Contents Table of Contents ........................................................................................................................... iii Introduction ..................................................................................................................................... v Chapter 1: Preparation for Physical Machines................................................................................ 7 Preparation for Physical Machines ................................................................................................. 3 Gathering Data ............................................................................................................................ 3 Determining Location ................................................................................................................. 3 Requesting Network Connectivity .............................................................................................. 3 Installation Day ........................................................................................................................... 4 Chapter 2: Preparation for Virtual Machines .................................................................................. 5 Preparation for Virtual Machines.................................................................................................... 7 Gathering Data ............................................................................................................................ 7 Requesting Virtual Hardware and Network Connectivity .......................................................... 7 Chapter 3: Installing Windows Server 2008 R2 ............................................................................. 9 Installing Windows Server 2008 R2 ............................................................................................. 11 Installing the Operating System ................................................................................................ 11 Chapter 4: Configuring a Windows Server ................................................................................... 15 Configuring a Windows Server .................................................................................................... 17 Joining Active Directory ........................................................................................................... 17 Configuring Local Firewall Rules ............................................................................................ 21 Configuring Remote Server Access .......................................................................................... 24 Server Turnover ........................................................................................................................ 27 Index ............................................................................................................................................. 29 Glossary ........................................................................................................................................ 31
v Introduction
Provisioning servers is a common task for the Enterprise Servers group. While it is relatively simple, there are a number of minor steps which can be easily overlooked. The following guide is designed to ensure a uniform configuration between all servers. The first chapter addresses the steps which should be taken to gather information for the installation of physical servers, and steps needed to ensure power and network connectivity are in place prior to installation. Most of the information regarding server requirements may be provided from the Application Manager without instigation from the Enterprise Serversteam, however many details are often overlooked, therefore it is important to review this information with an Application Manager. The next chapter covers the steps necessary to prepare for a virtual machine (or VM). VMs have become a more efficient and cost effective means of providing services to Application Managers. The VM emulates hardware and allows multiple low power virtual servers to run on a single physical host. Physical hosts can be clustered into a VM farm, allowing VMs to be migrated between hosts in the event of a physical hardware failure without interruption in service. Chapters three and four provide step by step instructions for installing and configuring the standard Windows Operating Systems utilized by the Enterprise Servers group.
Chapter 1: Preparation for Physical Machines
Chapter 1 3 Preparation for Physical Machines
Physical machines are reserved for applications which require high performance. These can include databases, high access file servers, or web farms to name just a few. A physical server will be ordered by lead members of the Enterprise Servers team, and delivered to Operations staff in the General Academic Building.
Gathering Data The first step in building a physical server is to gather information about the hardware and software which the hosted application needs in order to run optimally. The Application Manager will be responsible for providing the system requirements when they submit a request for a new physical server. Be sure to check that they provide the following information: Recommended processor count and speed. Recommended amount of RAM. Compatible operating systems. Networking requirements, including the desired accessibility of the server, and necessary firewall port rules. Users and groups which need access to the server. Additional services or applications which are required for the application.
Determining Location The location of physical servers is primarily determined by two factors. The first point is whether the server will be running a production or development instance of the application. All production servers should be installed in the General Academic Building Data Center, while development servers should be located within the Discovery Park Data Center. The second aspect of the server location is determined by the Data Center Operations staff. This group handles the reception and installation of physical servers within a rack at the chosen Data Center and ensures adequate power is provided. Once a Data Center is chosen, provide Operations with the specifications for the server, and ask that they evaluate the available rack space for a suitable location.
Requesting Network Connectivity The information provided by the Application Managers will help you coordinate efforts with the Network Managers in order to place the server in the correct network space and ensure it has the proper connections.
4 Provisioning Windows Servers The following table provides details on the major Data Center subnets: Subnet Purpose 192.168.211.0/24 GAB public subnet. Primarily for production web servers and other services accessed both on and off campus. 192.168.213.0/24 GAB private subnet. Primarily for production application servers which are only accessed securely. 192.168.164.0/24 DP public subnet. Primarily for development web servers and other services accessed both on and off campus. 192.168.166.0/24 DP private subnet. Primarily for development application servers which are only accessed securely.
Once Operations has provided a precise location for the server, submit an email request to the Network Managers. The request should include the following: The precise location of the server. A request that a new IP is assigned for the server. Provide the desired Fully Qualified Domain Name(FQDN) which will be associated with the new IP(Ex: Myserver01.unt.edu). The number and type of network cables which need to be run to the server location. Network firewall rules that should be put in place for the new IP. A deadline for the installation. The Network Management group has a two day minimum turnaround for new installations. If the tasks are not complete within four days, be sure to check on the status of the request.
Installation Day When the server arrives, Operations staff will install the machine into the server rack and connect all networking and power cables. Once this task has been completed the group will send a notification that the server is ready for Operating System installation.
Chapter 2: Preparation for Virtual Machines
Chapter 2 7 Preparation for Virtual Machines
Virtual Machines (or VMs) have become a more efficient and cost effective means of providing services to Application Mangers. VMs run on a cluster of physical servers known as a VM Farm. There are multiple farms within the Datacenter which are managed by the VM Services team.
