Provisioning Servers

Provisioning Windows Servers
Meeting the installation standards

of the Enterprise Servers Team

iii
Table of Contents

Contents
Table of Contents ........................................................................................................................... iii
Introduction ..................................................................................................................................... v
Chapter 1: Preparation for Physical Machines................................................................................ 7
Preparation for Physical Machines ................................................................................................. 3
Gathering Data ............................................................................................................................ 3
Determining Location ................................................................................................................. 3
Requesting Network Connectivity .............................................................................................. 3
Installation Day ........................................................................................................................... 4
Chapter 2: Preparation for Virtual Machines .................................................................................. 5
Preparation for Virtual Machines.................................................................................................... 7
Gathering Data ............................................................................................................................ 7
Requesting Virtual Hardware and Network Connectivity .......................................................... 7
Chapter 3: Installing Windows Server 2008 R2 ............................................................................. 9
Installing Windows Server 2008 R2 ............................................................................................. 11
Installing the Operating System ................................................................................................ 11
Chapter 4: Configuring a Windows Server ................................................................................... 15
Configuring a Windows Server .................................................................................................... 17
Joining Active Directory ........................................................................................................... 17
Configuring Local Firewall Rules ............................................................................................ 21
Configuring Remote Server Access .......................................................................................... 24
Server Turnover ........................................................................................................................ 27
Index ............................................................................................................................................. 29
Glossary ........................................................................................................................................ 31

v
Introduction

Provisioning servers is a common task for the Enterprise Servers group. While it is relatively
simple, there are a number of minor steps which can be easily overlooked. The following guide
is designed to ensure a uniform configuration between all servers.
The first chapter addresses the steps which should be taken to gather information for the
installation of physical servers, and steps needed to ensure power and network connectivity are
in place prior to installation. Most of the information regarding server requirements may be
provided from the Application Manager without instigation from the Enterprise Serversteam,
however many details are often overlooked, therefore it is important to review this information
with an Application Manager.
The next chapter covers the steps necessary to prepare for a virtual machine (or VM). VMs have
become a more efficient and cost effective means of providing services to Application Managers.
The VM emulates hardware and allows multiple low power virtual servers to run on a single
physical host. Physical hosts can be clustered into a VM farm, allowing VMs to be migrated
between hosts in the event of a physical hardware failure without interruption in service.
Chapters three and four provide step by step instructions for installing and configuring the
standard Windows Operating Systems utilized by the Enterprise Servers group.

Chapter 1: Preparation for Physical Machines

Chapter 1 3
Preparation for Physical Machines

Physical machines are reserved for applications which require high performance. These can
include databases, high access file servers, or web farms to name just a few. A physical server
will be ordered by lead members of the Enterprise Servers team, and delivered to Operations
staff in the General Academic Building.

Gathering Data
The first step in building a physical server is to gather information about the hardware and
software which the hosted application needs in order to run optimally. The Application Manager
will be responsible for providing the system requirements when they submit a request for a new
physical server.
Be sure to check that they provide the following information:
Recommended processor count and speed.
Recommended amount of RAM.
Compatible operating systems.
Networking requirements, including the desired accessibility of the server, and necessary
firewall port rules.
Users and groups which need access to the server.
Additional services or applications which are required for the application.

Determining Location
The location of physical servers is primarily determined by two factors. The first point is
whether the server will be running a production or development instance of the application. All
production servers should be installed in the General Academic Building Data Center, while
development servers should be located within the Discovery Park Data Center.
The second aspect of the server location is determined by the Data Center Operations staff. This
group handles the reception and installation of physical servers within a rack at the chosen Data
Center and ensures adequate power is provided. Once a Data Center is chosen, provide
Operations with the specifications for the server, and ask that they evaluate the available rack
space for a suitable location.

Requesting Network Connectivity
The information provided by the Application Managers will help you coordinate efforts with the
Network Managers in order to place the server in the correct network space and ensure it has the
proper connections.

