users to
connect) and associate it with the TS RAP.
5-22
5-23
Lesson 5
In this lesson we will review Terminal Services Session Broker and introduce DNS
Round Robin and TS Session Broker load balancing. We will also learn how to
deploy TS Session Broker load balancing.
Key Points
The TS Session Broker Load Balancing feature enables you to evenly distribute
the session load between servers in a load-balanced terminal server farm.
Question: What steps must be taken to use DNS round-robin as the load balancer
for initial connections?
5-24
5-25
Key Points
To configure DNS round robin, you must create a host resource record for
each terminal server in the farm that maps to the terminal server farm name in
DNS.
The limitations of DNS round robin include the caching of DNS requests on
the client, which can result in clients using the same IP address for each initial
connection request, and the potential for a 30-second timeout delay if a user is
redirected to a terminal server that is offline, but still listed in DNS.
Key Points
For terminal servers to use TS Session Broker, you must add the computer
account for each terminal server in the farm to the Session Directory
Computers local group on the TS Session Broker server.
You can configure a terminal server to join a farm in TS Session Broker and to
participate in TS Session Broker Load Balancing by using Group Policy or the
Terminal Services Configuration tool.
To configure DNS round robin for TS Session Broker Load Balancing, you
must map the IP address of each terminal server in the farm to the terminal
server farm name in DNS.
5-26
5-27
Lesson 6
In this lesson we will review the concepts of TS RemoteApp programs and discuss
key scenarios for TS RemoteApp programs. Next we will discuss deploying
RemoteApp programs through a file share or other distribution mechanism. Finally
we will review managing RemoteApp programs and settings.
5-28
5-29
Key Points
If a user is running more than one RemoteApp program on the same terminal
server, the RemoteApp programs will share the same Terminal Services
session.
Question: How can users access RemoteApp programs through Windows Server
2008?
Key Points
5-30
5-31
Question: What other scenarios can you think of where TS RemoteApp would be
especially useful?
Key Points
Before you can deploy RemoteApp programs to users, you must configure the
server to host RemoteApp programs.
You can use the RemoteApp Wizard to create an .rdp file from any program in
the RemoteApp Programs list.
5-32
5-33
Key Points
After you have added a program to the RemoteApp Programs list, you can
change the deployment settings for all RemoteApp programs, change the
properties of a single RemoteApp program, or delete the RemoteApp program
from the list.
You can copy the RemoteApp Programs list and deployment settings from one
terminal server to another terminal server. You might want to do this if you
want to configure multiple terminal servers identically to host RemoteApp
programs, such as in a terminal server farm.
5-34
Lesson 7
In this lesson we will review Terminal Services Web Access. We will discuss
functionality of TS Web Access and will also discuss deploying RemoteApp
programs through TS Web Access.
5-35
Key Points
TS Web Access is a role service in the Terminal Services role that lets you make
TS RemoteApp programs, and a link to the terminal server desktop, available
to users from a Web browser.
For More Information, see "Terminal Services Web Access (TS Web
Access)" online.
5-36
5-37
Key Points
With TS Web Access, a user can visit a Web site, view a list of RemoteApp
programs, and then just click a program icon to start the program.
TS Web Access provides a customizable TS Web Access Web Part, where the
list of RemoteApp programs is displayed.
For More Information, see "Terminal Services Web Access (TS Web
Access)" online.
5-38
5-39
Key Points
Configure the server that will host RemoteApp programs. This includes
installing Terminal Server, installing programs, and verifying remote
connection settings.
Use TS RemoteApp Manager to add RemoteApp programs that are enabled for
TS Web Access, and to configure global deployment settings.
Install TS Web Access on the server that you want users to connect to over the
Web to access RemoteApp programs.
Add the computer account of the TS Web Access server to the TS Web Access
Computers group on the terminal server.
5-40
5-41
Identify and document business and technical requirements from the scenario.
2.
3.
Your company wants you to design a .rdp file that will be distributed to
hundreds of client computers.
You must design this conceptual configuration to meet the requirements of the
scenario. Be sure to account for the line-of-business applications and single
sign-on.
5-42
5-43
Identify how you would configure the server that is hosting the RemoteApp
programs.
Identify how you would add RemoteApp programs, being sure to briefly
describe how you would configure global deployment settings.
Identify and document business and technical requirements from the scenario.
2.
Draw a network architecture that accounts for all of the components involved
in deploying Terminal Services RemoteApp Programs using TS Web Access.
5-44
5-45
Identify and document business and technical requirements from the scenario.
2.
RemoteApp programs have already been deployed on the terminal server, and
TS Web Access has already been deployed across the company intranet.
Draw and describe a network architecture that allows users to access the TS
Web Access server from the internet.
Results: After this exercise, you should have identified the business and technical
requirements from the scenario and drawn and described a network architecture that
includes a TS Gateway server and TS Web Access server in the perimeter network, with
terminal servers that host RemoteApp programs behind the company firewall.
Identify and document business and technical requirements from the scenario.
2.
Contoso wants you to allow access by the Human Resources user group only
to the HR Computers computer group and also wants you to disable client
device redirection.
Detail how you would use Terminal Services authorization policies to improve
security given the above guidelines.
Results: After this exercise, you should have identified the business and technical
requirements from the scenario and generated a design document containing a TS
connection authorization policy and TS resource authorization policy. The TS CAP and
TS RAP should allow only the specific user and computer groups listed in the second
task.
5-46
Review Questions
1.
What is the Terminal Services Licensing grace period, why is there a grace
period, and what steps must you take after the grace period ends to ensure
continuity of service?
2.
3.
5-47
Troubleshooting tip
5-48
5-49
You are an administrator a remote site that needs to activate its Terminal
Services License Server but the remote site does not yet have internet
connectivity. What is the best method for activating the license server?
2.
Per Device or Per User licensing mode is the best option if your clients
frequently use multiple servers on the network.
If you install a server product on a single server and you are uncertain which
licensing mode is appropriate, choose Per Server.
When the number of users is different from the number of devices, create a
license group to allocate licenses for Per Device or Per User licensing.
6-1
Module 6
Designing a Terminal Services Maintenance
Strategy
Contents:
Lesson 1: Design Windows System Resource Manager (WSRM) Policies
for Application Resource and Reporting
6-3
6-7
6-12
6-16
6-20
6-27
Module Overview
6-2
6-3
Lesson 1
Key Points
WSRM lets you manage server resource (processor and memory) usage with
resource policies to help ensure that services are available on an equal basis.
Two benefits of resource management are first that more services can run
simultaneously and second that high-priority users or administrators can be
guaranteed access.
6-4
Key Points
You can set an upper limit on the committed memory that a process
consumes. The Windows System Resource Manager service maintains the
committed memory limit.
6-5
Question: What tool can you use to collect and view data about the usage of
resources on the computer?
6-6
Lesson 2
In this lesson, we will review group policy settings for both Terminal Services
printing and TS Gateway. We will also review controlling client behavior for
RemoteApp programs.
6-7
Key Points
If the Use Terminal Services Easy Print printer driver first policy setting is
enabled or not configured, the terminal server will first try to use the Terminal
Services Easy Print driver to install all client printers. If it is disabled, the
terminal server will try to find a suitable printer driver to install the client
printer.
