Moc6437AF-En Designing WindowsServer2008 Applications Infrastructure-TrainerManual

OFFICIAL
MICROSOFT
LEARNING
PRODUCT
6437A
Designing a Windows Server
2008 Applications Infrastructure
ii
Designing a Windows Server 2008 Applications Infrastructure
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part
of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted
in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for
any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory,
regarding these manufacturers or the use of the products with any Microsoft technologies. The
inclusion of a manufacturer or product does not imply endorsement of Microsoft of the
manufacturer or product. Links may be provided to third party sites. Such sites are not under the
control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link
contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for
webcasting or any other form of transmission received from any linked site. Microsoft is providing
these links to you only as a convenience, and the inclusion of any link does not imply endorsement
of Microsoft of the site or the products contained therein.
2008 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Hyper-V, Internet Explorer, MSDN, Outlook, PowerPoint, SharePoint, SQL
Server, Windows, Windows Media, Windows NT, Windows Server, Windows Server System and
Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
All other trademarks are property of their respective owners.
Technical Reviewer: Philip Morgan
Product Number: 6437A

Part Number: X14-69194
Released: 06/2008
MICROSOFT LICENSE TERMS

OFFICIAL MICROSOFT LEARNING PRODUCTS - TRAINER
EDITION Pre-Release and Final Release Versions
These license terms are an agreement between Microsoft Corporation and you. Please read them. They
apply to the Licensed Content named above, which includes the media on which you received it, if any. The
terms also apply to any Microsoft
updates,
supplements,
Internet-based services, and
support services
for this Licensed Content, unless other terms accompany those items. If so, those terms apply.
By using the Licensed Content, you accept these terms. If you do not accept them, do not use
the Licensed Content.
If you comply with these license terms, you have the rights below.
1. DEFINITIONS.
a. Academic Materials means the printed or electronic documentation such as manuals,
workbooks, white papers, press releases, datasheets, and FAQs which may be included in the
Licensed Content.
b. Authorized Learning Center(s) means a Microsoft Certified Partner for Learning Solutions
location, an IT Academy location, or such other entity as Microsoft may designate from time to time.
c. Authorized Training Session(s) means those training sessions authorized by Microsoft and
conducted at or through Authorized Learning Centers by a Trainer providing training to Students

solely on Official Microsoft Learning Products (formerly known as Microsoft Official Curriculum or
MOC) and Microsoft Dynamics Learning Products (formerly know as Microsoft Business Solutions
Courseware). Each Authorized Training Session will provide training on the subject matter of one
(1) Course.
d. Course means one of the courses using Licensed Content offered by an Authorized Learning
Center during an Authorized Training Session, each of which provides training on a particular
Microsoft technology subject matter.
e. Device(s) means a single computer, device, workstation, terminal, or other digital electronic or
analog device.
f.
Licensed Content means the materials accompanying these license terms. The Licensed
Content may include, but is not limited to, the following elements: (i) Trainer Content, (ii) Student
Content, (iii) classroom setup guide, and (iv) Software. There are different and separate
components of the Licensed Content for each Course.
g.
Software means the Virtual Machines and Virtual Hard Disks, or other software applications that
may be included with the Licensed Content.
h. Student(s) means a student duly enrolled for an Authorized Training Session at your location.
i.
Student Content means the learning materials accompanying these license terms that are for
use by Students and Trainers during an Authorized Training Session. Student Content may include
labs, simulations, and courseware files for a Course.
j.
Trainer(s) means a) a person who is duly certified by Microsoft as a Microsoft Certified Trainer
and b) such other individual as authorized in writing by Microsoft and has been engaged by an
Authorized Learning Center to teach or instruct an Authorized Training Session to Students on its
behalf.
k. Trainer Content means the materials accompanying these license terms that are for use by
Trainers and Students, as applicable, solely during an Authorized Training Session. Trainer Content
may include Virtual Machines, Virtual Hard Disks, Microsoft PowerPoint files, instructor notes, and
demonstration guides and script files for a Course.
l.
Virtual Hard Disks means Microsoft Software that is comprised of virtualized hard disks (such as
a base virtual hard disk or differencing disks) for a Virtual Machine that can be loaded onto a single
computer or other device in order to allow end-users to run multiple operating systems concurrently.
For the purposes of these license terms, Virtual Hard Disks will be considered Trainer Content.
m. Virtual Machine means a virtualized computing experience, created and accessed using
Microsoft Virtual PC or Microsoft Virtual Server software that consists of a virtualized hardware
environment, one or more Virtual Hard Disks, and a configuration file setting the parameters of the
virtualized hardware environment (e.g., RAM). For the purposes of these license terms, Virtual Hard
Disks will be considered Trainer Content.
n.
you means the Authorized Learning Center or Trainer, as applicable, that has agreed to these
license terms.
2. OVERVIEW.
Licensed Content. The Licensed Content includes Software, Academic Materials (online and
electronic), Trainer Content, Student Content, classroom setup guide, and associated media.
License Model. The Licensed Content is licensed on a per copy per Authorized Learning Center
location or per Trainer basis.
3. INSTALLATION AND USE RIGHTS.

a. Authorized Learning Centers and Trainers: For each Authorized Training Session, you
may:
i.
either install individual copies of the relevant Licensed Content on classroom Devices only for
use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided
that the number of copies in use does not exceed the number of Students enrolled in and the
Trainer delivering the Authorized Training Session, OR
ii. install one copy of the relevant Licensed Content on a network server only for access by
classroom Devices and only for use by Students enrolled in and the Trainer delivering the
Authorized Training Session, provided that the number of Devices accessing the Licensed
Content on such server does not exceed the number of Students enrolled in and the Trainer
delivering the Authorized Training Session.
iii. and allow the Students enrolled in and the Trainer delivering the Authorized Training Session to
use the Licensed Content that you install in accordance with (ii) or (ii) above during such
Authorized Training Session in accordance with these license terms.
i.
Separation of Components. The components of the Licensed Content are licensed as a single
unit. You may not separate the components and install them on different Devices.
ii. Third Party Programs. The Licensed Content may contain third party programs. These license
terms will apply to the use of those third party programs, unless other terms accompany those
programs.
b. Trainers:
i.
Trainers may Use the Licensed Content that you install or that is installed by an Authorized
Learning Center on a classroom Device to deliver an Authorized Training Session.
ii. Trainers may also Use a copy of the Licensed Content as follows:
A. Licensed Device. The licensed Device is the Device on which you Use the Licensed Content.
You may install and Use one copy of the Licensed Content on the licensed Device solely for
your own personal training Use and for preparation of an Authorized Training Session.
B. Portable Device. You may install another copy on a portable device solely for your own
personal training Use and for preparation of an Authorized Training Session.
4. PRE-RELEASE VERSIONS. If this is a pre-release (beta) version, in addition to the other provisions
in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not
contain the same information and/or work the way a final version of the Licensed Content will. We
may change it for the final, commercial version. We also may not release a commercial version.
You will clearly and conspicuously inform any Students who participate in each Authorized Training
Session of the foregoing; and, that you or Microsoft are under no obligation to provide them with
any further content, including but not limited to the final released version of the Licensed Content
for the Course.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, you give to
Microsoft, without charge, the right to use, share and commercialize your feedback in any way and
for any purpose. You also give to third parties, without charge, any patent rights needed for their
products, technologies and services to use or interface with any specific parts of a Microsoft
software, Licensed Content, or service that includes the feedback. You will not give feedback that is
subject to a license that requires Microsoft to license its software or documentation to third parties
because we include your feedback in them. These rights survive this agreement.
c. Confidential Information. The Licensed Content, including any viewer, user interface, features
and documentation that may be included with the Licensed Content, is confidential and proprietary
to Microsoft and its suppliers.
i.
Use. For five years after installation of the Licensed Content or its commercial release,
whichever is first, you may not disclose confidential information to third parties. You may
disclose confidential information only to your employees and consultants who need to know
the information. You must have written agreements with them that protect the confidential
information at least as much as this agreement.
ii.
Survival. Your duty to protect confidential information survives this agreement.
iii. Exclusions. You may disclose confidential information in response to a judicial or

governmental order. You must first give written notice to Microsoft to allow it to seek a
protective order or otherwise protect the information. Confidential information does not
include information that
becomes publicly known through no wrongful act;
you received from a third party who did not breach confidentiality obligations to
Microsoft or its suppliers; or
you developed independently.
d.
Term. The term of this agreement for pre-release versions is (i) the date which Microsoft informs
you is the end date for using the beta version, or (ii) the commercial release of the final release
version of the Licensed Content, whichever is first (beta term).
e.
Use. You will cease using all copies of the beta version upon expiration or termination of the beta
term, and will destroy all copies of same in the possession or under your control and/or in the
possession or under the control of any Trainers who have received copies of the pre-released
version.
f.
Copies. Microsoft will inform Authorized Learning Centers if they may make copies of the beta
version (in either print and/or CD version) and distribute such copies to Students and/or Trainers. If
Microsoft allows such distribution, you will follow any additional terms that Microsoft provides to you
for such copies and distribution.
5. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS.

a. Authorized Learning Centers and Trainers:
i.
Software.
ii. Virtual Hard Disks. The Licensed Content may contain versions of Microsoft XP, Microsoft
Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 2000 Advanced
Server and/or other Microsoft products which are provided in Virtual Hard Disks.
A. If the Virtual Hard Disks and the labs are launched through the Microsoft
Learning Lab Launcher, then these terms apply:
Time-Sensitive Software. If the Software is not reset, it will stop running based upon the
time indicated on the install of the Virtual Machines (between 30 and 500 days after you
install it). You will not receive notice before it stops running. You may not be able to
access data used or information saved with the Virtual Machines when it stops running and
may be forced to reset these Virtual Machines to their original state. You must remove the
Software from the Devices at the end of each Authorized Training Session and reinstall and
launch it prior to the beginning of the next Authorized Training Session.
B. If the Virtual Hard Disks require a product key to launch, then these terms
apply:
Microsoft will deactivate the operating system associated with each Virtual Hard Disk.
Before installing any Virtual Hard Disks on classroom Devices for use during an Authorized
Training Session, you will obtain from Microsoft a product key for the operating system
software for the Virtual Hard Disks and will activate such Software with Microsoft using such
product key.
C. These terms apply to all Virtual Machines and Virtual Hard Disks:
You may only use the Virtual Machines and Virtual Hard Disks if you comply with
the terms and conditions of this agreement and the following security
requirements:
o
You may not install Virtual Machines and Virtual Hard Disks on portable Devices or
Devices that are accessible to other networks.
You must remove Virtual Machines and Virtual Hard Disks from all classroom Devices at
the end of each Authorized Training Session, except those held at Microsoft Certified
Partners for Learning Solutions locations.
You must remove the differencing drive portions of the Virtual Hard Disks from all
classroom Devices at the end of each Authorized Training Session at Microsoft Certified
Partners for Learning Solutions locations.
You will ensure that the Virtual Machines and Virtual Hard Disks are not copied or
downloaded from Devices on which you installed them.
You will strictly comply with all Microsoft instructions relating to installation, use,
activation and deactivation, and security of Virtual Machines and Virtual Hard Disks.
You may not modify the Virtual Machines and Virtual Hard Disks or any contents
thereof.
You may not reproduce or redistribute the Virtual Machines or Virtual Hard Disks.
ii. Classroom Setup Guide. You will assure any Licensed Content installed for use during an
Authorized Training Session will be done in accordance with the classroom set-up guide for the
Course.
iii. Media Elements and Templates. You may allow Trainers and Students to use images, clip
art, animations, sounds, music, shapes, video clips and templates provided with the Licensed
Content solely in an Authorized Training Session. If Trainers have their own copy of the
Licensed Content, they may use Media Elements for their personal training use.
iv. iv Evaluation Software. Any Software that is included in the Student Content designated as
Evaluation Software may be used by Students solely for their personal training outside of the
Authorized Training Session.
b. Trainers Only:
i.
Use of PowerPoint Slide Deck Templates. The Trainer Content may include Microsoft
PowerPoint slide decks. Trainers may use, copy and modify the PowerPoint slide decks only for
providing an Authorized Training Session. If you elect to exercise the foregoing, you will agree
or ensure Trainer agrees: (a) that modification of the slide decks will not constitute creation of
obscene or scandalous works, as defined by federal law at the time the work is created; and
(b) to comply with all other terms and conditions of this agreement.
ii. Use of Instructional Components in Trainer Content. For each Authorized Training
Session, Trainers may customize and reproduce, in accordance with the MCT Agreement, those
portions of the Licensed Content that are logically associated with instruction of the Authorized
Training Session. If you elect to exercise the foregoing rights, you agree or ensure the Trainer
agrees: (a) that any of these customizations or reproductions will only be used for providing an
Authorized Training Session and (b) to comply with all other terms and conditions of this
agreement.
iii. Academic Materials. If the Licensed Content contains Academic Materials, you may copy and
use the Academic Materials. You may not make any modifications to the Academic Materials
and you may not print any book (either electronic or print version) in its entirety. If you
reproduce any Academic Materials, you agree that:
The use of the Academic Materials will be only for your personal reference or training use
You will not republish or post the Academic Materials on any network computer or
broadcast in any media;
You will include the Academic Materials original copyright notice, or a copyright notice to
Microsofts benefit in the format provided below:
Form of Notice:
2008 Reprinted for personal reference use only with permission by Microsoft
Corporation. All rights reserved.
Microsoft, Windows, and Windows Server are either registered trademarks or
trademarks of Microsoft Corporation in the US and/or other countries. Other
product and company names mentioned herein may be the trademarks of their
respective owners.
6. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed
Content. It may change or cancel them at any time. You may not use these services in any way that
could harm them or impair anyone elses use of them. You may not use the services to try to gain
unauthorized access to any service, data, account or network by any means.
7. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you
more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that
only allow you to use it in certain ways. You may not
install more copies of the Licensed Content on classroom Devices than the number of Students and
the Trainer in the Authorized Training Session;
allow more classroom Devices to access the server than the number of Students enrolled in and the
Trainer delivering the Authorized Training Session if the Licensed Content is installed on a network
server;
copy or reproduce the Licensed Content to any server or location for further reproduction or
distribution;
disclose the results of any benchmark tests of the Licensed Content to any third party without
Microsofts prior written approval;
work around any technical limitations in the Licensed Content;
reverse engineer, decompile or disassemble the Licensed Content, except and only to the extent
that applicable law expressly permits, despite this limitation;
make more copies of the Licensed Content than specified in this agreement or allowed by applicable
law, despite this limitation;
publish the Licensed Content for others to copy;
transfer the Licensed Content, in whole or in part, to a third party;
access or use any Licensed Content for which you (i) are not providing a Course and/or (ii) have not
been authorized by Microsoft to access and use;
rent, lease or lend the Licensed Content; or
use the Licensed Content for commercial hosting services or general business purposes.
Rights to access the server software that may be included with the Licensed Content, including the
Virtual Hard Disks does not give you any right to implement Microsoft patents or other Microsoft
intellectual property in software or devices that may access the server.
8. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and
regulations. You must comply with all domestic and international export laws and regulations that apply
to the Licensed Content. These laws include restrictions on destinations, end users and end use. For
additional information, see www.microsoft.com/exporting.
9. NOT FOR RESALE SOFTWARE/LICENSED CONTENT. You may not sell software or Licensed
Content marked as NFR or Not for Resale.
10. ACADEMIC EDITION. You must be a Qualified Educational User to use Licensed Content marked as
Academic Edition or AE. If you do not know whether you are a Qualified Educational User, visit
www.microsoft.com/education or contact the Microsoft affiliate serving your country.
11. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you
fail to comply with the terms and conditions of these license terms. In the event your status as an
Authorized Learning Center or Trainer a) expires, b) is voluntarily terminated by you, and/or c) is
terminated by Microsoft, this agreement shall automatically terminate. Upon any termination of this
agreement, you must destroy all copies of the Licensed Content and all of its component parts.
12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-
based services and support services that you use, are the entire agreement for the Licensed
Content and support services.
13. APPLICABLE LAW.

a. United States. If you acquired the Licensed Content in the United States, Washington state law
governs the interpretation of this agreement and applies to claims for breach of it, regardless of
conflict of laws principles. The laws of the state where you live govern all other claims, including
claims under state consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws
of that country apply.
14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the
laws of your country. You may also have rights with respect to the party from whom you acquired the
Licensed Content. This agreement does not change your rights under the laws of your country if the
laws of your country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. The Licensed Content is licensed as-is. You bear the risk of
using it. Microsoft gives no express warranties, guarantees or conditions. You may have
additional consumer rights under your local laws which this agreement cannot change. To
the extent permitted under your local laws, Microsoft excludes the implied warranties of
merchantability, fitness for a particular purpose and non-infringement.
16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT
RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL,
INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to
anything related to the Licensed Content, software, services, content (including code) on third party
Internet sites, or third party programs; and
claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in
this agreement are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en franais.
EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute
utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre
garantie expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont
exclues.
LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES
DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de
dommages directs uniquement hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation
pour les autres dommages, y compris les dommages spciaux, indirects ou accessoires et pertes de
bnfices.
Cette limitation concerne:
tout ce qui est reli au le contenu sous licence , aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers ; et
les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit stricte,

de ngligence ou dune autre faute dans la limite autorise par la loi en vigueur.
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel
dommage. Si votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages
indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne
sappliquera pas votre gard.
EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits
prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de
votre pays si celles-ci ne le permettent pas.
xi
Contents
Module 1: Designing IIS Web Farms
Lesson 1: Overview of Hardware and Platform Options
Lesson 2: Design Web Farm Availability and Scalability
Lesson 3: Design Content Storage
Lab: Designing IIS Web Farms
1-3
1-10
1-26
1-31
Module 2: Optimizing IIS Performance and Stability

Lesson 1: Designing Application Pools
Lesson 2: Designing Script Mapping
Lesson 3: Designing Bandwidth Allocation
Lesson 4: Design Website Logging
Lab: Optimizing IIS Performance and Scalability
2-3
2-12
2-19
2-26
2-33
Module 3: Designing IIS Security

Lesson 1: Design and Verify Transport Security
Lesson 2: Design Authentication and Authorization
Lesson 3: Design Delegation Administration
Lab: Designing IIS Security
3-3
3-13
3-23
3-32
Module 4: Design IIS Maintenance and UDDI

Lesson 1: Designing Internet Information Services Backup and Recovery
Lesson 2: Specify Monitoring Requirements
Lesson 3: Deploying UDDI Services
Lesson 4: Tuning and Troubleshooting IIS 7.0
Lab: Design IIS Maintenance and UDDI
4-3
4-9
4-15
4-20
4-24
xii
Module 5: Designing a Terminal Services Infrastructure

Lesson 1: Design Terminal Services Licensing
Lesson 2: Specify Terminal Services Connection Properties
Lesson 3: Design Device Redirection
Lesson 4: Design Terminal Services Gateway
Lesson 5: Design Terminal Services Session Broker
Lesson 6: Design RemoteApp Programs
Lesson 7: Design Web Access
Lab: Designing a Terminal Services Infrastructure
5-3
5-9
5-13
5-16
5-23
5-28
5-35
5-41
Module 6: Designing a Terminal Services Maintenance Strategy

Lesson 1: Design Windows System Resource Manager (WSRM) Policies
for Application Resource and Reporting
Lesson 2: Specify Group Policy Settings for Terminal Servers
Lesson 3: Design High Availability
Lesson 5: Specify Maintenance and Recovery
6-3
6-7
6-12
6-16
6-20
6-27
Module 7: Design Windows Media Services Infrastructure

Lesson 1: Design Windows Media Services for Live Streaming
Lesson 2: Windows Media Services for On-Demand Content
Lesson 3: Improving Performance for On-Demand Content
Lesson 4: Monitoring Windows Media Services
Lab: Design a Windows Media Infrastructure
7-4
7-14
7-20
7-25
7-29
Module 8: Design Virtualization Infrastructure

Lesson 1: Virtualization of a Test Server Environment
Lesson 2: Virtualization and Migration of Legacy Applications
Lesson 3: Design and Test a Virtualized Development Environment
Lab: Design Virtualization Infrastructure
8-3
8-10
8-14
8-18
xiii
Module 9: Design Virtualization Provisioning

Lesson 1: Design Virtual Server Provisioning Workflow Model
Lesson 2: Evaluate Appropriateness for Virtualization
Lesson 3: Evaluate Customization to Standard Configuration
Lesson 4: Design Deployment for Virtualization
Lab: Design Virtualization Provisioning
Lab Answer Keys
9-3
9-8
9-14
9-17
9-20
xv
About This Course

This section provides you with a brief description of the course, audience,
suggested prerequisites, and course objectives.
Course Description
This three day course will prepare IT professionals for the role of Enterprise
Administrator. Students will learn how to design application infrastructure
solutions based on Windows Server 2008 to meet varying business and technical
requirements.
Audience
The primary audience for this course is IT professionals (including Windows
2000/2003 enterprise administrators) interested in becoming a Windows Server
2008 Enterprise Administrator with a focus on application infrastructure such as
web and terminal services.
The secondary audience for this course is Application Architects who want to know
more about how to integrate Windows Server 2008 technologies into enterprise
applications.
Student Prerequisites
This course requires that you meet the following prerequisites:
Intermediate understanding of networking. For example, how TCP/IP

functions, addressing (including DHCP), name resolution (DNS/WINS), and
connection methods (wired, wireless, VPN), NET+ or equivalent knowledge.
Intermediate understanding of network operating systems. For example,

Windows 2000, Windows XP, Windows Vista, Windows Server 2003 etc.
Intermediate understanding of security best practices. For example, file system

permissions, authentication methods, Kerberos etc.
Intermediate knowledge of server and network hardware.
Conceptual understanding of Active Directory (AD). For example, AD

terminology, AD object types.
Hands-on experience with more than one application service such as:
IIS
Terminal Services
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course
About This Course
Windows Media Services
Virtual Server
Hyper-V
System Center Virtual Machine Manager
Course Objectives
After completing this course, students will be able to:
Design IIS 7 Web Farms.
Optimize IIS 7 for Performance and Stability.
Design IIS 7 for Security.
Design IIS 7 for reliability, recovery, and monitoring.
Design and prepare a Terminal Services infrastructure.
Design a terminal services maintenance strategy.
Design a Windows Media Services installation for live and on-demand

delivery.
Implement virtualization to consolidate servers, support legacy applications,

and create a test environment.
Determine virtualization appropriateness and virtual server provisioning.
Course Outline
This section provides an outline of the course:
Module 1, "Designing IIS Web Farms" This module introduces the process of
designing IIS Web Farms.
Module 2, "Optimizing IIS Performance and Stability" This module introduces
Optimizing IIS Performance and Stability.
Module 3, "Designing IIS Security" This module describes the process of designing
IIS Security.
Module 4, "Design IIS Maintenance and UDDI" This module explains the
reliability, recovery, and monitoring for IIS 7.
xvi
xvii
Module 5, "Designing a Terminal Services Infrastructure" This module describes

the process of designing and preparing a Terminal Services infrastructure.
Module 6, "Designing a Terminal Services Maintenance Strategy" This module
explains how to design a terminal services maintenance strategy that provides for
high-availability, resource allocation, monitoring, reporting, and recovery.
Module 7, "Design Windows Media Services Infrastructure" This module describes
designing Windows Media Services in Windows Server 2008. They will become
familiarized with live and on-demand content delivery.
Module 8, "Design Virtualization Infrastructure" This module discusses
implementing virtualization to consolidate servers, deploy branch office
infrastructure servers, support legacy applications, and create a test environment.
Module 9, "Design Virtualization Provisioning" This module describes how to
determine virtualization appropriateness and virtual server provisioning. Students
will also learn the importance of customizing virtual servers to standard
configurations and also learn about virtual server deployment.
Course Materials
The following materials are included with your kit:
Course Handbook. The Course Handbook contains the material covered in

class. It is meant to be used in conjunction with the Course Companion CD.
Course Companion CD. The Course Companion CD contains the full course
content, including expanded content for each topic pages, full lab exercises
and answer keys, topical and categorized resources and Web links. It is meant
to be used both inside and outside of the class.
Note: To access the full course content, insert the Course Companion CD into the
CD-ROM drive, and then in the root directory of the CD, double-click StartCD.exe.
Course evaluation. At the end of the course, you will have the opportunity to
complete an online evaluation to provide feedback on the course, training
facility, and instructor.
To provide additional comments or feedback on the course, send e-mail to

support@mscourseware.com. To inquire about the Microsoft Certification
Program, send e-mail to mcphelp@microsoft.com.
About This Course
About This Course
Virtual Machine Environment

This section provides the information for setting up the classroom environment to
support the business scenario of the course.
Virtual Machine Configuration

In this course, you will use Microsoft Virtual Server 2005 R2 SP1 to perform the
labs.
The following table shows the role of each virtual machine used in this course:
Virtual machine
Role
6437A-NYC-DC1
Domain Controller for Woodgrove Bank
6437A-NYC-WEB-A
Web server for Woodgrove Bank
6437A-NYC-WEB-D
6437A-NYC-WEB2
6437A-SEA-DC-01
Domain Controller for Contoso
Software Configuration
The following software is installed on each VM:
Windows Server 2008 Enterprise Edition
Classroom Setup
Each classroom computer will have the same virtual machines configured in the
same way.
xviii
Course Hardware Level

To ensure a satisfactory student experience, Microsoft Learning requires a
minimum equipment configuration for trainer and student computers in all
Microsoft Certified Partner for Learning Solutions (CPLS) classrooms in which
Official Microsoft Learning Product courseware are taught.
This course requires that you have a computer that meets or exceeds hardware
level 5.5, which specifies a 2.4gigahertz (GHz) (minimum) Pentium 4 or
equivalent CPU, at least 2 gigabytes (GB) of RAM, 16 megabytes (MB) of video
RAM, and two 7200 RPM 40-GB hard disks.
xix
About This Course
1-1
Module 1
Designing IIS Web Farms
Contents:
Lesson 1: Overview of Hardware and Platform Options
1-3
Lesson 2: Design Web Farm Availability and Scalability
1-10
Lesson 3: Design Content Storage
1-26
1-31
Module Overview
The best way to guarantee the scalability and availability of your internet service is
to host your site with more than one computer. This module will help students
learn the process of designing IIS Web Farms with Microsoft Windows Server
2008 and IIS 7. You will learn how to select the appropriate hardware and software
platforms. You will learn techniques to leverage Web Farm Availability and
Scalability. You will also learn how to select the proper storage for your content
and other data.
1-2
Lesson 1
Overview of Hardware and Platform Options
This lesson focuses on evaluating 32 bit and 64 bit issues which will aide in
selecting appropriate hardware, OS and IIS Configuration.
1-3
Evaluate 32 bit vs. 64 bit
Key Points
Before choosing hardware and software platforms for the web farm, there are
things to consider.
For example on 64-bit Windows, 32-bit processes cannot load 64-bit DLLs, and
64-bit processes cannot load 32-bit DLLs. If you plan to run 32-bit applications on
64-bit Windows, you must plan to create 32-bit IIS worker processes. Once you
have planned to create 32-bit IIS worker processes, you can run the following types
of IIS applications on 64-bit Windows:
Internet Server API (ISAPI) extensions
ISAPI filters
ASP Applications (COM objects can be either 32 bit or 64 bit)
ASP.net Applications
IIS can, by default, launch Common Gateway Interface (CGI) applications on 64bit Windows, because CGI applications run in a separate process.
1-4
1-5
Question: Do you run these types of IIS applications in your work environment?
For More Information, see "Appendix D: Running 32-bit Application on

64-bit Windows" in TechNet content.
Choosing the Right Hardware
Key Points
It is important to plan the right hardware to satisfy the expected file server load,
keeping in mind average load, peak load, capacity, growth plans, and response
times. Hardware bottlenecks will limit the effectiveness of software tuning.
Number, type, and speed of processors
Amount of physical memory (RAM)
Number, type, and speed of network adapters
Type of disk controller, number of physical disks and their overall capacity
1-6
Question: What type of hardware do you use in your work environment?
For More Information, see "Windows Server 2008 System