4 Provisioning Windows Servers
The following table provides details on the major Data Center subnets:
Subnet Purpose
192.168.211.0/24 GAB public subnet. Primarily for production web servers and
other services accessed both on and off campus.
192.168.213.0/24 GAB private subnet. Primarily for production application servers
which are only accessed securely.
192.168.164.0/24 DP public subnet. Primarily for development web servers and
192.168.166.0/24 DP private subnet. Primarily for development application servers

Once Operations has provided a precise location for the server, submit an email request to the
Network Managers. The request should include the following:
The precise location of the server.
A request that a new IP is assigned for the server.
Provide the desired Fully Qualified Domain Name(FQDN) which will be associated with
the new IP(Ex: Myserver01.unt.edu).
The number and type of network cables which need to be run to the server location.
Network firewall rules that should be put in place for the new IP.
A deadline for the installation.
The Network Management group has a two day minimum turnaround for new installations. If
the tasks are not complete within four days, be sure to check on the status of the request.

Installation Day
When the server arrives, Operations staff will install the machine into the server rack and
connect all networking and power cables. Once this task has been completed the group will send
a notification that the server is ready for Operating System installation.

Chapter 2: Preparation for Virtual Machines

Chapter 2 7
Preparation for Virtual Machines

Virtual Machines (or VMs) have become a more efficient and cost effective means of providing
services to Application Mangers. VMs run on a cluster of physical servers known as a VM
Farm. There are multiple farms within the Datacenter which are managed by the VM Services
team.

Gathering Data
The first step in building a virtual server is to gather information about the minimum system
requirements under which the application can run. Since VMs are designed for low power uses,
and settings can be changed without impacting service, virtual servers are generally built with
the lowest specifications possible and scaled up to meet performance demands. The Application
Managers will be responsible for providing the minimum system requirements when they submit
a request for a new physical server.
Be sure to check that they provide the following information:
Minimum processor count and speed.
Minimum amount of RAM.
Compatible operating systems.
Networking requirements, including the desired accessibility of the server, and necessary
firewall port rules.
Users and groups which need access to the server.
Additional services or applications which are required for the application.

Requesting Virtual Hardware and Network Connectivity
The VM Services team is capable of creating new IPs for Virtual Machines, however they are
unable to modify network firewalls. Therefore when submitting a request for a new VM, the
network requirements are also included. VMs are placed in a separate set of subnets from
physical servers. Use the following table and the information gathered from the Application
Managers to request a new IP and network connectivity for the VM.
Subnet Purpose
192.168.212.0/24 GAB public subnet. Primarily for production web servers and
192.168.214.0/24 GAB private subnet. Primarily for production application servers
192.168.165.0/24 DP public subnet. Primarily for development web servers and
192.168.167.0/24 DP private subnet. Primarily for development application servers

Include the following information in an e-mail to VM Services when requesting a new VM:
The VM farm where the VM needs to be created.
The required number of processors.
The required amount of RAM.
The required operating system.
A request to create a new IP for the VM.
Provide the desired Fully Qualified Domain Name(FQDN) which will be associated with
the new IP(Ex: Myserver01.unt.edu)
A deadline for the new VM

VMs are often created within 24 hours. Once VM Services provides the new IP, send a request
to the Network Managers detailing necessary firewall rules for the new IP.

Chapter 3: Installing Windows Server 2008 R2

Chapter 3 11
Installing Windows Server 2008 R2

Windows Server 2008 R2 is the current standard Windows OS for the Enterprise Servers group.
Server 2008 R2 includes a number of improvements which make server management simpler
and more flexible.

Installing the Operating System

Note: Windows VMs will be created by t he VM Services team with Server 2008 R2 preinstalled.
If provisioning a VM, skip ahead to the section Joining Active Directory in Chapter 4.