If the Redirect only the default client printer policy setting is enabled, only the
default client printer is redirected in Terminal Services sessions. If it is disabled
or not configured, all client printers are redirected in these sessions.
6-8
6-9
Question: Where is the Use Terminal Services Easy Print printer driver first policy
setting located?
Question: Where is the Redirect only the default client printer policy setting
located?
Key Points
You can use Group Policy and Active Directory Domain Services to centralize
and simplify the administration of TS Gateway policy settings.
Question: What three Group Policy settings are available for the TS Gateway
server?
6-10
6-11
Key Points
You can use Group Policy to configure clients to always recognize RemoteApp
programs from a particular publisher as trusted.
You can configure whether clients will block RemoteApp programs and remote
desktop connections from external or unknown sources.
By using these policy settings, you can reduce the number and complexity of
security decisions that users face. This reduces the chances of inadvertent user
actions that may lead to security vulnerabilities.
Lesson 3
Using NLB with Terminal Services offers the benefits of increased availability,
scalability, and load-balancing performance, as well as the ability to distribute a
large number of Terminal Services clients over a group of terminal servers.
In this lesson, we will review Network Load Balancing (NLB) with Terminal
Services. We will also discuss the steps for configuring NLB with Terminal
Services.
6-12
6-13
Key Points
NLB distributes traffic across several servers using the TCP/IP networking
protocol. You can use NLB with a terminal server farm to scale the
performance of a single terminal server by distributing sessions across
multiple servers.
Terminal Services has two components that are important for establishing load
balancing: Terminal Services Session Broker service and Terminal Services
Configuration snap-in.
Question: What are the requirements for using NLB with a terminal server?
6-14
6-15
Key Points
For a terminal server to use TS Session Broker, you must add the computer
account for the terminal server to the Session Broker Computers local group
on the TS Session Broker server.
NLB must be installed on the network adapter that you want to use for the
Remote Desktop Protocol (RDP) connection.
To configure the NLB cluster, you must configure host parameters, cluster
parameters, and port rules which control how the cluster functions.
Lesson 4
In this lesson, we will review Windows Terminal Server Management Pack. We will
also discuss TS per-user licensing usage tracking. Finally, we will review TS
Gateway monitoring capabilities.
6-16
6-17
Key Points
Key Points
Administrators can generate a per user license usage report that contains the
number of licenses issued by a particular license server and the total number
of per user licenses available on that server, to make sure that license usage is
in line with the EULA and licensing agreements.
Per user license usage reports can be generated across three different scopes:
Domain, Organizational Unit (OU), and All Trusted Domains.
Question: How can you create a per user license usage report in Windows Server
2008?
For More Information, see Terminal Services Per User Licensing Usage
Tracking online.
6-18
6-19
Key Points
You can specify the types of events that you want to monitor, such as
unsuccessful or successful connection attempts to internal network computers
through a TS Gateway server.
Lesson 5
In this lesson we will introduce Terminal Services Server Drain Mode. We will also
review licenser server availability events, the autoreconnect failure event, TS
Gateway availability events, and TS Session Broker availability events.
6-20
6-21
Key Points
TS Server Drain Mode prevents new users from logging onto the server, while
allowing currently logged on users to reconnect to their existing sessions.
Users with an existing session may reconnect (in order to save their work and
logoff). Users without an existing session are prevented from logging on.
There are two ways an administrator can put a terminal server into drain
mode: 1) using the command-line tool chglogon.exe, or 2) using Terminal
Services Configuration UI.
6-22
6-23
Key Points
The Terminal Services license server relies on the Terminal Services Licensing
service to be running in order to install, issue, and track the availability of
Terminal Services client access licenses (TS CALs).
Key Points
When a client computer tries to reestablish a remote session with the terminal
server after a temporary network interruption, the client computer attempts to
authenticate with the terminal server. If the information passed between the
client computer and the terminal server to reestablish the connection has
become corrupted, the client computer will not be able to reestablish the
remote session.
Question: How can you check which users are connected to the terminal server?
6-24
6-25
Key Points
There are problems with the NPS Server or Web Server (IIS).
Key Points
The Terminal Services Session Broker (TS Session Broker) server relies on the
Terminal Services Session Broker service to be running in order to perform
session load balancing between terminal servers in a farm, and to reconnect a
user to an existing session in a load-balanced terminal server farm.
To resolve these issues, try to start the Terminal Services Session Broker
service. If the problem persists, restart the TS Session Broker server. After the
server has restarted, confirm that the Terminal Services Session Broker service
has started.
Question: How can you verify that the TS Session Broker server is available?
6-26
6-27
Identify and document business and technical requirements from the scenario.
2.
Describe how you will configure the NLB cluster to fulfill the business and
technical requirements of the scenario.
Results: After this exercise, you should have identified the business and technical
requirements from the scenario, drawn a network architecture that includes at least
two computers, each on the same subnet and domain, and each only configured for
TCP/IP. You should also have a NLB cluster configuration that includes host
parameters, cluster parameters, and port rules that apply only to RDP traffic.
6-28
6-29
Identify and document business and technical requirements from the scenario.
2.
Describe a Group Policy that configures, enables, and enforces the business
and technical requirements of the scenario.
The Group Policy setting Set the TS Gateway Server Authentication Method
is already configured to enforce Windows authentication by passwords.
Results: After this exercise, you should have identified the business and technical
requirements from the scenario and described a group policy that enables and
enforces the Group Policy settings Enable Connections Through TS Gateway and
Set the TS Gateway Server Address on the TS Gateway server, and enables the Use
Terminal Services Easy Print printer driver first setting on the terminal server.
Identify and document business and technical requirements from the scenario.
2.
6-30
6-31
Identify and document business and technical requirements from the scenario.
2.
Identify and document business and technical requirements from the scenario.
2.
3.
In the Percentage of processor allocated for this resource field, type 40.
6-32
6-33
Select the Use maximum committed memory for each process check box,
with a value of 512.
Lab Shutdown
After you complete the lab, you must shut down the virtual machines and discard
any changes.
Review Questions
1.
2.
What Group Policy settings are available to control client behavior when
opening RemoteApp programs?
3.
6-34
6-35
Troubleshooting tip
The Fortune 100 company you work for wants to collect as much performance
measuring data as possible to ensure its data center is operating at maximum
efficiency. How can you ensure that Windows Terminal Server Management
Pack is collecting all of the data available to it?
2.
Configure Performance Logs and Alerts to report data for the recommended
counters at regular intervals, such as every 10 to 15 minutes. Retain logs over
extended periods of time, store data in a database, and query the data to report
on and analyze the data as needed for overall performance assessment, trend
analysis, and capacity planning.
Plan ahead. Monitor trends for capacity planning and add or upgrade
components as needed. Maintain logged data in a database and observe
changes to identify changes in resource requirements. After you observe
changes in activity or resource demand, you can identify areas that might
require additional resources.
