Unit II - Windows-2008 server environment

2.1 Need for Windows server 2008

Windows Server 2008 is the server operating system developed by Microsoft. It is considered the
successor to Windows Server 2003 and boasts new features such as Server Core, an optional
installation which allows administration completely via the command-line interface.
In Windows Server 2008, Microsoft rolled together the Manage Your Server and Security
Configuration Wizard from Windows Server 2003 into the Server Manager console, which
allows administrators to conduct many server tasks.
Active Directory received a major update in Windows Server 2008, with expanded Group Policy
and identity management features. Other updates include Active Directory Rights Management
Services and Federation Services.
The server software also has Failover Clustering, which promises high-availability for missioncritical tasks.
1. Server and Desktop Virtualization
Windows Server 2008 R2 with Hyper-V may finally convinces virtualization's benefits.
Microsoft provides virtualization through both the free Hyper-V role that you can add to
Windows Server 2008 R2 and also the standalone product called Hyper-V Server 2008 R2. The
latter is a stripped-down version of Windows Server 2008 R2 that includes only the Hyper-V and
clustering roles. It's tuned, one would assume, as a high-performance hypervisor with a support
for up to:
8 sockets, or 64 sockets with the Enterprise Edition
64 cores
1TB of memory
16 cluster nodes
384 running virtual machines (VMs), assuming you have the resources
One can use directly attached storage via Serial Advanced Technology Attachment (SATA),
external Serial Advanced Technology Attachment (eSATA), Parallel Advanced Technology
Attachment (PATA), Serial Attached SCSI (SAS), Small Computer System Interface SCSI or
Firewire. If you have a SAN, you can connect with iSCSI, Fibre Channel or SAS.
The new Hyper-V bits offer some compelling reasons to deploy Hyper-V. One of the biggest is
new support for Live Migration. which allows to move a running VM between Hyper-V hosts
without any interruption. Combined with failover clustering, and we no longer have to worry
about unplanned downtime or service outages. With Windows Server 2008 R2 virtualization
technologies, these applications can have very high availability.

Figure 1. Windows PowerShell management is much improved in Windows Server 2008 R2.
Scenario: If you have several Hyper-V servers, Live Migration can make the most of your
hardware investment by moving VMs to different platforms to maximize performance and
utilization -- again, without any interruption of service to the user. Have a sudden need for
increased performance or an urgent maintenance requirement? With Live Migration, you can
shuffle VMs between Hyper-V servers and users will be completely unaware. Of course, there
are a few minor requirements to leverage this feature:

You must be running Hyper-V Server 2008 R2 or Windows Server 2008 R2

Enterprise or Datacenter

Servers must be configured for Microsoft Failover Clustering with shared storage

The cluster requires a dedicated network for Live Migration, which must be on the same
subnet

Servers must use the same processor from the same vendor

If you don't need Live Migration, Microsoft offers Quick Migration, which has a bit more
flexibility. With Quick Migration, you can easily move VMs between servers, but there'll be
some momentary downtime. Finally, you can easily manage your entire virtualization
infrastructure with System Center Virtual Machine Manager or even with Windows
PowerShell.

On the client side, Terminal Services is now Remote Desktop Services, which takes client-side
virtualization to new levels. Using Virtual Desktop Infrastructure (VDI), IT professionals can
centrally manage desktop delivery. When combined with Windows 7, the user experience is
practically indistinguishable from a local install. The improved Remote Desktop Protocol, along
with the addition of RemoteApp and Desktop (RAD), means that Windows Server 2008 R2
offers these features:

Multimedia Redirection, including audio input, audio recording and improved

synchronization

Support for multiple monitors

Support for Aero Glass

Language Bar Redirection

A Task Scheduler

IT staffers can also easily publish individual applications to Windows 7 clients using RAD.
These virtualized apps, which can be centrally managed, are indistinguishable from a local
installation once they're configured on the client. Application delivery is secure and highly
available.
2. Server Core
Many server administrators, especially those used to working in a Linux environment,
instinctively dislike having to install a large, feature-packed operating system to run a particular
specialized server.
Server 2008 offers a Server Core installation, which provides the minimum installation required
to carry out a specific server role, such as for a DHCP, DNS or print server. From a security
standpoint, this is attractive. Fewer applications and services on the sever make for a smaller
attack surface. In theory, there should also be less maintenance and management with fewer
patches to install, and the whole server could take up as little as 3Gb of disk space according to
Microsoft. This comes at a price there's no upgrade path back to a "normal" version of Server
2008 short of a reinstall. In fact there is no GUI at all everything is done from the command
line.
3. IIS
IIS 7, the Web server bundled with Server 2008, is a big upgrade from the previous version. One
new feature getting a lot of attention is the ability to delegate administration of servers (and sites)
to site admins while restricting their privileges.
4. Role-based installation Role-based installation is a less extreme version of Server Core.
Although it was included in 2003, it is far more comprehensive in this version.

The concept is that rather than configuring a full server install for a particular role by uninstalling
unnecessary components (and installing needed extras), you simply specify the role the server is
to play, and Windows will install what's necessary nothing more. This makes it easy for
anyone to provision a particular server without increasing the attack surface by including
unwanted components that will not do anything except present a security risk.
5. Read Only Domain Controllers (RODC)
It's hardly news that branch offices often lack skilled IT staff to administer their servers, but they
also face another, less talked about problem. While corporate data centers are often physically
secured, servers at branch offices rarely have the same physical security protecting them. This
makes them a convenient launch pad for attacks back to the main corporate servers.
RODC provides a way to make an Active Directory database read-only. Thus, any mischief
carried out at the branch office cannot propagate its way back to poison the Active Directory
system as a whole. It also reduces traffic on WAN links.
6. Enhanced terminal services
Terminal services has been beefed up in Server 2008 in a number of ways. TS RemoteApp
enables remote users to access a centralized application (rather than an entire desktop) that
appears to be running on the local computer's hard drive. These apps can be accessed via a Web
portal or directly by double-clicking on a correctly configured icon on the local machine. TS
Gateway secures sessions, which are then tunnelled over https, so users don't need to use a VPN
to use RemoteApps securely over the Internet. Local printing has also been made significantly
easier.
7. Network Access Protection
Microsoft's system for ensuring that clients connecting to Server 2008 are patched, running a
firewall and in compliance with corporate security policies and that those that are not can be
remediated is useful. However, similar functionality has been and remains available from
third parties.
8. Bitlocker
System drive encryption can be a sensible security measure for servers located in remote branch
offices or anywhere where the physical security of the server is sub-optimal. Bitlocker
encryption protects data if the server is physically removed or booted from removable media into
a different operating system that might otherwise give an intruder access to data which is
protected in a Windows environment. Again, similar functionality is available from third-party
vendors.
9. Windows PowerShell
Microsoft's new(ish) command line shell and scripting language has proved popular with some
server administrators, especially those used to working in Linux environments. Included in
Server 2008, PowerShell can make some jobs quicker and easier to perform than going through
the GUI. Although it might seem like a step backward in terms of user friendly operation, it's one
of those features that once you've gotten used to it, you'll never want to give up.

10. Better security

We've already mentioned various security features built into Server 2008, such as the ability to
reduce attack surfaces by running minimal installations, and specific features like BitLocker and
NAP. Numerous other little touches make Server 2008 more secure than its predecessors. An
example is Address Space Load Randomization a feature also present in Vista which
makes it more difficult for attackers to carry out buffer overflow attacks on a system by changing
the location of various system services each time a system is run. Since many attacks rely on the
ability to call particular services by jumping to particular locations, address space randomization
can make these attacks much less likely to succeed.
2.2 Different editions of windows 2008
Before embarking on the installation of Windows Server 2008, it is important to first gain an
understanding of the different editions available and the corresponding hardware requirements. It
is also important to be aware of the upgrade options available with each edition.
1. Windows Server 2008 Standard Edition
Windows Server 2008 Standard is one of Microsoft's entry level server offerings (alongside
Windows Web Server 2008) and is one of the least expensive of the various editions available.
Only a 64-bit versions are available, and in terms of hardware Standard Edition supports up to
32GB of RAM and 4 processors.
Windows Server 2008 is primarily targeted and small and mid-sized businesses (SMBs) and is
ideal for providing domain, web, DNS, remote access, print, file and application services.
Support for clustering, however, is notably absent from this edition.
An upgrade path to Windows Server 2008 Standard is available from Windows 2000 Server and
Windows Server 2003 Standard Edition.
2. Windows Server 2008 Enterprise Edition
Windows Server 2008 Enterprise Edition provides greater functionality and scalability than the
Standard Edition. As with Standard Edition, only a 64-bit version is available. Enhancements
include support for as many as 8 processors and up to 2TB of RAM.
Additional features of the Enterprise edition include support for clusters of up to 8 nodes and
Active Directory Federated Services (AD FS). Windows Server 2000, Windows 2000 Advanced
Server, Windows Server 2003 Standard Edition and Windows Server 2003 Enterprise Edition
may all be upgraded to Windows Server 2008 Enterprise Edition.
3. Windows Server 2008 Datacenter Edition
The Datacenter edition represents the top end of the Windows Server 2008 product range and is
targeted at mission critical enterprises requiring stability and high uptime levels. Windows Server
2008 Datacenter edition is tied closely to the underlying hardware through the implementation of

