Windows Server 2008 R2 Unleashed (16 page)

communications.

Windows SharePoint Services is covered in detail in Chapter 35.

ptg

Windows Rights Management Services

Windows Rights Management Services (RMS) was available as a downloadable feature pack

in Windows 2003 and is now included as an installable server role in Windows Server

2008 R2. Windows Rights Management Services sets the framework for secured informa-

tion sharing of data by encrypting content and setting a policy on the content that

protects the file and the information stored in the file.

Organizations have been shifting to RMS rather than the old secured file folder primarily

because users who should be saving sensitive information into a file folder frequently

forget to save files in the folder, and thus sensitive information becomes public informa-

tion. By encrypting the content of the file itself, even if a file with sensitive information is

stored in the wrong place, the file cannot be opened, and the information in the file

cannot be accessed without proper security credentials to access the file.

Additionally, RMS allows the individual saving the file to set specific attributes regarding

what the person would like to be secured about the file. As an example, a secured file in

RMS can be set to not be edited, meaning that a person receiving the file can read the file,

but he or she cannot select content in the file, copy the content, or edit the content. This

prevents individuals from taking a secured file, cutting and pasting the content into a

different file, and then saving the new file without encryption or security.

RMS also provides attributes to enable the person creating a file to prevent others from

printing the file. The file itself can have an expiration date, so that after a given period of

time, the contents of the file expire and the entire file is inaccessible.

Rights Management Services is covered in Chapter 13.

42

CHAPTER 1

Windows Server 2008 R2 Technology Primer

Windows Server Virtualization

A new technology that wasn’t quite available at the time Windows Server 2008 shipped in

2008, but has since been released and available on the original Windows Server 2008 R2

DVD, is Windows server virtualization known as Hyper-V. Hyper-V provides an organiza-

tion with the ability to create guest operating system sessions, like those shown in Figure

1.11, on a Windows Server 2008 R2 server to get rid of physical servers, and instead make

the servers available as virtual server sessions.

ptg

FIGURE 1.11

Windows virtualization guest sessions.

Instead of purchasing a new physical server every time a new server system needs to be

placed on the network, a virtual server can be created that has all the same operations and

functions as the physical server itself. Or, for organizations that are putting in place disas-

ter recovery centers and server clustering for better server reliability and redundancy,

virtualization allows the addition of these additional servers within the guest operating

system space of a single server system.

Virtualization in Windows Server 2008 R2 supports 64-bit and 32-bit guest sessions; has a

built-in tool that allows a snapshot of a virtual session so that the session can be protected

or rolled back in the event of a guest image failure or corruption; and has virtual sessions

that can span terabytes of disk storage and use 16GB, 32GB, or more of memory per guest

session. Windows Server 2008 R2 Hyper-V supports “live migrations,” which allows for a

faster failover and recovery of a virtual guest session across host servers.

More details on Windows Server 2008 R2 virtualization are covered in Chapter 37.

Identifying Which Windows Server 2008 R2 Service to Install or Migrate to First

43

Identifying Which Windows Server 2008 R2 Service

1

to Install or Migrate to First

With the release of Windows Server 2008 R2, organizations need to create a plan to install

or migrate to Windows Server 2008 R2 in a logical manner. Covered so far in this chapter

have been all the top features, functions, and technologies built in to Windows Server

2008 R2 that organizations have found as key technologies they implemented to improve

technology-driven business processes.

Because Windows Server 2008 R2 provides many different functions, each organization

has to choose how to best implement Windows Server 2008 R2 and the various network-

ing features that meet its own needs. In small network environments with fewer than 20

to 30 users, an organization might choose to implement all the Windows Server 2008 R2

features on a single server. However, in larger environments, multiple servers might be

implemented to improve system performance, as well as provide fault tolerance and

redundancy; thus, a more staged implementation of core services needs to be taken.

Windows Server 2008 R2 Core to an Active Directory Environment

For an organization that does not have Windows Active Directory already in place, that is

ptg

one place to start because Active Directory Domain Services is key to application and user

authentication. For organizations that already have a fully operational Active Directory

running on Windows 2003 or Windows 2008, upgrading to Active Directory Domain

Services on Windows Server 2008 R2 might be something that is addressed a little later in

the upgrade cycle when AD DS 2008 R2 functionality is needed. To get a lot of the

Windows Server 2008 R2 server functionality like 2008 R2 DFS, SharePoint Services,

Hyper-V virtualization, and so on, an organization can still run on an older Active

Directory environment (typically Active Directory 2003 native mode). However, the point

is that Active Directory 2008 R2 is not a prerequisite to get Windows Server 2008 R2 server

role functionality.