6-36
7-1
Module 7
Design Windows Media Services Infrastructure
Contents:
Lesson 1: Design Windows Media Services for Live Streaming
7-4
7-14
7-20
7-25
7-29
Module Overview
Microsoft Windows Media Services can be used for both live streaming and on
demand content. Although it can be flexible to network and server resource
limitations, getting the most out of it requires preparing and maintaining an
appropriate infrastructure. The WMS servers need to have the resources available
to process connections. The network must be capable of passing that content to
clients. Fault protection must be in place to prevent a single point of failure from
stopping the service.
In this module, we will present concepts for the planning and deployment of a
Windows Media Services Infrastructure. We will show WMS 2008 compatibility
with previous versions of Windows Media Services and the new features of WMS
2008.
7-2
7-3
When implementing a live streaming Windows Media Services infrastructure, realtime performance can be improved by the use of the appropriate hardware. For
instance, Windows Media Services 2008 can make use of 64 bit architecture to
dramatically improve performance on the server. For large and distributed
installations, content can be more efficiently served to clients through strategically
placed cache/proxy servers and publishing points. Providing on-demand content
also includes significant storage issues. You will need to identify the amount of
storage necessary and engage reliable, high performance disks.
In this module you will also learn how to monitor Windows Media Services to
maintain service and respond to problems.
Lesson 1
After first introducing Windows Media Services for Microsoft Windows Server
2008, this lesson will show how to architect a live streaming solution. You will
learn about the effect of 64 bit architecture on WMS performance and how to
identify needed capacity.
7-4
7-5
Key Points
WMS Cache/Proxy plug-in: the built-in WMS Cache/Proxy plug-in can be used
to configure a Windows Media server either as a cache/proxy server or as a
reverse proxy server to provide caching and proxy support to other Windows
Media servers.
WMS for Windows Server 2008 includes encoder failover capability for high
availability in streaming scenarios.
Question: How will these features change a WMS design in your network?
7-6
Key Points
The Enterprise version of Windows Media Services for Windows Server 2008
includes the following features above the capabilities of the standard version:
7-7
Key Points
64 bit servers can use far more memory and virtual memory, both of which are
critical to WMS performance.
7-8
7-9
Key Points
Existing streams can be used with WMS for Windows Server 2008.
Key Points
UDP transmission is better suited to WMS streams than TCP, but WMS can
utilize TCP if necessary.
7-10
7-11
Key Points
Key Points
If you want users to be able to access content without being prompted for a user
name or password, you can enable the WMS Anonymous User Authentication
plug-in. When a user tries to connect to the Windows Media server, the plug-in
uses the Windows user account that you specified in the plug-in properties to
authenticate the user.
If both the anonymous and a network authentication plug-in is installed, the
anonymous plug in is checked first. To differentiate between authentication and
authorization, understand that authentication identifies the users identity while
authorization verifies that the user is allowed to connect to the server.
The authorization plug-in enables you to set different access control policies for
content.
Allow users to access only certain content in a publishing point by using the
WMS NTFS ACL Authorization plug-in.
7-12
7-13
Question: For a company that is serving WMS live content to clients who are all
members of their Active Directory, what authentication and authorization would
be best used?
Lesson 2
WMS is ready to utilize digital rights management, allowing you control over who
consumes content and how they do so. When creating on-demand content, it is
possible to simultaneously perform DRM encapsulation while encoding the
content. In this lesson, we will also talk about how to store and deliver content,
focusing on high availability and distributed capabilities.
7-14
7-15
Key Points
During the content protection process, Windows Media Encoder can create the key
to encrypt the content, encrypt the content, and add DRM-specific information to
the content header.
Question: Besides the commercial sale of content, how could DRM be used?
Key Points
A storage solution for WMS should fulfill the following three requirements:
Question: At this point, what solution would you imagine for content storage in
your organization? Do you already have the physical resources available?
7-16
7-17
Key Points
Question: Multicasting has some advantages. What are the disadvantages and
limitations of multicasting?
Protocol Selection
Key Points
RTSP protocol
RTSP is an application-layer protocol that was created specifically to provide
controlled delivery of real-time data, such as audio and video content. The RTSP
protocol can travel over either TCP or UDP networks.
When setting up distribution servers to use Fast Streaming, use either the RTSPT
or HTTP protocols to connect to the origin server.
When using RTSPU for unicast streaming, setting the RTP packet size to a small
value may prevent the Windows Media server from streaming.
7-18
7-19
HTTP protocol
You can use HTTP to stream content from an encoder to a Windows Media server,
to distribute streams between computers running different versions of Windows
Media Services or computers that are separated by a firewall, and to download
dynamically-generated playlists from a Web server. HTTP is especially useful for
clients that receive streaming content through a firewall because HTTP is usually
set up to use port 80, easily passing through most firewalls.
Multicast transmission (MSB)
For multicast streams, you can specify the IP address and port values in the WMS
Multicast Data Writer plug-in properties for your broadcast publishing point.
Lesson 3
After identifying the requirements of your media services, you can tune WMS
hardware and software to most effectively respond to client demands. This lesson
will expand on the clustering and load balancing capabilities of Windows Server
2008 and how they can be applied to WMS. Network bandwidth is a critical
element to WMS performance. Using Windows System Resource Manager
(WSRM) we can specify the usage of WMS and other services.
WMS can be installed on the new Server Core installation, allowing for higher
performance on less powerful hardware as well as shrinking the attack surface of a
server.
7-20
7-21
Key Points
Use WMS Cache/Proxy and distribution roles to distribute WMS content more
efficiently.
One of the many advantages to WMS server clustering is the increase in server
performance.
Question: What is the most affordable solution to try initially to decrease buffering
and improve performance?
Key Points
Hardware based load balancing
You can utilize hardware based clustering, instituting a reverse proxy that receives
stream requests and passes it on to the appropriate cluster member or pass on
cached content. A single proxy in a hardware cluster could be a single point of
failure. However, one can set up parallel proxies to increase availability.
Software based load balancing
Using Windows Server 2008 clustering and Network Load Balancing, up to 32
servers can be assigned to a cluster. Each node then performs a given percentage of
the cluster workload. They can then be managed and configured as one, reducing
the cost of managing the service.
7-22
7-23
Key Points
Question: Would you be able to employ WSRM to cut down on your server costs?
Key Points
Can be used to create a more secure and higher performing WMS server.
7-24
7-25
Lesson 4
A WMS server can be monitored through the MMC. However, a multiple server
WMS implementation will require a more holistic monitoring approach. WMS
includes SNMP traps and WMI providers which can be accessed through various
monitoring programs. Also you can implement the WMS Management Pack to
monitor WMS with Microsoft System Center Operations Manager.
Key Points
Create and use a Service Level Agreement (SLA) to understand the monitoring
and uptime.
7-26
7-27
Key Points
The Operations Manager Management pack can collect, consolidate, and report on:
For More Information, see The Microsoft System Center web page.
Key Points
Design a backup strategy that covers all content, systems, and services
necessary to recover fully from a disaster.
7-28
7-29
The London site contains routers that will not broadcast multicast packets.
Site
Users
Comments
New York
500
London
250
Tokyo
100
Seoul
100
2.
3.
Compute the bandwidth requirements between sites and within each site.
Identify the servers, including OS version and software, that will need to be
sourced at the New York site to encode and deploy a live webcast. Design for
high availability.