custom Hardware Abstraction Layers (HAL). As such, it is currently only possible to obtain
Datacenter edition as part of a hardware purchase.
As with other versions, the Datacenter edition is available only in a 64-bit version and supports
up to 2TB of RAM. In addition, this edition supports a minimum of 8 processors up to a
maximum of 64.
Upgrade paths to Windows Server 2008 Datacenter Edition are available from the Datacenter
editions of Windows 2000 and 2003.
4. Windows Web Server 2008
Windows Web Server 2008 is essentially a version of Windows Server 2008 designed primarily
for the purpose of providing web services. It includes Internet Information Services (IIS) 7.0
along with associated services such as Simple Mail Transfer Protocol (SMTP) and Telnet. It is
available in a 64-bit version only and supports up to 4 processors. RAM is limited to 32GB.
Windows Web Server 2008 lacks many of the features present in other editions such as
clustering, BitLocker drive encryption, multipath I/O, Windows Internet Naming Service
(WINS), Removable Storage Management and SAN Management.
Windows Server 2008 Features Matrix

Feature

Enterpris Datacente
e
r

Standar
d

We
b

Itaniu
m

ADFS Web Agent

Yes

Yes

Yes

No

No

Directory uIDM

Yes

Yes

Yes

No

No

Desktop Experience

Yes

Yes

Yes

Yes

No

Windows Clustering

Yes

Yes

No

No

Yes

Windows Server Backup

Yes

Yes

Yes

Yes

Yes

Windows Network Load Balancing

(WNLB)

Yes

Yes

Yes

Yes

Yes

Simple TCP/IP Services

Yes

Yes

Yes

No

Yes

SMTP

Yes

Yes

Yes

Yes

No

Subsystem for Unix-Based Applications

(SUA)

Yes

Yes

Yes

No

Yes

Telnet Client

Yes

Yes

Yes

Yes

Yes

Telnet Server

Yes

Yes

Yes

Yes

Yes

Microsoft Message Queuing (MSMQ)

Yes

Yes

Yes

No

Yes

RPC Over HTTP Proxy

Yes

Yes

Yes

No

Yes

Windows Internet Naming Service

(WINS)

Yes

Yes

Yes

No

No

Wireless Client

Yes

Yes

Yes

No

No

Windows System Resource Manager

(WSRM)

Yes

Yes

Yes

Yes

Yes

Simple SAN Management

Yes

Yes

Yes

No

No

LPR Port Monitor

Yes

Yes

Yes

No

No

The Windows Foundation Components

for WinFX

Yes

Yes

Yes

Yes

Yes

BITS Server Extensions

Yes

Yes

Yes

No

Yes

iSNS Server Service

Yes

Yes

Yes

Yes

No

BitLocker Drive Encryption

Yes

Yes

Yes

No

Yes

Multipath IO

Yes

Yes

Yes

No

Yes

Removable Storage Management

Yes

Yes

Yes

No

Yes

TFTP

Yes

Yes

Yes

No

Yes

SNMP

Yes

Yes

Yes

Yes

Yes

Server Admin Pack

Yes

Yes

Yes

Yes

No

RDC

Yes

Yes

Yes

No

Yes

Peer-to-Peer Name Resolution Protocol

Yes

Yes

Yes

Yes

Yes

Recovery Disk

Yes

Yes

Yes

Yes

Yes

Windows PowerShell

Yes

Yes

Yes

Yes

Yes

Windows Server 2008 Hardware Requirements

Category

Minimum / Recommended Requirements

Processor

Minimum: 1GHz (x86 processor) or 1.4GHz (x64 processor)

Recommended: 2GHz or faster
Note: For Itanium based systems an Intel Itanium 2 processor is required.

