You are on page 1of 9

Windows Server 2008 Administrator 1.

Deployment
Server Role Facts
Functionality and services are added to your server by adding the following: A role is a set of software features that provides a specific server function. Examples of roles include DNS server, DHCP server, File Server, and Print Server. Role services are specific programs that provide the functions of a role. Some roles, like DNS, have a single role service. Other roles, like Print Server, have multiple role services such as the LPD Service for Unix printing and Internet Printing. You can think of a role as a group of programs, with each role service being a subcomponent of the role. A feature is a software program not directly related to a server role but which adds functionality to the entire server. Features include management tools, communication protocols or clients, and clustering support.

Common Windows Server 2008 roles include the following: Role Description AD DS is a distributed database that stores and manages information about network resources, such as users, computers, and printers. The AD DS role: Active Directory Domain Services (AD DS) Helps administrators securely manage information. Facilitates resource sharing and collaboration between users. Is required to be installed on the network to install directory-enabled applications such as Microsoft Exchange Server and for applying other Windows Server technologies, such as Group Policy.

AD CS creates and manages public key certificates used in software security systems. The AD CS role: Active Directory Certificate Services (AD CS) Provides customizable services for creating and managing public key certificates. Enhances security by binding the identity of a person, device, or service to a corresponding private key. Includes features that allow you to manage certificate enrollment and revocation in a variety of scalable environments.

Domain Name System (DNS) Dynamic Host Configuration Protocol (DHCP)

The DNS service maps IP addresses to logical hostnames. DNS servers provide name resolution services, providing IP addresses for known hostnames or hostnames for known IP addresses. With Windows Server 2008, the DNS service provides support for IPv6 addresses. The DHCP service provides IP addresses and other IP configuration information for network hosts. Host computers contact the DHCP server at startup to obtain IP address, default gateway, DNS server, and other configuration information. With Windows Server 2008, the DHCP service supports IPv6 addressing and configuration information. Add the File Services role to manage network file sharing. While you can share folders on the server without adding the File Server role, adding the role provides additional services such as: The Distributed File System (DFS) service provides a way to store copies of shared folders on multiple servers. The File Server Resource Manager (FSRM) includes features for managing quotas by user, restricting files that can be saved on a server, and generating file reports. Services for Network File System (NFS) add the capability to provide access to files through the NFS protocol, commonly used by UNIX computers.

File Services

Print Services

Adding the Print Services role adds a new print management console that allows you to manage printers on multiple servers. New with Windows Server 2008, you can also publish printers in Active Directory, thereby creating printing objects on client computers automatically for shared or network printers.

Windows Windows Sharepoint Services (WSS) provides collaboration tools and a platform for developing Sharepoint Services Web-based applications. Sharepoint integrates with Microsoft Office to facilitate sharing and (WSS) managing documents. Sharepoint is added as a separate download. Network Access Protection Network Access Protection (NAP) is a collection of components that allow administrators to regulate network access or communication based on a computer's compliance with health requirement policies. NAP gives you the ability to restrict access for non-compliant computers as well as to provide access to updates or health update resources to allow computers to become compliant. Terminal Services allows remote clients to run applications on a terminal server or to access a terminal server desktop. A terminal server uses its RAM, CPU and hard drive to process a client request and send back the results.

Terminal Services

Internet Information Services (IIS) is the Web server service. Use IIS to host internal and external Internet Information Web sites or services that communicate using HTTP and to provide support for ASP.NET Services (IIS) applications accessed through a Web browser. IIS is also used by many other roles to provide Web-based administration or access. Windows Deployment Services (WDS) Windows Deployment Services (WDS) is a disk imaging solution that you can use for remote deployment and automated installation of Windows Server 2008, Windows Vista, and earlier versions of Microsoft operating systems.

