550 likes | 676 Views
Andy Malone MVP,MCT, Technology Evangelist. Quality Training (Scotland) Ltd & Microsoft (UK). What’s New & Exciting in Windows Server 2008! - Part 1. Andrew.malone@quality-training.co.uk http://blogs.quality-training.co.uk/blog. Part 1 will cover!. Getting to Know Server Core?
E N D
Andy Malone MVP,MCT, Technology Evangelist Quality Training (Scotland) Ltd & Microsoft (UK) What’s New & Exciting in Windows Server 2008! - Part 1 Andrew.malone@quality-training.co.uk http://blogs.quality-training.co.uk/blog
Part 1 will cover! • Getting to Know Server Core? • Managing a Server Core Box • AD Deployment • Hyper-V Update • System Centre Virtual Machine Manager • Conclusions
Part 2 will cover! • Terminal Services! What is it and why you need it! • Deploying Terminal Services • Understanding TS Licensing & TS Session Broker! • Deploying TS Remote Programs! • TS Web Access • Security Update: ADRMS & Other Stuff! • Conclusions!
Server Core! Architecture & Background!
Reasons To Use Server Core • Setup option in Standard, Enterprise, Datacenter • Does DNS, AD, WINS, DFS-N, IIS and lots more • Advantages • Less RAM usage • Easier on the CPU, less disk needed • More secure • Fewer services running • Lack of a GUI reduces points of attack • A GUI-less system is of less interest to lazy admins and so won’t become a surfing station
Server Core Drawbacks • Very limited GUI; most GUI tools and Setup programs cannot run • No .NET (but maybe in R2…) • Cannot perform many server functions • Same license cost as full server install • Most admins aren't familiar enough with CLI tools to get daily tasks done (hence this talk!) • Setup GUI problems means that most apps cannot be installed at all
Server Core Architecture GUI, CLR, Shell, IE, Media, OE, Etc. Server, Server Roles (for example only) TS IAS RMS SharePoint Etc… Server With .NetFx, Shell, Tools, etc. Server Core Server Roles Hyper-V DNS DHCP AD IIS 7 MediaServer File ADLDS Print Server Core Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems
Server Core • Server Core provides a minimal server option • No GUI shell, audio stack, active sync… • Same binaries as full version • Windows directory • Full: 6 GB, 35K files • Core: 1.5 GB 13K files • Less patch management • Windows 2003 40% of patches applied to removed components • Reduced attack surface • Smaller memory and disk footprints • Runs supported server roles and features • Not an application platform • No .NET
Hardware on Server Core • Plug and Play is included in Server Core • If you add hardware with an inbox driver, PnP will “silently” install the driver • If the driver is not included, but you have a PnP driver for the hardware • Copy the driver files to the Server Core box • Pnputil –i –a driverinf • To list installed drivers • sc query type= driver • To remove a driver • sc delete service_name
Control Panel in Server Core? • Limited functionality for specific scenarios • Time zone, to change • Control timedate.cpl • Keyboards and/or language, to change • Control intl.cpl
AD Preparation with ADPrep • Tip: Update PKI template to allow RODC’s to enroll for domain controller certificates if you use smartcards • After preparing your Active Directory for Windows Server 2008 be sure to check the process. • Breadcrumbs to failures may be found in the event viewer, but real men will check the adprep.log files.
Preparing to DCPromo • Perform any configuration setting that you require (tasks such as changing computer name etc. • After changing the required server configuration, make sure that for the task of creating it as a DC – you have the following requirements in place: • A partition formatted with NTFS (you should, it's a server…) • A network interface card, configure properly with the right driver • A network cable plugged in • The right IP address, subnet mask, default gateway • And most importantly, do not forget: • The right DNS setting, in most cases, pointing to an existing internal DNS in your corporate network
Manual DC Installation… • All in one command: • dcpromo /unattend /SafeModeAdminPassword=Panda12 /ReplicaOrNewDomain=Domain /NewDomain=Forest /NewDomainDNSName=bigfirm.com /domainlevel=3 /skipautoconfigdns /forestlevel=3 /rebootonsuccess=yes • Or get DCPROMO on a GUI system to create a script for you and run dcpromo /unattend:filename
DCPromo Export Settings • Cool New export option. Creates answer file.