7-30
7-31
On the network map created in the previous task, identify the protocol used
between each server.
Q: How should you secure the connection between Tokyo and Seoul?
Calculate the bandwidth requirements for each link and for the cost on each
local network for the clients to connect.
Results: After this exercise, you should have created a drawing showing servers in the
appropriate locations to successfully broadcast the live stream to all sites and dial up
clients.
2.
3.
Secure content.
Q: How would you best secure the data both on the server and during delivery?
Results: After this exercise, you should have made sure that all WMS servers, including
the London servers, are capable of play while archiving. You should have written
specifications for a highly available storage schema and protected the content with
ACLs and DRM.
7-32
7-33
2.
3.
Identify how you would confirm that network capacity is definitely not the
buffering issue.
List actions that will increase the performance of the servers in Seoul and
Tokyo.
Of the items in the list, which are most likely to cost effectively resolve the
buffering issue? Prioritize the list on this criteria.
2.
3.
Create a naming convention for the critical publishing points rules so each rule
is uniquely named.
7-34
7-35
Review Questions
1.
What are the common bottlenecks for Windows Media Services performance?
2.
3.
Troubleshooting tip
Network bottlenecks
Processor bottlenecks
Storage bottlenecks
2.
A company is using Windows Media Services 2008 for Windows Server 2008
standard edition. On an intranet, they are reaching the capacity of the network
to transmit to all of their clients during live broadcasts. How can they cut
down on network traffic?
3.
7-36
8-1
Module 8
Design Virtualization Infrastructure
Contents:
Lesson 1: Virtualization of a Test Server Environment
8-3
8-10
8-14
8-18
Module Overview
8-2
Lesson 1
8-3
Key Points
Microsoft Virtual Server 2005 R2 SP1 can host 32 bit operating systems,
including Windows Server, Windows desktops, and some Linux operating
systems. Runs on a Windows Server 2003 host operating system.
For managing large scale virtualization, use System Center Virtual Machine
Manager (VMM). It will help to automate the migration of physical servers to
virtual machines, help the administrator to manage servers, and allow for webbased provisioning by other users, such as testers or developers.
Shortly after the release of Windows Server 2008 Hyper-V will be available.
Unlike Virtual Server, Hyper-V runs directly on the hardware with no
intermediary host operating system. Virtual machines directly on top of HyperV. The next release of VMM will support Hyper-V. Hyper-V will support 64 bit
operating systems and is designed for server-scale operating systems. VMM
will also support Hyper-V.
8-4
8-5
Key Points
A full implementation will require a SQL database, a library server, at least one
host server, and the System Center VMM server.
8-6
8-7
Key Points
As you acquire the servers for the infrastructure, make sure the servers support
hyper-V: 64 bit architecture, hardware assisted virtualization, and Data
Execution Protection (DEP).
Plan a backup strategy. Most likely, the existing enterprise backup strategy can
be utilized at either the guest or the host level.
Key Points
Backup can be performed at the guest level (utilizing the same backup strategy
as if it was a physical server) or at the host level (taking snapshots and backing
up the virtual disks as files).
8-8
Key Points
Copy web.config, content, and code to the shared file storage of the
production web farm.
For More Information, see " Web Site Deployment Made Easy" in
Communities.
8-9
Lesson 2
In this lesson the students will learn to evaluate what applications are good
candidates for virtualization. Then we will discuss different processes for migrating
legacy applications. We will then design a standard host configuration.
8-10
8-11
Key Points
Applications that need to be isolated (one application per server) are good
candidates for virtualization.
Question: Are there legacy applications in your organization that would be good
candidates for virtualization?
Key Points
The VMM P2V online process allows for live migration with little downtime.
Use Microsoft Virtual Server 2005 Migration Toolkit (VSMT) for Windows NT
servers.
8-12
8-13
Key Points
Lesson 3
In this lesson the students will learn best practices for a virtualized test
environment, including customizations to the standard configuration and internal
networking.
8-14
Key Points
Use WinPE to create OS, use other automation tools to clone applications.
8-15
Key Points
Do not use virtualization for load testing, as hardware performance does not
correlate between virtual and physical and virtual machines.
If your organization requires full scale staging, it will most likely be necessary
to replicate it physically, not virtually.
8-16
8-17
Key Points
Question: Are there legacy applications in your organization that would be good
candidates for virtualization?
8-18
2.
3.
8-19
Looking at the sample architecture, list each element that is required for the
web farm and determine how to recreate it in the virtualized test environment.
Identify the physical servers that we will need to build our virtualized
environment. Include the amount of RAM required for hosts.
Identify security groups that will have access to the test environment. Include
administrators, support personnel, and developers.
8-20
8-21
2.
3.
The new server will require 1 GB of RAM but consumes negligible processor
time on a modern server. The server needs dedicated connectivity to the local
(192.168.16.x) network.
Identify a location within the schematic that you created for lesson 1 that we
can add the legacy server, assuming that we can expand an existing host for
the RAM requirements of the legacy server.
We have determined that we can store the legacy database itself on a preexisting iSCSI SAN and have already migrated it. The SAN is accessible on a
different physical TCP/IP network We want to migrate the server with a
minimum of downtime.
Create a step by step plan for using VMM to migrate the server to the
virtualized environment. Confirm that the image is healthy and accessible
before the migration.
The original server is accessible by two groups: the LOBdev group, which has
access to read and write on the database and can log directly in to the server,
and the LOBuser group, which has only read access to the data. Assign rights
to the virtual machine that will allow for continued business function.
Results: After this exercise, you should have created a plan for the migration of a
legacy line of business server to the virtual environment, including security and backup
considerations.
8-22
8-23
Discuss the roles of personnel in creating and using an isolated test bed.
2.
The application development team are about to embark on a long term project.
They will require extensive testing scenarios as they proceed. They believe that
ultimately the application will run on a three server web farm, a SQL server,
and a domain controller. They will also need to implement a perimeter firewall
and users both inside the simulated environment and outside, in the "internet."
All of these servers will run Windows Server 2008 or Windows Vista.
Review Questions
1.
How many physical machines would we have needed to create the test
environment from exercise 1? How does that compare with the physical
machines we used to create the virtualized test environment?
2.
3.
8-24
8-25
Troubleshooting tip
2.
Tools
Tool
Virtual Server
2005 Migration
Toolkit
Use for
Migrating legacy
servers not compatible
with VMM P2V
Where to find it
Download from
http://www.microsoft.com/technet/
virtualserver/downloads/vsmt.mspx
8-26
9-1
Module 9
Designing Virtualization Provisioning
Contents:
Lesson 1: Design Virtual Server Provisioning Workflow Model
9-3
9-8
9-14
9-17
9-20
Module Overview
9-2
Lesson 1
In this less we will review designing a virtual server environment. We will also
discuss management design and the concept of static computing versus virtual
computing.
9-3
Key Points
During the assessment and initial planning phase, you identify the applications
that are to be consolidated and migrated to virtual machines and determine
their current location and characteristics.
9-4
9-5
Question: What issues are faced when consolidating and relocating physical
servers to virtual ones?
Management Design
Key Points
You should define a security model, including all account names and
permissions, for administering Virtual Server and for administering each
virtual machine.