Common features include: Feature BitLocker Remote Assistance SMTP Server Description BitLocker is a security feature that protects a server by encrypting the operating system volume and verifying the integrity of other startup components. BitLocker is also called full volume encryption. Remote Assistance enables a support person to offer assistance or reply to requests for assistance from desktop users. With Remote Assistance, the helper can connect to the computer desktop to watch or perform tasks to troubleshoot and correct desktop problems. The Simple Mail Transfer Protocol (SMTP) is used for transferring mail between e-mail systems and some e-mail clients. Add the SMTP Server feature to add e-mail support to other server roles such as IIS. Telnet is a TCP/IP protocol that establishes a command-line session with a remote server. With Telnet, you can connect to a server and manage the server using a command prompt. In Windows Server 2008, Telnet is divided into two features: Telnet Add the Telnet Server to allow a computer to accept incoming Telnet connections. Add the Telnet Client to add Telnet support so the computer can initiate Telnet connections with a server.

Failover Clustering

Failover Clustering is a feature that increases the availability and fault tolerance of network servers. With clustering, servers are grouped together, with all servers sharing storage resources. Failover Clustering provides high availability by migrating services on failed servers to available servers in the cluster. Network Load Balancing (NLB) is a feature that disperses a workload between two or more computers or resources to achieve optimal resource utilization, throughput, or response time. Load balancing improves performance by distributing the workload between multiple servers, and provides fault tolerance such that if one server is unavailable, additional servers are available to fulfill the request. A WINS server holds a database of NetBIOS names and corresponding IP addresses. When a host needs to resolve a NetBIOS name, it contacts the WINS server for the information. DNS is a replacement for WINS that does not rely on NetBIOS names. Use WINS to support legacy clients that cannot use DNS for name resolution. Windows Server Backup provides backup and recovery for Windows Server 2008. It replaces the NTbackup.exe backup utility in previous Windows versions. Windows Server Backup allows you to manage backup and recovery from either the command line or the Windows Server Backup console snap-in. PowerShell is a scripting tool that you can use to perform nearly all administration tasks.

Network Load Balancing (NLB)

WINS Server

Windows Server Backup PowerShell

Server Editions Facts


When choosing an edition of Windows Server 2008, make sure that you are aware of the features that it supports and select the edition that meets the needs for your organization. The following table compares the Windows Server 2008 editions. Edition Features The Windows Server 2008 Standard edition is used for small- and medium-sized businesses and supports most server roles. Standard Edition The 32-bit version supports up to 4 GB of RAM; the 64-bit version supports up to 32 GB. It supports up to 4 processors. It supports all roles and services except for those that specifically require the Enterprise or Datacenter editions. Active Directory Certificate Services (AD CS) does not include support for the Network Device Enrollment Service (NDES) or the Online Responder Service. When using DFS, you are limited to a single DFS root. With routing and remote access, there is a limit of 250 RRAS connections and 50 IAS connections. Terminal Services is limited to 250 TS Gateway connections. Hyper-V licensing allows for running one physical instance and one virtual instance.

The Enterprise edition provides additional hardware support and role support above what is provided by the Standard edition. Enterprise Edition The 32-bit version supports up to 64 GB of RAM; the 64-bit version supports up to 2 TB. It supports up to 8 processors. The Enterprise edition supports the following roles and features that are not supported by the Standard edition: o Active Directory Federation Services (AD FS) o Failover clustering for up to 16 nodes o The NDES and Online Responder Service with AD CS. o An unlimited number of remote access and VPN connections. o Up to 65,535 Terminal Services connections. Hyper-V licensing allows for running up to 4 additional server instances (either Standard or Enterprise editions).

The Datacenter edition is similar to the Enterprise edition, but provides additional hardware support. Datacenter Edition RAM support for the Datacenter edition is the same as for the Enterprise edition (64 GB for the 32-bit version; 2 TB for the 64-bit version). The 32-bit version supports up to 32 processors; the 64-bit version supports up to 64 processors. The Datacenter edition provides all additional roles and features included with the Enterprise edition. Hyper-V licensing allows for an unlimited number of server instances (Standard, Enterprise, or Datacenter editions). The Datacenter edition requires purchase through an OEM.

