Windows Server 2008 R2 Unleashed (16 page)
Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
communications.
Windows SharePoint Services is covered in detail in Chapter 35.
ptg
Windows Rights Management Services
Windows Rights Management Services (RMS) was available as a downloadable feature pack
in Windows 2003 and is now included as an installable server role in Windows Server
2008 R2. Windows Rights Management Services sets the framework for secured informa-
tion sharing of data by encrypting content and setting a policy on the content that
protects the file and the information stored in the file.
Organizations have been shifting to RMS rather than the old secured file folder primarily
because users who should be saving sensitive information into a file folder frequently
forget to save files in the folder, and thus sensitive information becomes public informa-
tion. By encrypting the content of the file itself, even if a file with sensitive information is
stored in the wrong place, the file cannot be opened, and the information in the file
cannot be accessed without proper security credentials to access the file.
Additionally, RMS allows the individual saving the file to set specific attributes regarding
what the person would like to be secured about the file. As an example, a secured file in
RMS can be set to not be edited, meaning that a person receiving the file can read the file,
but he or she cannot select content in the file, copy the content, or edit the content. This
prevents individuals from taking a secured file, cutting and pasting the content into a
different file, and then saving the new file without encryption or security.
RMS also provides attributes to enable the person creating a file to prevent others from
printing the file. The file itself can have an expiration date, so that after a given period of
time, the contents of the file expire and the entire file is inaccessible.
Rights Management Services is covered in Chapter 13.
42
CHAPTER 1
Windows Server 2008 R2 Technology Primer
Windows Server Virtualization
A new technology that wasn’t quite available at the time Windows Server 2008 shipped in
2008, but has since been released and available on the original Windows Server 2008 R2
DVD, is Windows server virtualization known as Hyper-V. Hyper-V provides an organiza-
tion with the ability to create guest operating system sessions, like those shown in Figure
1.11, on a Windows Server 2008 R2 server to get rid of physical servers, and instead make
the servers available as virtual server sessions.
ptg
FIGURE 1.11
Windows virtualization guest sessions.
Instead of purchasing a new physical server every time a new server system needs to be
placed on the network, a virtual server can be created that has all the same operations and
functions as the physical server itself. Or, for organizations that are putting in place disas-
ter recovery centers and server clustering for better server reliability and redundancy,
virtualization allows the addition of these additional servers within the guest operating
system space of a single server system.
Virtualization in Windows Server 2008 R2 supports 64-bit and 32-bit guest sessions; has a
built-in tool that allows a snapshot of a virtual session so that the session can be protected
or rolled back in the event of a guest image failure or corruption; and has virtual sessions
that can span terabytes of disk storage and use 16GB, 32GB, or more of memory per guest
session. Windows Server 2008 R2 Hyper-V supports “live migrations,” which allows for a
faster failover and recovery of a virtual guest session across host servers.
More details on Windows Server 2008 R2 virtualization are covered in Chapter 37.
Identifying Which Windows Server 2008 R2 Service to Install or Migrate to First
43
Identifying Which Windows Server 2008 R2 Service
1
to Install or Migrate to First
With the release of Windows Server 2008 R2, organizations need to create a plan to install
or migrate to Windows Server 2008 R2 in a logical manner. Covered so far in this chapter
have been all the top features, functions, and technologies built in to Windows Server
2008 R2 that organizations have found as key technologies they implemented to improve
technology-driven business processes.
Because Windows Server 2008 R2 provides many different functions, each organization
has to choose how to best implement Windows Server 2008 R2 and the various network-
ing features that meet its own needs. In small network environments with fewer than 20
to 30 users, an organization might choose to implement all the Windows Server 2008 R2
features on a single server. However, in larger environments, multiple servers might be
implemented to improve system performance, as well as provide fault tolerance and
redundancy; thus, a more staged implementation of core services needs to be taken.
Windows Server 2008 R2 Core to an Active Directory Environment
For an organization that does not have Windows Active Directory already in place, that is
ptg
one place to start because Active Directory Domain Services is key to application and user
authentication. For organizations that already have a fully operational Active Directory
running on Windows 2003 or Windows 2008, upgrading to Active Directory Domain
Services on Windows Server 2008 R2 might be something that is addressed a little later in
the upgrade cycle when AD DS 2008 R2 functionality is needed. To get a lot of the
Windows Server 2008 R2 server functionality like 2008 R2 DFS, SharePoint Services,
Hyper-V virtualization, and so on, an organization can still run on an older Active
Directory environment (typically Active Directory 2003 native mode). However, the point
is that Active Directory 2008 R2 is not a prerequisite to get Windows Server 2008 R2 server
role functionality.