To successfully ensure that all images are properly managed and monitored, it
is important to ensure proper tracking of the virtual machines.
9-6
9-7
Key Points
Integrating the management of virtual and physical computers with policybased tools can reduce system complexity.
Question: What does application virtualization allow for? What does presentation
virtualization allow for?
Lesson 2
9-8
9-9
Key Points
Assessing the infrastructure involves several tasks with the end goal of creating
an inventory and information about the current infrastructure.
9-10
9-11
Envisioning
Key Points
The process of meeting goals and objectives is iterative and may require
multiple phases.
Question: Where can you find information on how to create, define, and
document objectives?
Key Points
9-12
9-13
Determining Solutions
Key Points
Lesson 3
A complete virtualization strategy can profoundly impact nearly every aspect of the
IT infrastructure management lifecycle. In this lesson we will discuss virtualization
strategy and implementing a virtual server environment.
9-14
9-15
Virtualization Strategy
Key Points
Key Points
Hardware and software platforms must be set up for the destination servers.
9-16
9-17
Lesson 4
In this lesson, we will introduce how to design with System Center for deployment.
We will also discuss host ratings, which indicate the host's suitability for hosting
the virtual machine.
Key Points
During automatic placement, the configuration files for the virtual machine are
moved to the volume judged most suitable on the selected host.
9-18
9-19
Host Ratings
Key Points
Host ratings take into consideration one of the following placement goals, which
you specify:
Load balancingWhen load balancing is the goal, the suitability of each virtual
machine host is rated based on the intent to minimize the processing load on
any one host.
2.
9-20
9-21
Performance Measured
Reason
Processor
Memory
Network I/O
Disk I/O
2.
9-22
9-23
Each of Contoso's departments has its own files, scripts, and virtual disks that
need to be accounted for and each department wants its own virtual machine
host. The departments are as follows:
Draw and describe a conceptual design document to outline how the virtual
machine hosts and virtual machine libraries will be deployed assuming that
placement defaults have not yet been set.
Results: After this exercise, you should have identified the business and technical
requirements of the scenario. You should also have outlined the concept of adding
virtual machine hosts and virtual libraries as well as the concepts of virtual machine
placement and host ratings and how to set placement defaults for virtual machines to
Resource maximization.
Review Questions
1.
2.
What are Host Ratings and what goals do they take into consideration?
Troubleshooting tip
9-24
9-25
2.
You have been hired as a consultant at a large sales company to improve upon
their infrastructure. Assuming that the virtual environment has been ignored
up until this point, what changes can you make to ensure the virtual
environment is secure?
Tools
Tool
Virtual Server
2005 Migration
Toolkit
Use for
Migrating legacy
servers not compatible
with VMM P2V
Where to find it
Download from
http://www.microsoft.com/technet/
virtualserver/downloads/vsmt.mspx
Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your
learning experience.
Please work with your training provider to access the course evaluation form.
Microsoft will keep your answers to this survey private and confidential and will
use your responses to improve your future learning experience. Your open and
honest feedback is valuable and appreciated.
9-26
L1-1
Password: N/A
Scenario #2
Existing web farm supporting single website is going to be expanded to include an
additional 2 major websites. The amount of traffic is expected to triple with the
addition of these websites. Each website is expected to have large seasonal traffic
spikes at different times of the year.
Exercise Overview
In this exercise, you must review hardware options and design hardware platform.
Scenario #2
Existing web farm supporting single website is going to be expanded to include an
additional 2 major websites. The amount of traffic is expected to triple with the
addition of these websites. Each website is expected to have large seasonal traffic
spikes at different times of the year.
Exercise Overview
In this exercise, you need to create a design document consisting of multiple web
farms.
L1-2
L1-3
2.
3.
Scenario #2
Existing web farm supporting single website is going to be expanded to include an
additional 2 major websites. The amount of traffic is expected to triple with the
addition of these websites. Each website is expected to have large seasonal traffic
spikes at different times of the year.
Exercise Overview
In this exercise, you must create a design document consisting of multiple web
farms with all websites hosted on each server.
Create a conceptual design diagram consisting of multiple web farms with all
websites hosted on every server.
Results: After this exercise, you should have created a design diagram consisting of
multiple web farms. Evaluated Need for Web Farm and Planned Load Balancing.
Scenario #2
Existing web farm supporting single website is going to be expanded to include an
additional 2 major websites. The amount of traffic is expected to triple with the
addition of these websites. Each website is expected to have large seasonal traffic
spikes at different times of the year.
Exercise Overview
In this exercise, you must plan to automatically deploy website configuration using
Xcopy deployment.
L1-4
L1-5
Design batch files using the new Xcopy command to plan automatic
deployment of website configuration to Windows Server 2008 with IIS
installed
Results: After this exercise, you should have planned to automatically deploy website
configuration using batch files and Xcopy deployment.
Scenario #2
Existing web farm supporting single website is going to be expanded to include an
additional 2 major websites. The amount of traffic is expected to triple with the
addition of these websites. Each website is expected to have large seasonal traffic
spikes at different times of the year.
Exercise Overview
In this exercise, you must plan to automatically deploy website content using
Xcopy deployment.
Design batch files using the new Xcopy command to plan automatic
deployment of website content to Microsoft Windows Server 2008 with IIS
installed.
Results: After this exercise, you should have planned to automatically deploy website
content using batch files and Xcopy deployment
L1-6
L2-7
Password: Pa$$w0rd
Exercise Overview
In this exercise, you must plan new application pools.
Create the Application Pool and setting for ASP.NET 1.0 applications.
2.
Create the Application Pool and settings for ASP.net 1.1 applications.
3.
Create the Application Pool and settings for ASP.net 2.0 applications.
4.
Create Application Pool and settings for ASP.net 1.1 Misbehaving applications.
Create scripts to deploy App Pools and settings for each application pool
create in Task 1.
Results: After this exercise, you should have created a drawing showing application
isolation and a document describing automatically deploying application isolation
solution.
Exercise Overview
In this exercise, you need to plan to deploy script mapping.
L2-8
L2-9
Create scripts to automatically deploy Script Mappings for each file type.
Results: After this exercise, you should have created a design document identifying
script mappings as well as a document with plans for auto deployment of script
mappings.
Exercise Overview
In this exercise, you must plan bandwidth allocation per site or application.
Exercise Overview
In this exercise, you must plan website logging.
L2-10
L2-11
Create scripts to automatically deploy logging options for each Web site.
Results: After this exercise, you should have created a design document identifying
logging structure as well as a document with plans for auto deployment of logging
structure and fields.
Exercise Overview
In this exercise, you will learn how to create an application pool.
2.
3.
4.
5.
6.
7.
The Add Application Pool dialog box appears. In the Name field, type
SalesSupport.
8.
Click OK.
9.
10. The Add Application Pool dialog box appears. In the Name field, type
SalesSupport_DE.
11. Click OK.
12. In the Actions pane, click Add Application Pool.
13. The Add Application Pool dialog box appears. In the Name field, type
SalesSupport_Test.
14. Click OK.
15. In the details pane, notice that SalesSupport, SalesSupport_DE, and
SalesSupport_Test appear in the list of application pools.