Requirements" in TechNet content.
1-7
Choosing the OS and IIS Configuration
Key Points
After evaluating and selecting the right hardware, you should plan the right
Windows Server and IIS configuration.
Choose between:
32 bit Windows Server and 32 bit IIS
You should ensure that you install the 64 bit version Internet Information Services
(IIS) 7.0 Manager on 64 bit operating systems.
1-8
1-9
Question: Which OS and IIS Configuration do you use in your work environment?
For More Information, see "Making the Move to x64" in TechNet

content.
Lesson 2
Design Web Farm Availability and Scalability
This lesson focuses on the essentials of designing IIS Web Farms. For example
planning Load Balancing, Shared State Requirements and Xcopy Deployment.
1-10
1-11
Overview of Web Farms
Key Points
In its simplest terms, a Web farm is a group of Web servers that appear on the
Internet as one Web site. However, making such a simple concept work is more
complex.
Consist of:
Redundant Firewalls
Load Balancing Servers
Web and Content Servers
Database Servers
It is easiest to introduce the intricacies of Web farms by talking about what

happens when a request is sent from a client to your Web site that is hosted in a
Web farm.
The user sends a request over the Internet to your Web site. Before the request
reaches your Web servers, it must pass through your companys firewalls and into
some kind of load-balancing servers. These servers can be either hardware or
software. Their role is to determine which Web server in your Web farm is best
able to accept the incoming request. The goal of a load balancer is just what its
name suggests: to ensure that each Web server in your Web farm carries an equal
share of the incoming request traffic.
The load-balancing servers then forward the request to one of the Web servers that
run IIS. If necessary, the front-end Web server will contact a back-end database
server to get some data to satisfy the request. Then the Web server will send a
response back out, or it will use a cached version of the response and send that
back out to the client.
Question: What is the difference between a Web Farm and a Web Garden?
For More Information, see "Using Web Farm Technology to Provide

High Availability for Message Queuing" in TechNet content.
1-12
1-13
Design Load Balancing
Key Points
Designing Load Balancing is important because Network Load Balancing scales the
performance of a server-based program, by distributing its client requests across
multiple identical servers within the cluster; you can add more servers to the
cluster as traffic increases. Up to 32 servers are possible in any one cluster.
In planning a load balancing solution it is also important to discuss how to
confirm and monitor network load balancing functionality in IIS 7.0.
Make sure that there are no IP address conflicts
Confirm that the Network Load Balancing Manager connects to host
Confirm that the cluster host completes the convergence
Confirm that network traffic is evenly balanced among cluster hosts
Question: Is Load Balancing used in your work environment to distribute client

requests?
For More Information, see "How Network Load Balancing Technology

Works" in TechNet content.
1-14
1-15
Session State Requirements
Key Points
Session states lets you associate a server-side string or object dictionary with a
particular HTTP client session. We will examine the session state requirements for
Web Farms.
Associate String or Object with particular HTTP Client Session
Session Data is stored on the server side
Session State in ASP.NET App can add overhead
Session State impact may be reduced with best practices
Not all pages access session state
The session data is stored on the server side in one of the supported session state
stores.
Using session state in an ASP.NET application for example can add noticeable
overhead to the application performance.
By taking advantage of optimizations using best practices, the impact of session

state management may be reduced.
Question: Where is Session data stored?
For More Information, see "Taming the Stateless Beast: Managing

Session State Across Servers on a Web Farm" in MSDN content.
1-16
1-17
Shared Offline Configuration Files
Key Points
The Microsoft Distributed File System (DFS) technologies in Windows Server
2008 offer wide area network (WAN)-friendly replication as well as simplified,
fault-tolerant access to geographically dispersed files. Its best to use shared offline
configuration files when it is necessary to ensure front-end use a cached copy of
the applicationHost.config file when the file share is down. It is best to use DFS
when uptime is critical and it is necessary to ensure that the configuration files are
always available.
Pros of Shared Offline Configuration Files:
Faster than DFS
Easier to configure than DFS
No complex DFS infrastructure needed
Quick and easy to use
Ensures simple scenario availability
Cons of Shared Offline Configuration Files:
Small performance cost
Not as robust as DFS
Not a fully redundant solution
Changes to configuration arent replicated until the file share is back online
Question: Do you use Shared Offline Configuration Files in your work

environment?
For More Information, see "Distributed File System Technology Center"

in TechNet content.
1-18
1-19
DFS Enabled Share
Key Points
Plan how DFS can be used to make files that are distributed across multiple
servers. If network resources for a Web site are stored on multiple computers, DFS
allows the network resources to be centralized in a single unified namespace. The
logical namespace remains constant even if you move network resources to either a
different server or a shared folder.
Question: What is a scenario you would use a DFS Enabled Share in your work
environment?
For More Information, see "HOW TO: Configure Microsoft DFS as the
Filing System for IIS" in Knowledge Base.
Shared Configuration for 2 Nodes
Key Points
Planning Shared configuration for 2 nodes using IIS 7 Manager makes it easy to
accomplish Web site deployment with web farms.
Site owner can:
Deploy IIS Configuration
Deploy ASP.NET Configuration and Code
Deploy Content
Question: Do you use Shared Configuration in your work environment?
For More Information, see "Shared Configuration" in Communities.
1-20
1-21
Xcopy Deployment
Key Points
When planning to use Xcopy to deploy your server configuration instead of using
the IIS Manager, its important to note a few things. The machine keys are used to
encrypt properties like passwords for application pool identities or anonymous
users. If you installed any custom modules or certificates, they should exist on all
the machines before your share configuration.
You need to install any components on all servers in the farm before sharing their
config. If you install a filter or an IIS component, such as Basic authentication, you
must remove the server from shared configuration and install it locally. Then
ensure it exists on all machines before sharing config.
Question: Have you used Xcopy to deploy sites in your work environment?
For More Information, see "How to Use Configuration Delegation in

IIS 7" in Communities.
1-22
Design Deployment and Update
Key Points
Design Deployment and Update solutions to synchronize Web servers
configuration and content between multiple servers.
Question: What Deployment and Update solutions do you use to synchronize
content and configuration in your work environment?
For More Information, see "Web Site Deployment Made Easy" in

Communities.
1-23
Plan for FTP, SFTP and SMTP
Key Points
The new FTP service incorporates many new features that enable web authors to
publish content better than before, and offers web administrators more security
and deployment options.
Integration with IIS 7.0
Support for new Internet standards
Shared hosting improvements
Extensibility and custom authentication
Improved logging support
New supportability features
1-24
1-25
Question: Do you offer FTP or SMTP services in your work environment?
For More Information, see "Microsoft FTP Publishing Service for IIS 7.0"
in Communities.
Lesson 3
Design Content Storage
This lesson focuses on Local Content Storage as well as the Folder Hierarchy and
High Availability RAID Volumes and sizing.
1-26
1-27
Local Content Storage
Key Points
Local content storage entails storing Web content on the same servers that are
running IIS in your Web farm. The request coming in from the client over the
Internet, through the firewall and load balancer. Then the request is routed to a
server. Each server on the Web farm contains the content of the Web site. There is
isolation between content storeseach server being independent of the othersbut
there is also redundancy. Each server contains exactly the same content as the
others. Any content changes you make to your site must be propagated across all
Web farm servers. Theres a real isolation between each content server.
Question: How is content distributed among servers?
For More Information, see " Web Site Deployment Made Easy" in
Communities.
Design Folder Hierarchy
Key Points
Individual Web sites and applications can be customized to add or remove
capabilities as required via a web.config file, which resides in the Web root or
application root folder.
The site directory hierarchy will look like this. Below the root directory, in our case
named "e:\content", we have a directory for Failed Request Logs (failedreqlogfiles),
a directory for standard log files (logfiles) and a directory for the actual content of
each site (wwwroot).
Question: What is the benefit of planning your file hierarchy?
For More Information, see "Shared Hosting on IIS 7" in Communities.
1-28
1-29
Specify Volumes (RAID level, size)
Key Points
You can determine the best RAID level for your file servers by evaluating the read
and write loads of the various data types and then deciding how much you are
willing to spend to achieve the performance and availability/reliability that your
organization requires.
A general guideline is to plan for faster growth in the future than you experienced
in the past. Investigate whether your organization plans to hire a large number of
people, whether any groups in your organization are planning large projects that
will require extra storage, and so on.
You must also take into account the amount of space used by operating system
files, applications, RAID redundancy, log files, and other factors that affect file
server capacity.
Question: Do you have RAID Volumes implemented in your work environment?
For More Information, see "Planning the Layout and RAID Level of
Volumes" in TechNet content.
1-30
1-31
Exercise 1: Design Hardware Platform

Scenario
Scenario #1
You are the Enterprise Administrator for a publishing company. Your company has
a website currently running on a single 32 bit server. A new version of the website
written in asp.net 2.0 has been released and the number of customers and traffic
on the website is rapidly increasing. Your company wants to capitalize on the
popularity of the website and market it to a broader audience and add additional
functionality to drive more sales.
The end user performance on the website has been declining as traffic has
increased. Additionally there are frequent spikes in CPU utilization that occur in
conjunction with application pool recycling.
Youve been asked to design a web server infrastructure that will support 100
times the current traffic and provide high availability during planned and
unplanned server outages and provide data center redundancy.
Scenario #2
Existing web farm supporting single website is going to be expanded to include an
additional 2 major websites. The amount of traffic is expected to triple with the
addition of these websites. Each website is expected to have large seasonal traffic
spikes at different times of the year.
The main tasks for this exercise are as follows:
1.
Review hardware options and design hardware platform.
f Task 1: Review hardware options and design hardware platform
Select 64 bit platform

Results: After this exercise, you should have reviewed hardware options and platform
and selected 64 bit platform.
1-32
1-33
Exercise 2: Design Web Farm Availability and Scalability

Scenario
Scenario #1
Scenario #2
Create a design document consisting of multiple web farms.
f Task 1: Create a design document consisting of multiple web farms
Create a conceptual design diagram consisting of multiple web farms
Evaluate Need for Web Farm
Design Load Balancing

Results: After this exercise, you should have created a design diagram consisting of
multiple web farms. Evaluated Need for Web Farm and Planned Load Balancing.
Exercise 3: Design Web Site Availability and Scalability

Scenario
Scenario #1
Scenario #2
Create a design document consisting of multiple web farms with all websites
hosted on each server.
f Task 1: Create a design document consisting of multiple web farms

with all websites hosted on each server
Create a conceptual design diagram consisting of multiple web farms with all
websites hosted on every server.
1-34
1-35
Exercise 4: Design Website Configuration, Deployment and

Consistency
Scenario
Scenario #1
Scenario #2
Plan to automatically deploy website configuration using Xcopy deployment.
f Task 1: Plan to automatically deploy website configuration using

Xcopy deployment
Design batch files using the new Xcopy command to plan automatic
deployment of website configuration to Windows Server 2008 with IIS
installed.
Results: After this exercise, you should have planned to automatically deploy website
configuration using batch files and Xcopy deployment.
Exercise 5: Design Website Content, Deployment and

Consistency
Scenario
Scenario #1
Scenario #2
Plan to automatically deploy website content using Xcopy deployment.
f Task 1: Plan to automatically deploy website content using Xcopy

deployment
deployment of website content to Windows Server 2008 with IIS installed.
content using batch files and Xcopy deployment.
1-36
Module Review and Takeaways
Review Questions
1.
What is the difference between a Web Farm and a Web Garden?
2.
What is Network Load Balancing?
3.
What is Xcopy Deployment
1-37
2-1
Module 2
Optimizing IIS Performance and Stability
Contents:
Lesson 1: Designing Application Pools
2-3
Lesson 2: Designing Script Mapping
2-12
Lesson 3: Designing Bandwidth Allocation
2-19
Lesson 4: Design Website Logging
2-26
2-33
Module Overview
An important aspect of managing a Web server is implementing best practices that

ensure the best possible performance. This module briefly introduces some best
practices for improving performance in Microsoft Internet Information Services 7.0
(IIS). In this module, you will learn how to configure IIS to provide the best
performance. You will learn how to manage applications pools to achieve
performance goals. You will also learn about application mapping, allocating CPU
Bandwidth and website logging.
2-2
2-3
Lesson 1
Designing Application Pools
Before configuring application pools, it is important to understand how application

pools relate to Web sites in the new pipeline model and the implications to
authentication. In this lesson, you will learn about Web sites and application pools,
and how authentication works with IIS. You will also learn about the default
application pool properties.
Overview of Application Pools
Key Points
An application pool is a group of one or more URLs that are served by a

worker process or a set of worker processes. Application pools set boundaries
for the applications they contain, which means that any applications running
outside of a given application pool cannot affect the applications within the
application pool.
Question: Do you have multiple applications running under one application pool
in your organization?
For More Information, see "Managing Application Pools" in TechNet

content.
2-4
2-5
Design Application Pools
Key Points
To group sites and applications that run with the same configuration settings.
To isolate sites and applications that run with unique configuration settings.
To increase security by using a custom identity to run an application.
To prevent resources in one application from accessing resources in another

application.
To improve performance by separating unstable applications from wellbehaved applications.
Question: If you create too many application pools, can it adversely effect Web
server performance?
For More Information, see "Managing Application Pools in IIS 7.0" in

TechNet content.
2-6
2-7
Overview of Application Pool's Basic Properties
Key Points
Application pools isolate Web sites and Web applications to address reliability,
availability, and security issues.
You can configure the basic settings for the application pool.
Question: When would you want to configure an application pool through a

script?

TechNet content.
Specify Recycle Thresholds
Key Points
If you have a problematic application and you cannot easily correct the code
that causes the problems, you can limit the extent of these problems by
periodically recycling the worker process that services the application.
In addition to recycling an application pool on demand when problems occur,

you can configure an application pool to recycle a worker process at a specific
event.
Question: Have you previously recycled application pools using any of these
options?

TechNet content.
2-8
2-9
Specify App Pool Identity
Key Points
You can perform this procedure by using the user interface (UI), by running
IIS 7.0 command-line tool commands in a command-line window, by editing
configuration files directly, or by writing WMI scripts.
Question: What is the default user account used for Application Pool
Authentication?

TechNet content.
Specify Performance Settings
Key Points
Internet Information Services (IIS) 7.0 can be configured to optimize the

performance of an application pool, allowing you to optimize the performance
of your Web applications.
Some of the ways to accomplish this include configuring an application pool

to limit the size of its request queue, enabling CPU monitoring to allow the
server to take action when CPU usage exceeds maximum CPU use,
configuring the server to shut down a worker process after being idle for a
specified number of minutes.
2-10
2-11
Question: Have you used any of these performance settings in a Web site in your
work environment?
For More Information, see "Configure Application Pool Performance"

in TechNet content.
Lesson 2
Designing Script Mapping
When you want a managed handler on the Web server to handle requests for a
specific file or file name extension, you can create a managed handler mapping.
Managed handlers are written in managed code and respond to specific requests
on the Web server.
2-12
2-13
Overview of Script Mapping
Key Points
When you want a native handler on the Web server to handle requests for a
specific file or file name extension, you can create a script map. Native
handlers, also known as script engines, are native code .exe or .dll files that
respond to specific requests.
If you map a type of request to an .exe file (the script engine), CgiModule
will load the associated executable when a request enters the server and it
matches the handler mapping.
If you map a type of request to a .dll file (the script engine), IsapiModule
will load the DLL when a request enters the server and it matches the
handler mapping.
Question: What kind of script mapping have you used in your work environment?
For More Information, see "IIS 7.0: Add a Script Map Handler Mapping"
in TechNet content.
2-14
2-15
Plan Script Mapping Properties
Key Points
The necessary modules and handlers must be installed on the Web server and
enabled at the level at which you perform this procedure.
If you perform procedures in this section by using IIS Manager, you must be a
server administrator or an IIS Manager user who has been granted permission
to a site or an application in IIS Manager.
If you perform procedures in this section by using Appcmd.exe, running WMI

scripts, or editing configuration files, you must have write access to the target
configuration file or files.
Question: In your work environment have you configured handlers at any of these
levels?
For More Information, see "IIS 7.0: Handler Mappings Feature

Requirements" in TechNet content.
2-16
2-17
Design Script Mapping
Key Points
When you want a managed handler on the Web server to handle requests for a
specific file or file name extension, you can create a managed handler
mapping.
When you want a native module on the Web server to handle requests for a
specific file or file name extension, you can create a module handler mapping.
When you want a native handler on the Web server to handle requests for a
specific file or file name extension, you can create a script map. Native
handlers, also known as script engines, are native code .exe or .dll files that
respond to specific requests.
Add a wildcard script map when you want to configure an ISAPI extension to
intercept every request before the request is sent to its mapped handler.
Question: Have you used any of these handlers in Web sites running in your work
environment?
For more information, see "IIS 7.0: Add a Managed Handler Mapping"
in TechNet content.
2-18
2-19
Lesson 3
Designing Bandwidth Allocation
With Windows System Resource Manager, administrators can control how CPU
resources are allocated to applications, services, and processes. Managing
resources in this way improves system performance and reduces the chance that
applications, services, or processes will interfere with the rest of the system.
Overview of Bandwidth Allocation
Key Points
The Windows System Resource Manager (WSRM) is a server feature that

provides administrators a way to set resource allocation policies.
Resource allocation policies associate groups of one or more processes

(applications) with some amount of machine resources (e.g. 20% CPU).
Windows System Resource Manager provides user interfaces for creating,

modifying and deleting resource allocation policies.
Question: Have you used WSRM to set CPU allocation in Web sites running in
your work environment?
For More Information, see "How Windows System Resource Manager

2-20
2-21
Bandwidth Allocation Settings
Key Points
Standard is the default setting. It means that Windows System Resource

Manager does not control the distribution of CPU bandwidth among
processes in the group.
Windows System Resource Manager will manage individual processes in the

group according to equal targets, each an equal share of the group's target.
Windows System Resource Manager will manage sub-groups of processes in

the group, assigning equal shares according to the user that started the
process.
Question: Have you used Equal per process or user settings in Web sites in your
work environment?

2-22
2-23
Design Bandwidth Allocation
Key Points
You can administer resource policies and monitor resource usage with
Windows System Resource Manager using Microsoft Management Console
(MMC).
You can use these commands to manage Windows System Resource Manager
from the command line. You can automate or script your WSRM commandline operations.
Question: Have you experienced using the MMC and the Command Line Interface
in your work environment?

Specify Max Bandwidth per Site
Key Points
The Windows System Resource Manager service monitors the state of

managed processes and takes action when those processes do not meet their
target CPU allocations.
If a process exceeds its target allocation, the service uses the Windows System
Resource Manager dynamic process priority management algorithm to try to
make the process conform to its target allocation.
Question: Have you used the CPU allocation settings on Web sites in your work
environment?

2-24
2-25
Specify WSRM Settings per Application
Key Points
Processes that are unable to consume their allocated CPU bandwidth, even
after appropriate priority adjustments have been made to the priorities of other
processes, will have their unconsumed allocation re-allocated to other
processes.
This allows competing processes to use the CPU bandwidth equal to the
difference between all remaining CPU bandwidth and the CPU bandwidth
allocated to the process.
Question: Have you used Windows System Resource Manager in your work
environment to manage CPU Bandwidth?

Lesson 4
Design Website Logging
Effective monitoring and auditing of Web server logs is necessary for maintaining
useful and stable Web sites. The logging options in IIS 7.0 are highly configurable.
2-26
2-27
Overview of Website Logging
Key Points
You can collect information about user activity by enabling logging for your
Web sites and servers.
Logging information in IIS 7.0 goes beyond the scope of the simple event
logging or performance monitoring features in Microsoft Windows.
The logs can include information such as who has visited your site, what the
visitor viewed, and when the information was last viewed.
Question: How have you used Web site logging in the past?
For More Information, see "Logging Site Activity" in TechNet content.
Best Practices for Auditing IIS 7.0 Logs
Key Points
It is important to maintain good practices when managing and review your

Web log files.
Locate the log file on a secure, reliable drive and should be stored in a
directory other than systemroot.
Maintain a reliable corporate policy on log file retention.
Monitor and manage the maximum number of log files to keep and the
maximum size of the log files.
Find and secure access to obsolete files.
2-28
2-29
Question: Do you know of any other good practices in managing and monitoring
Web site logs.
For More Information, see "IIS 7.0 Beta: Enable Trace Logging for Failed
Requests" in TechNet content.
Plan Logging for Web Site and Web Applications
Key Points
There are many different formats, encoding, and options for Web site logging.
The default logging method for IIS 7.0, the W3C Extended Log File Format is
a standard defined by the World Wide Web Consortium. This logging format
can divulge a large amount of information on the activity of your IIS server,
and IIS lets you drill down to select which options you want to log.
Question: What type of log file rollover setting might be most useful in your
organization?
For More Information, see "Configuring IIS Logs" in TechNet content.
2-30
2-31
Review Logs
Key Points
The View Log Files option opens the log file directory.
The View Log Files option may be unavailable. If it is not available, you can use
Notepad or a third-party product to view the logs.
Question: What third-party applications can you use for analyzing Web site log
files?
For More Information, see "Logging Page" in Help.
Design Logging
Key Points
Logging options are very customizable in IIS 7.0. There are many fields and
information that can be integrated into the Web site log files.
Effective use of the Logging Options all you to build comprehensive Web logs
that are manageable in size.
Question: What fields might be most useful in reviewing Web site logs?
For More Information, see "W3C Logging Fields Dialog Box" in Help.
2-32
2-33
Exercise 1: Design and Test Application Pools

Scenario
You are the Enterprise Administrator for Woodgrove Bank. Your company has
multiple websites running on web farms spread across two data centers. All web
servers are identical in configuration and content, hosting all websites.
The website applications consist of two written in asp.net 1.0, four written in
asp.net 1.1 and two written in asp.net 2.0. Two of the asp.net 1.1 applications are
maintained by an outside organization. These two applications are frequently
updated and have been known to experience memory leaks from time to time
(appropriate application pool separation).
You want to prevent large amounts of activity on any single website from seriously
degrading the performance of other websites (using both bandwidth throttling and
Microsoft Windows System Resource Manager the vendor should provide a table
showing what the allocated bandwidth should be per application). There is a
different group of website administrators for each site. They are responsible for
continuous monitoring and website updates.
Sites
Application
Comments
ASP.net 1.0
Each site is monitored by a different group of

administrators.
ASP.net 1.1
2 of these sites are maintained by an outside

organization. Frequently updated and known to
leak memory from time to time. Each site is
monitored by a different group of administrators.
ASP.net 2.0
Each site is monitored by a different group of

administrators.

1.
Identify the necessary Application Pools to create.
2.
Design auto deployment of Application Pools created.
2-34
2-35
f Task 1: Identify Application Pools

1.
Create the Application Pool and setting for ASP.NET 1.0 applications.
2.
Create the Application Pool and settings for ASP.net 1.1 applications.
3.
4.
Create Application Pool and settings for ASP.net 1.1 Misbehaving applications.
f Task 2: Design Deployment of Application Pools
Create scripts to deploy App Pools and settings for each application pool
create in Task 1.
Results: After this exercise, you should have created a drawing showing application
isolation and a document describing automatically deploying application isolation
solution.
Exercise 2: Design and Test Script Maps

Scenario
Windows System Resource Manager the vendor should provide a table showing
what the allocated bandwidth should be per application). There is a different
group of website administrators for each site. They are responsible for continuous
monitoring and website updates.
1.
Identify the necessary script mappings for each type of application.
2.
Design automatic deployment of script mappings.
f Task 1: Identify Script Mappings
Identify script mappings for each application file type.
f Task 2: Design Auto Deployment of Script Mappings
Create scripts to automatically deploy Script Mappings for each file type.
Results: After this exercise, you should have created a design document identifying
script mappings as well as a document with plans for auto deployment of script
mappings.
2-36
2-37
Exercise 3: Design and Test Bandwidth Allocation

Scenario
1.
Identify the necessary bandwidth allocation for each application.
2.
Design automatic deployment of bandwidth allocation.
f Task 1: Identify Bandwidth Allocation
Identify bandwidth allocation per application.
f Task 2: Design Auto Deployment of Bandwidth Allocation
Create scripts to automatically deploy bandwidth allocation for each file

application.
bandwidth allocation per application as well as a document with plans for auto
deployment of bandwidth allocation.
Exercise 4: Design and Test Website Logging

Scenario
1.
Identify the necessary bandwidth allocation for each application.
2.
Design automatic deployment of bandwidth allocation.
f Task 1: Identify Logging Options
Identify logging options for each Web site.
f Task 2: Design Auto Deployment of Logging Options
Create scripts to automatically deploy logging options for each Web site.
logging structure as well as a document with plans for auto deployment of logging
structure and fields.
2-38
2-39
Exercise 5: Configuring a Web Server to Host Multiple

Applications with Separate Application Pools
Scenario
You will deploy the SalesSupport application to two new instances. Once instance
will be a test deployment with additional testing configuration. Another instance
will be for the German division of Woodgrove and will need to be set for German
globalization settings because this instance was created by copying from the New
York site. Additionally, you will disable the debug mode for the production version
of SalesSupport.
Exercise Overview
In this exercise, you will learn how to create an application pool.
This exercises main tasks are:
1.
Create three application pools named SalesSupport, SalesSupport_De, and

SalesSupport_Test.
2.
Create the applications SalesSupport_De and SalesSupport_Test.
3.
Use XCopy to deploy the files from the SalesSupport directory to the
SalesSupport_DE and SalesSupport_Test directories.
4.
Assign the applications to the appropriate application pools.
5.
Configure application pool recycling for unlimited requests.
6.
Configure the SalesSupport_Test application pool to record recycled events.
7.
Configure the SalesSupport .NET compilation debug setting to False.
8.
Configure the SalesSupport_De application globalization settings for Germany.
f Task 1: Create three application pools named SalesSupport,

SalesSupport_De, and SalesSupport_Test
1.
Start 6437A-NYC-DC1, and log on as LocalAdmin with the password of

Pa$$w0rd.
2.
Start 6437A-NYC-WEB-A, and log on as Administrator with the password of

Pa$$w0rd.
3.
On NYC-WEB-A, in IIS Manager, add three application pools named

SalesSupport, SalesSupport_De, and SalesSupport_Test.
f Task 2: Create the applications SalesSupport_De and SalesSupport_Test

1.
In IIS Manager, create an application named SalesSupport_De with a physical

path of c:\inetpub\wwwroot\SalesSupport_De.
2.
Create an application named SalesSupport_Test with a physical path of

c:\inetpub\wwwroot\SalesSupport_Test.
f Task 3: Use XCopy to deploy the files from the SalesSupport directory
to the SalesSupport_DE and SalesSupport_Test directories
At the command prompt, change to the c:\inetpub\wwwroot directory and

then use XCopy to copy the files and directory structure from SalesSupport to
SalesSupport_De and SalesSupport_Test.
f Task 4: Assign the applications to the appropriate application pools

1.
In IIS Manager, modify the SalesSupport, SalesSupport_De and

SalesSuppot_Test to use their correspondingly named application pools.
2.
Disable anonymous authentication and enable basic authentication with the

domain and realm of woodgrovebank for both SalesSupport_De and
SalesSupport_Test applications.
f Task 5: Configure production application pool recycling for unlimited

requests
In IIS Manager, modify the SalesSupport and SalesSupport_De application

pool recycling so that they do not recycle on regular intervals.
f Task 6: Configure the SalesSupport_Test application pool to record

recycled events
In IIS Manager, modify the SalesSupport_Test application pool recycling to

recycle every 1024 requests, and modify the Recycling Events to Log to log
number of requests, On-Demand, and Configuration Changes.
2-40
2-41
f Task 7: Configure the SalesSupport .NET compilation debug setting to

False
In IIS Manager, modify the SalesSupport .NET Compilation behavior

settings so that Debug is False.
f Task 8: Configure the SalesSupport_De application globalization

settings for Germany
1.
In IIS Manager, modify the SalesSupport_De .NET Globalization settings so

that culture and UI Culture are set to German (Germany) (de-DE).
2.
Start Internet Explorer and browse to http://localhost/salessupport and

enter user name yvonne and password Pa$$w0rd. On a second and third tab,
browse to http://localhost/salessupport_de and
http://localhost/salesupport_test with yvonne's credentials so that all three
applications are loaded in the browser.
3.
Open Task Manager and note the instances of w3wp.exe.
4.
In Internet Explorer, browse to http://localhost/salessupport_de/test.aspx

and notice the date format in the page.
5.
Close Internet Explorer before continuing.