Answer file – Forrest Level dcpromo /unattend:<path of the answer file> [DCINSTALL] InstallDNS=yes NewDomain=forest NewDomainDNSName=petrilab.local DomainNetBiosName=petrilab SiteName=Default-First-Site-Name ReplicaOrNewDomain=domain ForestLevel=3 DomainLevel=3 DatabasePath="%systemroot%\NTDS" LogPath="%systemroot%\NTDS" RebootOnCompletion=yes SYSVOLPath="%systemroot%\SYSVOL" SafeModeAdminPassword=P@ssw0rd1
Domain & Forrest Levels • DomainLevel - This entry is based on the levels that exist in the forest when a new domain is created in an existing forest. Value descriptions are as follows: • 0 = Windows 2000 Server native mode • 2 = Windows Server 2003 • 3 = Windows Server 2008 • ForestLevel - This entry specifies the forest functional level when a new domain is created in a new forest as follows: • 0 = Windows 2000 Server • 2 = Windows Server 2003 • 3 = Windows Server 2008
Upgrading to Windows Server 2008 • No Upgrade for Server Core Except from RC1 to RTM • In-place GUI upgrading - Windows Server 2003 and Windows Server 2003 R2 can both be upgraded in-place to Windows Server 2008 • Transitioning - Migrating this way means adding Windows Server 2008 Domain Controllers to your existing Active Directory environment. • Restructuring - A third way to go from Windows Server 2003 Domain Controllers to Windows Server 2008 Domain Controllers is restructuring your Active Directory environment. This involves moving all your resources from one (Windows Server 2003) domain to a new and fresh (Windows Server 2008) domain. Tools like the Active Directory Migration Tool (ADMT) are priceless in these kind of migrations.
Gotchas! • Your servers do not meet the required patch level for in-place upgrading (The Windows Server 2003 patch level should be at least Service Pack 1) • You want to upgrade across architectures (between x86, x64 and/or Itanium) • You're running Windows Small Business Server 2003 or Windows Small Business Server 2003 R2 (upgrade scenarios for Small Business Server are uncertain at this moment) • You want to switch Windows Server edition (to obtain clustering for instance) • Standard Edition can be upgraded to both Standard and Enterprise Edition • Enterprise Edition can be upgraded to Enterprise Edition only • Datacenter Edition can be upgraded to Datacenter Edition only • You want your Windows Server 2008 Domain Controllers to be Server Core installations of Windows Server 2008. Upgrading to Server Core is not possible
More Gotchas! • Your Windows Server 2003 Domain Controllers are equipped with a boot drive which has less than 14062 MB of free space. • Windows Server 2003 Domain Controllers do not meet the Windows Server 2008 (recommended) System requirements. • Applications on your existing Domain Controllers are not tested with or certified for usage on Windows Server 2008. • Applications or installed components on your Windows Server 2003 have known problems when upgrading in-place to Windows Server 2008. Powershell and thus Exchange Server 2007are such programs!
2008 Forest Benefits • Enhanced Active Directory Features • Granular Password Policies • Restartable Active Directory • Advanced Encryption Services (AES 128 and 256) support for Kerberos • Freshly-created Server 2008 forests shift to Server 2008FL automatically • Last Interactive Logon • SYSVOL Replicates with DFS-R (RDC) rather than the File Replication Services • Does NOT support NT4 • No Support for ADMT 3 (New version out now!)
