350 likes | 504 Views
Core Infrastructure Improvements in Windows Server 2008. Nathan Mercer Microsoft NZ http://blogs.technet.com/nmercer. Technology Investments. Virtualisation. Web. Security. Network Access Protection Read-Only Domain Controller (RODC) Active Directory Rights Management Services.
E N D
Core Infrastructure Improvements inWindows Server 2008 Nathan Mercer Microsoft NZ http://blogs.technet.com/nmercer
Technology Investments Virtualisation Web Security • Network Access Protection • Read-Only Domain Controller (RODC) • Active Directory Rights Management Services • Internet Information Services 7.0 – Powerful Web Application and Services Platform • Manage with Ease • Powerful Hosting of Applications and Services • Lower Infrastructure Costs • Windows Server Virtualisation • Presentation Virtualisation Solid Foundation for Your Business Workloads Management Reliability • Server Core Installation Option • Next Generation Networking • Failover Clustering • Dynamic Partitioning • Server Manager • Windows PowerShell • Power Management • High Performance Computing
Managing Windows Server 2008Initial Configuration and Server Manager Server Manager Initial Configuration Product Installation
Resources • Server Manager Scenarios Step-by-Step Guide.doc • http://www.microsoft.com/downloads/details.aspx?FamilyID=518d870c-fa3e-4f6a-97f5-acaf31de6dce&displaylang=en
Windows PowerShell New Command-line shell & Scripting Language • Improves productivity & control • Accelerates automation of system admin • Easy-to-use • Works with existing scripts • Downloadable for XP, Vista, Server 2003, and include with Windows Server 2008 Partners Futures • Shipping in Windows • Admin GUIs of all Server products layered over PowerShell • One-to-many remote management using WS-MGMT
{PowerShell} demo
Resources • Windows PowerShell workbook: server administration • http://blogs.technet.com/chitpro-de/archive/2008/02/28/free-windows-powershell-workbook-server-administration.aspx • An introduction to scripting technologies for people with no real background knowledge. • http://blogs.technet.com/chitpro-de/archive/2007/05/10/english-version-of-windows-powershell-course-book-available-for-download.aspx
Managing Windows Server 2008Windows Server 2008 Group Policy • Windows Vista set the stage… • 700+ new settings, ability to control things we never could before centrally (i.e. power save settings, device installation restrictions) • Group policies no longer just a thread in Winlogon, but instead a separate service • Meticulous step-by-step logging makes GP troubleshooting light-years easier • Printer/drive mapping via GPO • Powerful new ADMX template format • Server 2008 rocks the house with…
…Group Policy Preferences!Have you ever said, "I Wish There Were a GP Setting For…?" • Group Policy Preferences lets you create a do-it-yourself group policy setting out of, well, just about anything… with a few mouse clicks • Built into Windows Server 2008 GPMC • Part of the Desktop Standard acquisition • Remote Server Admin Tools (RSAT) to be delivered for Windows Vista • CSEs in Win2008, download Vista, Win2003, XP
Resources • Group Policy Preferences Overview • http://www.microsoft.com/downloads/details.aspx?FamilyID=42e30e3f-6f01-4610-9d6e-f6e0fb7a0790&displaylang=en • Group Policy Preferences Frequently Asked Questions (FAQ) • http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/preferencesfaq.mspx • Group Policy Settings Reference for Windows Server 2008 • http://www.microsoft.com/downloads/details.aspx?FamilyID=2043b94e-66cd-4b91-9e0f-68363245c495&displaylang=en • Microsoft Remote Server Administration Tools for Windows Vista with SP1 (x86): http://www.microsoft.com/downloads/details.aspx?FamilyId=9FF6E897-23CE-4A36-B7FC-D52065DE9960 • (x64): http://www.microsoft.com/downloads/details.aspx?FamilyId=D647A60B-63FD-4AC5-9243-BD3C497D2BC5 • CSE download • http://support.microsoft.com/Default.aspx?kbid=943729
Active Directory Improvements that everyone's going to love • AD is a service • Fine-grained password policies means you can give each group and/or person a different password policy • New backup tool means bare-metal rebuilds of a dead DC is a snap • AD snapshots gives ISVs the potential to build AD recovery tools, auditing and forensic analysis tools