Memory

Minimum: 512MB RAM

Recommended: 2GB RAM or greater
Maximum: 32GB (Standard) or 2TB (Enterprise, Datacenter)

Available Disk
Space

Minimum: 10GB
Recommended: 40GB or greater
Note: Systems with RAM in excess of 16GB will require greater amounts of
disk space to accommodate paging, hibernation, and dump files

Drive

DVD-ROM drive

Display and
Peripherals

Super VGA or greater-resolution monitor (800x600)

Keyboard
Microsoft Mouse or compatible pointing device

2.3 Comparison between Windows NT and windows 2008

Differences between Windows 2000, Windows Server 2003 & Windows Server 2008
# Windows 2000 or NT 5.0 Windows Server 2003
Comes with Internet
1
Explorer 5

Comes with Internet Explorer 7

Comes with Internet Explorer 6 and IE 8 in Windows Server
2008 R2

2 Comes with IIS version 5 Comes with IIS version 6

64 bit version not

available

4 No Stub Zones

Windows Server 2008

Comes with IIS version 7 and

IIS version 7.5 in Windows
Server 2008 R2

64 bit version available

64 bit version available

Stub Zones introduced

Stub Zones Available

5 Does not support .Net 2.0 Supports .Net 2.0

Supports .Net 3.0 and Windows

Server 2008 supports .Net 3.5

6 Was Codenamed NT 5.0

Was Codenamed NT 5.1

Was Codenamed Longhorn

Possible to rename a domain

Possible to rename a domain

Supports both IP V4 & IP V6

Supports both IP V4 & IP V6

Not possible to rename a

domain

8 Supports only IP V4

9 Shadow Copy not possible Shadow Copy introduced

Shadow Copying possible for

each and every folder

10 Schema version is 13

Schema version is 44

11

Does not support

Does not support virtualization Supports Hyper-V virtualization
virtualization technology technology
technology

Active Directory
12
introduced

13

Schema version is 30

Active Directory improved

Has only Server and

Has Web, Standard, Enterprise
Advanced Server versions and DataCenter versions

14 N.A

N.A

Active Directory renamed to

Active Directory Domain
Services
Has Web, Standard, Enterprise
and DataCenter versions
Possible to Start or Stop any
Directory Service without

having to shut down the Domain

Controller. Good for Offline
Defragmentation etc. Recovery
of the Active Directory
Database without having to
reboot.
Audit logs can show who
Audit logs can show who made
made changes to what
15
changes to what values but does
attributes but does not
not show old values.
show old values.

Audit logs can show who made

changes to what attributes and
can show both the old and the
new values.

16 N.A

N.A

RIS is now called Windows

Deployment Services (WDS)

Read Only Domain

17 Controllers (RODC) not
available

Read Only Domain Controllers Read Only Domain Controllers

(RODC) not available.
(RODC) available

2.4 Comparison between various versions of Windows 2008server

Read from 2.2

2.5 List and explain Windows 2008 Server components

Windows Server 2008 is built from the same code base as Windows Vista; therefore, it shares
much of the same architecture and functionality, it automatically comes with most of the
technical, security, management and administrative features new to Windows Vista such as the
rewritten networking stack (native IPv6, native wireless, speed and security improvements);
improved image-based installation, deployment and recovery; improved diagnostics, monitoring,

event logging and reporting tools; new security features such as BitLocker and ASLR (address
space layout randomization); improved Windows Firewall with secure default configuration;
.NET Framework 3.0 technologies, specifically Windows Communication Foundation, Microsoft
Message Queuing and Windows Workflow Foundation; and the core kernel, memory and file
system improvements. Processors and memory devices are modeled as Plug and Play devices, to
allow hot-plugging of these devices. This allows the system resources to be partitioned
dynamically using Dynamic Hardware Partitioning; each partition has its own memory,
processor and I/O host bridge devices independent of other partitions.
Server Core

Figure 2. Default user interface for Server Core. Because Windows Explorer is removed from
Server Core, programs such as Notepad use the Windows NT 3.x-style file dialog.
Windows Server 2008 includes a variation of installation called Server Core. Server Core is a
significantly scaled-back installation where no Windows Explorer shell is installed. All
configuration and maintenance is done entirely through command-line interface windows, or by
connecting to the machine remotely using Microsoft Management Console. However, Notepad
and some control panel applets, such as Regional Settings, are available.