Microsoft VirtualizationFrom the Datacenter to the Desktop Profile Virtualization Document Redirection Offline files Server Virtualization Presentation Virtualization Management Desktop Virtualization Application Virtualization Windows Vista Enterprise Centralized Desktop
Windows Server 2008 with Hyper-V Technology • A role of Windows Server 2008 (Std, EE, DC) • Can be installed on both Windows Server 2008 Full and Core • Production servers can be configured as a minimal footprint Server Core role • Hyper-V Core standalone Version – Free!! (PPVM+ • Hypervisor based architecture • Flexible and dynamic virtualization solution • Managed by the Microsoft System Center family of products • Gotha! No Drag & Drop (Like in VPC)
Hyper-V Versions (Licensing) • Hyper-V Server – Free (Pay Per VM) • Standard (1 Physical & 1 VM) • Enterprise (1 Physical & 4 VMs) • Data Centre (1 Physical & Unlimited VMs)
Provided by: Hyper-V Architecture ISV / IHV / OEM VM Worker Processes OS Microsoft Hyper-V Parent Partition Child Partitions Microsoft / Citrix (XenSource) Applications Applications Applications WMI Provider VMMS Applications User Mode Ring 3 Windows Kernel Windows Kernel Windows Server 2008 Non-Hypervisor Aware OS Xen-Enabled Linux Kernel Supported Windows OS VSP Linux VSC VSC IHV Drivers Kernel Mode Ring 0 VMBus Emulation VMBus VMBus Hypercall Adapter Windows hypervisor Ring -1 “Designed for Windows” Server Hardware
Application Planning! The Gotcha Candidate app • Determine Application Compatibility • Processor architecture requirements • Number of required processors • Memory requirements • Graphics adapter requirements • Test the application in a VM Exchange 2007 Candidate app Candidate app Candidate app Exchange 2007 Virtual Server 2005 Hyper-V Up to 3.6 GB virtual memory 32-bit Single virtual CPU No USB devices Runs on Server 2008 Requires Intel VT or AMD-V
Installing Hyper-V • ocsetup Microsoft-Hyper-V
Tips on Deploying Hosts • Hyper-V RTM is a free download. DO NOT USE THE BINARIES ON THE W2008 MEDIA! • Install KB951308 after installing Hyper-V on hosts and management. • Deploy by hand: For a few hosts. • Deploying using unattended: Slipstream Hyper-V using WAIK and deploy using WDS. • SYSPREP: Requires some post install work - http://tinyurl.com/6xjq65.
Hyper-V & Laptops • No support for wireless networking (http://tinyurl.com/5p9yq8) • Can’t sleep/hibernate system • Use multiple spindles • Disk for system • Disk for virtual machines • Intel Note: Santa Rosa Chipset and later • Supports 4 GB and greater
VM Disks • IDE or SCSI? • Dynamically Expanding, Fixed Size, Differencing or Pass-Through*? • Virtual Disk: Snapshots, differencing, dynamically expanding. 2TB limit per disk. 4 IDE or 256 SCSI per VM. • Pass-Through: Up to 256TB. No virtual disk features. 4 IDE or 256 SCSI per VM.
Networking • VM’s connect to the network via a Virtual Switch. • A Virtual switch is mapped to a host machine NIC. • You should have at least 2 NIC’s in the host. • Might be best with 4 or more: Parent (1), clustering (1), Virtual Network(2). • 3 types of virtual network: External, Internal and Private. Be careful: Internal and Private do not span hosts. • No native NIC teaming in the virtual switch. As before, we rely on the OEM teaming driver. No support yet from the OEM’s.
Name Location Memory Network Virtual Hard Disk Operating System Creating Virtual Machines
Installing SCVMM 2008 - Tips • Pre install WAIK • SQL Server 2005 Express edition & .NET V3 installed as part of Setup! • Can only be installed in an AD Integrated Environment • Fixed IP Address • Machine must be a clean install • Difficult to Remove!! • Install SCVMM Update for RC1 • SCVMM Can run on a VM