Because Active Directory is more than a simple list of users and passwords for authentica-
tion into a network, but rather a directory that Microsoft has embedded into the policy-
based security, remote access security, and certificate-based security enhancements in
Windows Server 2008 R2, AD DS 2008 implementation does occur earlier in the migration
cycle for organizations wanting to implement many of the new Active Directory 2008 R2
technologies, such as Active Directory Recycle Bin, Offline Domain Join, Managed Service
Accounts, and the ability to use PowerShell cmdlets within a Group Policy Object.
Windows Server 2008 R2 extends the capabilities of the Active Directory by creating better
management tools, provides for more robust directory replication across a global enter-
prise, and allows for better scalability and redundancy to improve directory operations.
Windows Server 2008 R2 effectively adds in more reliability, faster performance, and better
management tools to a system that can be leveraged as a true enterprise directory provi-
sioning, resource tracking, and resource management tool. Because of the importance of
Active Directory to the Windows Server 2008 R2 operating system, plus the breadth of
44
CHAPTER 1
Windows Server 2008 R2 Technology Primer
capabilities that Active Directory can facilitate, six chapters in Part II of this book are dedi-
cated to Active Directory.
Windows Server 2008 R2 Running Built-in Application Server Functions
As much as many administrators think of Active Directory as one of the key areas to
upgrade when a new release of the operating system becomes available, in reality, Active
Directory tends to not be the first thing updated. Instead, the real business drivers for
migrating to Windows Server 2008 R2 typically come from the built-in application server
programs that are available on Windows Server 2008 R2.
Windows Server 2008 R2 comes with several programs and utilities to provide robust
networking capabilities. In addition to the basic file and print capabilities covered earlier
in this chapter, Windows Server 2008 R2 can provide name resolution for the network and
enable high availability through clustering and fault tolerance, connectivity for mobile
users, web services functions, and dozens of other application server functions.
When convincing management that an upgrade to Windows Server 2008 R2 is important,
the IT professional needs to sift through the technologies built in to Windows Server 2008
R2 and pick those services that help an organization use technology to achieve its business
initiatives. When planning the implementation of Windows Server 2008 R2, a network
architect needs to consider which of the server services are desired, how they will be
ptg
combined on servers, and how they will be made redundant across multiple servers for
business continuity failover.
For a small organization, the choice to combine several server functions to a single system
or to just a few systems is one of economics. However, an organization might distribute
server services to multiple servers to improve performance (covered in Chapter 34),
distribute administration (covered in Chapter 18), create server redundancy (covered in
Chapter 29), create a disaster recovery strategy (covered in Chapter 31, “Recovering from a
Disaster”), enable security (covered in Chapter 13), or to serve users in other remote site
locations of the organization (covered in Chapter 32).
Some of the built-in application server functions in Windows Server 2008 R2 include
the following:
.
Domain controller—
Like in previous versions of the Windows operating system,
the domain controller enables users to authenticate to the domain for access to
network resources.
.
Global catalog server—
The global catalog server is a domain controller that also
stores a subset of AD DS objects from other domains in the forest. When an internal
or external user with appropriate security rights wants to look at a list of Active
Directory users in the forest, the global catalog server provides the list.
.
DNS server—
The domain name system (DNS) maintains a list of network servers
and systems and their associated IP addresses, so a DNS server provides information
about the devices connected to the network.
Identifying Which Windows Server 2008 R2 Service to Install or Migrate to First
45
.
DHCP server—
The Dynamic Host Configuration Protocol (DHCP) assigns IPv4
and/or IPv6 network addresses to devices on the network. Windows Server 2008 R2
1
provides the service function to facilitate DHCP addresses to network devices.
.
Cluster server—
When fault tolerance is important to an organization, clustering
provides failover from one system to another. Windows Server 2008 R2 provides the
ability to link systems together so that when one system fails, another system takes
over.
.
Network Policy Server—
NPS is the Microsoft implementation of a Remote
Authentication Dial-in User Service (RADIUS) server and proxy. NPS performs
centralized connection authentication, authorization, and accounting for many
types of network access, including wireless and virtual private network (VPN)
connections. NPS routes authentication and accounting messages to other RADIUS
servers. It also acts as a health evaluation server for Network Access Protection (NAP).
.
Remote Desktop server—
Instead of having a full desktop or laptop computer for
each user on the network, organizations have the option of setting up simple, low-
cost thin terminals for users to gain access to network resources. Windows Server
2008 R2 Remote Desktop Services allows a single server to host network system
access for dozens of users.
ptg
.
Remote access server—
When a remote user has a desktop or laptop system and
needs access to network services, Windows Server 2008 R2 provides remote access
services that allow the remote systems to establish a secure remote connection.
.
Web server—
As more and more technologies become web-aware and are hosted on
web servers, Windows Server 2008 R2 provides the technology to host these applica-
tions for browser-based access.
.
Media server—
With information extending beyond text-based word processing
documents and spreadsheets into rich media such as video and audio, Windows