The Web server edition is designed to provide a low-cost way to create a Web application server. Web Server Edition RAM and processor support is the same as the Standard edition (4 CPUs; 4 GB of RAM for the 32-bit version; 32 GB for the 64-bit version). Only the Web Services role is supported. You cannot use the Web server edition for DNS, DHCP, or other common networking roles.

Itanium Edition

The Itanium edition is for use with the Intel Itanium 64-bit processor. Because the Itanium is a 64-bit only processor, there is no 32-bit version of the Itanium edition. Up to 2 TB of RAM and 64 processors are supported.

Failover clustering of up to 8 nodes is supported. The Itanium edition supports only the Application Server and Web Services server roles. Hyper-V is not supported. However, you can run an unlimited number of virtual instances using third-party virtualization technologies.

In addition to the various server editions, you can install Windows Server 2008 as a Server Core installation. Server Core is a minimal server installation option which provides a low-maintenance version of Windows Server 2008. Be aware of the following when using server core: The server core interface has limited GUI support, with most tasks being performed only from a command prompt. You can only perform a clean installation of server core; you cannot upgrade to or from server core. Server core can only run a limited set of server roles: o Active Directory Directory Services (AD DS) o Active Directory Lightweight Directory Services (AD LDS) o DHCP o DNS o File services o Print services o Media Services o Web server (IIS) Note: You can install a Server Core installation of the Web Server edition. This edition is limited to the Web Services role. Benefits of using the server core version are: o Reduced surface of attack (fewer services running). o Reduced installation time. o Reduced number of updates and patches to maintain server. o Lower hardware requirement, making it possible to run Windows Server 2008 on existing equipment. Server core has the following limitations: o There is no Windows Shell. o There is no managed code support (no .NET framework). All code has to be native Windows API code. o There is only MSI support for unattended mode installs. o There is no Server Core installation for the Itanium edition.

Deployment Facts
Product activation is the process of establishing the relationship of the software's product key and the installation of the software on a device. Product activation of Server 2008 allows Microsoft to validate the authenticity of the software and confirm that the product key has not been compromised. The purpose of activation is to deter software counterfeiting and protect consumers from its associated risks. Activation does not happen during an install. You have about 60 days to activate your installation of Windows Server 2008. A volume licensing activation allows you to avoid dealing with multiple product keys or multiple serial numbers. Windows Server 2008 and Windows Vista introduced two new volume activation methods. Method Description MAK is a volume key activation method that uses Microsofts hosted activation services for a one-time activation. MAK activation can be completed by each computer independently or by MAK Proxy activation in which a computer acting as a MAK proxy gathers activation information from multiple computers on the network and completes the activations. MAK activation: o Is used in small environments that have a local server and a constant connection to the Internet. o Allows you to use a predefined pool of activations that are located on Microsoft's activation servers. o Sends client requests to Microsoft's activation servers to make sure that client products are activated and licensed. o Eliminates the need for a local server or management structure for licensing. KMS is a volume key activation method that provides for product activation on a local network.

Multiple Activation Key (MAK)

Key

Management By default, volume editions of Windows Vista and Windows Server 2008 connect to a system Services that hosts the KMS service to request activation. No action is required of the end user. KMS (KMS) activation: o Is used in larger environments (a minimum of five servers is required) that have a constant connection to the Internet and want to manage their own license key and connections. o Allows you to have a local licensing server in your local environment. o Contacts the Microsoft server and downloads the available keys and the available activations that you have. o Requires a local server constantly running with the available pools of activations. o Locally verifies that a product is licensed and activated.