Results: After this exercise, you should have successfully deployed multiple
applications with separate application pools, configured recycling and debug settings,
and configured and verified .Net globalization settings.
Lab Shutdown
After you complete the lab, you must shut down the virtual machines and discard
any changes.
Review Questions
1.
What are Recycle Thresholds?
2.
What is Windows System Resource Manager?
3.
How is Log File Rollover Useful?
2-42
3-1
Module 3
Designing IIS Security
Contents:
Lesson 1: Design and Verify Transport Security
3-3
Lesson 2: Design Authentication and Authorization
3-13
Lesson 3: Design Delegation Administration
3-23
3-32
Module Overview
Web servers are often placed in a very precarious position. They are typically
public-facing servers, but they also need to maintain very tight security in order to
maintain the integrity of the server and to ensure confidence to their users.
Microsoft IIS 7.0 provides many tools and techniques for maintaining a highly
secure Web server environment.
3-2
3-3
Lesson 1
Design and Verify Transport Security
There are additional tools and techniques that can be managed to enhance Web
server security. Certificates are a key component of creating a trusted relationship
between the Web client and the Web server.
Overview of IIS Security
Key Points
There are many features and tools built in to IIS 7.0 that allow customizing of
Web site and server security. These tools help secure and restrict unauthorized
access to the Web sites and server.
Question: What security features and tools do you use in your work environment?
For More Information, see "IIS 7 Security Overview" in Communities.
3-4
3-5
Overview of SSL Certificates
Key Points
Web server certificates protect Internet communication by establishing a trust

relationship between the Web client and Web server.
You can obtain certificates from a mutually trusted third-party organization

called a certification authority. Server certificates provide a way for users to
confirm the identity of your Web site before they transmit personal
information, such as a credit card number.
Question: Name some common scenarios that use certificates and SSL-encrypted
connections?
For More Information, see "Server Certificates Page" in Help.
Best Practices of Configuring a Secure Web Server
Key Points
There are many features that can be used to secure an IIS 7.0 server. Some of
them are designed as part of the IIS 7.0 system and installation process, while
others need to be manually configured and monitored by the administrator.
Question: Which of these techniques do you think will be most effective at

securing a Web server in your organization?
For More Information, see "IIS 7 Security Overview" in Communities.
3-6
3-7
Import an Assigned Certificate
Key Points
Renewing expired certificates is easy. There are several tools and wizards
available in IIS 7.0 for managing certificates.
Question: Do you currently use Web server certificates? Do you plan on deploying
them in the future for new projects?
Best Practices for Configuring SSL Certificates
Key Points
Configure the security settings to match the needs of the sites and
applications.
Question: What are the security needs of the applications in your organization?
For More Information, see "Configure Web Server Security" in TechNet

content.
3-8
Associate a Certificate to a Web site
Key Points
Adding security certificates to Web sites is very easy. There are several tools
and wizards available in IIS 7.0 for managing certificates.
Question: Can any of your Web sites benefit from the addition of security
certificates?
3-9
Design SSL to Support HTTPS
Key Points
Obtain or Create a Self-Signed Certificate using IIS 7.0.
Create an SSL Binding and assign it to a Site. By adding a new binding and
choosing HTTPS as the type.
Verify the SSL Binding by clicking the link in the Actions menu browse by
HTTPS.
Configure SSL Settings, you may optionally configure the desired settings.
Question: Do you have experience installing SSL Certificates in your work

environment?
For More Information, see "How to Setup SSL on IIS 7" in Communities.
3-10
3-11
Plan Request Filtering
Key Points
URLScan was a security tool that was provided as an add-on to earlier versions
of IIS so administrators could enforce tighter security polices on their Web
servers.
There are many different filters that can be deployed when managing Request
Filtering.
Question: What aspects of attacks, malware, viruses and worms can be stopped by
implementing aspects of Request Filtering?
For More Information, see "How to Use Request Filtering" in

Communities.
Design Security
Key Points
Authentication helps you confirm the identity of users requesting access to

your Web sites. IIS 7.0 supports both challenge-based and login redirectionbased authentication methods.
Question: What are some scenarios where delegation and remote administration
would be useful for managing a complex Web server deployment?
For More Information, see "Application & Server Security in IIS 7" in
Communities.
3-12
3-13
Lesson 2
Design Authentication and Authorization
There are many tools and techniques available for securing Web sites and servers.
These include such techniques as restricting certain IP addresses, setting up
authorization rules, and managing authentication. By using these and other
techniques, you can make sure your Web server more secure and highly available.
Overview of Authentication and Authorization
Key Points
The identity of an application pool is the name of the service account under
which the application pool's worker process runs. By default, application pools
operate under the Network Service user account, which has low-level user
access rights. You can configure application pools to run under one of the
built-in user accounts in the Microsoft Windows Server 2008 operating
system. For example, you can specify the Local System user account, which
has higher-level user privileges than either the Network Service or Local
Service built-in user accounts. However, remember that running an application
pool under an account with high-level user rights is a serious security risk.
3-14
3-15
Question: What are the scenarios in your organization that you might use a
custom identity for an application pool?
For More Information, see "Creating an Application Pool" in TechNet

content.
Define the Users and Groups
Key Points
Permit a Windows user to connect to a site or an application when you want to

let the user configure delegated features in that Web site or application using
IIS Manager. You can either permit a specific Windows user, or specify a
Windows group so that users of that group can connect to the site or
application.
Question: How do you permit users and groups to connect to sites and
applications?
For More Information, see "IIS 7.0 Beta: Permit a Windows User or
Group to Connect to a Site or an Application" in TechNet content.
3-16
3-17
Plan Access
Key Points
There are many different type of authentication available in IIS 7.0. Different
type of authentication can provide different types of Web site security.
Only Anonymous Authentication is enabled by default.
Question: How does the processing of authorization differ from authentication?
For More Information, see "IIS 7.0 Beta: Configuring Authentication in

IIS 7.0" in TechNet content.
Define Application Restrictions in IIS 7.0
Key Points
ISAPI and CGI restrictions are request handlers that allow dynamic content to
execute on a server.
These restrictions are either CGI files (.exe) or ISAPI extensions (.dll).
Question: How do you specify application restrictions in your work environment?
For More Information, see "IIS 7.0 Beta: Configure Web Server Security"
in TechNet content.
3-18
3-19
Specify Authentication
Key Points
You can configure IIS to authenticate users before they are permitted access to
a Web site, a folder in the site, or even a particular document contained in a
folder in the site. Authentication in IIS can be used to strengthen the level of
security on sites, folders, and documents that are not to be viewed by the
general public.
Authentication in IIS is critical when resources are not meant for anonymous
or public access, but when the Web server must be accessible to approved
users over the Internet. Examples of Web site applications that require
authentication access control include Microsoft Outlook Web Access (OWA)
and the Microsoft Terminal Services Advanced Client.
Question: When would you configure authentication at the site level versus the
application level?
For More Information, see "Configuring Authentication in IIS 7.0" in

TechNet content.
3-20
3-21
Specify Authorization
Key Points
There is a lot of flexibility in defining authorization rules. Authorization rules

can be defined for specific verbs, specific roles, specific users, and/or specific
groups.
Question: Have you configured URL Authorization Rules in your work

environment?
For More Information, see "IIS 7.0 Beta: Configuring URL Authorization
Rules in IIS 7.0" in TechNet content.
Manage Authentication
Key Points
IIS 7.0 may use authentication to identify users. This information can be
placed in log files or you can use it in combination with authorization plug-ins
to control content access.
IIS 7.0 offers many different types of authentication to optimally customize the
level of security and access to Web sites.
Question: Why would you want to use authentication?
For More Information, see "IIS 7.0 Beta: Configuring Authentication in

IIS 7.0" in TechNet content.
3-22
3-23
Lesson 3
Design Delegation Administration
IIS 7.0 can delegate permission in a granular fashion. By using feature delegation,
server administrators can determine which features can be modified by site or
application administrators. This lesson focuses on using feature delegation.
Overview of Delegated Administrative Rights
Key Points
IIS 7.0 delegated administration is useful in a multiple scenarios, including the
following:
You are a server administrator and you are not the primary person providing
content on your server.
You are a developer and you want your server administrator to give you more
control over IIS configuration for your application.
IIS7 feature delegation means:
Managing the set of site and application users that are permitted to use IIS
Manager to view configuration and set configuration for features with
unlocked configuration sections.
3-24
Question: In your work environment, what scenarios would benefit from

delegated administration?
For More Information, see "Feature Delegation Page" in Help.
3-25
Plan Delegated Administration
Key Points
These files can specify configuration sections which will take effect on their
level in the hierarchy and downwards. The machine administrator has to
explicitly unlock sections at the global level, to enable such delegation. By
default most IIS sections are locked down for delegation, and all .NET
framework sections (including Microsoft ASP.NET) are not locked at the
global level.
The process of delegating administrative rights includes the following tasks:
Add site administrators to a site, and add application administrators to an

application.
Configure the delegation state of site and application features for site and
application administrators to view and configure.
Configure connection settings and enable remote management.
3-26
3-27
Question: Do you have experience with Delegated Administration in your work

environment?
For More Information, see "Feature Delegation" in Help.
Delegate Administration
Key Points
The IIS 7.0 configuration system uses the following files:
A central configuration file named applicationHost.config that is located in

%WINDIR%\System32\InetSrv\Config\.
Several Web.config files can appear at any level of the URL hierarchy.
The machine.config file defines the properties that are required for all
ASP.NET Framework features.
Configuration file settings inherit from parent to child file from machine.config
down to the last Web.config file (if any) and the effective configuration is
calculated for a given path. Any setting at a lower level in the hierarchy will
override a parent setting defined in a file above the current level.
3-28
Question: Is your work environment setup to use Delegated Administration?
For More Information, see "Deep Dive into IIS 7 Configuration" in

Communities.
3-29
Overview of Feature Delegation
Key Points
IIS 7.0 feature delegation has the following characteristics:
The server administrator decides which features non-administrators can view

and change.
Features which are not delegated are not visible in the UI at site or application
levels.
Feature delegation works by locking or unlocking configuration sections.
3-30
3-31
Question: How could your work environment benefit from using Feature
Delegation?
For More Information, see "An Overview of Feature Delegation in IIS

7.0" in Communities.
3-32
3-33
Exercise 1: Design and Verify Transport Security

Scenario
You are the Enterprise Administrator for a Woodgrove Bank. Your company has
Website #1 is a banking application where public users can transact banking
online. Users of this website create a login profile that is stored in a Microsoft SQL
Server database. Banking transactions occur (SSL) and those transactions must be
secured. Website #2 is a subscription industry research service where registered
users can download materials with non-disclosure restrictions. Those materials are
highly sensitive (certificate based client authentication should be required). A
subset of the registered users regularly publish materials to the site.
There is a group of IIS administrators who are responsible for site performance and
availability. There is a different group of website administrators for each site. They
are responsible for website activity monitoring and website updates. You want to
prevent administrators from making any changes to websites other than the one
they are responsible for.
1.
Design auto deployment of SSL Certificates.
2.
Redirect websites for SSL.
f Task 1: Design Auto Deployment of SSL Certificates
Create scripts to deploy SSL Certificates to websites.
f Task 2: Redirect Websites for SSL
Plan to redirect websites to use SSL.
Verify redirection of websites to port 443.

Results: After this exercise, you should have a drawing showing a conceptual design of
your plan to deploy and redirect SSL Transport.
Exercise 2: Design and Verify Authentication and

Authorization Methods
Scenario
1.
Plan to deploy Client SSL Certificate.
2.
Plan Access for Site #1.
3.
Plan Access for Site #2.
f Task 1: Plan to Deploy Client SSL Certificate
Plan deployment of Client SSL Certificate.
f Task 2: Plan Access for Site #1
Verify forms-based authentication is enabled for site #1 in web.config file.
3-34
3-35
Plan user account for authentication.
Map client certificate to user account created.
Redirect requests to SSL.
Verify redirection and access to site.

Results: After this exercise, you should have a drawing showing a conceptual design of
your plan to deploy certificate based authentication for site #2 and initial anonymous
access to site #1.
Exercise 3: Design and Verify Delegation Administration

Scenario
1.
Plan Administrative Groups.
2.
Plan Permissions.
f Task 1: Plan Administrative Groups
Plan administrative groups and global groups for IIS Administrators for
website # 1 and 2 on the domain controller.
f Task 2: Plan Permissions
Design updated web.config files with administrative access permissions on

web server.
Results: After this exercise, you should have a conceptual document for web server
and web site administration.
3-36
3-37
Exercise 4: Configuring Authentication Types

Scenario
You receive a service request from the Enterprise Design Team to organize the
existing NYC-WEB-A server into virtual directories by access level. There will be
two access levels: public and restricted. Anyone on the network should be able to
access the public content. Only authenticated users should be able to access
restricted.
Exercise Overview
In this exercise, you will learn how to create virtual directories and configure
anonymous authentication.
This exercises main tasks are:
1.
Start the 6437A-NYC-DC1 virtual machine.
2.
Start the 6437A-NYC-WEB-A virtual machine and log on as

Woodgrovebank\Administrator.
3.
Add Windows Integrated and Digest Security features to the IIS Role.
4.
Create a virtual directory named Public.
5.
Configure the public virtual directory for anonymous authentication.
f Task 1: Start the 6437A-NYC-DC1 virtual
Start 6437A-NYC-DC1.
f Task 2: Start the 6437A-NYC-WEB-A virtual machine and log on as

Woodgrovebank\Administrator
Start 6437A-NYC-WEB-A, and log on as LocalAdmin with the password of

Pa$$w0rd.
f Task 3: Add Basic, Windows Integrated and Digest Security features to

the IIS Role
On NYC-WEB-A, use Server Manager to add the Windows Authentication,

and Digest Authentication role services to the Web server role.
f Task 4: Create a virtual directory named public
Use Internet Information Services Manager to create a virtual directory

named public pointing to the physical directory c:\inetpub\public.
Copy the contents of c:\inetpub\wwwroot to c:\inetpub\public.
f Task 5: Configure the public virtual directory for anonymous

authentication
Use Internet Information Services Manager to make sure that Anonymous

Authentication is enabled for Public.
In Server Manager, enable the local Guest account, and allow Guest to log on
locally.
Use Switch User to logon as NYC-WEB-A\Guest with no password.
Open http://localhost/public in the browser to verify that the local guest can
browse to the public directory.
Results: After this exercise, you should have successfully verified that the Public
directory is created. and loaded the IIS Welcome page in Internet Explorer with the
Guest account.
Lab Shutdown
any changes.
3-38
Review Questions
1
What is Request Filtering?
2.
What is Authentication and Authorization?
3.
What is Delegated Administration?
3-39
4-1
Module 4
Design IIS Maintenance and UDDI
Contents:
Lesson 1: Designing Internet Information Services Backup and Recovery
4-3
4-9
Lesson 3: Deploying UDDI Services
4-15
Lesson 4: Tuning and Troubleshooting IIS 7.0
4-20
4-24
Module Overview
The latest version of IIS, IIS 7.0, expands on IIS with significant changes in
architecture. As a result, planning and deployment of web farms or large-scale web
applications is changed. The shared configuration feature allows the entire web
farm to share the same applicationhost.config file. Changing, maintaining, and
recovering web applications becomes much easier. It is also more capable of
making use of 64 bit architecture, even when running 32 bit applications.
In this module, we will plan for an IIS installation, taking into account these new
features. We will also deploy UDDI services. UDDI is a service location tool that
allows organizations to better collaborate and to reuse existing application
components regardless of the application platform.
4-2
4-3
Lesson 1
Designing Internet Information Services

Backup and Recovery
In this lesson we will introduce the modular IIS 7.0 architecture, including the
XML file format and ability to share configuration amongst web farm members. We
will then learn how to maintain and plan recovery strategies for an IIS 7.0
installation.
IIS 7.0 Modular Architecture
Key Points
With processes separated into WSS and WAS, IIS7 can become more fault
tolerant.
Shared configuration means web farms are easily configured, tested, and
maintained.
Shared Hosting capabilities on a single server IIS7 can maintain separate,

isolated sites. It has been tested with 5,000 sites.
Every site gets its own Application Pool
Microsoft Windows Domain accounts do not have to be used
No need for multiple accounts - Application Pool account, anonymous account

and the account connecting to the remote share are the same user.
For More Information, see "IIS.NET".
4-4
4-5
IIS Configuration History
Key Points
In IIS 5, All websites were run in-process and under the System account.
Configuration was stored in a proprietary Metabase.
In IIS 6, Processes are run under the network service account. XML files
Metabase.xml and MBSchema.xml are used for configuration.
For IIS7, the application Pool, anonymous user, and UNC access use the same
local or AD account. Machine.config, Applicationhost.config, and web.config
all xml.
Centralized Configuration for Web Farms
Key Points
Utilize SANs of other high availability storage for content.
Custom modules must be copied to and enabled on all machines. They can
not be stored centrally.
Distributed web farms might be able to use DFS to share content.
Before enabling shared config, make sure that all necessary modules are on all
web farm members.
For More Information, see "Shared Configuration for IIS7" in

Communities.
4-6
4-7
Maintenance and Recovery
Key Points
In IIS7, Configuration history is tracked by a service that monitors changes to

applicationhost.config.
Snapshots of applicationhost.config are created regularly as recovery points.
Store configuration history in a remote location (such as a UNC on a file

share) to aid recovery.
Application Pool mode

Application Pool mode (worker process and isolation) can be set per application
pool, allowing both types to run on the same server.
Rapid Failure Protection
When RFP is set off, the application pool will crash and not restart automatically.
For More Information, see "IIS Configuration History" in Communities.
Designing Backup and Recovery for Web Farms
Key Points
Configuration Files can be backed up from offline files, DFS-R or client side
caching.
Server Configuration and installed modules can be backed up using

Appcmd. It is a scriptable solution.
Critical content should be stored and backed up using the backup tool of
your choice. Utilizing a VSS solution will reduce the effect of backup on server
performance.
Question: Will your current backup and recovery scheme need to be altered for
IIS7?
For More Information, see "IIS Configuration History" in Communities.
4-8
Lesson 2
Specify Monitoring Requirements
In this lesson we will learn how to monitor an IIS 7.0 installation. We will learn
how to use the failed request tracing rules, IIS 7.0 logging, and other built in
monitoring capabilities. In addition, we will cover the use of System Center to
manage an IIS 7.0 installation.
4-9
Failed Request Tracing Rules
Key Points
Can be used for tracing successful as well as unsuccessful requests.
Define error conditions to trace in advance.
A Failed Request event will include the URL, the Site, the application pool, the
process ID, the User, and a time stamp, as well as the failure, time taken and
status code. These are recorded in an XML log which can be read with System
Center Operations Manager, IE, or any type of parsing tool.
Failed Request Tracing is a module.
Enable Failed Request Tracing from the outset.
4-10
4-11
Question: What problems have you experienced to which you could have applied
Failed Request Tracing?
For More Information, see "Using Failed Request Tracing" in

Communities.
IIS 7.0 Logging Modules
Key Points
The Custom Logging module provides legacy support for iLogplugin.
Failed Request Tracing Module enables failed Request tracing.
HTTP logging, similar to IIS6 HTTP logging is available through the

httplogging module.
Runtime Status and Control Application Programming Interface (RSCA) is

available through the Request Monitor module. Obtain runtime information
and control application pools and web sites.
For More Information, see "Introduction to IIS7 Architecture" in

Technet Content.
4-12
4-13
Worker Processes and Real Time Monitoring
Key Points
Get Executing Requests allows the admin to see the requests that are currently
executing in a worker process.
The Get State process reveals whether a worker process is starting, running, or
stopping.
Both are exposed through a COM API.
Question: How would you apply these COM APIs in a distributed web farm?
For More Information, see "Managing Worker Processes and

AppDomains in IIS7" in Technet Content.
System Center Management Pack for IIS 7.0
Key Points
Will be able to use the IIS 7 Microsoft System Center Operations Manager
Management Pack to track large scale IIS deployments.
Available with the release of IIS7.
Question: What do you currently use to monitor your web servers?
For More Information, see "Controlling Costs and Managing Agility in

the Datacenter" in Technet Content.
4-14
4-15
Lesson 3
Deploying UDDI Services
In this lesson we will discuss how to deploy UDDI to allow for developer
collaboration. A UDDI infrastructure consists of a web service and a database that
stores the providers, bindings, and tModels that define UDDI. We will discuss the
authentication methods and security roles. In addition we will demonstrate UDDI
management for the enterprise administrator.
Evaluate Need for UDDI
Key Points
UDDI can be used to increase developer productivity by encouraging re-use of

resources.
It can also be used to help customers locate up-to-date existing resources.
UDDI is a standard and web enabled. It can be used to connect to external

partner resources as well.
Question: Is there an application for UDDI in your organization?
For More Information, see "Enterprise UDDI Services: Three Usage

Scenarios" (UDDIScen.doc) in Technet Content.
4-16
4-17
UDDI Requirements
Key Points
Use a distributed installation for most all enterprise applications, utilizing an

external Microsoft SQL Server instead of the internal SQL database.
Possibly create a "sandbox" UDDI service using the stand alone installation.
Use the Active Directory security model for better tracking of authentication.
For More Information, see "Enterprise UDDI Services: A Synopsis"

(UDDISynop.doc) in Technet Content.
Design UDDI Infrastructure
Key Points
Install the UDDI service on a web server, cluster, or farm with the appropriate
level of availability.
Use a SQL Server for the database component.
UDDI is managed through an MMC.
Integrate UDDI authentication with Active Directory.
The security roles in UDDI are User, Publisher, Coordinator, and

Administrator.
For More Information, see "UDDI Guide" (UDDIGuide.doc) in Technet

Content.
4-18
Manage UDDI Service
Key Points
Create a backup scheme for the UDDI data stored on the SQL server.
Only use verbose logging when debugging, as it will decrease performance.
4-19
Lesson 4
Tuning and Troubleshooting IIS 7.0
In this lesson we will identify application pool issues in IIS 7.0 and how to deal
with them. IIS 7.0 allows the administrator to specify recycling thresholds to better
control the way that an application pool uses memory. However, modifying
recycling thresholds can affect overall performance. In addition, we will discuss the
features of 64 bit architecture that can enhance IIS 7.0 in the enterprise.
4-20
Specify Recycling Thresholds
Key Points
Recycling is configured in WAS.
Recycling can cause session state data to be lost. Also slows performance.
Can be configured at web server, site, application, physical and virtual

directories, file (URL), modules and handlers.
4-21
32 bit vs. 64 bit Architecture
Key Points
64 bit architecture dramatically expands valuable address space available for

web services.
Using 64 bit architecture reduces the frequency of application pool recycling.
WOW64 allows 64 bit servers to run 32 bit applications.
Question: Are you currently using or planning to use 64 bit architecture for web
services?
4-22
4-23
Troubleshooting Application Pools
Key Points
Enable real time monitoring to identify the source of the problem.
IIS 7.0 can be customized to log events for a variety of conditions, including:
Scheduled Time
Regular time intervals
Number of Requests
Virtual Memory Usage
Memory Usage
Application Pool problems are often a result of memory leaks, applications that
fail under certain loads, or insufficient hardware.
4-24
4-25
Exercise 1: Design a Web Server Backup and Recovery

Strategy
Scenario
Woodgrove Bank has asked you to design and implement a web farm
infrastructure for a distributed web farm based on service level agreements. It will
include a backup and recovery plan. Each site will have a three node web farm, a
Microsoft SQL Server database, and SAN storage for the website content.
In this exercise you will identify what servers need to be deployed to two different
sites, New York and London, to create a distributed web farm for an e-commerce
site. The two web farms will run the same website and web application. They are
connected through a dedicated WAN link.
All servers will be a member of the same Active Directory domain. Domain
controllers already exist at both sites. The web farm servers will share identical
configuration and content. The administrators at New York will be responsible for
all management and updating. You will also identify what services and applications
to install. Then, design a backup plan for both content and configuration
information.
There are no legacy or SMTP applications, so no metabase will be necessary.
1.
Specify the servers and storage at New York and London.
2.
Create a backup strategy.
3.
Design a recovery process.
f Task 1: Specify the servers and storage at New York and London
List the servers necessary to provide the service. For each device, list the
services and applications required.
The content and SQL database need to be highly available, so include a SAN
installation at both sites.
Determine how to best replicate configuration and content between the two
sites.
f Task 2: Specify a backup strategy
Now, prepare the two sites for disaster recovery. What items need to be
backed up?
The organization would like to be able to recover either site completely should
the entire location be lost. Prepare a backup scheme that would allow for
either site to be restored completely.
f Task 3: Design a recovery process
One of the London servers has been compromised by a hacker. Create a

process to restore the web farm member to its proper configuration.
Create a process to follow should the London site need to be completely

recovered from bare metal servers.
Results: After this exercise, you should have architected the London and New York
sites. Each site will contain three web farm members, a SAN, and a SQL server. The SAN
will contain SQL data, content data, and a shared applicationhost.config. The data will
replicate across a WAN link from New York to London. You will also have created a
backup strategy for the SAN including off-site storage. Finally, you will have created a
step-by step process for rebuilding a site in the case of a disaster.
4-26
4-27
Exercise 2: Design and Test Web Server Monitoring

Scenario
In this exercise we will identify how to monitor our new web farm. Woodgrove
Bank wants to be able to collect real time and historical data on the web service
performance. In addition, they would like to be notified of problems such as
application pool cycling, excessive requests, and, non-functioning servers.
1.
Identify what System Center Management Packs Woodgrove Bank needs to

deploy to monitor the web services.
2.
Create a deployment plan for monitoring the web services with System Center
Operations Manager.
f Task 1: Implementing a monitoring scheme
List those network elements which the web farm relies upon.
Identify management packs which should be deployed to monitor these items.
Discuss what items could be included in a management console customized

for web administrators.
f Task 2: Create a deployment plan
All management of the web farm is primarily performed by the New York
administrators. However, the organization would like to be able to monitor
each site should the link between the two fail.
Create a plan to deploy System Center Operations Manager to monitor the

web farm. Include server locations, management packs, and management
consoles.