Server Core does not include the .NET Framework, Internet Explorer, Windows PowerShell or
many other features not related to core server features. A Server Core machine can be configured
for several basic roles: Domain controller/Active Directory Domain Services, ADLDS (ADAM),
DNS Server, DHCP server, file server, print server, Windows Media Server, IIS 7 web server
and Hyper-V virtual server. Server Core can also be used to create a cluster with high availability
using failover clustering or network load balancing.

Active Directory roles

Active Directory roles are expanded with identity, certificate, and rights management services.
Active Directory, until Windows Server 2003, allowed network administrators to centrally
manage connected computers, to set policies for groups of users, and to centrally deploy new
applications to multiple computers. This role of Active Directory is being renamed as Active
Directory Domain Services (ADDS).
A number of other additional services are being introduced, including Active Directory
Federation Services (ADFS), Active Directory Lightweight Directory Services (AD LDS),
(formerly Active Directory Application Mode, or ADAM), Active Directory Certificate Services
(ADCS), and Active Directory Rights Management Services (ADRMS).
Identity and certificate services allow administrators to manage user accounts and the digital
certificates that allow them to access certain services and systems. Federation management
services enable enterprises to share credentials with trusted partners and customers, allowing a
consultant to use his company user name and password to log in on a client's network. Identity
Integration Feature Pack is included as Active Directory Metadirectory Services. Each of these
services represents a server role.

Failover Clustering
Windows Server 2008 offers high-availability to services and applications through Failover
Clustering. Most server features and roles can be kept running with little to no downtime.
In Windows Server 2008 and Windows Server 2008 R2, the way clusters are qualified changed
significantly with the introduction of the cluster validation wizard.
The cluster validation wizard is a feature that is integrated into failover clustering in Windows
Server 2008 and Windows Server 2008 R2. With the cluster validation wizard, an administrator
can run a set of focused tests on a collection of servers that are intended to use as nodes in a
cluster. This cluster validation process tests the underlying hardware and software directly, and

individually, to obtain an accurate assessment of how well failover clustering can be supported
on a given configuration.
Note: This feature is only available in Enterprise and Datacenter editions of Windows Server.

Self-healing NTFS
In Windows versions prior to Windows Vista, if the operating system detected corruption in the
file system of an NTFS volume, it marked the volume "dirty"; to correct errors on the volume, it
had to be taken offline. With self-healing NTFS, an NTFS worker thread is spawned in the
background which performs a localized fix-up of damaged data structures, with only the
corrupted files/folders remaining unavailable without locking out the entire volume and needing
the server to be taken down. The operating system now features S.M.A.R.T. detection techniques
to help determine when a hard disk may fail.

Hyper-V

Figure 3. Hyper-V architecture

Hyper-V is hypervisor-based virtualization software, forming a core part of Microsoft's
virtualization strategy. It virtualizes servers on an operating system's kernel layer. It can be
thought of as partitioning a single physical server into multiple small computational partitions. A
beta version of Hyper-V shipped with certain x86-64 editions of Windows Server 2008, prior to

Microsoft's release of the final version of Hyper-V on 26 June 2008 as a free download. Also, a
standalone version of Hyper-V exists; this version supports only x86-64 architecture. While the
IA-32 editions of Windows Server 2008 cannot run or install Hyper-V, they can run the MMC
snap-in for managing Hyper-V.

Windows System Resource Manager

Windows System Resource Manager (WSRM) is integrated into Windows Server 2008. It
provides resource management and can be used to control the amount of resources a process or a
user can use based on business priorities. Process Matching Criteria, which is defined by the
name, type or owner of the process, enforces restrictions on the resource usage by a process that
matches the criteria. CPU time, bandwidth that it can use, number of processors it can be run on,
and allocated to a process can be restricted. Restrictions can be set to be imposed only on certain
dates as well.