1. Begin the installation by powering on the server. Power buttons are typically found on
the front of the server, and will be indicated by a power symbol.
2. During POST, press F12 to access the Boot Menu.
3. Eject the DVD tray and insert a Windows Server 2008 R2 installation disc into the tray.
4. On the Boot Menu, select the option for CD-ROM(or DVD-ROM).
5. When the installer has finished loading, ensure the following options are selected and
then click Next:
6. On the Server 2008 Version list, select Windows Server 2008 R2 Enterprise (Full
Installation). Click Next.
7. Mark the checkbox next to I accept the license terms. Click Next.
8. When choosing the installation type, choose Custom (advanced).
9. When selecting where to install Windows, select an Unallocated Space which is at least
60GB in size. Click Next.
Chapter 3 13
10. The installation will initiate at this point and take up to 30 minutes to complete. During
this time the server may reboot several times. This is normal.
11. Once the installer has finished, the following screen will be displayed.

12. Press the CTRL, ALT, & DELETE keys simultaneously to continue.
13. The password for Admin must be created before proceding. Enter the default password
in all fields and click the arrow.
Now that the operating system has been installed, it must be configured before allowing the
Application Manager to remotely access the server.

Chapter 4: Configuring a Windows Server

Chapter 4 17
Configuring a Windows Server

Having a consistent work environment allows both Application Managers and Server
Administrators to troubleshoot more effectively. Following the steps in this chapter will remove
the possibility of OS related errors.
Joining Active Directory
The first step in configuring a Windows server is to join the server to an Active Directory
Domain. This step allows the server to communicate with other machines in the Domain and
allows Domain Users to authenticate with the server. Joining Active Directory will also apply
Group Policies to the new server. These policies make several configuration changes to optimize
the server for the domain.
Follow these steps to join the UNT Active Directory
1. Access the Computer Properties by clicking the Start Menu, then right clicking
Computer and select Properties.

2. On the Properties windows, click Change settings in the Computer name, domain,
and workgroup settings section.

3. In the System Properties window, ensure the Computer Name tab is selected, and click
Change
4. Enter the desired name for the server in the Computer Name: field.
5. Click the radio button next to Domain: and enter unt.edu into the provided field.

Chapter 4 19
6. In the Authentication pop-up window, enter unt.edu\DomainAdmin and the current
password. Click OK.

7. Click OK on the Welcome pop-up window.
8. Click OK on the Computer Name/Domain Changes pop-up window.
9. Click Close on the System Properties window, and then Restart Now on the next pop-
up window. The computer will close all open windows and power off and on in order
to register with Active Directory and apply new Group Policy settings.

10. When the server finishes rebooting press the CTRL, ALT, & DELETE keys
simultaneously to log in.
11. It is important to test Active Directory authentication. Click Switch User and then
Other User.
12. Enter unt.edu\DomainAdmin and the current password. Click the arrow.

Chapter 4 21
Configuring Local Firewall Rules
Firewalls help prevent unauthorized access to servers by blocking network ports used for
communication between machines. Firewall port numbers range from 1 to 65535, and by default
only essential ports are open. In order for applications on separate servers to communicate,
specific ports must be opened on the local server firewall, and also on the network firewall if the
servers are in separate subnets. Network firewall ports must be opened by the Network
Managers by e-mail request (covered in preparation chapters). The following steps describe how
to open local server firewall ports. Use the information gathered from the Application Manager
in order to complete these steps.
1. Access the Windows Firewall by clicking the Start Menu, then Administrative Tools
and Windows Firewall with Advanced Security.

2. On the left side of the Windows Firewall window, click Inbound Rules.
3. On the right side of the window, click New Rule


4. Click the radio button next to Custom, and then click Next >.
5. Ensure the radio button next to All programs is selected and click Next >.
6. Using the information provided by the Application Manager, select the Protocol type
from the drop down menu. Most application connections use TCP.

7. Next to Local port, select Specific Ports from the drop down menu. The field below the
drop down will become active and allow the entry of specific ports. Below this field is
an example of proper syntax for entering multiple ports.
8. It is atypical for an Application Manager to provide specific remote ports, due to the
fact that outbound communication typically uses a random port. If a remote port is
supplied, select Specific Ports from the Remote ports drop down and add the ports to
the field below.
9. Once the protocol and ports have been selected, click Next >.
10. On the Scope page, leave the local IP addresses set to Any IP address. Under the
remote IP addresses section, click the radio button next to These IP addresses:
11. Click Add

Chapter 4 23
12. Using the information provided by the Application Manager, choose the appropriate
radio button and enter the IP, subnet, or range in the available fields. Click OK.