Results: After this exercise, you should have listed the management packs that will be
necessary for thorough monitoring of the web farm and created a plan for the
deployment of Operations Manager.
4-28
4-29
Exercise 3: Design UDDI Deployment

Scenario
Woodgrove Bank has been asked by some business partners if they utilize UDDI
for service location. In addition, Woodgrove Bank developers feel that they could
benefit from the ability to locate existing services before they create new,
overlapping ones.
We have decided to deploy UDDI that has both internet-facing and internal
components. For testing purposes, create a second, smaller UDDI service. Deploy
the enterprise UDDI service on the existing web farm.
1.
Identify changes to the infrastructure that will be necessary to deploy UDDI.
2.
Create a deployment plan for a new UDDI infrastructure.
f Task 1: Identify changes to the infrastructure for UDDI
You have been tasked with managing the hardware and infrastructure
deployment for UDDI at Woodgrove Bank. Identify what services need to be
deployed or changed.
For the two UDDI services (testing and enterprise), list the security groups
and place the following roles in the appropriate place:
Domain Users
Authorized user on web server
Developers
UDDI developer
Network Administrator
One stand alone UDDI can serve as the testing UDDI. It can be internal to the
network with no access to the internet. The UDDI service can be deployed on the
existing web farm.
Security
Group
Testing Server
Role
Enterprise Server
Role
Domain Users
None
User
Authorized
Web users
None
User
Developers
Publisher (can be
user for greater
control)
Coordinator
UDDI
Developer
Coordinator
Coordinator
Network
Administrator
Administrator
Administrator
Create a plan to deploy both UDDI services in the enterprise. Identify security,
network, and process changes.
Develop a process for testing, approving, and migrating UDDI objects to the
enterprise UDDI service.
Results: After this exercise you will have developed a UDDI deployment plan that
accounts for security, infrastructure, and process.
4-30
4-31
Exercise 4: Troubleshooting Application Pool Instability

Scenario
A year later, a new web farm location is added in Paris. It was created using older
repurposed servers. These servers have two processors on 32 bit hardware. Now,
the web farms all contain 4 ASP.NET. applications.
Although the New York and London sites are functioning as normal, the Paris site
is frequently non-responsive due to reaching virtual memory thresholds.
The local technical specialist configured automatic recycling to occur at a 2 GB
threshold on the Paris web servers. This has increased the availability of the sites,
but server performance is suffering because the application pool is frequently
automatically recycling.
Identify and resolve the application pool problem at the Paris site.
f Task 1: Identify and resolve the application pool problem
The New York and London sites are running identical applications to the Paris
site and experiencing no problems. As a result, we can conclude that the
applications do not have any memory leaks or other flaws.
Although the Paris site was originally built with repurposed hardware, the
problem is such that the organization needs to resolve the problem and is
willing to invest in a solution.
Create a plan to resolve the application pool issue on the Paris web farm.
The applications and server load require the expanded memory thresholds of
64 bit hardware. Replace the older hardware in the Paris web farm with 64 bit
servers.
Results: After this exercise you will have identified the problem with the Paris servers
and created a plan for resolving their performance issues.
4-32
4-33
Exercise 5: Enabling Shared Configurations

Scenario
Woodgrove Bank is deploying a new application in the New York operations
center. The application needs to run across multiple servers in order to increase
performance. Make use of IIS 7 shared configuration to centralize and standardize
the setup of the new web servers.
1.
Export and Enable Shared Configuration.
2.
Add the second Web server to use the Shared Configuration.
3.
Test the Shared Configuration.
f Task 1: Export and Enable Shared Configuration
Start 6437A-NYC-DC1.
Start 6437A-NYC-WEB-D, and log on as Administrator with the password of

Pa$$w0rd.
Start 6437A-NYC-WEB2, and log on as Administrator with the password of

Pa$$w0rd.
Export configuration using IIS Manager.
Server: NYC-WEB-D
Physical Path: \\NYC-WEB-D\E
Encryption keys password: Pa$$w0rd
Using IIS Manager, enable shared configuration.
User name: Woodgrovebank\Administrator
Password: Pa$$w0rd
Encryption key password: Pa$$w0rd
Using IIS Manger, start Management Service.
f Task 2: Add the second Web server to use the Shared Configuration
Using IIS Manager, enable shared configuration.
Server: NYC-WEB2
User name: Woodgrovebank\Administrator
Password: Pa$$w0rd
Encryption key password: Pa$$w0rd
Using IIS Manger, start Management Service.
f Task 3: Test the Shared Configuration
Using IIS Manager, add the default document for NYC-WEB-D.
Server: NYC-WEB-D
Name: test.html
Using IIS Manager, check the default document for NYC-WEB2.

Results: After this exercise, you should have successfully configured a two-server
network with an underlying foundation of shared configurations.
4-34
4-35
Exercise 6: Configuring Network Load Balancing

Scenario
With the two Web servers set up with Shared Configurations, configure Network
Load Balancing to increase Web site availability.
1.
Create a new Network Load Balancing cluster.
2.
Add the second host to the Network Load Balancing cluster.
3.
Add the second server to the Network Load Balancing cluster.
4.
Verify Network Load Balancing using NLB commands.
f Task 1: Create a new Network Load Balancing cluster
Using Network Load Balancing Manager, add a new cluster.
Server: NYC-WEB-D
Host: NYC-WEB-D
Interface IP address: 10.10.0.21
Cluster IP Addresses, IPv4 address: 10.10.0.27
Cluster IP Addresses, Subnet mask: 255.255.0.0
Full Internet name: cluster.woodgrovebank.com
f Task 2: Add the second host to the Network Load Balancing cluster
Using Network Load Balancing Manager, add the second host to the cluster.
Host: NYC-WEB2
Local Area Connection interface IP address: 10.10.0.26
Priority (unique host identifier): 2
f Task 3: Add the second server to the Network Load Balancing cluster
Using Network Load Balancing Manager, add the second server to the cluster.
Server: NYC-WEB2
f Task 4: Verify Network Load Balancing using NLB commands
Using the Command Prompt, verify Network Load Balancing.
Server: NYC-WEB2
Command: NLB query 10.10.0.27
Server: NYC-WEB-D
Command: NLB query 10.10.0.27
Server: NYC-WEB-D
Command: NLB display
Results: After this exercise, you should have successfully restored a Web site to a
second server. Provide the results of the exercise so students will know when and if
they have completed the lab exercise successfully.
Lab Shutdown
any changes.
4-36
Review Questions
1.
How do you enable shared configuration on an IIS7 web farm?
2.
What are the possible causes of excessive application pool cycling?
3.
What reasons would an organization have to deploy UDDI?
4-37
Common Issues related to application pool cycling

Identify the causes for the following common issues related to application pool
cycling and fill in the troubleshooting tips. For answers, refer to relevant lessons in
the module.
Issue
Troubleshooting tip
Memory Leaks
Repair application
Excessive application pool cycling
Adjust application pool cycling thresholds
Insufficient memory
Migrate to 64 bit architecture
Excessive load on server
Implement web farm or load balancing cluster
Real-world Issues and Scenarios

1.
A company needs to test a web application and then roll it out to an existing
IIS 7.0 web farm. What is the best method to transport the application and
settings from the development platform to the working web farm?
2.
You are the administrator of an IIS server that is often reconfigured by

developers for new applications. How would you protect it in case the
configurations are defective and need to be rolled back?
Best Practices related to IIS 7.0

Supplement or modify the following best practices for your own work situations:
Utilize shared configuration whenever possible to simplify management.
Set up a monitoring system to notify you of problems before they cause

outages.
Make full use of 64 bit architecture.
4-38
5-1
Module 5
Designing a Terminal Services Infrastructure
Contents:
Lesson 1: Design Terminal Services Licensing
5-3
Lesson 2: Specify Terminal Services Connection Properties
5-9
Lesson 3: Design Device Redirection
5-13
Lesson 4: Design Terminal Services Gateway
5-16
Lesson 5: Design Terminal Services Session Broker
5-23
Lesson 6: Design RemoteApp Programs
5-28
Lesson 7: Design Web Access
5-35
5-41
Module Overview
Terminal Services lets you deploy and maintain software in an enterprise

environment. You can easily deploy programs from a central location, and with
Terminal Services, users can access a terminal server from within a corporate
network or from the Internet.
In this module, we will learn how to design a terminal services infrastructure
including how to design a terminal services licensing strategy and how to design
for remote access with TS Gateways, TS Session Broker, Terminal Services
RemoteApp programs, and TS Web Access.
5-2
Lesson 1
Design Terminal Services Licensing
In this lesson we will review Terminal Services licensing. Next, we will review a
checklist of tasks to be completed to install and configure Terminal Services
licensing. Finally, we will introduce Terminal Services License Server Discovery
and discuss the different Terminal Services license server discovery options
available to administrators.
5-3
Overview of TS Licensing
Key Points
Terminal Services Licensing (TS Licensing) manages Terminal Services client

access licenses (TS CALs) required for devices and users to connect to a
terminal server.
Terminal Services requires at least one TS license server.
Question: Where should the TS Licensing role service be installed for small
deployments? For large ones?
Question: What is the TS Licensing grace period and when does it end?
For More Information, see "Windows Server 2008 Beta 3 Release TS

Licensing Step-by-Step Setup Guide" online.
5-4
Checklist for TS Licensing
Key Points
A TS license server must be activated in order to certify the server and allow
the license server to issue TS CALs.
After you have installed and configured the Terminal Services license server,
you need to configure the Terminal Services licensing mode and then the
license server discovery mode on your terminal server.
5-5
Question: What are the three methods by which you activate a Terminal Services
license server?
Question: What are the three methods by which you can install Terminal Services
client access licenses (TS CALs)?
For More Information, see "Configuration Checklist for TS Licensing"

online.
5-6
5-7
Terminal Services License Server Discovery
Key Points
If you configure workgroup scope, terminal servers, without any additional

configuration, can automatically discover a license server in the same
workgroup.
If you configure domain scope, terminal servers, without any additional

configuration, can automatically discover a license server in the same domain
if the license server is installed on a domain controller.
If you configure forest scope, terminal servers, without any additional

configuration, can automatically discover a license server in the same forest.
Question: When are domain scope and forest scope available?
For More Information, see "Terminal Services License Server Discovery"

online.
5-8
5-9
Lesson 2
Specify Terminal Services Connection

Properties
In this lesson we will review the concepts of Remote Desktop Connection Display
and will also introduce single sign-on for Terminal Services. We will also discuss
the Terminal Services Easy Print driver.
Remote Desktop Connection Display
Key Points
The Remote Desktop Users group on a terminal server is used to give users
and groups permission to remotely connect to a terminal server.
Network Level Authentication is a new authentication method that completes

user authentication before you establish a Remote Desktop connection and the
logon screen appears.
Question: How are users and groups added to the Remote Desktop Users group?
For More Information, see "Remote Desktop Connection Display"

online.
5-10
5-11
Single Sign-On for Terminal Services
Key Points
Single sign-on is an authentication method that allows a user with a domain

account to log on once, using a password or smart card, and then gain access
to remote servers without being asked for their credentials again.
Single sign-on makes it possible to give users a better experience by

eliminating the need for users to enter credentials every time they initiate a
remote session.
For More Information, see "Single Sign-On for Terminal Services"

online.
Terminal Services Easy Print
Key Points
The Terminal Services Easy Print driver enables users to reliably print from a
Terminal Services RemoteApp program or from a terminal server desktop
session to the correct printer on their client computer.
The TS Easy Print driver offers support for legacy and new printer drivers
without the need to install those drivers on the print server.
Question: What scalability improvements does the Microsoft Windows Server

2008 version of Terminal Services Easy Print have over the Microsoft Windows
Server 2003 version?
For More Information, see "Terminal Services Printing" online.
5-12
5-13
Lesson 3
Design Device Redirection
In this lesson, we will discuss plug and play device redirection in remote sessions.
We will also briefly discuss Microsoft Point of Service for .NET device redirection.
Plug and Play Device Redirection
Key Points
Plus and Play devices can be added to remote sessions using the Remote
Desktop Connection dialog box under Start, All Programs, Accessories.
After the redirected Plug and Play device is installed on the remote computer,
the Plug and Play device is available for use in your session with the remote
computer.
For More Information, see "Plug and Play Device Redirection for Media
Players and Digital Cameras" online.
5-14
5-15
Microsoft Point of Service for .NET Device Redirection
Key Points
Configuring a terminal server for Microsoft POS for .NET Device Redirection
requires that you first install Microsoft POS for .NET 1.11, then install the
.NET service objects or configuration files for the device, finally restart the
Terminal Services UserMode Port Redirector service.
Microsoft POS for .NET devices, by default, are not listed under Local devices
and resources on the Local Resources tab in Remote Desktop Connection, and
the Remote Desktop Protocol (.rdp) file that you use to connect to the terminal
server must be edited to enable redirection.
For More Information, see "Microsoft Point of Service for .NET Device
Redirection" online.
Lesson 4
Design Terminal Services Gateway
In this lesson we will review Terminal Services Gateway, including prerequisites for
TS Gateway functionality. We will also introduce Terminal Services Connection
Authorization Policies. Finally, we will introduce Terminal Services Remote Access
Policies.
5-16
5-17
Overview of TS Gateway
Key Points
TS Gateway uses Remote Desktop Protocol (RDP) over HTTPS to establish a

secure, encrypted connection between remote users on the Internet and the
internal network resources on which their productivity applications run.
TS Gateway enables most remote users to connect to internal network

resources that are hosted behind firewalls in private networks and across
network address translators (NATs) without additional configuration.
You can use TS Gateway server with Microsoft Internet Security and
Acceleration (ISA) Server to enhance security.
Question: How can you monitor TS Gateway connection status, health, and
events?
For More Information, see "Terminal Services Gateway (TS Gateway)"

online.
5-18
5-19
Prerequisites for TS Gateway Functionality
Key Points
By default, on the TS Gateway server, the RPC/HTTP Load Balancing service

and the IIS service use Transport Layer Security (TLS) 1.0 to encrypt
communications between clients and TS Gateway servers over the Internet.
For TLS to function correctly, you must install an SSL certificate on the
TS Gateway server.
TS Gateway transmits all RDP traffic (that typically would have been sent over
port 3389) to port 443 by using an HTTPS tunnel. This also means that all
traffic between the client and TS Gateway is encrypted while in transit over the
Internet.
Question: What requirements must the externally trusted SSL certificate meet?

online.
5-20
5-21
Terminal Services Connection Authorization Policies (TS

CAPs)
Key Points
You can create a TS CAP by using TS Gateway Manager.
Users are granted access to a TS Gateway server if they meet the conditions
specified in the TS CAP.

online.
Terminal Services Remote Access Policies (TS RAPs)
Key Points
When you create a TS RAP, you can create a computer group (a list of
computers on the internal network to which you want the remote users to
connect) and associate it with the TS RAP.
Remote users connecting to an internal network through a TS Gateway server

are granted access to computers on the network if they meet the conditions
specified in at least one TS CAP and one TS RAP.

online.
5-22
5-23
Lesson 5
Design Terminal Services Session Broker
In this lesson we will review Terminal Services Session Broker and introduce DNS
Round Robin and TS Session Broker load balancing. We will also learn how to
deploy TS Session Broker load balancing.
Overview of Terminal Services Session Broker
Key Points
Terminal Services Session Broker (TS Session Broker) is a role service in

Windows Server 2008 that allows a user to reconnect to an existing session in
a load-balanced terminal server farm.
The TS Session Broker Load Balancing feature enables you to evenly distribute
the session load between servers in a load-balanced terminal server farm.
Question: What steps must be taken to use DNS round-robin as the load balancer
for initial connections?
For More Information, see "Terminal Services Session Broker (TS

Session Broker" online.
5-24
5-25
DNS Round Robin and TS Session Broker Load Balancing
Key Points
To configure DNS round robin, you must create a host resource record for
each terminal server in the farm that maps to the terminal server farm name in
DNS.
The limitations of DNS round robin include the caching of DNS requests on
the client, which can result in clients using the same IP address for each initial
connection request, and the potential for a 30-second timeout delay if a user is
redirected to a terminal server that is offline, but still listed in DNS.
Question: What is the initial connection behavior of DNS round-robin?
For More Information, see "Windows Server 2008 RC0 TS Session

Broker Load Balancing Step-by-Step Guide" online.
Deploying TS Session Broker Load Balancing
Key Points
It is considered a best practice to install the TS Session Broker role service on a

back-end infrastructure server, such as a file server.
For terminal servers to use TS Session Broker, you must add the computer
account for each terminal server in the farm to the Session Directory
Computers local group on the TS Session Broker server.
You can configure a terminal server to join a farm in TS Session Broker and to
participate in TS Session Broker Load Balancing by using Group Policy or the
Terminal Services Configuration tool.
To configure DNS round robin for TS Session Broker Load Balancing, you
must map the IP address of each terminal server in the farm to the terminal
server farm name in DNS.
5-26
For More Information, see "Windows Server 2008 RC0 TS Session

Broker Load Balancing Step-by-Step Guide" online.
5-27
Lesson 6
Design RemoteApp Programs
In this lesson we will review the concepts of TS RemoteApp programs and discuss
key scenarios for TS RemoteApp programs. Next we will discuss deploying
RemoteApp programs through a file share or other distribution mechanism. Finally
we will review managing RemoteApp programs and settings.
5-28
5-29
Overview of TS RemoteApp Programs
Key Points
TS Web Access can provide access to RemoteApp programs through a Web

page over the Internet or over an intranet.
If a user is running more than one RemoteApp program on the same terminal
server, the RemoteApp programs will share the same Terminal Services
session.
Question: How can users access RemoteApp programs through Windows Server
2008?
For More Information, see "Windows Server 2008 RC0 Terminal

Services RemoteApp Step-by-Step Guide" online.
Key Scenarios for TS RemoteApp Programs
Key Points
If you want users to access RemoteApp programs over an Internet connection,

you can allow access through a Virtual Private Network (VPN), or you can
deploy TS RemoteApp together with Terminal Services Gateway (TS Gateway)
to help secure remote access to the programs.
Instead of deploying the LOB applications to all the computers in the

company, which can be expensive in terms of time and cost, you can install the
LOB applications on a terminal server and make them available through
TS RemoteApp.
5-30
5-31
Question: What other scenarios can you think of where TS RemoteApp would be
especially useful?

Deploying RemoteApp Programs Through a File Share or

Other Distribution Mechanism
Key Points
Before you can deploy RemoteApp programs to users, you must configure the
server to host RemoteApp programs.
In TS RemoteApp Manager, you can delete, modify, import RemoteApp

programs and settings from another terminal server, or export RemoteApp
programs and settings to another terminal server.
You can use the RemoteApp Wizard to create an .rdp file from any program in
the RemoteApp Programs list.

5-32
5-33
Managing RemoteApp Programs and Settings
Key Points
In TS RemoteApp Manager, you can make changes to an existing RemoteApp

program, or you can remove the program from the list. Additionally, you can
export or import the RemoteApp Programs list and the global deployment
settings to or from another terminal server.
After you have added a program to the RemoteApp Programs list, you can
change the deployment settings for all RemoteApp programs, change the
properties of a single RemoteApp program, or delete the RemoteApp program
from the list.
You can copy the RemoteApp Programs list and deployment settings from one
terminal server to another terminal server. You might want to do this if you
want to configure multiple terminal servers identically to host RemoteApp
programs, such as in a terminal server farm.

5-34
Lesson 7
Design Web Access
In this lesson we will review Terminal Services Web Access. We will discuss
functionality of TS Web Access and will also discuss deploying RemoteApp
programs through TS Web Access.
5-35
Overview of Terminal Services Web Access
Key Points
TS Web Access is a role service in the Terminal Services role that lets you make
TS RemoteApp programs, and a link to the terminal server desktop, available
to users from a Web browser.
TS Web Access includes Remote Desktop Web Connection, which enables

users to connect remotely to the desktop of any computer where they have
Remote Desktop access.
Question: What operating systems must client computers be running to use TS

Web Access in Windows Server 2008 RC0?
For More Information, see "Terminal Services Web Access (TS Web
Access)" online.
5-36
5-37
Functionality of TS Web Access
Key Points
With TS Web Access, a user can visit a Web site, view a list of RemoteApp
programs, and then just click a program icon to start the program.
TS Web Access provides a customizable TS Web Access Web Part, where the
list of RemoteApp programs is displayed.
In Windows Server 2008, the Remote Desktop Web Connection feature is

available through the Remote Desktop tab on the TS Web Access Web page.
Remote Desktop Web Connection is installed as part of the TS Web Access
role service, instead of as an optional component of IIS.
Question: Why is the new functionality of TS Web Access important?
For More Information, see "Terminal Services Web Access (TS Web
Access)" online.
5-38
5-39
Deploying RemoteApp Programs Through TS Web Access
Key Points
Configure the server that will host RemoteApp programs. This includes
installing Terminal Server, installing programs, and verifying remote
connection settings.
Use TS RemoteApp Manager to add RemoteApp programs that are enabled for
TS Web Access, and to configure global deployment settings.
Install TS Web Access on the server that you want users to connect to over the
Web to access RemoteApp programs.
Add the computer account of the TS Web Access server to the TS Web Access
Computers group on the terminal server.
Configure the TS Web Access server to populate its list of RemoteApp

programs from a single terminal server or single farm.

5-40
Lab: Designing a Terminal Services

Infrastructure
5-41
Exercise 1: Design Terminal Services RemoteApp Programs

Scenario
In this exercise you are the Enterprise Administrator for a company that has
recently upgraded all desktops to the Windows Vista operating system. Your
company wants to make two lines of business applications available to users. The
application consists of a thick client and back end database systems. There is
typically a large amount of network communication between the thick client and
the back end systems. You want to make these applications accessible from the
users desktops without impacting network traffic on the client computer subnets.
You want to avoid having users separately authenticate to these applications
through RemoteApp and single sign-on.
1.
Identify and document business and technical requirements from the scenario.
2.
Generate a conceptual configuration for Terminal Services RemoteApp that

meets the business and technical requirements of the scenario.
3.
Generate a conceptual design for deploying Terminal Services RemoteApp

Programs using a file share.
f Task 1: Identify and document business and technical requirements

from the scenario
Identify and document business requirements from the scenario.
Identify and document technical requirements from the scenario.
f Task 2: Generate a conceptual configuration for Terminal Services

RemoteApp that meets the business and technical requirements of the
scenario
Your company wants you to design a .rdp file that will be distributed to
hundreds of client computers.
You must design this conceptual configuration to meet the requirements of the
scenario. Be sure to account for the line-of-business applications and single
sign-on.
5-42
5-43
f Task 3: Generate a conceptual design for deploying Terminal Services

RemoteApp Programs using a file share
Draw a network architecture that accounts for all of the RemoteApp

deployment components involved in deploying Terminal Services RemoteApp
Programs using a file share.
Identify how you would configure the server that is hosting the RemoteApp
programs.
Identify how you would add RemoteApp programs, being sure to briefly
describe how you would configure global deployment settings.
Be sure to describe how TS RemoteApp Manager can be used to fulfill this

task.
Results: After this exercise, you should have identified the business and technical
requirements from the scenario, described a .rdp file that includes the two LOB
applications, described single sign-on configuration, and drawn and described a
network architecture that includes a client computer, file share, and terminal server,
and shown how the .rdp file is added to the file share using TS RemoteApp Manager.
Exercise 2: Design Terminal Services Corporate Desktop

Scenario
In this exercise you are the Enterprise Administrator for a company that has a wide
variety of desktop operating systems in use. There are no immediate plans to
upgrade all of the desktops. Your company wants to make several applications
available to all users that will not run on many of the existing operating systems.
You want to make all local desktop peripheral devices and hard drives available for
use with these applications.
1.
2.
Generate a conceptual design for deploying Terminal Services RemoteApp

programs through TS Web Access.

from the scenario

RemoteApp programs through TS Web Access
Draw a network architecture that accounts for all of the components involved
in deploying Terminal Services RemoteApp Programs using TS Web Access.
Describe the tasks involved in deploying RemoteApp programs through TS

Web Access, being sure to include the requirements from Task 1.
requirements from the scenario, drawn and described a network architecture that
includes a client computer, TS Web Access server, and Terminal Server, and described
the five tasks involved in deploying RemoteApp programs through TS Web Access.
5-44
5-45
Exercise 3: Design Terminal Services Gateway and Web

Access
Scenario
In this exercise, you are the Enterprise Administrator for Contoso, a global
consulting company that has a highly mobile workforce. This workforce is often
working at customer locations behind firewalls. Many of the consultants also
utilize internet kiosks at airports. Your company wants to make several
applications available to all users regardless of their location and client
connectivity. When they are using company laptop computers, you want to make
all local desktop peripheral devices and hard drives available for use with these
applications.
1.
2.
Generate a conceptual design for terminal TS Gateway and Web Access.

from the scenario
f Task 2: Generate a conceptual design for terminal TS Gateway and TS

Web Access
RemoteApp programs have already been deployed on the terminal server, and
TS Web Access has already been deployed across the company intranet.
Draw and describe a network architecture that allows users to access the TS
Web Access server from the internet.
requirements from the scenario and drawn and described a network architecture that
includes a TS Gateway server and TS Web Access server in the perimeter network, with
terminal servers that host RemoteApp programs behind the company firewall.
Exercise 4: Design Terminal Services Gateway Policies,

Connection Authorization Policies, and Resource Access
Policies
Scenario
Due to a company a data breach at Contoso, the company must now design a
tighter security policy that will affect the TS Gateway and Web Access project you
recently designed. When users are using other means of access you want to ensure
maximum security of the corporate network through web access, TS gateway,
connections authorization policies and resource access policies.
1.
2.
Generate a detailed design document to improve security in TS Gateway and

Web Access.

from the scenario
f Task 2: Generate a detailed design document to improve security in TS

Gateway and Web Access
Contoso wants you to allow access by the Human Resources user group only
to the HR Computers computer group and also wants you to disable client
device redirection.
Detail how you would use Terminal Services authorization policies to improve
security given the above guidelines.
requirements from the scenario and generated a design document containing a TS
connection authorization policy and TS resource authorization policy. The TS CAP and
TS RAP should allow only the specific user and computer groups listed in the second
task.
5-46
Review Questions
1.
What is the Terminal Services Licensing grace period, why is there a grace
period, and what steps must you take after the grace period ends to ensure
continuity of service?
2.
What reasons would an organization have to deploy single sign-on?
3.
Why might a company deploy RemoteApp programs with TS Web Access

instead of through a file share or other mechanism?
5-47
Common Issues related to Terminal Services Gateway

Identify the causes for the following common issues related to Terminal Services
Gateway and fill in the troubleshooting tips. For answers, refer to relevant lessons
in the module.
Issue
Name resolution issues
Device redirection settings not
preserved after upgrade to RC0
Automatic reconnection to TS
Gateway fail after the client comes
out of hibernation
TS Gateway server connection
requests from Windows XP with SP2
clients fail if smart cards are used for
authentication
Troubleshooting tip
5-48
5-49

1.
You are an administrator a remote site that needs to activate its Terminal
Services License Server but the remote site does not yet have internet
connectivity. What is the best method for activating the license server?
2.
A company's administrative users are complaining about the Server Manager

tool starting every time they connect to a RemoteApp session. What is the best
method for stopping the Server Manager tool from starting?
Best Practices related to Terminal Services Licensing

Per Device or Per User licensing mode is the best option if your clients
frequently use multiple servers on the network.
If you install a server product on a single server and you are uncertain which
licensing mode is appropriate, choose Per Server.
When the number of users is different from the number of devices, create a
license group to allocate licenses for Per Device or Per User licensing.
6-1
Module 6
Designing a Terminal Services Maintenance
Strategy
Contents:
Lesson 1: Design Windows System Resource Manager (WSRM) Policies
for Application Resource and Reporting
6-3
Lesson 2: Specify Group Policy Settings for Terminal Servers
6-7
Lesson 3: Design High Availability
6-12
6-16
Lesson 5: Specify Maintenance and Recovery
6-20
6-27
Designing a Terminal Services Maintenance Strategy
Module Overview
Terminal Services in Windows Server 2008 introduces several improvements to

monitoring, maintenance, and recovery strategies.
In this module, we will introduce how to design and implement WSRM policies for
application resource and reporting. We will also discuss group policy settings for
terminal servers and how to design high availability for terminal services. Finally,
we will specify monitoring, maintenance, and recovery requirements and
procedures for terminal services.
6-2
6-3
Lesson 1
Design Windows System Resource Manager

(WSRM) Policies for Application Resource and
Reporting
Microsoft Windows System Resource Manager (WSRM) on Microsoft

Windows Server 2008 allows you to control how CPU and memory resources are
allocated to applications, services, and processes on the computer. In this lesson
we will review Windows System Resource Manager and working with resourceallocation policies.
Review Windows System Resource Manager
Key Points
WSRM lets you manage server resource (processor and memory) usage with
resource policies to help ensure that services are available on an equal basis.
Two benefits of resource management are first that more services can run
simultaneously and second that high-priority users or administrators can be
guaranteed access.
Question: What are some of the features of WSRM?
For More Information, see "Windows System Resource Manager"

online.
6-4
Working with Resource-Allocation Policies
Key Points
In Windows System Resource Manager, memory-allocation policies are

configurable properties in a resource allocation. Memory-allocation policies
limit the amount of working set memory and committed memory.
Limits are applied on a per-process basis.
You can set an upper limit on the committed memory that a process
consumes. The Windows System Resource Manager service maintains the
committed memory limit.
6-5
Question: What tool can you use to collect and view data about the usage of
resources on the computer?
For More Information, see "Terminal Services and Windows System

Resource Manager" online.
6-6
Lesson 2
Specify Group Policy Settings for Terminal

Servers
In this lesson, we will review group policy settings for both Terminal Services
printing and TS Gateway. We will also review controlling client behavior for
RemoteApp programs.
6-7
Group Policy Settings for Terminal Services Printing
Key Points
If the Use Terminal Services Easy Print printer driver first policy setting is
enabled or not configured, the terminal server will first try to use the Terminal
Services Easy Print driver to install all client printers. If it is disabled, the
terminal server will try to find a suitable printer driver to install the client
printer.
If the Redirect only the default client printer policy setting is enabled, only the
default client printer is redirected in Terminal Services sessions. If it is disabled
or not configured, all client printers are redirected in these sessions.
6-8
6-9
Question: Where is the Use Terminal Services Easy Print printer driver first policy
setting located?
Question: Where is the Redirect only the default client printer policy setting
located?
For More Information, see "Terminal Services Printing" online.
Group Policy Settings for TS Gateway
Key Points
You can use Group Policy and Active Directory Domain Services to centralize
and simplify the administration of TS Gateway policy settings.
Group Policy settings for Terminal Services client connections through

TS Gateway can be applied in one of two ways. These policy settings can either
be suggested (that is, they can be enabled, but not enforced) or they can be
enabled and enforced.
Question: What three Group Policy settings are available for the TS Gateway
server?

online.
6-10
6-11
Controlling Client Behavior for RemoteApp Programs
Key Points
You can use Group Policy to configure clients to always recognize RemoteApp
programs from a particular publisher as trusted.
You can configure whether clients will block RemoteApp programs and remote
desktop connections from external or unknown sources.
By using these policy settings, you can reduce the number and complexity of
security decisions that users face. This reduces the chances of inadvertent user
actions that may lead to security vulnerabilities.