Gathering Data The first step in building a virtual server is to gather information about the minimum system requirements under which the application can run. Since VMs are designed for low power uses, and settings can be changed without impacting service, virtual servers are generally built with the lowest specifications possible and scaled up to meet performance demands. The Application Managers will be responsible for providing the minimum system requirements when they submit a request for a new physical server. Be sure to check that they provide the following information: Minimum processor count and speed. Minimum amount of RAM. Compatible operating systems. Networking requirements, including the desired accessibility of the server, and necessary firewall port rules. Users and groups which need access to the server. Additional services or applications which are required for the application.
Requesting Virtual Hardware and Network Connectivity The VM Services team is capable of creating new IPs for Virtual Machines, however they are unable to modify network firewalls. Therefore when submitting a request for a new VM, the network requirements are also included. VMs are placed in a separate set of subnets from physical servers. Use the following table and the information gathered from the Application Managers to request a new IP and network connectivity for the VM. Subnet Purpose 192.168.212.0/24 GAB public subnet. Primarily for production web servers and other services accessed both on and off campus. 192.168.214.0/24 GAB private subnet. Primarily for production application servers which are only accessed securely. 192.168.165.0/24 DP public subnet. Primarily for development web servers and other services accessed both on and off campus. 192.168.167.0/24 DP private subnet. Primarily for development application servers which are only accessed securely.
8 Provisioning Windows Servers Include the following information in an e-mail to VM Services when requesting a new VM: The VM farm where the VM needs to be created. The required number of processors. The required amount of RAM. The required operating system. A request to create a new IP for the VM. Provide the desired Fully Qualified Domain Name(FQDN) which will be associated with the new IP(Ex: Myserver01.unt.edu) A deadline for the new VM
VMs are often created within 24 hours. Once VM Services provides the new IP, send a request to the Network Managers detailing necessary firewall rules for the new IP.
Chapter 3: Installing Windows Server 2008 R2
Chapter 3 11 Installing Windows Server 2008 R2
Windows Server 2008 R2 is the current standard Windows OS for the Enterprise Servers group. Server 2008 R2 includes a number of improvements which make server management simpler and more flexible.
Installing the Operating System
Note: Windows VMs will be created by t he VM Services team with Server 2008 R2 preinstalled. If provisioning a VM, skip ahead to the section Joining Active Directory in Chapter 4.
1. Begin the installation by powering on the server. Power buttons are typically found on the front of the server, and will be indicated by a power symbol. 2. During POST, press F12 to access the Boot Menu. 3. Eject the DVD tray and insert a Windows Server 2008 R2 installation disc into the tray. 4. On the Boot Menu, select the option for CD-ROM(or DVD-ROM). 5. When the installer has finished loading, ensure the following options are selected and then click Next: 12 Provisioning Windows Servers 6. On the Server 2008 Version list, select Windows Server 2008 R2 Enterprise (Full Installation). Click Next. 7. Mark the checkbox next to I accept the license terms. Click Next. 8. When choosing the installation type, choose Custom (advanced). 9. When selecting where to install Windows, select an Unallocated Space which is at least 60GB in size. Click Next. Chapter 3 13 10. The installation will initiate at this point and take up to 30 minutes to complete. During this time the server may reboot several times. This is normal. 11. Once the installer has finished, the following screen will be displayed. 14 Provisioning Windows Servers
12. Press the CTRL, ALT, & DELETE keys simultaneously to continue. 13. The password for Admin must be created before proceding. Enter the default password in all fields and click the arrow. Now that the operating system has been installed, it must be configured before allowing the Application Manager to remotely access the server.
Chapter 4: Configuring a Windows Server
Chapter 4 17 Configuring a Windows Server
Having a consistent work environment allows both Application Managers and Server Administrators to troubleshoot more effectively. Following the steps in this chapter will remove the possibility of OS related errors. Joining Active Directory The first step in configuring a Windows server is to join the server to an Active Directory Domain. This step allows the server to communicate with other machines in the Domain and allows Domain Users to authenticate with the server. Joining Active Directory will also apply Group Policies to the new server. These policies make several configuration changes to optimize the server for the domain. Follow these steps to join the UNT Active Directory 1. Access the Computer Properties by clicking the Start Menu, then right clicking Computer and select Properties.
18 Provisioning Windows Servers 2. On the Properties windows, click Change settings in the Computer name, domain, and workgroup settings section.
3. In the System Properties window, ensure the Computer Name tab is selected, and click Change 4. Enter the desired name for the server in the Computer Name: field. 5. Click the radio button next to Domain: and enter unt.edu into the provided field.
Chapter 4 19 6. In the Authentication pop-up window, enter unt.edu\DomainAdmin and the current password. Click OK.
7. Click OK on the Welcome pop-up window. 8. Click OK on the Computer Name/Domain Changes pop-up window. 9. Click Close on the System Properties window, and then Restart Now on the next pop- up window. The computer will close all open windows and power off and on in order to register with Active Directory and apply new Group Policy settings.