Server Manager
Server Manager is a new roles-based management tool for Windows Server 2008. It is a
combination of Manage Your Server and Security Configuration Wizard SCW from Windows
Server 2003. Server Manager is an improvement of the Configure my server dialog that launches
by default on Windows Server 2003 machines. However, rather than serve only as a starting
point to configuring new roles, Server Manager gathers together all of the operations users
would want to conduct on the server, such as, getting a remote deployment method set up, adding
more server roles etc., and provides a consolidated, portal-like view about the status of each role.

Other features
Other new or enhanced features include:
Core OS improvements

Fully multi-componentized operating system.

Improved hot patching, a feature that allows non-kernel patches to occur without the need
for a reboot.

Support for being booted from Extensible Firmware Interface (EFI)-compliant firmware
on x86-64 systems.

Dynamic Hardware Partitioning

o Support for the hot-addition or replacement of processors and memory, on capable

hardware.
Active Directory improvements

Read-only domain controllers (RODCs) in Active Directory, intended for use in branch
office or other scenarios where a domain controller may reside in a low physical security
environment. The RODC holds a non-writeable copy of Active Directory, and redirects
all write attempts to a Full Domain Controller. It replicates all accounts except sensitive
ones. In RODC mode, credentials are not cached by default. Moreover, only the
replication partner of the RODC needs to run Windows Server 2008. Also, local
administrators can log on to the machine to perform maintenance tasks without requiring
administrative rights on the domain.

Restartable Active Directory allows ADDS to be stopped and restarted from the
Management Console or the command-line without rebooting the domain controller. This
reduces downtime for offline operations and reduces overall DC servicing requirements
with Server Core. ADDS is implemented as a Domain Controller Service in Windows
Server 2008.

Policy related improvements

All of the Group Policy improvements from Windows Vista are included. Group Policy
Management Console (GPMC) is built-in. The Group Policy objects are indexed for
search and can be commented on.

Policy-based networking with Network Access Protection, improved branch management

and enhanced end user collaboration. Policies can be created to ensure greater Quality of
Service for certain applications or services that require prioritization of network
bandwidth between client and server.

Granular password settings within a single domain - ability to implement different

password policies for administrative accounts on a "group" and "user" basis, instead of a
single set of password settings to the whole domain.

Disk management and file storage improvements

The ability to resize hard disk partitions without stopping the server, even the system
partition. This applies only to simple and spanned volumes, not to striped volumes.

Shadow Copy based block-level backup which supports optical media, network shares
and Windows Recovery Environment.

DFS enhancements - SYSVOL on DFS-R, Read-only Folder Replication Member. There

is also support for domain-based DFS namespaces that exceed the previous size
recommendation of 5,000 folders with targets in a namespace.

Several improvements to Failover Clustering (High-availability clusters).

Internet Storage Naming Server (iSNS) enables central registration, deregistration and
queries for iSCSI hard drives.

Protocol and cryptography improvements

Support for 128- and 256-bit AES encryption for the Kerberos authentication protocol.

New cryptography (CNG) API which supports elliptic curve cryptography and improved
certificate management.

Secure Socket Tunneling Protocol, a new Microsoft proprietary VPN protocol.

AuthIP, a Microsoft proprietary extension of the IKE cryptographic protocol used in

IPsec VPN networks.

Server Message Block 2.0 protocol in the new TCP/IP stack provides a number of
communication enhancements, including greater performance when connecting to file
shares over high-latency links and better security through the use of mutual
authentication and message signing.

Miscellaneous improvements

Windows Deployment Services replacing Automated Deployment Services Windows

Server 2008 home entertainment and Remote Installation Services. Windows Deployment
Services (WDS) support an enhanced multicast feature when deploying operating system
images.

Internet Information Services 7 - Increased security, Robocopy deployment, improved

diagnostic tools, delegated administration.

Windows Internal Database, a variant of SQL Server Express 2005, which serves as a
common storage back-end for several other components such as Windows System
Resource Manager, Windows SharePoint Services and Windows Server Update Services.
It is not intended to be used by third-party applications.

An optional "Desktop Experience" component provides the same Windows Aero user
interface as Windows Vista, both for local users, as well as remote users connecting
through Remote Desktop.

2.6 List various Hardware requirements.

Read from 2.2
2.7 List Major optional services available in Windows 2008 server.
Read from 2.5