Lesson 3
Design High Availability
Using NLB with Terminal Services offers the benefits of increased availability,
scalability, and load-balancing performance, as well as the ability to distribute a
large number of Terminal Services clients over a group of terminal servers.
In this lesson, we will review Network Load Balancing (NLB) with Terminal
Services. We will also discuss the steps for configuring NLB with Terminal
Services.
6-12
6-13
Review Network Load Balancing (NLB) with Terminal

Services
Key Points
NLB distributes traffic across several servers using the TCP/IP networking
protocol. You can use NLB with a terminal server farm to scale the
performance of a single terminal server by distributing sessions across
multiple servers.
Terminal Services has two components that are important for establishing load
balancing: Terminal Services Session Broker service and Terminal Services
Configuration snap-in.
Question: What are the requirements for using NLB with a terminal server?
For More Information, see "Step-by-Step Guide for Configuring

Network Load Balancing with Terminal Services: Windows Server
'Longhorn'."
6-14
6-15
Steps for Configuring NLB with Terminal Services
Key Points
For a terminal server to use TS Session Broker, you must add the computer
account for the terminal server to the Session Broker Computers local group
on the TS Session Broker server.
NLB must be installed on the network adapter that you want to use for the
Remote Desktop Protocol (RDP) connection.
To configure the NLB cluster, you must configure host parameters, cluster
parameters, and port rules which control how the cluster functions.
For More Information, see "Step-by-Step Guide for Configuring

Network Load Balancing with Terminal Services: Windows Server
'Longhorn'."
Lesson 4
In this lesson, we will review Windows Terminal Server Management Pack. We will
also discuss TS per-user licensing usage tracking. Finally, we will review TS
Gateway monitoring capabilities.
6-16
6-17
Windows Terminal Server Management Pack
Key Points
Windows Terminal Server Management Pack monitors the health and

performance of Terminal Services components.
Windows Terminal Server Management Pack can automatically respond to

critical events and performance indicators. It can, in some cases, even identify
issues before they become critical, thus providing a level of responsiveness that
increases the overall availability and performance of the Windows operating
systems.
For More Information, see "Windows Terminal Server Management

Pack Guide" online.
TS Per User Licensing Usage Tracking
Key Points
Administrators can generate a per user license usage report that contains the
number of licenses issued by a particular license server and the total number
of per user licenses available on that server, to make sure that license usage is
in line with the EULA and licensing agreements.
Per user license usage reports can be generated across three different scopes:
Domain, Organizational Unit (OU), and All Trusted Domains.
Question: How can you create a per user license usage report in Windows Server
2008?
For More Information, see Terminal Services Per User Licensing Usage
Tracking online.
6-18
6-19
TS Gateway Monitoring Capabilities
Key Points
You can use TS Gateway Manager to view information about active

connections from Terminal Services clients to internal corporate network
resources through TS Gateway.
You can specify the types of events that you want to monitor, such as
unsuccessful or successful connection attempts to internal network computers
through a TS Gateway server.
Question: What different types of information can be viewed using TS Gateway

Manager?

online.
Lesson 5
Specify Maintenance and Recovery
In this lesson we will introduce Terminal Services Server Drain Mode. We will also
review licenser server availability events, the autoreconnect failure event, TS
Gateway availability events, and TS Session Broker availability events.
6-20
6-21
Terminal Services Server Drain Mode
Key Points
TS Server Drain Mode prevents new users from logging onto the server, while
allowing currently logged on users to reconnect to their existing sessions.
Users with an existing session may reconnect (in order to save their work and
logoff). Users without an existing session are prevented from logging on.
There are two ways an administrator can put a terminal server into drain
mode: 1) using the command-line tool chglogon.exe, or 2) using Terminal
Services Configuration UI.
Question: How can the Terminal Services Configuration UI be used to put a

terminal server into drain mode?
For More Information, see "Introducing Terminal Services Server Drain

Mode" online.
6-22
6-23
License Server Availability Events
Key Points
The Terminal Services license server relies on the Terminal Services Licensing
service to be running in order to install, issue, and track the availability of
Terminal Services client access licenses (TS CALs).
Problem resolution typically involves restarting the Terminal Service Licensing

service on the Terminal Services license server.
For More Information, see "Terminal Services License Server

Availability" online.
Autoreconnect Failure Event
Key Points
To resolve this issue, establish a new connection to the terminal server by

using a Remote Desktop Protocol (RDP) client such as Remote Desktop
Connection.
When a client computer tries to reestablish a remote session with the terminal
server after a temporary network interruption, the client computer attempts to
authenticate with the terminal server. If the information passed between the
client computer and the terminal server to reestablish the connection has
become corrupted, the client computer will not be able to reestablish the
remote session.
Question: How can you check which users are connected to the terminal server?
For More Information, see "Terminal Server Connections" online.
6-24
6-25
TS Gateway Availability Events
Key Points
This error might be caused by one of the following conditions:
The services required by TS Gateway are not started.
There are problems with the NPS Server or Web Server (IIS).
TS Gateway depends on NPS server to store, manage, and validate Terminal

Services connection authorization policies (TS CAPs). TS Gateway depends on
Web Server (IIS) for mutual authentication of clients and TS Gateway servers.
Problems with the NPS server or Web Server (IIS) can prevent TS Gateway
from functioning correctly and being available for client connections.
Question: How can this issue be resolved?
For More Information, see "TS Gateway Server Availability" online.
TS Session Broker Availability Events
Key Points
The Terminal Services Session Broker (TS Session Broker) server relies on the
Terminal Services Session Broker service to be running in order to perform
session load balancing between terminal servers in a farm, and to reconnect a
user to an existing session in a load-balanced terminal server farm.
To resolve these issues, try to start the Terminal Services Session Broker
service. If the problem persists, restart the TS Session Broker server. After the
server has restarted, confirm that the Terminal Services Session Broker service
has started.
Question: How can you verify that the TS Session Broker server is available?
For More Information, see "TS Session Broker Server Availability"

online.
6-26

Infrastructure
6-27
Exercise 1: Design Highly Available Terminal Services

Scenario
You are the Enterprise Administrator for Contoso Corporation. Contoso plans to
utilize Terminal Services exclusively to provide desktop environments to its
workforce of 1,000 users. Contoso wants to make the desktop environment highly
available and highly scalable. You also want users data files and profiles to be
highly available. You also want users to reconnect to their existing sessions in the
event of a disconnection not accompanied by a log-off.
1.
2.
Generate a conceptual design for IP load balancing and failover session

directory.

from the scenario
f Task 2: Generate a conceptual design for IP load balancing and

failover session directory
Draw a network architecture that includes all components required in

deploying Network Load Balancing with terminal server.
Describe how you will configure the NLB cluster to fulfill the business and
technical requirements of the scenario.
requirements from the scenario, drawn a network architecture that includes at least
two computers, each on the same subnet and domain, and each only configured for
TCP/IP. You should also have a NLB cluster configuration that includes host
parameters, cluster parameters, and port rules that apply only to RDP traffic.
6-28
6-29
Exercise 2: Design Group Policy for Terminal Services

Scenario
Contoso needs to be able to rapidly deploy configuration changes to all of the
terminal servers and ensure configuration consistency among the terminal servers.
You want to enforce specific settings for users during terminal services sessions,
specifically that Terminal Services clients can only connect to network resources
through TS Gateway and that each terminal services session uses the Terminal
Services Easy Print printer driver first.
1.
2.
Generate a conceptual design document for implementing group policy

specific to terminal servers.

from the scenario
f Task 2: Generate a conceptual design document for implementing

group policy specific to terminal servers
Describe a Group Policy that configures, enables, and enforces the business
and technical requirements of the scenario.
The Group Policy setting Set the TS Gateway Server Authentication Method
is already configured to enforce Windows authentication by passwords.
requirements from the scenario and described a group policy that enables and
enforces the Group Policy settings Enable Connections Through TS Gateway and
Set the TS Gateway Server Address on the TS Gateway server, and enables the Use
Terminal Services Easy Print printer driver first setting on the terminal server.
Exercise 3: Design Resource Management for Terminal

Services
Scenario
In this exercise, Contoso wants to prevent large amounts of activity on a single
Terminal Services session from seriously degrading the performance of other
sessions, and also want each session to be guaranteed a minimum of 5 percent
server performance capability.
1.
2.
Generate a conceptual design for server resource allocation among terminal

services sessions.

from the scenario
f Task 2: Generate a conceptual design for server resource allocation

among terminal services sessions
Process-matching criteria have already been configured for Terminal Services

sessions.
Describe the resource-allocation policies you would create to fulfill the

business and technical requirements of the scenario.
requirements from the scenario and generated a conceptual resource-allocation policy
that includes CPU and memory allocations that fulfill the requirements of the scenario.
6-30
6-31
Exercise 4: Design Monitoring for Terminal Services

Scenario
In this exercise, Contoso wants the Terminal Services administrative staff to be
notified immediately upon the occurrence of any situation that causes an outage or
severe performance degradation of any terminal server, and particularly the TS
Web Access servers.
1.
2.
Generate a conceptual design for Terminal Services monitoring with specific

monitoring definitions for the TS Web Access servers.

from the scenario
f Task 2: Generate a conceptual design for Terminal Services monitoring

with specific monitoring definitions for the TS Web Access servers
No monitoring definitions are currently in place.
Describe the monitoring definitions you would implement to fulfill the

requirements from the scenario and described how they apply to TS monitoring. You
should also have generated a conceptual design for TS monitoring that includes a
Service Health Check, a "Service Unavailable" notification, and multiple Performance
Threshold alerts.
Exercise 5: Optimizing Terminal Services Performance

Scenario
Contosos remote users are reporting performance issues with terminal services
and management has requested that terminal services performance be optimized
for those users accessing the system through TS Gateway.
1.
Create a New Process Matching Criteria.
2.
Create a CPU allocation with WSRM.
3.
Create a memory allocation with WSRM.
f Task 1: Create a New Process Matching Criteria
Open Windows System Resource Manager.
Create a new Process Matching Criteria named TSGateway.
Add the Registered Service TSGateway.
f Task 2: Create a CPU allocation with WSRM
Create a new Resource Allocation Policy named TSGatewayCPUPolicy.
On the General tab, select TSGateway.
In the Percentage of processor allocated for this resource field, type 40.
6-32
6-33
f Task 3: Create a memory allocation with WSRM
Create a new Resource Allocation Policy named TSGatewayMemoryPolicy.
On the General tab, select TSGateway.
Select the Use maximum committed memory for each process check box,
with a value of 512.
In the If memory is surpassed list, select Log an event log message.

Results: After this exercise, you should have created a new process matching criteria,
created a CPU allocation with WSRM, and created a memory allocation with WSRM.
Lab Shutdown
any changes.
Review Questions
1.
What data center management scenarios can WSRM not handle?
2.
What Group Policy settings are available to control client behavior when
opening RemoteApp programs?
3.
How are the majority of Terminal Services availability events resolved?
6-34
6-35
Common Issues related to Windows Terminal Server Management Pack

Identify the causes for the following common issues related to Windows Terminal
Server Management Pack and fill in the troubleshooting tips. For answers, refer to
relevant lessons in the module.
Issue
Troubleshooting tip
Reporting installation fails when

using SSL
Uninstall and reinstall reporting
Cannot detect reporting server
Manually add the Reporting Server to the

Report Servers computer group
Alerts not appearing in reports
Ensure that the alert is properly designed

1.
The Fortune 100 company you work for wants to collect as much performance
measuring data as possible to ensure its data center is operating at maximum
efficiency. How can you ensure that Windows Terminal Server Management
Pack is collecting all of the data available to it?
2.
A consultant visiting your company has tried several times to configure

Network Load Balancing but cannot get all of the servers to identify one
another. How can you ensure that all of the servers are in the same farm?
Best Practices related to Performance Monitoring

Configure Performance Logs and Alerts to report data for the recommended
counters at regular intervals, such as every 10 to 15 minutes. Retain logs over
extended periods of time, store data in a database, and query the data to report
on and analyze the data as needed for overall performance assessment, trend
analysis, and capacity planning.
Analyze performance results, and establish a performance baseline. Review

logged data by graphing it using the System Monitor display or exporting it for
printing.
Set alerts according to the counter values you consider to be unacceptable, as

defined by baseline evaluation.
Plan ahead. Monitor trends for capacity planning and add or upgrade
components as needed. Maintain logged data in a database and observe
changes to identify changes in resource requirements. After you observe
changes in activity or resource demand, you can identify areas that might
require additional resources.
6-36
7-1
Module 7
Design Windows Media Services Infrastructure
Contents:
Lesson 1: Design Windows Media Services for Live Streaming
7-4
Lesson 2: Windows Media Services for On-Demand Content
7-14
Lesson 3: Improving Performance for On-Demand Content
7-20
Lesson 4: Monitoring Windows Media Services
7-25
7-29
Module Overview
Microsoft Windows Media Services can be used for both live streaming and on
demand content. Although it can be flexible to network and server resource
limitations, getting the most out of it requires preparing and maintaining an
appropriate infrastructure. The WMS servers need to have the resources available
to process connections. The network must be capable of passing that content to
clients. Fault protection must be in place to prevent a single point of failure from
stopping the service.
In this module, we will present concepts for the planning and deployment of a
Windows Media Services Infrastructure. We will show WMS 2008 compatibility
with previous versions of Windows Media Services and the new features of WMS
2008.
7-2
7-3
When implementing a live streaming Windows Media Services infrastructure, realtime performance can be improved by the use of the appropriate hardware. For
instance, Windows Media Services 2008 can make use of 64 bit architecture to
dramatically improve performance on the server. For large and distributed
installations, content can be more efficiently served to clients through strategically
placed cache/proxy servers and publishing points. Providing on-demand content
also includes significant storage issues. You will need to identify the amount of
storage necessary and engage reliable, high performance disks.
In this module you will also learn how to monitor Windows Media Services to
maintain service and respond to problems.
Lesson 1
Design Windows Media Services for Live

Streaming
After first introducing Windows Media Services for Microsoft Windows Server
2008, this lesson will show how to architect a live streaming solution. You will
learn about the effect of 64 bit architecture on WMS performance and how to
identify needed capacity.
7-4
7-5
Overview of Windows Media Services for Windows

Server 2008
Key Points
WMS Cache/Proxy plug-in: the built-in WMS Cache/Proxy plug-in can be used
to configure a Windows Media server either as a cache/proxy server or as a
reverse proxy server to provide caching and proxy support to other Windows
Media servers.
WMS can be installed on Windows Server 2008 Server Core.
Servers can achieve higher performance by employing network offloading with

NDIS 6.0.
WMS for Windows Server 2008 includes encoder failover capability for high
availability in streaming scenarios.
Strong 64 bit support.
Question: How will these features change a WMS design in your network?
For More Information, see "Streaming Media Services" in the Windows

Server 2008 Tech Center.
7-6
Standard Edition vs. Enterprise Edition
Key Points
The Enterprise version of Windows Media Services for Windows Server 2008
includes the following features above the capabilities of the standard version:
The ability to multicast, creating more efficient transmissions.
In conjunction, IGMP (Internet Group Management Protocol) which allows

the administrator to specify that a host receives packets only from specific
source or from all but a specific source. This makes for a better use of
bandwidth and can halt some denial of service attacks.
While archiving content, it can be simultaneously available for on-demand

users.
Question: Would you be able to employ WMS multicast in your network?
7-7
Evaluate 32 bit vs. 64 bit
Key Points
64 bit servers can use far more memory and virtual memory, both of which are
critical to WMS performance.
For More Information, see "Benefits of Microsoft Windows x64

Editions" in TechNet Content.
7-8
7-9
Backwards Compatibility with Windows Media Services for

Windows Server 2003
Key Points
Existing streams can be used with WMS for Windows Server 2008.
Prior to upgrading a WMS 9 server to Server 2008, it is necessary to delete the

registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\WMServer\Performance.
For More Information, see "Update the Windows Media Server

Platform" at http://www.microsoft.com/windows
/windowsmedia/howto/articles/upgradewms9s.aspx#updatescenarios.
Live Streaming Capabilities
Key Points
UDP transmission is better suited to WMS streams than TCP, but WMS can
utilize TCP if necessary.
Publishing points rebroadcast content, traversing firewalls or consolidating

clients.
For More Information, see "Capacity Planning" in the Windows Server

2008 Tech Center.
7-10
7-11
Planning for Multi-site Deployments
Key Points
Calculate Required network capacity as content bit rate x number of clients.
Secure transmission with IPSec.
The impact of inadequate available client bandwidth can be minimized if

multiple-bit-rate (MBR) content is streamed. MBR content enables the player to
request a lower bit rate stream from the server so that stream thinning is not
necessary.
Question: Are you currently utilizing IPSec?
Authentication and Authorization
Key Points
If you want users to be able to access content without being prompted for a user
name or password, you can enable the WMS Anonymous User Authentication
plug-in. When a user tries to connect to the Windows Media server, the plug-in
uses the Windows user account that you specified in the plug-in properties to
authenticate the user.
If both the anonymous and a network authentication plug-in is installed, the
anonymous plug in is checked first. To differentiate between authentication and
authorization, understand that authentication identifies the users identity while
authorization verifies that the user is allowed to connect to the server.
The authorization plug-in enables you to set different access control policies for
content.
Allow users to access only certain content in a publishing point by using the
WMS NTFS ACL Authorization plug-in.
For live streams, utilize the Publishing Points Authorization plug-in.
7-12
7-13
Question: For a company that is serving WMS live content to clients who are all
members of their Active Directory, what authentication and authorization would
be best used?
For More Information, see "Configuring Security Options" in the

Windows Server 2008 Tech Center.
Lesson 2
Windows Media Services for On-Demand

Content
WMS is ready to utilize digital rights management, allowing you control over who
consumes content and how they do so. When creating on-demand content, it is
possible to simultaneously perform DRM encapsulation while encoding the
content. In this lesson, we will also talk about how to store and deliver content,
focusing on high availability and distributed capabilities.
7-14
7-15
Digital Rights Management
Key Points
During the content protection process, Windows Media Encoder can create the key
to encrypt the content, encrypt the content, and add DRM-specific information to
the content header.
Question: Besides the commercial sale of content, how could DRM be used?
For More Information, see "Microsoft Enterprise Digital Media Solution

Guide Part III" (MicrosoftEnterpriseDigitalMediaSolutionGuidePartIII.doc).
Design Content Storage
Key Points
A storage solution for WMS should fulfill the following three requirements:
Able to host as many concurrent connections as there are publishing points or

clients.
Capable of storing many large files.
Capable of consolidating content from many different sources.
Question: At this point, what solution would you imagine for content storage in
your organization? Do you already have the physical resources available?
For More Information, see "Sourcing Content from Remote Storage" in

the Windows Server 2008 Tech Center.
7-16
7-17
Design Content Deployment
Key Points
Create a logical naming convention for publishing points.
Architecture design will determine how efficiently content will be distributed.
Question: Multicasting has some advantages. What are the disadvantages and
limitations of multicasting?
Protocol Selection
Key Points
RTSP protocol
RTSP is an application-layer protocol that was created specifically to provide
controlled delivery of real-time data, such as audio and video content. The RTSP
protocol can travel over either TCP or UDP networks.
When setting up distribution servers to use Fast Streaming, use either the RTSPT
or HTTP protocols to connect to the origin server.
When using RTSPU for unicast streaming, setting the RTP packet size to a small
value may prevent the Windows Media server from streaming.
7-18
7-19
HTTP protocol
You can use HTTP to stream content from an encoder to a Windows Media server,
to distribute streams between computers running different versions of Windows
Media Services or computers that are separated by a firewall, and to download
dynamically-generated playlists from a Web server. HTTP is especially useful for
clients that receive streaming content through a firewall because HTTP is usually
set up to use port 80, easily passing through most firewalls.
Multicast transmission (MSB)
For multicast streams, you can specify the IP address and port values in the WMS
Multicast Data Writer plug-in properties for your broadcast publishing point.
Lesson 3
Improving Performance for On-Demand

Content
After identifying the requirements of your media services, you can tune WMS
hardware and software to most effectively respond to client demands. This lesson
will expand on the clustering and load balancing capabilities of Windows Server
2008 and how they can be applied to WMS. Network bandwidth is a critical
element to WMS performance. Using Windows System Resource Manager
(WSRM) we can specify the usage of WMS and other services.
WMS can be installed on the new Server Core installation, allowing for higher
performance on less powerful hardware as well as shrinking the attack surface of a
server.
7-20
7-21
Specify Performance Settings
Key Points
Performance problems are usually identified by excessive buffering on the

client side.
Performance problems can usually be categorized as network or server related.
Use WMS Cache/Proxy and distribution roles to distribute WMS content more
efficiently.
One of the many advantages to WMS server clustering is the increase in server
performance.
Question: What is the most affordable solution to try initially to decrease buffering
and improve performance?
Evaluate Need for a Web Farm
Key Points
Hardware based load balancing
You can utilize hardware based clustering, instituting a reverse proxy that receives
stream requests and passes it on to the appropriate cluster member or pass on
cached content. A single proxy in a hardware cluster could be a single point of
failure. However, one can set up parallel proxies to increase availability.
Software based load balancing
Using Windows Server 2008 clustering and Network Load Balancing, up to 32
servers can be assigned to a cluster. Each node then performs a given percentage of
the cluster workload. They can then be managed and configured as one, reducing
the cost of managing the service.
For More Information, see "Clustering and Load Balancing" in the

Windows Server 2008 Tech Center.
7-22
7-23
Design Bandwidth Allocation Using WSRM
Key Points
Windows Server Resource Manager allows the administrator to throttle service

use of network, processor, and RAM.
Throttling setting can be set to a schedule, allowing a server to provide WMS

content during peak times and perform other functions at other times.
Question: Would you be able to employ WSRM to cut down on your server costs?
Server Core Installation
Key Points
No direct upgrade path from Windows Server 2003 to Server Core.
Can be used to create a more secure and higher performing WMS server.
For More Information, see "Server Core Installation Option of Windows

Server 2008 Step-By-Step Guide."
7-24
7-25
Lesson 4
Monitoring Windows Media Services
A WMS server can be monitored through the MMC. However, a multiple server
WMS implementation will require a more holistic monitoring approach. WMS
includes SNMP traps and WMI providers which can be accessed through various
monitoring programs. Also you can implement the WMS Management Pack to
monitor WMS with Microsoft System Center Operations Manager.
Key Points
Create and use a Service Level Agreement (SLA) to understand the monitoring
and uptime.
WMS is ready to be monitored via SNMP, WMI, or a Management Pack for

System Center.
Question: How would you monitor a multi-site WMS deployment?
For More Information, see "WMS_MP Guide.doc."
7-26
7-27
Management Pack for Windows Media Services
Key Points
The Operations Manager Management pack can collect, consolidate, and report on:
Server. Reports server status or property changes.
Client. Reports client-side events that occur in Windows Media Player.
Limit. Reports server limits whenever they are changed or reached.
Playlist. Reports playlist-related events.
Cache. Reports any events pertaining to cache activity.
Publishing point. Reports changes in publishing point status or properties.
Plug-ins. Reports publishing point and server plug-in activity.
For More Information, see The Microsoft System Center web page.
Specify Maintenance and Recovery
Key Points
Identify and eliminate single points of failure.
Design a backup strategy that covers all content, systems, and services
necessary to recover fully from a disaster.
7-28
7-29
Exercise 1: Design Windows Media Services for Live

Streaming
Scenario
You are the Enterprise Administrator for Contoso, a multi-national company with
locations in New York, London, Tokyo, and Seoul. Your company wants to
broadcast live quarterly company meetings from the New York headquarters to the
entire company. Several hundred will connect via dial-up.
The default stream averages 256 kbps.
In this exercise you will identify and analyze the requirements as they relate to
Windows Media Services and optional components. Then you will create a
conceptual design for WMS server placement and server roles and supported
protocols.
The London site contains routers that will not broadcast multicast packets.
Site
Users
Comments
New York
500
Live stream source. Supports 200 dial-in clients.
London
250
No multicast capable routers. Connected to New York

with a direct link.
Tokyo
100
Connected to New York with a direct link.
Seoul
100
Connected to Tokyo via internet link.