AD Database Mounting Tool • http://edge.technet.com/Media/645/ • AD DS: Database Mounting Tool • http://technet2.microsoft.com/windowsserver2008/en/library/163613cb-f332-46c5-b9a9-9654123e0c081033.mspx?mfr=true • http://blogs.technet.com/kenstcyr/archive/2008/03/06/ws08-ad-database-mounting-tool.aspx
Windows Server Core Server Core Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems Hyper-V AD DS DHCP AD LDS DNS Media GUI, CLR, Shell, IE, OE, etc. File/Print IIS7 • Small subset of the executable files and DLLs installed • No GUI interface, no .NET, no PowerShell • Nine available Server Roles • Managed with remote tools
{Server Core} demo
Resources • Server_Core_Installation_Option_of_Windows_Server_2008_Step-By-Step_Guide.doc • http://www.microsoft.com/downloads/details.aspx?FamilyID=518d870c-fa3e-4f6a-97f5-acaf31de6dce&displaylang=en • http://www.microsoft.com/windowsserver2008/en/us/compare-core-installation.aspx
Read-Only Domain Controller RODC Main Office Remote Site • Features • Read Only Active Directory Database • Only allowed user passwords are stored on RODC • Unidirectional Replication • Role Separation • Benefits • Increases security for remote Domain Controllers where physical security cannot be guaranteed • Support • ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM
Choose Password Replication Policy • No passwords cached (default) • Most passwords cached • Few passwords (branch-specific accounts) cached ? How Many Domain Admins do you have?
Technologies for the Branch Office • Virtualisation • Read-Only Domain Controllers • Which run on Server Core • Admin Role Separation • Let Server admins be server admins • DFS-R for FRS • Cut WAN traffic, reduce exposure • DNS • Write-forwarding DNS servers in branch offices • Bitlocker • Blanket encryption
Windows Remote Management • Management “despite” firewalls • Implementation of WS-Management protocol • Based on HTTP/HTTPS connectivity • Baseboard Management Control or WMI • WinRM is started, but no listener is configured • WINRM QUICKCONFIG from cmdline • Foundation of event log consolidation • Windows Remote Shell (WinRS) provides command shell • WINRS <Server> <Command> • ex: winrs –r:pc1.bigfirm.com ipconfig
Failover Clustering NodeB NodeA Heartbeat Active Node Passive Node • New Validation Wizard • Support for GUID partition table (GPT) disks in cluster storage • Improved cluster setup and migration • Improvements to stability and security – no single point of failure • IPv6 support • Multi-site Clustering
Resources • Step-by-Step Guide for Configuring a Two-Node File Server Failover Cluster in Windows Server 2008.doc • Step-by-Step Guide for Configuring a Two-Node Print Server Failover Cluster in Windows Server 2008.doc • http://www.microsoft.com/downloads/details.aspx?FamilyID=518d870c-fa3e-4f6a-97f5-acaf31de6dce&displaylang=en
Cool… • SSTP • IO prioritisation • Parallel Session Creation • Clean Service Shutdown • Kernel Transaction Manager • SMB2 • Address Space Randomisation • Dynamic Partitioning • Self Healing NTFS
Resources • Inside Windows Server 2008 Kernel Changes • http://technet.microsoft.com/en-us/magazine/cc194386.aspx • Deploying SSTP Remote Access Step by Step Guide.doc • http://www.microsoft.com/downloads/details.aspx?FamilyID=518d870c-fa3e-4f6a-97f5-acaf31de6dce&displaylang=en
{Self Heal NTFS } demo
Windows Server Roadmap 2009 2008 “Cougar” 2008 R2 2008 RTM 2008
IT Pro Momentum Benefits • Through the Momentum Portal, participants will have access to the following benefits free of charge for one year: • In-Depth Technical Content • Managed Forums • TechNet+ Direct Subscription • PSS Support Requests • Webcasts & Architectural Reviews with Product Teams (Selected Projects) • After one year, some benefits expire e.g. PSS Support and TechNet+ Subscription
Reminders • Subscribe to our free, online newsletters to stay up to date with Microsoft news, information & events • www.microsoft.co.nz/subscribe • Don’t forget to fill in your Evaluation form! • Hand in at end of day for complimentary software • TechEd 2008: 1-3 September, SkyCity • Mark the dates. Registration opening soon.