In the Connections pane, expand Sites, then click Default Web Site.
2.
3.
4.
The Add Application dialog box appears. In the Alias field, type
SalesSupport_DE.
5.
6.
7.
8.
9.
The Add Application dialog box appears. In the Alias field, type
SalesSupport_Test.
10. Next to the Physical path field, click the Browse () button.
11. The Browse For Folder dialog box appears. Browse to C:\inetpub\wwwroot,
and then click Make New Folder.
12. Type SalesSupport_Test and then click OK twice.
13. In the details pane, notice that SalesSupport, SalesSupport_DE, and
SalesSupport_Test appear in the list of applications.
L2-12
L2-13
f Task 3: Use XCopy to deploy the files from the SalesSupport directory
to the SalesSupport_DE and SalesSupport_Test directories
1.
2.
3.
4.
Type dir SalesSupport_DE and then press Enter to confirm that the files were
copied.
5.
6.
Type dir SalesSupport_Test and then press Enter to confirm that the files
were copied.
2.
3.
4.
5.
6.
The Select Application Pool dialog box appears. In the Application pool list,
click SalesSupport, and then click OK twice.
7.
8.
9.
10. The Select Application Pool dialog box appears. In the Application pool list,
click SalesSupport_DE, and then click OK twice.
11. In the details pane, click /SalesSupport_Test.
12. In the Actions pane, click Basic Settings.
13. The Edit Application dialog box appears. Click Select.
14. The Select Application Pool dialog box appears. In the Application pool list,
click SalesSupport_Test, and then click OK twice.
15. In the Connections pane, expand Default Web Site, then click
SalesSupport_DE.
16. In the details pane, double-click Authentication.
17. Click Anonymous Authentication.
18. In the Actions pane, click Disable.
19. In the details pane, click Basic Authentication.
20. In the Actions pane, click Enable.
21. Click Edit.
22. The Edit Basic Authentication Settings dialog appears. In the Default
domain and Realm fields, type woodgrovebank.
23. Click OK.
24. In the Connections pane, click SalesSupport_Test.
25. In the details pane, double-click Authentication.
26. Click Anonymous Authentication.
27. In the Actions pane, click Disable.
28. In the details pane, click Basic Authentication.
29. In the Actions pane, click Enable.
30. Click Edit.
31. The Edit Basic Authentication Settings dialog appears. In the Default
domain and Realm fields, type woodgrovebank.
32. Click OK.
2.
3.
L2-14
L2-15
4.
The Edit Application Pool Recycling Settings dialog box appears. Clear the
Regular time intervals check box, and then click Next.
5.
Click Finish.
6.
7.
8.
The Edit Application Pool Recycling Settings dialog box appears. Clear
Regular time intervals check box, and then click Next.
9.
Click Finish.
2.
3.
The Edit Application Pool Recycling Settings dialog box appears. Select
Fixed number of requests.
4.
In the Fixed number of requests field, type 1024 and then click Next.
5.
On the Recycling Events to Log page, select Number of requests, Ondemand, and Configuration changes.
6.
Click Finish.
2.
3.
4.
2.
3.
4.
5.
6.
7.
8.
The Connect to localhost dialog box appears. In the User name field, type
yvonne.
9.
L2-16
L3-17
Password: Pa$$w0rd
Exercise Overview
In this exercise, you must deploy security certificates (SSL).
2.
Exercise Overview
In this exercise, you need to design authentication and authorization methods.
L3-18
L3-19
2.
3.
4.
There is a group of IIS administrators who are responsible for site performance and
availability. There is a different group of website administrators for each site. They
are responsible for website activity monitoring and website updates. You want to
prevent administrators from making any changes to websites other than the one
they are responsible for.
Exercise Overview
In this exercise, you must design and delegate administration.
Plan administrative groups and global groups for IIS Administrators for
website # 1 and 2 on the domain controller.
Exercise Overview
In this exercise, you will learn how to create virtual directories and configure
anonymous authentication.
L3-20
L3-21
2.
2.
Right-click Web Server (IIS) and then click Add Role Services.
3.
The Add Role Services dialog box appears. In the Role services box, under
Security, select Windows Authentication, and Digest Authentication.
4.
5.
6.
In the details pane, in the Role Services section, notice that Windows
Authentication, and Digest Authentication are listed as Installed.
2.
In the Connections pane, expand NYC-WEB-A | Sites and then click Default
Web Site.
3.
4.
5.
The Add Virtual Directory dialog box appears. In the Alias field, type Public.
6.
Next to the Physical path field, click the Browse (...) button.
7.
The Browse For Folder dialog box appears. Browse to C:\inetpub, and then
click Make New Folder.
8.
9.
Click OK.
2.
3.
4.
5.
6.
Click Cancel.
7.
8.
9.
The Guest Properties dialog box appears. Clear Account is disabled, and
then click OK.
L3-22
L3-23
13. The Allow log on locally Properties dialog appears. Click Add User or
Group.
14. The Select Users, Computers, or Groups dialog box appears. Click
Locations.
15. The Locations dialog box appears. Click NYC-WEB-A, and then click OK.
16. In the Enter the object names to select field, type Guest, and then click OK
twice.
17. Close Local Security Policy.
18. Click Start | Switch User.
19. Logon as NYC-WEB-A\Guest with no password.
20. Click Start | All Programs | Internet Explorer.
21. The Windows Internet Explorer window opens. Browse to http://localhost.
Note that weve set the default site to the Public virtual directory so theres no
need to use localhost/public.
22. Notice that the IIS7 Welcome page loads.
23. Close each of the running virtual machines. Do not save changes so they are
reset to default for the next lab.
Results: After this exercise, you should have successfully verified that the Web Server
(IIS) role is installed and loaded the IIS Welcome page in Internet Explorer.
L4-25
Password: Pa$$w0rd
Exercise Overview
In this exercise we will design storage, backup, and recovery for an IIS 7.0 web
farm.
f Task 1: Specify the servers and storage at New York and London
1.
List the servers necessary to provide the service. For each device, list the
services and applications required.
2.
The content and SQL database need to be highly available, so include a SAN
installation at both sites.
3.
Determine how to best replicate configuration and content between the two
sites.
Now, prepare the two sites for disaster recovery. What items need to be
backed up?
2.
The organization would like to be able to recover either site completely should
the entire location be lost. Prepare a backup scheme that would allow for
either site to be restored completely.
2.
L4-26
L4-27
Exercise Overview
In this exercise, you will consider options for monitoring an IIS 7.0 web farm.
List those network elements which the web farm relies upon.
2.
3.
All management of the web farm is primarily performed by the New York
administrators. However, the organization would like to be able to monitor
each site should the link between the two fail.
2.
2.
3.
4.
Exercise Overview
In this exercise, you design a UDDI system for a large corporation, including
internal and external services.
You have been tasked with managing the hardware and infrastructure
deployment for UDDI at Woodgrove Bank. Identify what services need to be
deployed or changed.
2.
For the two UDDI services (testing and enterprise), list the security groups
and place the following roles in the appropriate place:
Domain Users
Developers
UDDI developer
Network Administrator
L4-28
L4-29
One stand alone UDDI can serve as the testing UDDI. It can be internal to the
network with no access to the internet. The UDDI service can be deployed on
the existing web farm.