1.
Identify the necessary servers required for each location.
2.
Identify the transport protocols used between servers and by clients
3.
Compute the bandwidth requirements between sites and within each site.
f Task 1: Identify server requirements
Identify the servers, including OS version and software, that will need to be
sourced at the New York site to encode and deploy a live webcast. Design for
high availability.
Identify the server resources required in London, including OS version and

software, for the most efficient delivery of live content.
Identify the server resources required in Seoul and Tokyo, including OS

version and software, for the most efficient delivery of live content. Design for
affordability, identifying servers that could be used for other services as well.
Draw the network, including connections between servers.
7-30
7-31
f Task 2: Identify Bandwidth and protocol
On the network map created in the previous task, identify the protocol used
between each server.
Q: How should you secure the connection between Tokyo and Seoul?
Calculate the bandwidth requirements for each link and for the cost on each
local network for the clients to connect.
Results: After this exercise, you should have created a drawing showing servers in the
appropriate locations to successfully broadcast the live stream to all sites and dial up
clients.
Exercise 2: Design Windows Media Services Infrastructure

for On-Demand Content
Scenario
Contoso would now like to expand their WMS infrastructure to store the company
meetings and make them available on demand. Upon the completion of the
presentation, users should be able to immediately connect to a WMS distribution
point and start viewing the meeting.
In this exercise we will add on-demand capabilities to the WMS installation we
created in the previous exercise.
1.
Identify changes to architecture for on-demand content.
2.
Specify storage requirements.
3.
Secure content.
f Task 1: Modifying the installation for on-demand streaming
Analyze the existing architecture and identify any changes necessary to

provide on-demand streaming.
Determine a high performance and high availability storage solution.
Q: How would you best secure the data both on the server and during delivery?
Results: After this exercise, you should have made sure that all WMS servers, including
the London servers, are capable of play while archiving. You should have written
specifications for a highly available storage schema and protected the content with
ACLs and DRM.
7-32
7-33
Exercise 3: Troubleshooting Poor Performance of OnDemand Content

Scenario
On-demand clients in the Seoul and Tokyo offices are experiencing excessive
buffering and choppy streams, suggesting a performance problem. Whatever your
recommendations were for those two offices, the corporation decided to employ
existing 32 bit servers at both locations for all WMS services. The unicast and
multicast services are provided from the same server. The stream is encoded at a 1
mbps standard. There is no apparent network congestion.
1.
Identify ways to increase server performance.
2.
Prioritize performance increase options.
3.
Create an implementation plan.
f Task 1: Troubleshooting poor performance
Identify how you would confirm that network capacity is definitely not the
buffering issue.
List actions that will increase the performance of the servers in Seoul and
Tokyo.
f Task 2: Implementing a solution
Of the items in the list, which are most likely to cost effectively resolve the
buffering issue? Prioritize the list on this criteria.
Create an implementation plan for resolving the buffering problem.

Results: After this exercise, you will be prepared to resolve the buffering problem by
upgrading the hardware.
Exercise 4: Design and Test Monitoring of Windows Media

Services
Scenario
You need to implement a monitoring solution for Windows Media Services.
Contoso is already using Microsoft Operations Manager, so will deploy the WMS
management pack as well as other service packs to keep track of the other
elements that WMS requires.
For this Exercise, refer to the Windows Media Services Management Pack Guide
(WMS_MPGuide.doc) in the resource CD.
1.
Plan deployment of WMS service pack.
2.
Identify other network elements to monitor that WMS functions.
3.
Specify those objects that should be available to a WMS administrator's

Operations Manager console.
f Task 1: Deploy WMS management pack
Looking at the network map you created in exercise 1, identify which

publishing points are mission critical. List these as points which you need to
engage the Critical Publishing Point stop rule.
Create a naming convention for the critical publishing points rules so each rule
is uniquely named.
List those network elements which WMS relies upon to function.

for WMS administrators.
Results: After this exercise, you will be prepared to use Operations Manager to
monitor the WMS deployment.
7-34
7-35
Review Questions
1.
What are the common bottlenecks for Windows Media Services performance?
2.
What features require the use of Enterprise edition?
3.
How can WMS be designed for high availability?
Common Issues related to Windows Media Services

Identify the causes for the following common issues related to resolving excessive
client side buffering and fill in the troubleshooting tips. For answers, refer to
Issue
Troubleshooting tip
Network bottlenecks
Identify bottlenecks by analyzing network

availability. Compute required capacity.
Processor bottlenecks
Upgrade 32 bit hardware to 64 bit. Add

distribution and proxy servers. Create load
balancing clusters.
Storage bottlenecks
Implement high performance storage using

clustering and NAS or SAN solutions.

1.
An organization wishes to deploy WMS to transmit a monthly event to

employees. They will not be utilizing the WMS installation at other times,
idling those computers. How should they implement WMS without
purchasing new equipment?
2.
A company is using Windows Media Services 2008 for Windows Server 2008
standard edition. On an intranet, they are reaching the capacity of the network
to transmit to all of their clients during live broadcasts. How can they cut
down on network traffic?
3.
While a given organization is interested in using on-demand WMS for

corporate communications, they are very concerned about securing the
content. What steps can they take to make the content more secure?
Best Practices for planning a WMS installation

Estimate network load for each network segment.
Calculate server processor requirements and acquire appropriate hardware.
Calculate storage requirements, including performance and availability prior to

implementation.
Identify and resolve security concerns.
7-36
8-1
Module 8
Design Virtualization Infrastructure
Contents:
Lesson 1: Virtualization of a Test Server Environment
8-3
Lesson 2: Virtualization and Migration of Legacy Applications
8-10
Lesson 3: Design and Test a Virtualized Development Environment
8-14
8-18
Module Overview
Windows Virtualization offers many opportunities for IT departments. Virtualized

machines running on Microsoft Windows Virtual Server or Hyper-V can be
utilized to better support legacy services, to create test environments, to
consolidate services onto less hardware, or to better support the development
team, among other things.
In this module, we will learn best practices for virtualization of a number of
services using a combination of Virtual Server 2005, System Center Virtual
Machine Manager, and Hyper-V. We will design the infrastructure required for an
effective deployment, talk about how to manage and secure a virtualized
environment, and how to best utilize virtualization.
8-2
Lesson 1
Virtualization of a Test Server Environment
In this lesson we will introduce virtualization capabilities in the Windows

environment. Then, we will talk about how to design a virtual server hosting
environment. Finally, we will focus on a test server environment for web
application server scenario.
8-3
Overview of Virtual Server Hosting in Windows Server 2008
Key Points
Microsoft Virtual Server 2005 R2 SP1 can host 32 bit operating systems,
including Windows Server, Windows desktops, and some Linux operating
systems. Runs on a Windows Server 2003 host operating system.
For managing large scale virtualization, use System Center Virtual Machine
Manager (VMM). It will help to automate the migration of physical servers to
virtual machines, help the administrator to manage servers, and allow for webbased provisioning by other users, such as testers or developers.
Shortly after the release of Windows Server 2008 Hyper-V will be available.
Unlike Virtual Server, Hyper-V runs directly on the hardware with no
intermediary host operating system. Virtual machines directly on top of HyperV. The next release of VMM will support Hyper-V. Hyper-V will support 64 bit
operating systems and is designed for server-scale operating systems. VMM
will also support Hyper-V.
8-4
Question: Are you currently using any virtualization in your network?
For More Information, see "Hyper-V Overview" and "System Center

Virtual Machine Manager Overview" in Technet.
8-5
Design Virtual Server Hosting
Key Points
VMM allows for self service provisioning.
A full implementation will require a SQL database, a library server, at least one
host server, and the System Center VMM server.
For More Information, see "Virtual Machine Manager Architecture" in

TechNet.
8-6
8-7
Design a Standard Host Configuration
Key Points
As you acquire the servers for the infrastructure, make sure the servers support
hyper-V: 64 bit architecture, hardware assisted virtualization, and Data
Execution Protection (DEP).
Plan a backup strategy. Most likely, the existing enterprise backup strategy can
be utilized at either the guest or the host level.
Use Active Directory ACLs to control access to all levels of virtualization.
For More Information, see "Planning for Hosts" in Technet.
Consolidate a Virtualized Test Environment
Key Points
Create a spreadsheet of all applications, their versions, owner, and level of

support. Use this as a decision tool for identifying virtualization candidates.
Survey candidates for CPU, disk, network, and backup requirements.
Backup can be performed at the guest level (utilizing the same backup strategy
as if it was a physical server) or at the host level (taking snapshots and backing
up the virtual disks as files).
Question: When would it be necessary to utilize guest level backup?
For More Information, see "IPD Windows Server Virtualization" in

Technet.
8-8
Deploying Web Applications from Virtualized to

Production Environments
Key Points
IIS 7.0 web farms can share a single configuration file.
Copy web.config, content, and code to the shared file storage of the
production web farm.
Question: How is deployment different with IIS 7.0 than in IIS6?
For More Information, see " Web Site Deployment Made Easy" in
Communities.
8-9
Lesson 2
Virtualization and Migration of Legacy

Applications
In this lesson the students will learn to evaluate what applications are good
candidates for virtualization. Then we will discuss different processes for migrating
legacy applications. We will then design a standard host configuration.
8-10
8-11
Evaluate Appropriateness of Virtualization
Key Points
Use processor, network interface, memory, and disk requirements to evaluate

the necessary resources for virtualization.
Applications that need to be isolated (one application per server) are good
candidates for virtualization.
By consolidating with virtualization, it is more affordable to provide for high

availability.
Question: Are there legacy applications in your organization that would be good
candidates for virtualization?
For More Information, see "Virtualization Architecture" in Technet.
Moving Legacy Applications to Virtual Servers
Key Points
The VMM P2V online process allows for live migration with little downtime.
VMM P2V does not support 64 bit OS, NT, or Vista.
Use Microsoft Virtual Server 2005 Migration Toolkit (VSMT) for Windows NT
servers.
Question: How is deployment different with IIS 7.0 than in IIS6?
For More Information, see "Converting Physical Computers to Virtual

Machines in VMM" in Technet.
8-12
8-13
Design Standard Virtual Configuration
Key Points
Most likely, NAS or SAN storage will be necessary for a virtualization

deployment of any size.
By referring to the spreadsheets of virtualization candidates created in the

planning stage, we can appropriately size the host machine.
For More Information, see "Solution Accelerator for Consolidating and

Migrating LOB Applications" in Technet.
Lesson 3
Design and Test a Virtualized Development

Environment
In this lesson the students will learn best practices for a virtualized test
environment, including customizations to the standard configuration and internal
networking.
8-14
Virtualized Test Environment Best Practices
Key Points
Use the Windows Server System Reference Architecture for Virtual

Environments (WSSRA-VE) as a reference for building a virtualized test
environment.
Use WinPE to create OS, use other automation tools to clone applications.
Establish a naming convention.
Create performance and monitoring thresholds.
Question: What capabilities does a typical development team need to have a

functional test environment?
For More Information, see "WSSRA-VE" in Technet.
8-15
Evaluate Customization to Standard Configuration
Key Points
Do not use Virtualization for driver testing, as virtualized machines do not

access hardware as physical machines do.
Do not use virtualization for load testing, as hardware performance does not
correlate between virtual and physical and virtual machines.
If your organization requires full scale staging, it will most likely be necessary
to replicate it physically, not virtually.
For good job aid templates go to http://www.microsoft.com/msa.
Question: Outside of these recommendations, what variations from the standard

configuration would be acceptable?
For More Information, see "WSSRA-VE" in Technet.
8-16
8-17
Design Internal Networking
Key Points
In place of hardware routers, utilize Windows RRAS.
In place of hardware firewalls, implement Microsoft ISA on a virtual machine.
High end switches can also be replaced with an unmanaged L2 switch.
Question: Are there legacy applications in your organization that would be good
candidates for virtualization?
For More Information, see "IPD Windows Server Virtualization" in

Technet.
Exercise 1: Design a Test Server Consolidation Strategy

Scenario
You are an enterprise administrator for an organization with large web farms,
development and test beds for those servers. You have noticed that a large amount
of physical servers are being utilized as test and development environments for the
web farm. By consolidating those servers onto a virtualized platform, you want to
free up the investment in physical hardware and ease the management of a testing
environment.
8-18
Figure 1: Production Web Farm Architecture

In this exercise, we will analyze the requirements for a test server infrastructure
and plan that architecture.
1.
Identify the elements of the production environment that need to be

reproduced in the virtualized test environment.
2.
Identify the required resources for a standard test environment.
3.
Plan a test environment.
8-19
f Task 1: Identify the Test Environment Elements
Looking at the sample architecture, list each element that is required for the
web farm and determine how to recreate it in the virtualized test environment.
f Task 2: Identify the Required Resources for a Standard Test

Environment
We have decided to use System Center Virtual Machine Manager to provision

and manage our virtual environment.
We have determined that each virtualized server in the test environment

requires 512 MB. We can run four virtual machines on each virtual server. We
want to make 512 MB of RAM also available for the host OS.
Identify the physical servers that we will need to build our virtualized
environment. Include the amount of RAM required for hosts.
Identify security groups that will have access to the test environment. Include
administrators, support personnel, and developers.
f Task 3: Plan the Test Environment
Create a schematic diagram of the test environment. Include physical and

virtual machines.
Create a process for migrating tested applications to the production

environment.
Results: After this exercise, you should have identified the required resources for a test
environment and created a schematic design of that test environment.
8-20
8-21
Exercise 2: Design Virtualization and Migration of Legacy

Server
Scenario
The organization also has some legacy applications that you must continue to
support. The hardware servers are past their supported life and are starting to fail.
Examine the plausibility of migrating these services to a virtualized environment to
ease their support requirements.
One server, running Windows Server 2003, provides a mission critical proprietary
database. The hardware is now over 5 years old and is no longer supported by the
manufacturer. Although the server must be constantly available, it averages 10%
utilization of its processor. The service is not supported on a later OS.
In this exercise we will establish a legacy server virtualization environment and
plan for the migration of the first legacy server.
1.
Expand the VMM architecture to provide legacy server virtualization.
2.
Plan for the migration of the legacy server.
3.
Plan backup and security for the virtualized legacy server.
f Task 1: Expand the VMM architecture to provide legacy server

virtualization
The new server will require 1 GB of RAM but consumes negligible processor
time on a modern server. The server needs dedicated connectivity to the local
(192.168.16.x) network.
Identify a location within the schematic that you created for lesson 1 that we
can add the legacy server, assuming that we can expand an existing host for
the RAM requirements of the legacy server.
f Task 2: Plan for Migration of the Legacy Server
We have determined that we can store the legacy database itself on a preexisting iSCSI SAN and have already migrated it. The SAN is accessible on a
different physical TCP/IP network We want to migrate the server with a
minimum of downtime.
Create a step by step plan for using VMM to migrate the server to the
virtualized environment. Confirm that the image is healthy and accessible
before the migration.
f Task 3: Enumerate Backup and Security for the Virtualized Server
Although the database is backed up on the SAN, we want to also be assured

that the legacy server OS and application can be rapidly recovered if it
becomes damaged or inoperable. There is no internal backup tool for the
application. Create a strategy for backup and recovery of the virtualized legacy
server.
The original server is accessible by two groups: the LOBdev group, which has
access to read and write on the database and can log directly in to the server,
and the LOBuser group, which has only read access to the data. Assign rights
to the virtual machine that will allow for continued business function.
Results: After this exercise, you should have created a plan for the migration of a
legacy line of business server to the virtual environment, including security and backup
considerations.
8-22
8-23
Exercise 3: Design Development Environment Isolation

Using Virtual Server
Scenario
Now that the test environment is up and running, the developers would like to
utilize it for isolation testing of new applications. They need to be able to create
scenarios dynamically.
1.
Discuss the roles of personnel in creating and using an isolated test bed.
2.
Discuss implications to storage, resources, and software of a provisioned test

bed.
f Task 1: Implement Provisioning for VMM
The application development team are about to embark on a long term project.
They will require extensive testing scenarios as they proceed. They believe that
ultimately the application will run on a three server web farm, a SQL server,
and a domain controller. They will also need to implement a perimeter firewall
and users both inside the simulated environment and outside, in the "internet."
All of these servers will run Windows Server 2008 or Windows Vista.
As a group, discuss what roles the administrator, support personnel, and

development team will assume in the VMM provisioning plan.
f Task 2: Plan for Hardware and Software
As a group, discuss the storage, networking, and resource requirements.

Determine what hardware and licenses will need to be purchased.
Results: After this exercise, you should have identified the personnel roles required for
a VMM provisioning scheme and planned for any additional hardware and software
purchase.
Review Questions
1.
How many physical machines would we have needed to create the test
environment from exercise 1? How does that compare with the physical
machines we used to create the virtualized test environment?
2.
Where is savings realized in the migration of the legacy server in Exercise 2?
3.
After a preliminary VMM environment has been built up for a test

environment, what happens to the barrier to entry into other virtualization
scenarios?
8-24
8-25
Common Issues related to planning a virtualized test environment

Identify the causes for the following common issues related to planning a
virtualized test environment and fill in the troubleshooting tips. For answers, refer
to relevant lessons in the module.
Issue
Troubleshooting tip
Virtual Server 2005 does not support

64 bit operating systems.
Hyper-V, which will be released shortly after

Server 2008, will support 64 bit applications.
Creating new test scenarios are time

consuming.
Implement a VMM library server to store often

used images. Enable self provisioning for the
development team.
Moving web applications from the

test environment to production is
time consuming.
Implement IIS 7.0, utilizing XML configurations

and shared configurations.

1.
Several legacy web applications running on individual, non rack mounted

servers are taking up space in an increasingly crowded data center. Their
administrative team wants to maintain a "one service per machine" installation
for them. Is virtualization a good solution? What are the implications? What
are other value propositions for a virtualization migration?
2.
A fast growing insurance company is regularly adding servers to their data

center. Generally they are providing file, data, and application services. They
project 50% growth in their installed server base in the next year. How can the
organization use virtualization to plan for the future? What tools should be
implemented.
Best Practices related to planning a virtualized environment

Understand the customer environment. Match the solution to stated business

requirements.
Utilize host based backup for virtual machines.
Reference WSSRA-VE as a successful model for a virtualization project.
Tools
Tool
Virtual Server
2005 Migration
Toolkit
Use for
Migrating legacy
servers not compatible
with VMM P2V
Where to find it
Download from
http://www.microsoft.com/technet/
virtualserver/downloads/vsmt.mspx
8-26
9-1
Module 9
Designing Virtualization Provisioning
Contents:
Lesson 1: Design Virtual Server Provisioning Workflow Model
9-3
Lesson 2: Evaluate Appropriateness for Virtualization
9-8
Lesson 3: Evaluate Customization to Standard Configuration
9-14
Lesson 4: Design Deployment for Virtualization
9-17
9-20
Module Overview
In this module, we will introduce the processes involved in designing virtualization

provisioning with Microsoft Windows Server 2008. We will discuss virtual server
provisioning, learn how to evaluate the infrastructure to determine the
appropriateness for virtualization and to customize to a standard configuration.
Finally we will introduce the processes involved in designing deployment for
virtualization.
9-2
Lesson 1
Design Virtual Server Provisioning Workflow

Model
In this less we will review designing a virtual server environment. We will also
discuss management design and the concept of static computing versus virtual
computing.
9-3
Designing a Virtual Server Environment
Key Points
The changes and considerations from consolidating and relocating servers

include several issues. Effectively addressing these issues requires a
coordinated effort across the old and new boundaries for each application.
Sizing physical computers that will host virtual machines is critical to

successful deployment.
During the assessment and initial planning phase, you identify the applications
that are to be consolidated and migrated to virtual machines and determine
their current location and characteristics.
9-4
9-5
Question: What issues are faced when consolidating and relocating physical
servers to virtual ones?

Migrating LOB Applications" online.
Management Design
Key Points
You should define a security model, including all account names and
permissions, for administering Virtual Server and for administering each
virtual machine.
To successfully ensure that all images are properly managed and monitored, it
is important to ensure proper tracking of the virtual machines.
Question: What does the deployment of virtual machines require in terms of a

security model?

9-6
9-7
Static Computing Versus Virtual Computing
Key Points
Virtualization is the act of isolating or unbinding one computing resource from

others.
Virtualization lets hardware and software be used in more diverse ways.
Integrating the management of virtual and physical computers with policybased tools can reduce system complexity.
Question: What does application virtualization allow for? What does presentation
virtualization allow for?
For More Information, see "The Promise of Virtualization" online.
Lesson 2
Evaluate Appropriateness for Virtualization
In this lesson we will review identifying appropriate solutions. We will also

introduce the concepts of envisioning, assessing the current environment, and
finally determining solutions.
9-8
9-9
Identifying Appropriate Solutions
Key Points
Determining appropriate solutions for virtualization involves several

requirements.
Assessing the infrastructure involves several tasks with the end goal of creating
an inventory and information about the current infrastructure.
A systematic approach to solution assessment and decision-making can

simplify these processes and help ensure deployment of the most appropriate
virtualization solution.
Question: What information is required in order to ensure a complete assessment

of the infrastructure?

9-10
9-11
Envisioning
Key Points
Several issues must be considered when establishing goals and objectives.
The process of meeting goals and objectives is iterative and may require
multiple phases.
Effective mapping of applications to solutions requires an understanding of

the start and end state of each application.
Question: Where can you find information on how to create, define, and
document objectives?

Assessing the Current Environment
Key Points
Assessing applications requires collecting information about each application.
Assessing the network requires capturing several key pieces of information.
Question: What information is required of a network assessment?

9-12
9-13
Determining Solutions
Key Points
Understanding start states and end states of applications is critical to

determining an effective virtualization solution.
Effective deployment of virtualization assumes all involved have a good

working knowledge of Windows Server 2008 and a basic understanding of
virtualization concepts.
Many applications share common application platforms and resources.
Mapping applications to solutions has two major requirements.

Lesson 3
Evaluate Customization to Standard

Configuration
A complete virtualization strategy can profoundly impact nearly every aspect of the
IT infrastructure management lifecycle. In this lesson we will discuss virtualization
strategy and implementing a virtual server environment.
9-14
9-15
Virtualization Strategy
Key Points
Virtualization reverses server sprawl and streamlines provisioning.
Application virtualization speeds deployment.
Virtualization simplifies continuity and recovery.
In a dynamic infrastructure, IT management is fully automated and resources

dynamically provisioned.
Virtualization can streamline and maximize security of the infrastructure.
Question: How does virtualization simplify provisioning?
For More Information, see "Microsoft Virtualization" online.
Implementing a Virtual Server Environment
Key Points
Implementing a virtual server solution starts with establishing a consolidated

environment.
Hardware and software platforms must be set up for the destination servers.
Question: How can virtual server security be implemented on destination servers?

9-16
9-17
Lesson 4
Design Deployment for Virtualization
In this lesson, we will introduce how to design with System Center for deployment.
We will also discuss host ratings, which indicate the host's suitability for hosting
the virtual machine.
Design with System Center for Deployment
Key Points
When a virtual machine is deployed on a host, the process of selecting the

most suitable host for the virtual machine is known as virtual machine
placement, or simply placement.
During automatic placement, the configuration files for the virtual machine are
moved to the volume judged most suitable on the selected host.
For automatic placement to succeed, a virtual machine path must be

configured on the recommended volume.
For More Information, see "About Virtual Machine Placement" online.
9-18
9-19
Host Ratings
Key Points
Host ratings take into consideration one of the following placement goals, which
you specify:
Resource maximizationwhen resource maximization is the goal, the

suitability of each virtual machine host is rated based on the intention to
consolidate multiple low-utilization workloads on a single host. Virtual
machine placement in these cases involves determining the capacity limits for
a particular host and placing virtual machines on that host until the limits are
reached.
Load balancingWhen load balancing is the goal, the suitability of each virtual
machine host is rated based on the intent to minimize the processing load on
any one host.
For More Information, see "About Host Ratings" online.
Exercise 1: Design Virtual Server Host Configuration

Scenario
You are the Enterprise Administrator for Contoso Corporation, which has recently
consolidated servers from multiple test environments into a single shared, virtual
test environment. The test environment needs to support web servers, application
servers and SQL servers, and high availability configurations.
In this exercise you will identify and document business and technical
requirements as they apply to virtual server host configuration. You will also
generate a conceptual plan for the implementation of a virtual server host
configuration.
1.
Identify business and technical requirements from the scenario.
2.
Generate a conceptual plan for the implementation of a virtual server host

configuration.
9-20
9-21
f Task 1: Identify business and technical requirements from the scenario
f Task 2: Generate a conceptual plan for the implementation of a virtual

server host configuration
Describe the methodology of sizing destination servers and indicate below

what performance you would measure per metric and why:
Metric
Performance Measured
Reason
Processor
Memory
Network I/O
Disk I/O
Describe how you would plan the implementation of virtual server

environment that includes web, application, SQL, and Terminal Services
servers.
requirements from the scenario and completed the table above based on the concepts
of virtual server host configuration. You should also have described the steps involved
in planning a virtual server environment.
Exercise 2: Design Virtual Server Provisioning Using System

Center
Scenario
Contoso now needs you to streamline deployment of several pre-defined virtual
servers. The four virtual server hosts are configured with four hyper-threaded
CPUs, 16 GB ram, with four network cards each. You want to allow for dynamic
CPU resource allocation based on workloads.
requirements as they apply to virtual server provisioning using System Center. You
will also generate a conceptual design document outlining virtual server
provisioning using System Center.
1.
Identify business and technical requirements from the scenario.
2.
Generate a conceptual design document outlining virtual server provisioning

using System Center.
f Task 1: Identify business and technical requirements from the scenario
9-22
9-23
f Task 2: Generate a conceptual design document outlining virtual

server provisioning using System Center
Each of Contoso's departments has its own files, scripts, and virtual disks that
need to be accounted for and each department wants its own virtual machine
host. The departments are as follows:
Finance, Human Resources, Information Technology, Security
Draw and describe a conceptual design document to outline how the virtual
machine hosts and virtual machine libraries will be deployed assuming that
placement defaults have not yet been set.
requirements of the scenario. You should also have outlined the concept of adding
virtual machine hosts and virtual libraries as well as the concepts of virtual machine
placement and host ratings and how to set placement defaults for virtual machines to
Resource maximization.
Review Questions
1.
What issues should be considered when establishing goals and objectives

during the Envisioning phase?
2.
What are Host Ratings and what goals do they take into consideration?
Common Issues related to System Center virtual machine status

Identify the causes for the following common issues related to System Center
virtual machine status and fill in the troubleshooting tips. For answers, refer to
Issue
"Creation Failed" status
"Migration Failed" status
"Missing" status
Troubleshooting tip
9-24
9-25

1.
The company you are consulting with is operating in a static IT environment

and wants to move their sales department to a virtual environment. How
would you go about this transition?
2.
You have been hired as a consultant at a large sales company to improve upon
their infrastructure. Assuming that the virtual environment has been ignored
up until this point, what changes can you make to ensure the virtual
environment is secure?
Best Practices related to virtualization strategy

Integrate the management of virtual and physical computers with policy-based

tools to reduce system complexity.
Leverage security, continuity, and recovery techniques to maximize business

availability.
Tools
Tool
Virtual Server
2005 Migration
Toolkit
Use for
Migrating legacy
servers not compatible
with VMM P2V
Where to find it
Download from
http://www.microsoft.com/technet/
virtualserver/downloads/vsmt.mspx
Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your
learning experience.
Please work with your training provider to access the course evaluation form.
Microsoft will keep your answers to this survey private and confidential and will
use your responses to improve your future learning experience. Your open and
honest feedback is valuable and appreciated.
9-26
L1-1

Logon Information:
Virtual Machine: N/A
User Name: N/A
Password: N/A
Estimated time: 60 minutes
Exercise 1: Design Hardware Platform

Scenario
Scenario #1
Scenario #2
Exercise Overview
In this exercise, you must review hardware options and design hardware platform.
f Task: Review hardware options and design hardware platform
Select 64 bit platform.

Results: After this exercise, you should have reviewed hardware options and platform
and selected 64 bit platform.
Exercise 2: Design Web Farm Availability and Scalability

Scenario
Scenario #1
Scenario #2
Exercise Overview
In this exercise, you need to create a design document consisting of multiple web
farms.
L1-2
L1-3
f Task: Create a design document consisting of multiple web farms

1.
Create a conceptual design diagram consisting of multiple web farms.
2.
Evaluate Need for Web Farm.
3.
Design Load Balancing.