10. When the server finishes rebooting press the CTRL, ALT, & DELETE keys simultaneously to log in. 11. It is important to test Active Directory authentication. Click Switch User and then Other User. 20 Provisioning Windows Servers 12. Enter unt.edu\DomainAdmin and the current password. Click the arrow.
Chapter 4 21 Configuring Local Firewall Rules Firewalls help prevent unauthorized access to servers by blocking network ports used for communication between machines. Firewall port numbers range from 1 to 65535, and by default only essential ports are open. In order for applications on separate servers to communicate, specific ports must be opened on the local server firewall, and also on the network firewall if the servers are in separate subnets. Network firewall ports must be opened by the Network Managers by e-mail request (covered in preparation chapters). The following steps describe how to open local server firewall ports. Use the information gathered from the Application Manager in order to complete these steps. 1. Access the Windows Firewall by clicking the Start Menu, then Administrative Tools and Windows Firewall with Advanced Security.
2. On the left side of the Windows Firewall window, click Inbound Rules. 3. On the right side of the window, click New Rule
22 Provisioning Windows Servers
4. Click the radio button next to Custom, and then click Next >. 5. Ensure the radio button next to All programs is selected and click Next >. 6. Using the information provided by the Application Manager, select the Protocol type from the drop down menu. Most application connections use TCP.
7. Next to Local port, select Specific Ports from the drop down menu. The field below the drop down will become active and allow the entry of specific ports. Below this field is an example of proper syntax for entering multiple ports. 8. It is atypical for an Application Manager to provide specific remote ports, due to the fact that outbound communication typically uses a random port. If a remote port is supplied, select Specific Ports from the Remote ports drop down and add the ports to the field below. 9. Once the protocol and ports have been selected, click Next >. 10. On the Scope page, leave the local IP addresses set to Any IP address. Under the remote IP addresses section, click the radio button next to These IP addresses: 11. Click Add
Chapter 4 23 12. Using the information provided by the Application Manager, choose the appropriate radio button and enter the IP, subnet, or range in the available fields. Click OK.
13. Click Next >. 14. Click the radio button next to Allow the connection. Click Next >. 15. Deselect the Private and Public options. Click Next >. 16. Enter a name for the firewall rule, and describe the purpose of the rule in the appropriate fields. Click Finish.
Note: Outbound network traffic is not blocked by default. If an outbound rule must be specified, click Outbound Rules on the left of the Windows Firewall window and then New Rule on the right side of the window. From this point, the process for creating an outbound rule is identical to creating an inbound rule. 24 Provisioning Windows Servers Configuring Remote Server Access Remote access is the last feature that should be enabled in the provisioning process to prevent Application Managers from accessing systems which are not finished. Use the following steps to enable remote access. 1. Launch the Server Manager tool by clicking the Start Menu, then Administrative Tools and selecting Server Manager.
2. On the left side of the window, expand the Configuration section. 3. Expand the sub-section Local Users and Groups and then select the Groups folder.
Chapter 4 25 4. In the center panel, right click Users and select Add to Group
5. In the Users Properties pop-up window, click Add 6. In the user selection pop-up window, enter the groups and users provided by the Application Managers. Click OK. 7. Click OK in the Users Properties window. 8. Repeat steps 4-7 for Remote Desktop Users. 9. Access the Computer Properties by clicking the Start Menu, then right clicking Computer and select Properties.
26 Provisioning Windows Servers 10. On the Properties windows, click Change settings in the Computer name, domain, and workgroup settings section.
11. In the System Properties window, ensure the Remote tab is selected. 12. Click the Radio button next to Allow connections from computers running Remote Desktop with Network Level Authentication (more secure). Click OK.
Users and groups which have previously been added in the Server Manager will now be able to access the server remotely.
Chapter 4 27 Server Turnover The final step in provisioning a server is to notify the Application Managers that the server has been completed and is ready for the application installation process. Send the Application Managers an e-mail with the following information: The IP and FQDN of the new server. The users and groups you have granted access to the server. The firewall rules you have manually created. While this guide outlines all the steps needed for creating a new server, be prepared to handle any unexpected issues that might occur.
Active Directory: Windows-based centralized directory service. Organizes and authenticates user accounts. Data Center: Centralized physical location which houses servers. There is one primary data center for each campus. Firewall: Network security device. Analyzes network traffic and blocks or grants access based on established firewall rules. Fully Qualified Domain Name (FQDN): The short name for a server with the domain name appended. Physical Machine (Physical Server): A physical machine which hosts a single Operating System. Port: A single point of access through a firewall. Ports are either allowed or denied as per firewall rules. Processor: Hardware component responsible for computing programs. RAM: Random Access Memory. Fast, temporary storage. Holds application and Operating System data while server is running Server: A computer which hosts services accessed remotely by client machines. Subnet: Logical subdivision of a network. Servers within the same subnet are able to communicate freely. Communication with servers in separate subnets requires firewall changes by Network Management. Virtual Machine (VM): An emulated physical server, which is hosted on a cluster of physical servers.