Security Group
Domain Users
None
User
None
User
Developers
Coordinator
UDDI Developer
Coordinator
Coordinator
Network Administrator
Administrator
Administrator
Create a plan to deploy both UDDI services in the enterprise. Identify security,
network, and process changes.
2.
Develop a process for testing, approving, and migrating UDDI objects to the
enterprise UDDI service.
Results: After this exercise you will have developed a UDDI deployment plan that
accounts for security, infrastructure, and process.
Exercise Overview
In this exercise, you will identify the causes of application pool problems.
The New York and London sites are running identical applications to the Paris
site and experiencing no problems. As a result, we can conclude that the
applications do not have any memory leaks or other flaws.
2.
Although the Paris site was originally built with repurposed hardware, the
problem is such that the organization needs to resolve the problem and is
willing to invest in a solution.
3.
Create a plan to resolve the application pool issue on the Paris web farm.
The applications and server load require the expanded memory thresholds of
64 bit hardware. Replace the older hardware in the Paris web farm with 64 bit
servers.
Create a plan to deploy both UDDI services in the enterprise. Identify security,
network, and process changes.
2.
Develop a process for testing, approving, and migrating UDDI objects to the
enterprise UDDI service.
Results: After this exercise you will have identified the problem with the Paris servers
and created a plan for resolving their performance issues.
Exercise Overview
In this exercise, students will learn how to enable shared configuration.
L4-30
L4-31
2.
3.
4.
5.
6.
7.
8.
9.
f Task 2: Add the second Web server to use the Shared Configuration
1.
2.
3.
4.
5.
6.
7.
8.
9.
The Encryption Keys Password dialog box appears. In the Enter encryption
key password field, type Pa$$w0rd.
L4-32
L4-33
12. The Shared Configuration dialog box appears, indicating that IIS Manager
and Management service must be restarted for these changes to be completed.
Click OK.
13. Close Internet Information Services (IIS) Manager.
14. Click Start | Administrative Tools | Internet Information Services (IIS)
Manager.
15. In the Connections pane, click NYC-WEB2.
16. In the details pane, in the Management section, double-click Management
Service.
17. In the Actions pane, click Start.
2.
3.
4.
The Add Default Document dialog box appears to allow us to add a default
document to test the shared configuration. In the Name field, type test.html
and then click OK.
5.
6.
7.
Notice that the default document test.html has been added to the top of the
list for the second Web server as well.
Question: Why has the default document test.html has been added to the top
of the list for the second Web server as well?
Answer: The default document test.html has been added to the top of the list
for the second Web because both servers are using shared configuration.
Results: After this exercise, you should have successfully configured a two-server
network with an underlying foundation of shared configurations.
Exercise Overview
In this exercise, students will ensure Web site availability by implementing
Network Load Balancing.
2.
In the console pane, right-click Network Load Balancing Cluster and then
click New Cluster.
3.
The New Cluster: Connect dialog box appears. Start the process by
connecting to the Network Load Balance host computer. In the Host field,
Type NYC-WEB-D, and then click Connect.
4.
Make sure the Local Area Connection interface with Interface IP address
10.10.0.21 is highlighted, and then click Next.
5.
The New Cluster: Host Parameters page shows the dedicated IP addresses
and the initial host state. Click Next.
6.
The New Cluster: Cluster IP Addresses page allows you to add cluster IP
addresses that are shared by every member of the cluster. Click Add.
7.
The Add IP Address dialog box appears, allowing you to add IPv4 or IPv6
addresses to the cluster. In the Add IPv4 address field, type 10.10.0.27.
8.
In the Subnet mask field, type 255.255.0.0, and then click OK.
9.
Make sure the newly added cluster IP address is highlighted. Click Next.
10. The New Cluster: Cluster Parameters page allows you to modify the
operation mode of the cluster IP addresses. In the Full Internet name field,
type cluster.woodgrovebank.com.
L4-34
L4-35
f Task 2: Add the second host to the Network Load Balancing cluster
1.
2.
The Add Host to Cluster: Connect dialog box appears. Add the second host
computer. In the Host field, Type NYC-WEB2, and then click Connect. Wait
for the operation to complete before continuing.
3.
Make sure the Local Area Connection interface with Interface IP address
10.10.0.26 is highlighted, and then click Next.
4.
The New Cluster: Host Parameters page shows the dedicated IP addresses
and the initial host state. Make sure that the Priority (unique host identifier)
is 2, and then click Next.
5.
The New Cluster: Port Rules page allows you to add, edit, and remove cluster
IP address port rules. Click Finish. Wait for the operation to complete before
continuing.
f Task 3: Add the second server to the Network Load Balancing cluster
1.
2.
The Network Load Balancing Manager window opens and loads the current
cluster. The Warning dialog box appears, presenting a warning about running
NLB in Unicast mode. Click OK.
2.
3.
Notice that the NLB command indicates that host 2 has entered a converging
state with the cluster.
4.
5.
6.
Notice that the NLB command indicates that host 1 has entered a converging
state with the cluster.
7.
8.
The results show very detailed information about the cluster and its current
state. Scroll to the top of the displayed information to examine the
Configuration section.
9.
Close each of the running virtual machines. Do not save changes so they are
reset to default for the next lab.
Results: After this exercise, you should have successfully configured network load
balancing on a two-server network, with an underlying foundation of shared
configurations.
L4-36
L5-37
Password: N/A
Exercise Overview
In this exercise, you must identify and document business and technical
requirements and generate a conceptual configuration for Terminal Services
RemoteApp that meets the business and technical requirements of the scenario.
2.
Describe how to configure the server that will host RemoteApp programs. This
includes installing Terminal Server, installing programs, and verifying remote
connection settings.
L5-38
L5-39
2.
Exercise Overview
In this exercise you will identify and document business and technical
requirements from the scenario and generate a conceptual design for deploying
Terminal Services RemoteApp programs through TS Web Access.
2.
Draw a network architecture that accounts for all of the components involved
in deploying Terminal Services RemoteApp Programs using TS Web Access.
2.
Exercise Overview
In this exercise, identify and document business and technical requirements from
the scenario and generate a conceptual design for terminal TS Gateway and Web
Access.
L5-40
L5-41
2.
Draw and describe a network architecture that allows users to access the TS
Web Access server from the internet.
Results: After this exercise, you should have identified the business and technical
requirements from the scenario and drawn and described a network architecture that
includes a TS Gateway server and TS Web Access server in the perimeter network, with
terminal servers that host RemoteApp programs behind the company firewall.
Exercise Overview
In this exercise, you must identify and document business and technical
requirements from the scenario and generate a detailed design document to
improve security in TS Gateway and Web Access.
2.
Detail how you would use Terminal Services authorization policies to improve
security given the above guidelines.
Results: After this exercise, you should have identified the business and technical
requirements from the scenario and generated a design document containing a TS
connection authorization policy and TS resource authorization policy. The TS CAP and
TS RAP should allow only the specific user and computer groups listed in the second
task.