Exercise 3: Design Web Site Availability and Scalability

Scenario
Scenario #1
Scenario #2
Exercise Overview
In this exercise, you must create a design document consisting of multiple web
farms with all websites hosted on each server.
f Task: Create a design document consisting of multiple web farms with

all websites hosted on each server
Create a conceptual design diagram consisting of multiple web farms with all
websites hosted on every server.
Exercise 4: Design Website Configuration, Deployment and

Consistency
Scenario
Scenario #1
Scenario #2
Exercise Overview
In this exercise, you must plan to automatically deploy website configuration using
Xcopy deployment.
L1-4
L1-5
f Task: Plan to automatically deploy website configuration using Xcopy

deployment
deployment of website configuration to Windows Server 2008 with IIS
installed
configuration using batch files and Xcopy deployment.
Exercise 5: Design Website Content, Deployment and

Consistency
Scenario
Scenario #1
Scenario #2
Exercise Overview
In this exercise, you must plan to automatically deploy website content using
Xcopy deployment.
f Task: Plan to automatically deploy website content using Xcopy

deployment
deployment of website content to Microsoft Windows Server 2008 with IIS
installed.
content using batch files and Xcopy deployment
L1-6
L2-7
Module 2: Optimizing IIS Performance and

Stability
Lab: Optimizing IIS Performance

and Stability
Logon Information:
Virtual Machine: NYC-DC1, NYC-WEB-A
User Name: Administrator
Password: Pa$$w0rd
Exercise 1: Design and Test Application Pools

Scenario
Microsoft Windows System Resource Manager the vendor should provide a table
showing what the allocated bandwidth should be per application). There is a
different group of website administrators for each site. They are responsible for
continuous monitoring and website updates.
Exercise Overview
In this exercise, you must plan new application pools.
Lab: Optimizing IIS Performance and Stability
f Task 1: Identify Application Pools

1.
Create the Application Pool and setting for ASP.NET 1.0 applications.
2.
3.
4.
Create Application Pool and settings for ASP.net 1.1 Misbehaving applications.
f Task 2: Design Deployment of Application Pools
Create scripts to deploy App Pools and settings for each application pool
create in Task 1.
Results: After this exercise, you should have created a drawing showing application
isolation and a document describing automatically deploying application isolation
solution.
Exercise 2: Design and Test Script Maps

Scenario
Exercise Overview
In this exercise, you need to plan to deploy script mapping.
L2-8
L2-9
f Task 1: Identify Script Mappings
Identify script mappings for each application file type.
f Task 2: Design Auto Deployment of Script Mappings
Create scripts to automatically deploy Script Mappings for each file type.
script mappings as well as a document with plans for auto deployment of script
mappings.
Exercise 3: Design and Test Bandwidth Allocation

Scenario
Exercise Overview
In this exercise, you must plan bandwidth allocation per site or application.
f Task 1: Identify Bandwidth Allocation
Identify bandwidth allocation per application.
f Task 2: Design Auto Deployment of Bandwidth Allocation
Create scripts to automatically deploy bandwidth allocation for each file

application.
bandwidth allocation per application as well as a document with plans for auto
deployment of bandwidth allocation.
Exercise 4: Design and Test Website Logging

Scenario
Exercise Overview
In this exercise, you must plan website logging.
f Task 1: Identify Logging Options
Identify logging options for each Web site.
L2-10
L2-11
f Task 2: Design Auto Deployment of Logging Options
Create scripts to automatically deploy logging options for each Web site.
logging structure as well as a document with plans for auto deployment of logging
structure and fields.
Exercise 5: Configuring a Web Server to Host Multiple

Applications with Separate Application Pools
Scenario
You will deploy the SalesSupport application to two new instances. One instance
will be a test deployment with additional testing configuration. Another instance
will be for the German division of Woodgrove and will need to be set for German
globalization settings because this instance was created by copying from the New
York site. Additionally, you will disable the debug mode for the production version
of SalesSupport.
Exercise Overview
In this exercise, you will learn how to create an application pool.
f Task 1: Create three application pools named SalesSupport,

SalesSupport_DE, and SalesSupport_Test
1.
On the Lab Launcher, next to 6437A-NYC-DC1 click Launch.
2.
On the Lab Launcher, next to 6437A-NYC-WEB-A click Launch.
3.
Log on to NYC-WEB-A as Woodgrovebank\Administrator with the password

of Pa$$w0rd.
4.
On NYC-WEB-A, click Start | Administrative Tools | Internet Information

Services (IIS) Manager.
5.
In the Connections pane, expand NYC-WEB-A, then click Application Pools.
6.
In the Actions pane, click Add Application Pool.
7.
The Add Application Pool dialog box appears. In the Name field, type
SalesSupport.
8.
Click OK.
9.
In the Actions pane, click Add Application Pool.
10. The Add Application Pool dialog box appears. In the Name field, type
SalesSupport_DE.
11. Click OK.
12. In the Actions pane, click Add Application Pool.
13. The Add Application Pool dialog box appears. In the Name field, type
SalesSupport_Test.
14. Click OK.
15. In the details pane, notice that SalesSupport, SalesSupport_DE, and
SalesSupport_Test appear in the list of application pools.
f Task 2: Create the applications SalesSupport_DE and SalesSupport_Test

1.
In the Connections pane, expand Sites, then click Default Web Site.
2.
In the Actions pane, click View Applications.
3.
Click Add Application.
4.
The Add Application dialog box appears. In the Alias field, type
SalesSupport_DE.
5.
Next to the Physical path field, click the Browse () button.
6.
The Browse For Folder dialog box appears. Browse to C:\inetpub\wwwroot,

and then click Make New Folder.
7.
Type SalesSupport_DE and then click OK twice.
8.
Click Add Application.
9.
The Add Application dialog box appears. In the Alias field, type
SalesSupport_Test.
10. Next to the Physical path field, click the Browse () button.
11. The Browse For Folder dialog box appears. Browse to C:\inetpub\wwwroot,
and then click Make New Folder.
12. Type SalesSupport_Test and then click OK twice.
13. In the details pane, notice that SalesSupport, SalesSupport_DE, and
SalesSupport_Test appear in the list of applications.
L2-12
L2-13
f Task 3: Use XCopy to deploy the files from the SalesSupport directory
to the SalesSupport_DE and SalesSupport_Test directories
1.
Click Start | Command Prompt.
2.
Type cd \inetpub\wwwroot and then press Enter.
3.
Type xcopy /e SalesSupport\*.* SalesSupport_DE and then press Enter.
4.
Type dir SalesSupport_DE and then press Enter to confirm that the files were
copied.
5.
Type xcopy /e SalesSupport\*.* SalesSupport_Test and then press Enter.

Shortcut: Press Up Arrow twice, and then backspace and change the last few
characters of the previous command line to _Test, and then press Enter.
6.
Type dir SalesSupport_Test and then press Enter to confirm that the files
were copied.
f Task 4: Assign the applications to the appropriate application pools

1.
In Internet Information Services (IIS) Manager, in the Connections pane,

click Default Web Site.
2.
In the Actions pane, click View Applications.
3.
In the details pane, click /SalesSupport.
4.
In the Actions pane, click Basic Settings.
5.
The Edit Application dialog box appears. Click Select.
6.
The Select Application Pool dialog box appears. In the Application pool list,
click SalesSupport, and then click OK twice.
7.
In the details pane, click /SalesSupport_DE.
8.
In the Actions pane, click Basic Settings.
9.
The Edit Application dialog box appears. Click Select.
10. The Select Application Pool dialog box appears. In the Application pool list,
click SalesSupport_DE, and then click OK twice.
11. In the details pane, click /SalesSupport_Test.
12. In the Actions pane, click Basic Settings.
13. The Edit Application dialog box appears. Click Select.
14. The Select Application Pool dialog box appears. In the Application pool list,
click SalesSupport_Test, and then click OK twice.
15. In the Connections pane, expand Default Web Site, then click
SalesSupport_DE.
16. In the details pane, double-click Authentication.
17. Click Anonymous Authentication.
18. In the Actions pane, click Disable.
19. In the details pane, click Basic Authentication.
20. In the Actions pane, click Enable.
21. Click Edit.
22. The Edit Basic Authentication Settings dialog appears. In the Default
domain and Realm fields, type woodgrovebank.
23. Click OK.
24. In the Connections pane, click SalesSupport_Test.
25. In the details pane, double-click Authentication.
26. Click Anonymous Authentication.
27. In the Actions pane, click Disable.
28. In the details pane, click Basic Authentication.
29. In the Actions pane, click Enable.
30. Click Edit.
31. The Edit Basic Authentication Settings dialog appears. In the Default
domain and Realm fields, type woodgrovebank.
32. Click OK.
f Task 5: Configure production application pool recycling for unlimited

requests
1.
In the Connections pane, click Application Pools.
2.
In the details pane, click SalesSupport.
3.
In the Actions pane, click Recycling.
L2-14
L2-15
4.
The Edit Application Pool Recycling Settings dialog box appears. Clear the
Regular time intervals check box, and then click Next.
5.
Click Finish.
6.
In the details pane, click SalesSupport_DE.
7.
8.
The Edit Application Pool Recycling Settings dialog box appears. Clear
Regular time intervals check box, and then click Next.
9.
Click Finish.
f Task 6: Configure the SalesSupport_Test application pool to record

recycled events
1.
In the details pane, click SalesSupport_Test.
2.
3.
The Edit Application Pool Recycling Settings dialog box appears. Select
Fixed number of requests.
4.
In the Fixed number of requests field, type 1024 and then click Next.
5.
On the Recycling Events to Log page, select Number of requests, Ondemand, and Configuration changes.
6.
Click Finish.
f Task 7: Configure the SalesSupport .NET compilation debug setting to

False
1.
In the Connections pane, click SalesSupport.
2.
In the details pane, double-click .NET Compilation.
3.
Under Behavior, in the Debug list, click False.
4.
In the Actions pane, click Apply.

Question: What is the advantage of disabling the debug setting in .NET
compilation?
Answer: The compiled code will be smaller and faster without debug code. It
is a good idea to use this setting when an application is fully tested and
deployed to final production.
f Task 8: Configure the SalesSupport_DE application globalization

settings for Germany
1.
In the Connections pane, click SalesSupport_DE.
2.
In the details pane, double-click .NET Globalization.
3.
In the Culture list, click German (Germany) (de-DE).
4.
In the UI Culture list, click German (Germany) (de-DE).
5.
6.
Click Start | All Programs | Internet Explorer.
7.
The Windows Internet Explorer window opens. Browse to

http://localhost/salessupport.
8.
The Connect to localhost dialog box appears. In the User name field, type
yvonne.
9.
In the Password field, type Pa$$w0rd and then click OK.
10. Open a second tab in Internet Explorer and then browse to

http://localhost/salessupport_test.
11. Open a third tab and then browse to http://localhost/salessupport_de.
12. Right-click the notification area and then click Task Manager.
13. The Task Manager window opens. Click the Processes tab.
14. Under the Image Name column, notice that there are at least three instances
of w3wp.exe running, indicating at least three separate application pools.
15. Close Task Manager.
16. In Internet Explorer, browse to http://localhost/salessupport_de/test.aspx.
17. Notice that the date is in dd.mm.yyyy format, the cultural default for Germany.
18. Close Internet Explorer. In the Internet Explorer dialog box, click Close
Tabs.
Results: After this exercise, you should have successfully deployed multiple applications with
separate application pools, configured recycling and debug settings, and configured and verified
.Net globalization settings.
L2-16
L3-17

Logon Information:
Virtual Machine: NYC-DC1, NYC-WEB-A
User Name: Administrator
Password: Pa$$w0rd
Exercise 1: Design and Verify Transport Security

Scenario
Exercise Overview
In this exercise, you must deploy security certificates (SSL).
f Task 1: Design Auto Deployment of SSL Certificates
Create scripts to deploy SSL Certificates to websites.
f Task 2: Redirect Websites for SSL

1.
Plan to redirect websites to use SSL.
2.
Verify redirection of websites to port 443.

Results: After this exercise, you should have a drawing showing a conceptual design
of your plan to deploy and redirect SSL Transport
Exercise 2: Design and Verify Authentication and

Authorization Methods
Scenario
Exercise Overview
In this exercise, you need to design authentication and authorization methods.
L3-18
L3-19
f Task 1: Plan to Deploy Client SSL Certificate
Plan deployment of Client SSL Certificate.
Verify forms-based authentication is enabled for site #1 in web.config file.

1.
2.
3.
4.

Results: After this exercise, you should have a drawing showing a conceptual design
of your plan to deploy certificate based authentication for site #2 and initial
anonymous access to site #1.
Exercise 3: Design and Verify Delegation Administration

Scenario
Exercise Overview
In this exercise, you must design and delegate administration.
f Task 1: Plan Administrative Groups
Plan administrative groups and global groups for IIS Administrators for
website # 1 and 2 on the domain controller.
f Task 2: Plan Permissions
Design updated web.config files with administrative access permissions on

web server.
Results: After this exercise, you should have a conceptual document for web server
and web site administration
Exercise 4: Configuring Authentication Types

Scenario
You receive a service request from the Enterprise Design Team to organize the
existing NYC-WEB-A server into virtual directories by access level. There will be
two access levels: public and restricted. Anyone on the network should be able to
access the public content. Only authenticated users should be able to access
restricted.
Exercise Overview
In this exercise, you will learn how to create virtual directories and configure
anonymous authentication.
L3-20
L3-21
f Task 1: Start the 6437A-NYC-DC1 virtual machine
On the Lab Launcher, next to 6437A-NYC-DC1 click Launch.
f Task 2: Start the 6437A-NYC-WEB-A virtual machine and log on as

Woodgrovebank\Administrator
1.
On the Lab Launcher, next to 6437A-NYC-WEB-A click Launch.
2.
Log on to NYC-WEB-A as Woodgrovebank\Administrator with the password

of Pa$$w0rd.
f Task 3: Add Basic, Windows Integrated and Digest Security features to

the IIS Role
1.
On NYC-WEB-A, in Server Manager, in the console pane, expand Roles and

then click Web Server (IIS).
2.
Right-click Web Server (IIS) and then click Add Role Services.
3.
The Add Role Services dialog box appears. In the Role services box, under
Security, select Windows Authentication, and Digest Authentication.
4.
Click Next and then click Install.
5.
When the installation is complete, click Close.
6.
In the details pane, in the Role Services section, notice that Windows
Authentication, and Digest Authentication are listed as Installed.
f Task 4: Create a virtual directory named public

1.
Click Start | Administrative Tools | Internet Information Services (IIS)

Manager.
2.
In the Connections pane, expand NYC-WEB-A | Sites and then click Default
Web Site.
3.
In the Actions pane, click View Virtual Directories.
4.
Click Add Virtual Directory.
5.
The Add Virtual Directory dialog box appears. In the Alias field, type Public.
6.
Next to the Physical path field, click the Browse (...) button.
7.
The Browse For Folder dialog box appears. Browse to C:\inetpub, and then
click Make New Folder.
8.
Type Public, and then click OK.
9.
Click OK.
10. Click Start | Computer and then browse to C:\inetpub\wwwroot.

11. Select all, then right-click and then click Copy.
12. Browse to C:\inetpub\public, right-click, and then click Paste.
f Task 5: Configure the public virtual directory for anonymous

authentication
1.
In Internet Information Services (IIS) Manager, in the Connections pane,

expand Default Web Site and then click Public.
2.
In the details pane, double-click Authentication.
3.
Click Anonymous Authentication. Notice that it is enabled.
4.
In the Actions pane, click Edit.
5.
The Edit Anonymous Authentication Credentials dialog appears. Notice that

Specific user is selected and set to IUSR.
6.
Click Cancel.
7.
In Server Manager, in the console pane, expand Configuration | Local Users

and Groups and then click Users.
8.
In the details pane, right-click Guest, and then click Properties.
9.
The Guest Properties dialog box appears. Clear Account is disabled, and
then click OK.
10. Click Start | Administrative Tools | Local Security Policy.

11. The Local Security Policy window opens. In the console pane, expand Local
Policies and then click User Rights Assignment.
12. In the details pane, right-click Allow log on locally, and then click Properties.
L3-22
L3-23
13. The Allow log on locally Properties dialog appears. Click Add User or
Group.
14. The Select Users, Computers, or Groups dialog box appears. Click
Locations.
15. The Locations dialog box appears. Click NYC-WEB-A, and then click OK.
16. In the Enter the object names to select field, type Guest, and then click OK
twice.
17. Close Local Security Policy.
18. Click Start | Switch User.
19. Logon as NYC-WEB-A\Guest with no password.
20. Click Start | All Programs | Internet Explorer.
21. The Windows Internet Explorer window opens. Browse to http://localhost.
Note that weve set the default site to the Public virtual directory so theres no
need to use localhost/public.
22. Notice that the IIS7 Welcome page loads.
23. Close each of the running virtual machines. Do not save changes so they are
reset to default for the next lab.
Results: After this exercise, you should have successfully verified that the Web Server
(IIS) role is installed and loaded the IIS Welcome page in Internet Explorer.
L4-25
Lab: Design IIS Maintenance and

UDDI
Logon Information:
Virtual Machine: NYC-DC1, NYC-WEB-D, NYC-WEB2
User Name: Woodgrovebank\Administrator
Password: Pa$$w0rd
Exercise 1: Design a Web Server Backup and Recovery

Strategy
Scenario
Woodgrove Bank has asked you to design and implement a web farm
infrastructure for a distributed web farm based on service level agreements. It will
include a backup and recovery plan. Each site will have a three node web farm, a
Microsoft SQL Server database, and SAN storage for the website content.
In this exercise you will identify what servers need to be deployed to two different
sites, New York and London, to create a distributed web farm for an e-commerce
site. The two web farms will run the same website and web application. They are
connected through a dedicated WAN link.
All servers will be a member of the same Active Directory domain. Domain
controllers already exist at both sites. The web farm servers will share identical
configuration and content. The administrators at New York will be responsible for
all management and updating. You will also identify what services and
applications to install. Then, design a backup plan for both content and
configuration information.
There are no legacy or SMTP applications, so no metabase will be necessary.
Exercise Overview
In this exercise we will design storage, backup, and recovery for an IIS 7.0 web
farm.
f Task 1: Specify the servers and storage at New York and London
1.
List the servers necessary to provide the service. For each device, list the
services and applications required.
2.
The content and SQL database need to be highly available, so include a SAN
installation at both sites.
3.
Determine how to best replicate configuration and content between the two
sites.
f Task 2: Specify a backup strategy

1.
Now, prepare the two sites for disaster recovery. What items need to be
backed up?
2.
The organization would like to be able to recover either site completely should
the entire location be lost. Prepare a backup scheme that would allow for
either site to be restored completely.
f Task 3: Design a recovery process

1.
One of the London servers has been compromised by a hacker. Create a

process to restore the web farm member to its proper configuration.
2.
Create a process to follow should the London site need to be completely

recovered from bare metal servers.
Results: After this exercise, you should have architected the London and New York
sites. Each site will contain three web farm members, a SAN, and a SQL server. The
SAN will contain SQL data, content data, and a shared applicationhost.config. The
data will replicate across a WAN link from New York to London. You will also have
created a backup strategy for the SAN including off-site storage. Finally, you will have
created a step-by step process for rebuilding a site in the case of a disaster.
L4-26
L4-27
Exercise 2: Design and test web server monitoring

Scenario
In this exercise we will identify how to monitor our new web farm. Woodgrove
Bank wants to be able to collect real time and historical data on the web service
performance. In addition, they would like to be notified of problems such as
application pool cycling, excessive requests, and, non-functioning servers.
Exercise Overview
In this exercise, you will consider options for monitoring an IIS 7.0 web farm.

1.
List those network elements which the web farm relies upon.
2.
3.

for web administrators.
Along with server to server connectivity, It will be important that firewalls,
storage, and Active Directory is available. Management packs for each of these
items should be deployed and included in the management console.

1.
All management of the web farm is primarily performed by the New York
administrators. However, the organization would like to be able to monitor
each site should the link between the two fail.
2.
Create a plan to deploy System Center Operations Manager to monitor the

web farm. Include server locations, management packs, and management
consoles.

1.
2.
3.
4.

Results: After this exercise, you should have listed the management packs that will be
necessary for thorough monitoring of the web farm and created a plan for the
deployment of Operations Manager.
Exercise 3: Design UDDI Deployment

Scenario
Woodgrove Bank has been asked by some business partners if they utilize UDDI
for service location. In addition, Woodgrove Bank developers feel that they could
benefit from the ability to locate existing services before they create new,
overlapping ones.
We have decided to deploy UDDI that has both internet-facing and internal
components. For testing purposes, create a second, smaller UDDI service. Deploy
the enterprise UDDI service on the existing web farm.
Exercise Overview
In this exercise, you design a UDDI system for a large corporation, including
internal and external services.
f Task 1: Identify changes to the infrastructure for UDDI

1.
You have been tasked with managing the hardware and infrastructure
deployment for UDDI at Woodgrove Bank. Identify what services need to be
deployed or changed.
2.
For the two UDDI services (testing and enterprise), list the security groups
and place the following roles in the appropriate place:
Domain Users
Authorized user on web server
Developers
UDDI developer
L4-28
L4-29
One stand alone UDDI can serve as the testing UDDI. It can be internal to the
network with no access to the internet. The UDDI service can be deployed on
the existing web farm.
Security Group
Testing Server Role
Enterprise Server Role
Domain Users
None
User
Authorized Web users
None
User
Developers
Publisher (can be user for

greater control)
Coordinator
UDDI Developer
Coordinator
Coordinator
Administrator
Administrator

1.
2.
Results: After this exercise you will have developed a UDDI deployment plan that
accounts for security, infrastructure, and process.
Exercise 4: Troubleshooting application pool instability

Scenario
A year later, a new web farm location is added in Paris. It was created using older
repurposed servers. These servers have two processors on 32 bit hardware. Now,
the web farms all contain 4 ASP.NET. applications.
Although the New York and London sites are functioning as normal, the Paris site
is frequently non-responsive due to reaching virtual memory thresholds.
The local technical specialist configured automatic recycling to occur at a 2 GB
threshold on the Paris web servers. This has increased the availability of the sites,
but server performance is suffering because the application pool is frequently
automatically recycling.
Exercise Overview
In this exercise, you will identify the causes of application pool problems.
f Task 1: Identify and resolve the application pool problem

1.
The New York and London sites are running identical applications to the Paris
site and experiencing no problems. As a result, we can conclude that the
applications do not have any memory leaks or other flaws.
2.
Although the Paris site was originally built with repurposed hardware, the
problem is such that the organization needs to resolve the problem and is
willing to invest in a solution.
3.
The applications and server load require the expanded memory thresholds of
64 bit hardware. Replace the older hardware in the Paris web farm with 64 bit
servers.

1.
2.
Results: After this exercise you will have identified the problem with the Paris servers
and created a plan for resolving their performance issues.
Exercise 5: Enabling Shared Configurations

Scenario
Woodgrove Bank is deploying a new application in the New York operations
center. The application needs to run across multiple servers in order to increase
performance. Make use of IIS 7 shared configuration to centralize and standardize
the setup of the new web servers.
Exercise Overview
In this exercise, students will learn how to enable shared configuration.
L4-30
L4-31
f Task 1: Export and Enable Shared Configuration

1.
On the Lab Launcher, next to 6437A-NYC-DC1, click Launch.
2.
On the Lab Launcher, next to 6437A-NYC-WEB-D, click Launch.
3.
Log on to NYC-DC1 as Woodgrovebank\Administrator with the password of

Pa$$w0rd.
4.
Log on to NYC-WEB-D as Woodgrovebank\Administrator with the password

of Pa$$w0rd.
5.
On the Lab Launcher, next to 6437A-NYC-WEB2, click Launch.
6.
Log on to NYC-WEB2 as Woodgrovebank\Administrator with the password

of Pa$$w0rd.
7.
On NYC-WEB-D, click Start | Administrative Tools | Internet Information

8.
In the Connections pane, click NYC-WEB-D.
9.
In the details pane, in the Management section, double-click Shared

Configuration.
10. In the Actions pane, click Export Configuration.

11. The Export Configuration dialog box appears, allowing you to export the
local configuration files, settings, and encryption keys. In the Physical Path
field, type \\NYC-WEB-D\E.
12. In the Encryption keys password and Confirm password fields, type
Pa$$w0rd.
13. Click OK.
14. The Export Configuration dialog box appears indicating that the files were
exported successfully. Click OK.
15. In the details pane, select Enable shared configuration.
16. In the Physical Path field, type \\NYC-WEB-D\E.
17. In the User name field, type Woodgrovebank\Administrator.
18. In the Password and Confirm password fields, type Pa$$w0rd.
19. In the Actions pane, click Apply.
20. The Encryption Keys Password dialog box appears for you to enter the
encryption key. In the Enter encryption key password field, type Pa$$w0rd.
21. Click OK.

22. The Shared Configuration dialog box appears, indicating that the current
encryption keys were backed up. Click OK.
23. The Shared Configuration dialog box appears, indicating that IIS Manager
and Management service must be restarted for these changes to be completed.
Click OK.
24. Close Internet Information Services (IIS) Manager.
25. Click Start | Administrative Tools | Internet Information Services (IIS)
Manager.
26. In the Connections pane, click NYC-WEB-D.
27. In the details pane, in the Management section, double-click Management
Service.
28. In the Actions pane, click Start.
f Task 2: Add the second Web server to use the Shared Configuration
1.
On NYC-WEB2, click Start | Administrative Tools | Internet Information

2.
In the Connections pane, click NYC-WEB2.
3.
In the details pane, in the Management section, double-click Shared

Configuration.
4.
Select Enable shared configuration.
5.
In the Physical Path field, type \\NYC-WEB-D\E.
6.
In the User name field, type Woodgrovebank\Administrator.
7.
In the Password and Confirm password fields, type Pa$$w0rd.
8.
9.
The Encryption Keys Password dialog box appears. In the Enter encryption
key password field, type Pa$$w0rd.
10. Click OK.

11. The Shared Configuration dialog box appears, indicating that the current
encryption keys were backed up. Click OK.
L4-32
L4-33
12. The Shared Configuration dialog box appears, indicating that IIS Manager
and Management service must be restarted for these changes to be completed.
Click OK.
13. Close Internet Information Services (IIS) Manager.
14. Click Start | Administrative Tools | Internet Information Services (IIS)
Manager.
15. In the Connections pane, click NYC-WEB2.
16. In the details pane, in the Management section, double-click Management
Service.
17. In the Actions pane, click Start.
f Task 3: Test the Shared Configuration

1.
On NYC-WEB-D, in Internet Information Services (IIS) Manager, in the

Connections pane, click NYC-WEB-D.
2.
In the details pane, in the IIS section, double-click Default Document.
3.
In the Actions pane, click Add.
4.
The Add Default Document dialog box appears to allow us to add a default
document to test the shared configuration. In the Name field, type test.html
and then click OK.
5.
On NYC-WEB2, in Internet Information Services (IIS) Manager, in the

Connections pane, click NYC-WEB2.
6.
In the details pane, in the IIS section, double-click Default Document.
7.
Notice that the default document test.html has been added to the top of the
list for the second Web server as well.
Question: Why has the default document test.html has been added to the top
of the list for the second Web server as well?
Answer: The default document test.html has been added to the top of the list
for the second Web because both servers are using shared configuration.
Results: After this exercise, you should have successfully configured a two-server
network with an underlying foundation of shared configurations.
Exercise 6: Configuring Network Load Balancing

Scenario
With the two Web servers set up with Shared Configurations, configure Network
Load Balancing to increase Web site availability.
Exercise Overview
In this exercise, students will ensure Web site availability by implementing
Network Load Balancing.
f Task 1: Create a new Network Load Balancing cluster

1.
On NYC-WEB-D, click Start | Administrative Tools | Network Load

Balancing Manager.
2.
In the console pane, right-click Network Load Balancing Cluster and then
click New Cluster.
3.
The New Cluster: Connect dialog box appears. Start the process by
connecting to the Network Load Balance host computer. In the Host field,
Type NYC-WEB-D, and then click Connect.
4.
Make sure the Local Area Connection interface with Interface IP address
10.10.0.21 is highlighted, and then click Next.
5.
The New Cluster: Host Parameters page shows the dedicated IP addresses
and the initial host state. Click Next.
6.
The New Cluster: Cluster IP Addresses page allows you to add cluster IP
addresses that are shared by every member of the cluster. Click Add.
7.
The Add IP Address dialog box appears, allowing you to add IPv4 or IPv6
addresses to the cluster. In the Add IPv4 address field, type 10.10.0.27.
8.
In the Subnet mask field, type 255.255.0.0, and then click OK.
9.
Make sure the newly added cluster IP address is highlighted. Click Next.
10. The New Cluster: Cluster Parameters page allows you to modify the
operation mode of the cluster IP addresses. In the Full Internet name field,
type cluster.woodgrovebank.com.
L4-34
L4-35
11. Select the Multicast radio button.