Although you can install Windows Server 2008 by using the DVD and manually starting the installation process at each computer, you can simplify and automate installation by performing an unattended installation. An unattended installation uses an answer file (also called a response file) that identifies the responses to installation questions. The installation starts automatically when the product DVD is inserted, and completes without user intervention. Be aware of the following when doing an unattended installation: New with Windows Vista/2008, answer files use an XML format. The default name for the unattend file is Autoattend.xml. Use the Windows System Image Manager (Windows SIM) to create and edit answer files. Windows SIM is included in the Windows Automated Installation Kit (WAIK). To create the answer file, run Windows SIM and load an install image. The image file Install.wim is located in the <DVD>\Sources folder. After loading the image, select and edit the responses to the questions presented during product installation. After creating the answer file, validate the file in Windows SIM before using it. To use an unattended answer file, place it on a floppy or USB device. Insert the device with the answer file and boot from the product installation DVD. Installation will start and automatically locates the answer file to complete the installation. If the answer file contains missing or incorrectly formatted responses, the installation will stop and wait for valid input before proceeding.

Be aware of the following when upgrading to Windows Server 2008: Microsoft recommends that you perform a full install instead of an upgrade if possible. Before upgrading, verify that all hardware and software is supported by Windows Server 2008. To perform the upgrade, boot into the current installation and run the install program from the DVD. If you boot from the DVD and start the install, a new installation will be performed. You can only upgrade to Windows Server 2008 from Windows Server 2003. Additionally, you can upgrade from one edition of Windows Server 2008 to a higher edition. o If the server is running the Standard edition (either 2003 or 2008), you can only upgrade to the Standard or Enterprise edition. o If the server is running the Enterprise edition, you can only upgrade to the Enterprise or Datacenter edition. o If the server is running the Datacenter edition of 2003, you can only upgrade to the Datacenter edition. o Web and Itanium editions cannot be upgraded, either from 2003 or to other 2008 editions. You cannot upgrade a server running Windows Server 2003 to a Server Core installation. Installing from Windows Server 2003 requires SP1 or higher. You cannot upgrade from a 32-bit installation to a 64-bit installation. If you perform an upgrade to Windows Server 2008, you cannot uninstall Server 2008 following the upgrade to revert back to the previous installation. If the upgrade fails without completing, you can roll back to the previous version. You cannot roll back after you have successfully logged on following the upgrade. Before upgrading: o Back up the system and all user data. With Windows Server 2003, you can do an ASR backup along with a backup of all user volumes. o Document the current configuration. o If possible, test the upgrade and recovery process on a lab computer before performing it on a production system.

WDS Facts
The Windows Deployment Services (WDS) server role enables the deployment of Windows operating systems to client and server computers. Using WDS, computers without an operating system installed boot from the network, contact the WDS server, and download and install the operating system. WDS is an update to Remote Installation Services (RIS) that was available with Windows 2003 and earlier operating systems. You can use WDS to deploy Windows Server 2008, Windows Vista, and earlier versions of Microsoft operating systems. WDS is available with Standard, Enterprise, and DataCenter editions of Windows Server 2008.

WDS uses disk images for the installation. An image is a single file containing the contents of an operating system installation. Image files have the .wim extension. There are four types of WDS images. Image Type Description An install image is an image of the operating system that will be installed on client computers. Install image A default install image (Install.wim) is included on the operating system DVD in the <DVDroot>\Sources folder. Install.wim includes all editions of Windows Server 2008 within the single image file, including the Enterprise and Datacenter editions and the Server Core installations. When you add the install image in WDS, you identify the editions within the install image that are available for clients to install. When a client computer connects to the WDS server, and if there are multiple install images available or multiple editions within a single install image made available, a menu will be shown allowing the user to select the version and edition to install. Each install image is architecture specific. For example, you must have either the 32-bit, 64-bit or 64-bit Itanium version.

A boot image is a minimal operating system that is sent to the client when it first connects to the WDS server. Boot images are used as follows: 1. During the boot process, the client computer locates the WDS server. 2. The WDS server sends a boot image file to the client. The boot image file contains the Windows PE operating system and the WDS client software. 3. The client installs the Windows PE operating system in the boot image and starts the WDS client. 4. The WDS client retrieves a list of available full operating systems to install. 5. The client computer downloads the appropriate install image and installs the full operating system. Boot image When working with boot image files: A default boot image file (Boot.wim) is included on the operating system DVD in the <DVDroot>\Sources folder. You can use multiple boot image files. If the WDS server has multiple boot image files, the client computer will display a menu of boot images to use.