L5-42
L6-43
Password: Pa$$w0rd
Exercise Overview
In this exercise, you must identify and document business and technical
requirements from the scenario and generate a conceptual design for IP load
balancing and failover session directory.
2.
Draw a network architecture that includes at least two computers that have
one network adapter each for load balancing with only TCP/IP configured on
that adapter. The diagram should also show that all hosts in the NLB cluster
reside on the same subnet, that all of the clusters clients are able to access that
subnet, and that all terminal servers in the TS farm are on the same domain.
2.
Describe how you will configure the NLB cluster to include host parameters,
cluster parameters, and port rules that apply only to RDP traffic.
Results: After this exercise, you should have identified the business and technical
requirements from the scenario, drawn a network architecture that includes at least
two computers, each on the same subnet and domain, and each only configured for
TCP/IP. You should also have a NLB cluster configuration that includes host
parameters, cluster parameters, and port rules that apply only to RDP traffic.
Exercise Overview
In this exercise you will identify and document business and technical
requirements from the scenario and generate a conceptual design document for
implementing group policy specific to terminal servers.
2.
L6-44
L6-45
Describe a Group Policy that configures, enables, and enforces the business
and technical requirements of the scenario.
Results: After this exercise, you should have identified the business and technical
requirements from the scenario and described a group policy that enables and
enforces the Group Policy settings Enable Connections Through TS Gateway and
Set the TS Gateway Server Address on the TS Gateway server, and enables the Use
Terminal Services Easy Print printer driver first setting on the terminal server.
Exercise Overview
In this exercise, identify and document business and technical requirements from
the scenario and generate a conceptual design for server resource allocation among
terminal services sessions.
2.
Exercise Overview
In this exercise, identify and document business and technical requirements from
the scenario and generate a conceptual design for Terminal Services monitoring
with specific monitoring definitions for the TS Web Access servers.
2.
L6-46
L6-47
Exercise Overview
In this exercise, students will learn how to optimize terminal services performance
using resource allocation policies.
2.
3.
4.
5.
6.
Right-click Process Matching Criteria, and then click New Process Matching
Criteria.
7.
8.
Click Add.
9.
10. In the Add Registered Service dialog box, click TSGateway, and then click
OK.
11. Click OK twice.
2.
3.
4.
On the General tab, in the Process matching criteria list, select TSGateway.
5.
In the Percentage of processor allocated for this resource field, type 40.
6.
Click OK twice.
In the console tree, right-click Resource Allocation Policies, and then click
New Resource Allocation Policy.
2.
In the Policy Name field, type TSGatewayMemoryPolicy, and then click Add.
3.
On the General tab, in the Process matching criteria list, select TSGateway.
4.
5.
6.
In the Maximum committed memory limit per process (in MB) field, type
512.
7.
8.
Click OK twice.
9.
L6-48
Password: N/A
L7-49
Users
Comments
New York
500
London
250
Tokyo
100
Seoul
100
Exercise Overview
In this exercise we will design a worldwide Windows Media infrastructure.
L7-50
L7-51
Identify the servers, including OS version and software, that will need to be
sourced at the New York site to encode and deploy a live webcast. Design for
high availability.
2.
3.
4.
On the network map created in the previous task, identify the protocol used
between each server.
Question: How should you secure the connection between Tokyo and Seoul?
Answer: Encapsulate the HTTP using IPSec. Employ workgroup or AD ACLs.
2.
Calculate the bandwidth requirements for each link and for the cost on each
local network for the clients to connect.
Results: After this exercise, you should have created a drawing showing servers in the
appropriate locations to successfully broadcast the live stream to all sites and dial up
clients.
Exercise Overview
In this exercise, you will expand the capabilities of the WMS infrastructure to
provide on-demand content.
2.
Exercise Overview
In this exercise, you identify how problems can be solved with on-demand
performance.
L7-52
L7-53
Identify how you would confirm that network capacity is definitely not the
buffering issue.
2.
List actions that will increase the performance of the servers in Seoul and
Tokyo.
Of the items in the list, which are most likely to cost effectively resolve the
buffering issue? Prioritize the list on this criteria.
2.
Exercise Overview
In this exercise, you will create a monitoring scheme for WMS.
2.
Create a naming convention for the critical publishing points rules so each rule
is uniquely named.
3.
Create a plan to resolve the application pool issue on the Paris web farm.
2.
3.
L7-54
L8-55
Password: N/A
Exercise Overview
In this exercise we will design a development environment using VMM.
Looking at the sample architecture, list each element that is required for the
web farm and determine how to recreate it in the virtualized test environment.
L8-56
L8-57
2.
3.
Identify the physical servers that we will need to build our virtualized
environment. Include the amount of RAM required for hosts.
4.
Identify security groups that will have access to the test environment. Include
administrators, support personnel, and developers.
2.
Exercise Overview
In this exercise, you will virtualize a legacy server.
The new server will require 1 GB of RAM but consumes negligible processor
time on a modern server. The server needs dedicated connectivity to the local
(192.168.16.x) network.
2.
Identify a location within the schematic that you created for lesson 1 that we
can add the legacy server, assuming that we can expand an existing host for
the RAM requirements of the legacy server.
We have determined that we can store the legacy database itself on a preexisting iSCSI SAN and have already migrated it. The SAN is accessible on a
different physical TCP/IP network We want to migrate the server with a
minimum of downtime.
2.
Create a step by step plan for using VMM to migrate the server to the
virtualized environment. Confirm that the image is healthy and accessible
before the migration.
L8-58
L8-59
2.
The original server is accessible by two groups: the LOBdev group, which has
access to read and write on the database and can log directly in to the server,
and the LOBuser group, which has only read access to the data. Assign rights
to the virtual machine that will allow for continued business function.
Results: After this exercise, you should have created a plan for the migration of a
legacy line of business server to the virtual environment, including security and
backup considerations.
Exercise Overview
In this exercise, you will design VMM provisioning.
The application development team are about to embark on a long term project.
They will require extensive testing scenarios as they proceed. They believe
that ultimately the application will run on a three server web farm, a SQL
server, and a domain controller. They will also need to implement a perimeter
firewall and users both inside the simulated environment and outside, in the
"internet." All of these servers will run Windows Server 2008 or Windows
Vista.
2.
L8-60
L9-61
Password: N/A
Exercise Overview
In this exercise you will identify and document business and technical
requirements as they apply to virtual server host configuration. You will also
generate a conceptual plan for the implementation of a virtual server host
configuration.
2.
Describe the methodology of sizing destination servers and fill out the table
below as follows:
Metric
2.
Performance Measured
Reason
Processor
Memory
Network
I/O
Disk I/O
L9-62
L9-63
Exercise Overview
In this exercise you will identify and document business and technical
requirements as they apply to virtual server provisioning using System Center. You
will also generate a conceptual design document outlining virtual server
provisioning using System Center.
2.
Draw and describe a conceptual design document to outline how the virtual
machine hosts and virtual machine libraries will be deployed assuming that
placement defaults have not yet been set.
Results: After this exercise, you should have identified the business and technical
requirements of the scenario. You should also have outlined the concept of adding
virtual machine hosts and virtual libraries as well as the concepts of virtual machine
placement and host ratings and how to set placement defaults for virtual machines to
Resource maximization.