Because Active Directory is more than a simple list of users and passwords for authentica-

tion into a network, but rather a directory that Microsoft has embedded into the policy-

based security, remote access security, and certificate-based security enhancements in

Windows Server 2008 R2, AD DS 2008 implementation does occur earlier in the migration

cycle for organizations wanting to implement many of the new Active Directory 2008 R2

technologies, such as Active Directory Recycle Bin, Offline Domain Join, Managed Service

Accounts, and the ability to use PowerShell cmdlets within a Group Policy Object.

Windows Server 2008 R2 extends the capabilities of the Active Directory by creating better

management tools, provides for more robust directory replication across a global enter-

prise, and allows for better scalability and redundancy to improve directory operations.

Windows Server 2008 R2 effectively adds in more reliability, faster performance, and better

management tools to a system that can be leveraged as a true enterprise directory provi-

sioning, resource tracking, and resource management tool. Because of the importance of

Active Directory to the Windows Server 2008 R2 operating system, plus the breadth of

44

CHAPTER 1

Windows Server 2008 R2 Technology Primer

capabilities that Active Directory can facilitate, six chapters in Part II of this book are dedi-

cated to Active Directory.

Windows Server 2008 R2 Running Built-in Application Server Functions

As much as many administrators think of Active Directory as one of the key areas to

upgrade when a new release of the operating system becomes available, in reality, Active

Directory tends to not be the first thing updated. Instead, the real business drivers for

migrating to Windows Server 2008 R2 typically come from the built-in application server

programs that are available on Windows Server 2008 R2.

Windows Server 2008 R2 comes with several programs and utilities to provide robust

networking capabilities. In addition to the basic file and print capabilities covered earlier

in this chapter, Windows Server 2008 R2 can provide name resolution for the network and

enable high availability through clustering and fault tolerance, connectivity for mobile

users, web services functions, and dozens of other application server functions.

When convincing management that an upgrade to Windows Server 2008 R2 is important,

the IT professional needs to sift through the technologies built in to Windows Server 2008

R2 and pick those services that help an organization use technology to achieve its business

initiatives. When planning the implementation of Windows Server 2008 R2, a network

architect needs to consider which of the server services are desired, how they will be

ptg

combined on servers, and how they will be made redundant across multiple servers for

business continuity failover.

For a small organization, the choice to combine several server functions to a single system

or to just a few systems is one of economics. However, an organization might distribute

server services to multiple servers to improve performance (covered in Chapter 34),

distribute administration (covered in Chapter 18), create server redundancy (covered in

Chapter 29), create a disaster recovery strategy (covered in Chapter 31, “Recovering from a

Disaster”), enable security (covered in Chapter 13), or to serve users in other remote site

locations of the organization (covered in Chapter 32).

Some of the built-in application server functions in Windows Server 2008 R2 include

the following:

.
Domain controller—
Like in previous versions of the Windows operating system,

the domain controller enables users to authenticate to the domain for access to

network resources.

.
Global catalog server—
The global catalog server is a domain controller that also

stores a subset of AD DS objects from other domains in the forest. When an internal

or external user with appropriate security rights wants to look at a list of Active

Directory users in the forest, the global catalog server provides the list.

.
DNS server—
The domain name system (DNS) maintains a list of network servers

and systems and their associated IP addresses, so a DNS server provides information

about the devices connected to the network.

Identifying Which Windows Server 2008 R2 Service to Install or Migrate to First

45

.
DHCP server—
The Dynamic Host Configuration Protocol (DHCP) assigns IPv4

and/or IPv6 network addresses to devices on the network. Windows Server 2008 R2

1

provides the service function to facilitate DHCP addresses to network devices.

.
Cluster server—
When fault tolerance is important to an organization, clustering

provides failover from one system to another. Windows Server 2008 R2 provides the

ability to link systems together so that when one system fails, another system takes

over.

.
Network Policy Server—
NPS is the Microsoft implementation of a Remote

Authentication Dial-in User Service (RADIUS) server and proxy. NPS performs

centralized connection authentication, authorization, and accounting for many

types of network access, including wireless and virtual private network (VPN)

connections. NPS routes authentication and accounting messages to other RADIUS

servers. It also acts as a health evaluation server for Network Access Protection (NAP).

.
Remote Desktop server—
Instead of having a full desktop or laptop computer for

each user on the network, organizations have the option of setting up simple, low-

cost thin terminals for users to gain access to network resources. Windows Server

2008 R2 Remote Desktop Services allows a single server to host network system

access for dozens of users.

ptg

.
Remote access server—
When a remote user has a desktop or laptop system and

needs access to network services, Windows Server 2008 R2 provides remote access

services that allow the remote systems to establish a secure remote connection.

.
Web server—
As more and more technologies become web-aware and are hosted on

web servers, Windows Server 2008 R2 provides the technology to host these applica-

tions for browser-based access.

.
Media server—
With information extending beyond text-based word processing

documents and spreadsheets into rich media such as video and audio, Windows