Note: Client computers must support PXE boot (network boot) to use boot image files. PXE boot allows a computer without an operating system installed to locate and download the operating system through a network connection. A capture boot image is an image that you use to create custom install images. To create a custom install image you do the following: 1. Create the capture boot image from a regular boot image. The capture image includes Windows PE and the WDS Image Capture Wizard. 2. Install the operating system on a reference computer. Once the operating system is installed, you can customize the installation as desired. 3. On the reference computer, run the Sysprep utility. Sysprep prepares the computer so that an image can be created from the installation. 4. Boot the reference computer from the network. When the computer connects to the WDS server, select the capture boot image you created earlier. 5. After the computer boots, it runs the WDS Image Capture Wizard. Use the wizard to select the

Capture boot image

disk partition containing the operating system installation you want to capture, and a location to save the resulting image file. 6. When the wizard completes, the resulting install image file is uploaded to the WDS server. A discover image is a boot image that is placed on removable media (such as a CD, DVD, or USB drive) that can be used by non-PXE clients to boot and locate a WDS server. To use a discover image: 1. Create the discover image from an existing boot image. 2. Use the Microsoft Windows AIK tools to create an ISO image that contains the discover boot image. 3. Burn the ISO image to disc. You must use a tool capable of creating a disc from an ISO image; simply copying the image to the disc will not work. 4. Insert the media in the client computer. Boot the computer from the media. 5. The computer installs the Windows PE operating system and connects to the WDS server. Select a desired install image to install the full operating system and complete the process.

Discover boot image

WDS Configuration Facts


The following are required to set up a WDS server: The WDS server role can only be installed on a Windows Server 2008 server. You cannot install WDS on a Server Core installation. Use Server Manager to add the Windows Deployment Services role. Add both the Deployment Server and Transport Server role services. Images on the WDS server must be stored on an NTFS partition. The WDS server must be a member of an Active Directory domain. DNS name resolution for the domain must be configured. You must have a DHCP server on the network. The DHCP service can run on the WDS server or on another server.

Clients that will use WDS for installing the operating system have the following requirements: To boot from the network, the client must be PXE boot capable, and the BIOS must be configured to boot from network. The workstation requires a minimum of 512 MB of RAM to load the boot image. Additional RAM and hardware to meet the operating system requirements of the install image is required. The user account that will be used during the installation must be a member of the Domain Users group.

Be aware of the following when managing images: Install and boot images are architecture dependent. There are separate images for x86 (32-bit) systems and for x64 (64-bit) systems. Install images include all versions of the respective operating system. For example, the x86 install image for Windows Server 2008 includes the 32-bit Standard, Enterprise, and Datacenter editions, along with the Server Core installations of each. When you add an install image to WDS, you select the versions that will be available to clients. For example, you can deselect the Datacenter edition or the Server Core installations to prevent those versions from being selected and installed. You might do this to prevent users from installing versions for which you do not have the necessary licenses. Install images for Vista and Windows Server 2008 are hardware abstraction layer (HAL) independent. This means that a single image can be used for systems with varying hardware, as long as the architecture type matches. Install images for earlier operating systems (such as Windows XP) are HAL dependent. You will need to create an install image for each HAL type needed. An x64 computer can boot using either an x64 or x86 boot image. An x86 computer can only use an x86 boot or install image. o If you have multiple boot images on the WDS server, the boot menu will show both the x64 and x86 boot images. Only x86 boot images will be shown for x86 computers. o If the computer boots using an x86 boot image, both x64 and x86 install images will be shown on the install menu for x64 computers; only x86 images will be shown for x86 computers. o If the computer boots using an x64 boot image, only x64 install images will be shown on the install menu.