13. Click Next >.
14. Click the radio button next to Allow the connection. Click Next >.
15. Deselect the Private and Public options. Click Next >.
16. Enter a name for the firewall rule, and describe the purpose of the rule in the
appropriate fields. Click Finish.

Note: Outbound network traffic is not blocked by default. If an outbound rule must be specified, click Outbound
Rules on the left of the Windows Firewall window and then New Rule on the right side of the window. From
this point, the process for creating an outbound rule is identical to creating an inbound rule.
Configuring Remote Server Access
Remote access is the last feature that should be enabled in the provisioning process to prevent
Application Managers from accessing systems which are not finished. Use the following steps to
enable remote access.
1. Launch the Server Manager tool by clicking the Start Menu, then Administrative Tools
and selecting Server Manager.

2. On the left side of the window, expand the Configuration section.
3. Expand the sub-section Local Users and Groups and then select the Groups folder.

Chapter 4 25
4. In the center panel, right click Users and select Add to Group

5. In the Users Properties pop-up window, click Add
6. In the user selection pop-up window, enter the groups and users provided by the
Application Managers. Click OK.
7. Click OK in the Users Properties window.
8. Repeat steps 4-7 for Remote Desktop Users.
9. Access the Computer Properties by clicking the Start Menu, then right clicking
Computer and select Properties.

10. On the Properties windows, click Change settings in the Computer name, domain, and
workgroup settings section.

11. In the System Properties window, ensure the Remote tab is selected.
12. Click the Radio button next to Allow connections from computers running Remote
Desktop with Network Level Authentication (more secure). Click OK.

Users and groups which have previously been added in the Server Manager will now be
able to access the server remotely.

Chapter 4 27
Server Turnover
The final step in provisioning a server is to notify the Application Managers that the server has
been completed and is ready for the application installation process.
Send the Application Managers an e-mail with the following information:
The IP and FQDN of the new server.
The users and groups you have granted access to the server.
The firewall rules you have manually created.
While this guide outlines all the steps needed for creating a new server, be prepared to handle
any unexpected issues that might occur.

Index 29
Index

Active Directory, iii, 11, 17, 19, 31
Data Center, 3, 4, 31
Firewall, iii, 21, 23, 31
FQDN, 4, 8, 27, 31
Fully Qualified Domain Name, 4, 8, 31
Physical Machine, 31
Physical Server, 31
Port, 31
processor, 3, 7
Processor, 31
RAM, 3, 7, 8, 31
Server, iii, 9, 11, 12, 15, 17, 24, 26, 27, 31
Subnet, 4, 7, 31
Virtual Machine, 31
VM, v, 7, 8, 11, 31
Glossary 31
Glossary

Active Directory: Windows-based centralized directory service. Organizes and authenticates
user accounts.
Data Center: Centralized physical location which houses servers. There is one primary data
center for each campus.
Firewall: Network security device. Analyzes network traffic and blocks or grants access based
on established firewall rules.
Fully Qualified Domain Name (FQDN): The short name for a server with the domain name
appended.
Physical Machine (Physical Server): A physical machine which hosts a single Operating
System.
Port: A single point of access through a firewall. Ports are either allowed or denied as per
firewall rules.
Processor: Hardware component responsible for computing programs.
RAM: Random Access Memory. Fast, temporary storage. Holds application and Operating
System data while server is running
Server: A computer which hosts services accessed remotely by client machines.
Subnet: Logical subdivision of a network. Servers within the same subnet are able to
communicate freely. Communication with servers in separate subnets requires firewall changes
by Network Management.
Virtual Machine (VM): An emulated physical server, which is hosted on a cluster of physical
servers.

Provisioning Servers

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Provisioning Servers

Transféré par

Droits d'auteur :

Formats disponibles

Provisioning Windows Servers

Meeting the installation standards

Vous aimerez peut-être aussi