12. Click Next.
13. The New Cluster: Port Rules page allows you to add, edit, and remove cluster
IP address port rules. Click Finish. Wait for the operation to complete before
continuing.
f Task 2: Add the second host to the Network Load Balancing cluster
1.
In the console pane, right-click cluster.woodgrovebank.com and then click

Add Host to Cluster.
2.
The Add Host to Cluster: Connect dialog box appears. Add the second host
computer. In the Host field, Type NYC-WEB2, and then click Connect. Wait
for the operation to complete before continuing.
3.
Make sure the Local Area Connection interface with Interface IP address
10.10.0.26 is highlighted, and then click Next.
4.
The New Cluster: Host Parameters page shows the dedicated IP addresses
and the initial host state. Make sure that the Priority (unique host identifier)
is 2, and then click Next.
5.
The New Cluster: Port Rules page allows you to add, edit, and remove cluster
IP address port rules. Click Finish. Wait for the operation to complete before
continuing.
f Task 3: Add the second server to the Network Load Balancing cluster
1.
On NYC-WEB2, Click Start, click Administrative Tools, and then click

Network Load Balancing Manager.
2.
The Network Load Balancing Manager window opens and loads the current
cluster. The Warning dialog box appears, presenting a warning about running
NLB in Unicast mode. Click OK.
f Task 4: Verify Network Load Balancing using NLB commands

1.
Click Start | Command Prompt.
2.
Type NLB query 10.10.0.27 and then press Enter.
3.
Notice that the NLB command indicates that host 2 has entered a converging
state with the cluster.
4.
On NYC-WEB-D, click Start | Command Prompt.
5.
Type NLB query 10.10.0.27 and then press Enter.
6.
Notice that the NLB command indicates that host 1 has entered a converging
state with the cluster.
7.
Type NLB display and then press Enter.
8.
The results show very detailed information about the cluster and its current
state. Scroll to the top of the displayed information to examine the
Configuration section.
9.
Close each of the running virtual machines. Do not save changes so they are
reset to default for the next lab.
Results: After this exercise, you should have successfully configured network load
balancing on a two-server network, with an underlying foundation of shared
configurations.
L4-36
L5-37
Module 5: Designing a Terminal Services

Infrastructure

Infrastructure
Logon Information:
User Name: N/A
Password: N/A
Exercise 1: Design Terminal Services RemoteApp Programs

Scenario
In this exercise you are the Enterprise Administrator for a company that has
recently upgraded all desktops to the Vista operating system. Your company wants
to make two lines of business applications available to users. The application
consists of a thick client and back end database systems. There is typically a large
amount of network communication between the thick client and the back end
systems. You want to make these applications accessible from the users desktops
without impacting network traffic on the client computer subnets. You want to
avoid having users separately authenticate to these applications through
RemoteApp and single sign-on.
Exercise Overview
In this exercise, you must identify and document business and technical
requirements and generate a conceptual configuration for Terminal Services
RemoteApp that meets the business and technical requirements of the scenario.

from the scenario
1.
2.
f Task 2: Generate a conceptual configuration for Terminal Services

RemoteApp that meets the business and technical requirements of the
scenario
Describe how to configure the server that will host RemoteApp programs. This
includes installing Terminal Server, installing programs, and verifying remote
connection settings.
L5-38
L5-39

RemoteApp Programs using a file share
1.
Describe how to use TS RemoteApp Manager to add RemoteApp programs

and to configure global deployment settings.
2.
Describe how to use TS RemoteApp Manager to create .rdp files or Windows

Installer packages from RemoteApp programs.
requirements from the scenario, described a .rdp file that includes the two LOB
applications, described single sign-on configuration, and drawn and described a
network architecture that includes a client computer, file share, and terminal server,
and shown how the .rdp file is added to the file share using TS RemoteApp Manager.
Exercise 2: Design Terminal Services Corporate Desktop

Scenario
In this exercise you are the Enterprise Administrator for a company that has a wide
variety of desktop operating systems in use. There are no immediate plans to
upgrade all of the desktops. Your company wants to make several applications
available to all users that will not run on many of the existing operating systems.
You want to make all local desktop peripheral devices and hard drives available for
use with these applications.
Exercise Overview
requirements from the scenario and generate a conceptual design for deploying
Terminal Services RemoteApp programs through TS Web Access.

from the scenario
1.
2.

RemoteApp programs through TS Web Access
1.
Draw a network architecture that accounts for all of the components involved
in deploying Terminal Services RemoteApp Programs using TS Web Access.
2.
Describe the tasks involved in deploying RemoteApp programs through TS

Web Access, being sure to include the requirements from Task 1s-.
requirements from the scenario, drawn and described a network architecture that
includes a client computer, TS Web Access server, and Terminal Server, and described
the five tasks involved in deploying RemoteApp programs through TS Web Access.
Exercise 3: Design and Terminal Services Gateway and Web

Access
Scenario
In this exercise, you are the Enterprise Administrator for Contoso, a global
consulting company that has a highly mobile workforce. This workforce is often
working at customer locations behind firewalls. Many of the consultants also
utilize internet kiosks at airports. Your company wants to make several
applications available to all users regardless of their location and client
connectivity. When they are using company laptop computers, you want to make
all local desktop peripheral devices and hard drives available for use with these
applications.
Exercise Overview
In this exercise, identify and document business and technical requirements from
the scenario and generate a conceptual design for terminal TS Gateway and Web
Access.
L5-40
L5-41

from the scenario
1.
2.
f Task 2: Generate a conceptual design for terminal TS Gateway and TS

Web Access
Draw and describe a network architecture that allows users to access the TS
Web Access server from the internet.
requirements from the scenario and drawn and described a network architecture that
includes a TS Gateway server and TS Web Access server in the perimeter network, with
terminal servers that host RemoteApp programs behind the company firewall.
Exercise 4: Design TS Gateway Policies, Connection

Authorization Policies, and Resource Allocation Policies
Scenario
Due to a company a data breach at Contoso, the company must now design a
tighter security policy that will affect the TS Gateway and Web Access project you
recently designed. When users are using other means of access you want to ensure
maximum security of the corporate network through web access, TS gateway,
connections authorization policies and resource access policies.
Exercise Overview
requirements from the scenario and generate a detailed design document to
improve security in TS Gateway and Web Access.

from the scenario
1.
2.
f Task 2: Generate a detailed design document to improve security in TS

Gateway and Web Access
Detail how you would use Terminal Services authorization policies to improve
security given the above guidelines.
requirements from the scenario and generated a design document containing a TS
connection authorization policy and TS resource authorization policy. The TS CAP and
TS RAP should allow only the specific user and computer groups listed in the second
task.
L5-42
L6-43
Module 6: Designing a Terminal Services

Maintenance Strategy

Infrastructure
Logon Information:
Virtual Machine: SEA-DC-01
User Name: Contoso\Administrator
Password: Pa$$w0rd
Exercise 1: Design highly available Terminal Services

Scenario
You are the Enterprise Administrator for Contoso Corporation. Contoso plans to
utilize Terminal Services exclusively to provide desktop environments to its
workforce of 1,000 users. Contoso wants to make the desktop environment highly
available and highly scalable. You also want users data files and profiles to be
highly available. You also want users to reconnect to their existing sessions in the
event of a disconnection not accompanied by a log-off.
Exercise Overview
requirements from the scenario and generate a conceptual design for IP load
balancing and failover session directory.

from the scenario
1.
2.
f Task 2: Generate a conceptual design for IP load balancing and

failover session directory
1.
Draw a network architecture that includes at least two computers that have
one network adapter each for load balancing with only TCP/IP configured on
that adapter. The diagram should also show that all hosts in the NLB cluster
reside on the same subnet, that all of the clusters clients are able to access that
subnet, and that all terminal servers in the TS farm are on the same domain.
2.
Describe how you will configure the NLB cluster to include host parameters,
cluster parameters, and port rules that apply only to RDP traffic.
requirements from the scenario, drawn a network architecture that includes at least
two computers, each on the same subnet and domain, and each only configured for
TCP/IP. You should also have a NLB cluster configuration that includes host
parameters, cluster parameters, and port rules that apply only to RDP traffic.
Exercise 2: Design Group Policy for Terminal Services

Scenario
Contoso needs to be able to rapidly deploy configuration changes to all of the
terminal servers and ensure configuration consistency among the terminal servers.
You want to enforce specific settings for users during terminal services sessions,
specifically that Terminal Services clients can only connect to network resources
through TS Gateway and that each terminal services session uses the Terminal
Services Easy Print printer driver first.
Exercise Overview
requirements from the scenario and generate a conceptual design document for
implementing group policy specific to terminal servers.

from the scenario
1.
2.
L6-44
L6-45
f Task 2: Generate a conceptual design document for implementing

group policy specific to terminal servers
Describe a Group Policy that configures, enables, and enforces the business
and technical requirements of the scenario.
requirements from the scenario and described a group policy that enables and
enforces the Group Policy settings Enable Connections Through TS Gateway and
Set the TS Gateway Server Address on the TS Gateway server, and enables the Use
Terminal Services Easy Print printer driver first setting on the terminal server.
Exercise 3: Design Resource Management for Terminal

Services
Scenario
Contoso next wants to prevent large amounts of activity on a single Terminal
Services session from seriously degrading the performance of other sessions, and
also want each session to be guaranteed a minimum of 5 percent server
performance capability. In this exercise you will describe server resource allocation
among terminal services sessions.
Exercise Overview
the scenario and generate a conceptual design for server resource allocation among
terminal services sessions.

from the scenario
1.
2.
f Task 2: Generate a conceptual design for server resource allocation

among terminal services sessions
Describe the resource-allocation policies you would create to fulfill the

requirements from the scenario and generated a conceptual resource-allocation
policy that includes CPU and memory allocations that fulfill the requirements of the
scenario.
Exercise 4: Design monitoring for Terminal Services

Scenario
Contoso wants the Terminal Services administrative staff to be notified
immediately upon the occurrence of any situation that causes an outage or severe
performance degradation of any terminal server, and particularly the TS Web
Access servers.
Exercise Overview
the scenario and generate a conceptual design for Terminal Services monitoring
with specific monitoring definitions for the TS Web Access servers.

from the scenario
1.
2.
L6-46
L6-47
f Task 2: Generate a conceptual design for Terminal Services monitoring

with specific monitoring definitions for the TS Web Access servers
Describe the monitoring definitions you would implement to fulfill the

requirements from the scenario and described how they apply to TS monitoring. You
should also have generated a conceptual design for TS monitoring that includes a
Service Health Check, a "Service Unavailable" notification, and multiple Performance
Threshold alerts.
Exercise 5: Optimizing Terminal Services Performance

Scenario
Contosos remote users are reporting performance issues with terminal services
and management has requested that terminal services performance be optimized
for those users accessing the system through TS Gateway.
Exercise Overview
In this exercise, students will learn how to optimize terminal services performance
using resource allocation policies.
f Task 1: Create a New Process Matching Criteria

1.
On the Lab Launcher, next to 6437A-SEA-DC-01, click Launch.
2.
Log on to SEA-DC-01 as Contoso\Administrator with the password of

Pa$$w0rd.
3.
On SEA-DC-01, click Start | Administrative Tools | Windows System

Resource Manager.
4.
The Connect to computer dialog box appears. Click Connect.
5.
In the console tree, click Process Matching Criteria.
6.
Right-click Process Matching Criteria, and then click New Process Matching
Criteria.
7.
In the Criteria name field, type TSGateway.
8.
Click Add.
9.
On the Add Rule dialog box, click Select.
10. In the Add Registered Service dialog box, click TSGateway, and then click
OK.
11. Click OK twice.
f Task 2: Create a CPU allocation with WSRM

1.
In the console tree, click Resource Allocation Policies.
2.
Right-click Resource Allocation Policies, and then click New Resource

Allocation Policy.
3.
In Policy name, type TSGatewayCPUPolicy, and then click Add.
4.
On the General tab, in the Process matching criteria list, select TSGateway.
5.
In the Percentage of processor allocated for this resource field, type 40.
6.
Click OK twice.
f Task 3: Create a memory allocation with WSRM

1.
In the console tree, right-click Resource Allocation Policies, and then click
New Resource Allocation Policy.
2.
In the Policy Name field, type TSGatewayMemoryPolicy, and then click Add.
3.
On the General tab, in the Process matching criteria list, select TSGateway.
4.
Click the Memory tab.
5.
Select Use maximum committed memory for each process.
6.
In the Maximum committed memory limit per process (in MB) field, type
512.
7.
In the If memory is surpassed list, select Log an event log message.
8.
Click OK twice.
9.
Shut down SEA-DC1 and delete changes.

Results: After this exercise, you should have created a new process matching criteria,
created a CPU allocation with WSRM, and created a memory allocation with WSRM.
L6-48
Module 7: Design Windows Media Services

Infrastructure
Lab: Design a Windows Media

Infrastructure
Logon Information:
User Name: N/A
Password: N/A
L7-49
Exercise 1: Design Windows Media Services for Live

Broadcast
Scenario
You are the Enterprise Administrator for Contoso, a multi-national company with
locations in New York, London, Tokyo, and Seoul. Your company wants to
broadcast live quarterly company meetings from the New York headquarters to the
entire company. Several hundred will connect via dial-up.
The default stream averages 256 kbps.
In this exercise you will identify and analyze the requirements as they relate to
Windows Media Services and optional components. Then you will create a
conceptual design for WMS server placement and server roles and supported
protocols.
The London site contains routers that will not broadcast multicast packets.
Site
Users
Comments
New York
500
Live stream source. Supports 200 dial-in clients.
London
250
No multicast capable routers. Connected to New York

with a direct link.
Tokyo
100
Connected to New York with a direct link.
Seoul
100
Connected to Tokyo via internet link.
Exercise Overview
In this exercise we will design a worldwide Windows Media infrastructure.
L7-50
L7-51
f Task 1: Identify server requirements

1.
Identify the servers, including OS version and software, that will need to be
sourced at the New York site to encode and deploy a live webcast. Design for
high availability.
2.
Identify the server resources required in London, including OS version and

software, for the most efficient delivery of live content.
3.
Identify the server resources required in Seoul and Tokyo, including OS

version and software, for the most efficient delivery of live content. Design for
affordability, identifying servers that could be used for other services as well.
4.
Draw the network, including connections between servers.
f Task 2: Identify Bandwidth and protocol

1.
On the network map created in the previous task, identify the protocol used
between each server.
Question: How should you secure the connection between Tokyo and Seoul?
Answer: Encapsulate the HTTP using IPSec. Employ workgroup or AD ACLs.
2.
Calculate the bandwidth requirements for each link and for the cost on each
local network for the clients to connect.
Results: After this exercise, you should have created a drawing showing servers in the
appropriate locations to successfully broadcast the live stream to all sites and dial up
clients.
Exercise 2: Design WMS infrastructure for on-demand

content
Scenario
Contoso would now like to expand their WMS infrastructure to store the company
meetings and make them available on demand. Upon the completion of the
presentation, users should be able to immediately connect to a WMS distribution
point and start viewing the meeting.
Exercise Overview
In this exercise, you will expand the capabilities of the WMS infrastructure to
provide on-demand content.
f Task: Modifying the installation for on-demand streaming

1.
Analyze the existing architecture and identify any changes necessary to

provide on-demand streaming.
2.
Determine a high performance and high availability storage solution.

Question: How would you best secure the data both on the server and during
delivery?
Answer: Use ACLs on the stored content and contract with a DRM provider.
Results: After this exercise, you should have made sure that all WMS servers,
including the London servers, are capable of play while archiving. You should have
written specifications for a highly available storage schema and protected the content
with ACLs and DRM.
Exercise 3: Troubleshooting poor performance of ondemand content

Scenario
On-demand clients in the Seoul and Tokyo offices are experiencing excessive
buffering and choppy streams, suggesting a performance problem. Whatever your
recommendations were for those two offices, the corporation decided to employ
existing 32 bit servers at both locations for all WMS services. The unicast and
multicast services are provided from the same server. The stream is encoded at a 1
mbps standard. There is no apparent network congestion,
Exercise Overview
In this exercise, you identify how problems can be solved with on-demand
performance.
L7-52
L7-53
f Task 1: Troubleshooting poor performance

1.
Identify how you would confirm that network capacity is definitely not the
buffering issue.
2.
List actions that will increase the performance of the servers in Seoul and
Tokyo.
f Task 2: Implementing a solution

1.
Of the items in the list, which are most likely to cost effectively resolve the
buffering issue? Prioritize the list on this criteria.
2.
Create an implementation plan for resolving the buffering problem.

Results: After this exercise, you will be prepared to resolve the buffering problem by
upgrading the hardware.
Exercise 4: Design and test monitoring of Windows Media

Services
Scenario
You need to implement a monitoring solution for Windows Media Services.
Contoso is already using Microsoft Operations Manager, so will deploy the WMS
management pack as well as other service packs to keep track of the other
elements that WMS requires.
For this Exercise, refer to the Windows Media Services Management Pack Guide
(WMS_MPGuide.doc) in the resource CD.
Exercise Overview
In this exercise, you will create a monitoring scheme for WMS.
f Task 1: Deploy WMS management pack

1.
Looking at the network map you created in exercise 1, identify which

publishing points are mission critical. List these as points which you need to
engage the Critical Publishing Point stop rule.
2.
Create a naming convention for the critical publishing points rules so each rule
is uniquely named.
3.

1.
List those network elements which WMS relies upon to function.
2.
3.

for WMS administrators.
Results: After this exercise, you will be prepared to use Operations Manager to
monitor the WMS deployment.
L7-54
L8-55
Lab: Design Virtualization

Infrastructure
Logon Information:
User Name: N/A
Password: N/A
Exercise 1: Design a Test Server Consolidation Strategy

Scenario
You are an enterprise administrator for an organization with large web farms,
development and test beds for those servers. You have noticed that a large amount
of physical servers are being utilized as test and development environments for the
web farm. By consolidating those servers onto a virtualized platform, you want to
free up the investment in physical hardware and ease the management of a testing
environment.
Exercise Overview
In this exercise we will design a development environment using VMM.
f Task 1: Identify the Test Environment Elements
Looking at the sample architecture, list each element that is required for the
web farm and determine how to recreate it in the virtualized test environment.
L8-56
L8-57
f Task 2: Identify the Required Resources for a Standard Test

Environment
1.
We have decided to use Microsoft System Center Virtual Machine Manager to

provision and manage our virtual environment.
2.
We have determined that each virtualized server in the test environment

requires 512 MB. We can run four virtual machines on each virtual server. We
want to make 512 MB of RAM also available for the host OS.
3.
Identify the physical servers that we will need to build our virtualized
environment. Include the amount of RAM required for hosts.
4.
Identify security groups that will have access to the test environment. Include
administrators, support personnel, and developers.
f Task 3: Plan the Test Environment

1.
Create a schematic diagram of the test environment. Include physical and

virtual machines.
2.
Create a process for migrating tested applications to the production

environment.
Results: After this exercise, you should have identified the required resources for a
test environment and created a schematic design of that test environment.
Exercise 2: Design and Test Virtualization and Migration of

Legacy Server.
Scenario
The organization also has some legacy applications that you must continue to
support. The hardware servers are past their supported life and are starting to fail.
Examine the plausibility of migrating these services to a virtualized environment to
ease their support requirements.
One server, running Windows Server 2003, provides a mission critical proprietary
database. The hardware is now over 5 years old and is no longer supported by the
manufacturer. Although the server must be constantly available, it averages 10%
utilization of its processor. The service is not supported on a later OS.
In this exercise we will establish a legacy server virtualization environment and
plan for the migration of the first legacy server.
Exercise Overview
In this exercise, you will virtualize a legacy server.
f Task 1: Expand the VMM architecture to provide legacy server

virtualization
1.
The new server will require 1 GB of RAM but consumes negligible processor
time on a modern server. The server needs dedicated connectivity to the local
(192.168.16.x) network.
2.
Identify a location within the schematic that you created for lesson 1 that we
can add the legacy server, assuming that we can expand an existing host for
the RAM requirements of the legacy server.
f Task 2: Plan for Migration of the Legacy Server

1.
We have determined that we can store the legacy database itself on a preexisting iSCSI SAN and have already migrated it. The SAN is accessible on a
different physical TCP/IP network We want to migrate the server with a
minimum of downtime.
2.
Create a step by step plan for using VMM to migrate the server to the
virtualized environment. Confirm that the image is healthy and accessible
before the migration.
L8-58
L8-59
f Task 3: Enumerate Backup and Security for the Virtualized Server

1.
Although the database is backed up on the SAN, we want to also be assured

that the legacy server OS and application can be rapidly recovered if it
becomes damaged or inoperable. There is no internal backup tool for the
application. Create a strategy for backup and recovery of the virtualized legacy
server.
2.
The original server is accessible by two groups: the LOBdev group, which has
access to read and write on the database and can log directly in to the server,
and the LOBuser group, which has only read access to the data. Assign rights
to the virtual machine that will allow for continued business function.
Results: After this exercise, you should have created a plan for the migration of a
legacy line of business server to the virtual environment, including security and
backup considerations.
Exercise 3: Design Development Environment Isolation

Using Virtual Server.
Scenario
Now that the test environment is up and running, the developers would like to
utilize it for isolation testing of new applications. They need to be able to create
scenarios dynamically.
Exercise Overview
In this exercise, you will design VMM provisioning.
f Task 1: Implement Provisioning for VMM

1.
The application development team are about to embark on a long term project.
They will require extensive testing scenarios as they proceed. They believe
that ultimately the application will run on a three server web farm, a SQL
server, and a domain controller. They will also need to implement a perimeter
firewall and users both inside the simulated environment and outside, in the
"internet." All of these servers will run Windows Server 2008 or Windows
Vista.
2.
As a group, discuss what roles the administrator, support personnel, and

development team will assume in the VMM provisioning plan.
f Task 2: Plan for Hardware and Software
As a group, discuss the storage, networking, and resource requirements.

Determine what hardware and licenses will need to be purchased.
Results: After this exercise, you should have identified the personnel roles required
for a VMM provisioning scheme and planned for any additional hardware and
software purchase.
L8-60
L9-61
Lab: Design Virtualization

Provisioning
Logon Information:
User Name: N/A
Password: N/A
Exercise 1: Design Virtual Server Host configuration

Scenario
You are the Enterprise Administrator for Contoso Corporation, which has recently
consolidated servers from multiple test environments into a single shared, virtual
test environment. The test environment needs to support web servers, application
servers and SQL servers, and high availability configurations.
Exercise Overview
requirements as they apply to virtual server host configuration. You will also
generate a conceptual plan for the implementation of a virtual server host
configuration.

from the scenario
1.
2.
f Task 2: Generate a conceptual plan for the implementation of a virtual

server host configuration
1.
Describe the methodology of sizing destination servers and fill out the table
below as follows:
Metric
2.
Performance Measured
Reason
Processor
Total percent of processor

time
Required to calculate CPU resource

allocation on destination server.
Memory
Available bytes of memory
This includes the total standby, free,

and zero page lists. Monitor this
counter over time and use the lowest
number (minimum value in Windows
Performance Monitor) to
appropriately represent memory
consumption under a load. To express
this number in megabytes (MBs),
divide it by 1,024. Subtract this
number from the installed memory.
Network
I/O
Total bits per second for

the network interface (all
instances)
To determine the need for dedicated

or shared network adapter cards on
the destination server.
Disk I/O
Physical disk reads per

second (all instances)
Include each physical drive used by

the operating system.
Describe how you would plan the implementation of virtual server

environment that includes web, application, SQL, and Terminal Services
servers.
requirements from the scenario and completed the table above based on the
concepts of virtual server host configuration. You should also have described the steps
involved in planning a virtual server environment.
L9-62
L9-63
Exercise 2: Design Virtual Server provisioning using System

Center
Scenario
Contoso now needs you to streamline deployment of several pre-defined virtual
servers. The four virtual server hosts are configured with four hyper-threaded
CPUs, 16 GB ram, with four network cards each. You want to allow for dynamic
CPU resource allocation based on workloads.
Exercise Overview
requirements as they apply to virtual server provisioning using System Center. You
will also generate a conceptual design document outlining virtual server
provisioning using System Center.

from the scenario
1.
2.
f Task 2: Generate a conceptual design document outlining virtual

server provisioning using System Center
Draw and describe a conceptual design document to outline how the virtual
machine hosts and virtual machine libraries will be deployed assuming that
placement defaults have not yet been set.
requirements of the scenario. You should also have outlined the concept of adding
virtual machine hosts and virtual libraries as well as the concepts of virtual machine
placement and host ratings and how to set placement defaults for virtual machines to
Resource maximization.

Moc6437AF-En Designing WindowsServer2008 Applications Infrastructure-TrainerManual

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Moc6437AF-En Designing WindowsServer2008 Applications Infrastructure-TrainerManual

Uploaded by

Copyright:

Available Formats

OFFICIAL

Designing a Windows Server 2008 Applications Infrastructure

Technical Reviewer: Philip Morgan

Product Number: 6437A

MICROSOFT LICENSE TERMS

Internet-based services, and

conducted at or through Authorized Learning Centers by a Trainer providing training to Students

3. INSTALLATION AND USE RIGHTS.

Survival. Your duty to protect confidential information survives this agreement.

iii. Exclusions. You may disclose confidential information in response to a judicial or

becomes publicly known through no wrongful act;

you developed independently.

5. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS.

work around any technical limitations in the Licensed Content;

publish the Licensed Content for others to copy;

transfer the Licensed Content, in whole or in part, to a third party;

rent, lease or lend the Licensed Content; or

13. APPLICABLE LAW.

les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit stricte,

Designing a Windows Server 2008 Applications Infrastructure

Module 2: Optimizing IIS Performance and Stability

Module 3: Designing IIS Security

Module 4: Design IIS Maintenance and UDDI

Designing a Windows Server 2008 Applications Infrastructure

Module 5: Designing a Terminal Services Infrastructure

Module 6: Designing a Terminal Services Maintenance Strategy

Module 7: Design Windows Media Services Infrastructure

Module 8: Design Virtualization Infrastructure

Designing a Windows Server 2008 Applications Infrastructure

Module 9: Design Virtualization Provisioning

Lab Answer Keys

About This Course

Intermediate understanding of networking. For example, how TCP/IP

Intermediate understanding of network operating systems. For example,

Intermediate understanding of security best practices. For example, file system

Intermediate knowledge of server and network hardware.

Conceptual understanding of Active Directory (AD). For example, AD

MCT USE ONLY. STUDENT USE PROHIBITED

About This Course

About This Course

Windows Media Services

System Center Virtual Machine Manager

Design IIS 7 Web Farms.

Optimize IIS 7 for Performance and Stability.

Design IIS 7 for Security.

Design IIS 7 for reliability, recovery, and monitoring.

Design and prepare a Terminal Services infrastructure.

Design a terminal services maintenance strategy.

Design a Windows Media Services installation for live and on-demand

Implement virtualization to consolidate servers, support legacy applications,

Determine virtualization appropriateness and virtual server provisioning.

MCT USE ONLY. STUDENT USE PROHIBITED

Module 5, "Designing a Terminal Services Infrastructure" This module describes

Course Handbook. The Course Handbook contains the material covered in

To provide additional comments or feedback on the course, send e-mail to

MCT USE ONLY. STUDENT USE PROHIBITED

About This Course

About This Course

Virtual Machine Environment

Virtual Machine Configuration

Domain Controller for Woodgrove Bank

Web server for Woodgrove Bank

Web server for Woodgrove Bank

Web server for Woodgrove Bank