When creating a custom install image, you can use ImageX instead of running the Image Capture Wizard. Use ImageX for access to more features including the ability to capture to a network location, additional compression options, and the ability to capture partial volumes. Be aware that ImageX is a command-prompt only tool, and that following the creation of the image file, you must manually copy the image to the WDS server. If the client computer is not PXE-enabled, you must boot the computer using a discover image. When you create a discover image, you specify how the computer finds the WDS server: o With static discovery, you manually identify the WDS server that will be used. o With dynamic discovery, the client uses a PXE-emulated request to locate a WDS server on the network. You can store install images on a server that is not a WDS server, and then use DFS to replicate images between multiple servers. Use this method to load balance the downloading of install images and for centralized administration of install images on multiple servers. If you have an existing install image, you can apply service packs and updates directly to the image without recreating the image. Use ImageX to apply updates to the install image. In the WDS console, an image group contains one or more images that are managed together. You can configure permissions on images to control which images a specific user can access. o Users will see only the images to which they have been assigned permissions. o Permissions are configured on the .wim file and grant permissions to all versions made available within the image file. You cannot configure permissions for specific editions within the .wim file. To configure permissions on specific versions or editions, you must create separate .wim files. You can combine an install image with an answer file to perform an unattended installation.

Be aware of the following when managing a WDS server deployment You can manage and maintain WDS from a command line, using the WDSUtil command line utility. To deploy WDS and the DCHP server role on the same server, disable port 67 in the WDS server properties and configure DHCP option 60 with a value of PXEClient. If the DHCP service is on a server in a different subnet from the WDS server, do one of the following: o Configure IP helper tables on the router. Forward UDP port 67 to both the DHCP server and the WDS server. Forward UDP port 4011 from client computers to the WDS server. o Add DHCP option 66 to point to the WDS server, and configure option 67 with a value of boot\x86\wdsnbp.com WDS does not support the use of IPv6. Clients must use IPv4 to connect to the WDS server and download images. You can configure the WDS server so that it only responds to certain clients. The following table lists the various response methods: Response Do not respond Action The WDS server is enabled and configured but not responding to any clients.

The WDS server sends a response and starts to copy an image to computers that have a Respond only to computer account in Active Directory. This method prevents unknown computers or known computers untrusted computers from accessing your network. Respond to computers Any computer that requests an image from WDS will receive the image and start the installation process. When you select this option, you can require approval for all unknown clients (a response will only be sent after an administrator manually approves the client).

By default, when a client completes the operating system installation using a WDS server, a computer account is automatically created in the domain if one does not already exist. Use the following methods to control how computer accounts are created: o Run WDSUtil or use Active Directory Users and Computers to create a computer account before it attempts a network boot. o On the WDS server, enable the Auto-Add policy. When you approve an unknown computer, the installation will be allowed and a computer account created automatically. o On the WDS server, disable or enable creating computer accounts for successful installations. Prestaging a computer account allows you to control various WDS options available to the client. For example, you can: o Control the computer name that gets assigned to the computer. o Assign the computer to use a specific PXE server. o Assign the computer a specific boot menu or configure which boot image is used. o Identify which unattend file will be used during the install. The WDS server can use one of two methods for sending images to clients:

A unicast transmission sends the requested image directly to the client as it is requested. A copy of the requested images is sent to each client, which could result in multiple copies being sent at the same time. o A multicast transmission sends the data once, with multiple clients receiving the same data transmission. There are two types of multicast configurations: o With auto-cast, the transmission starts as soon as one client requests it. Subsequent clients join the transmission that has already started. o With scheduled-cast, the transmission starts based on the number of clients waiting and/or on the specific day and time. When using multicasting: o IGMP snooping must be enabled on routers. o Use the Boot.wim image from the Windows Server 2008 or Vista SP1 DVD. The Boot.wim file from the Vista DVD does not support multicasting for clients. o If you enable scheduled-casting but do not specify a condition for when the transmission starts, images are not sent until you manually start the transmission. o If you delete an existing transmission, current clients will continue the installation using unicasting. o If you deactivate an existing transmission, current clients will finish but no new ones will be allowed to connect. o