Notes

Video 1 Welcome to Windows Server 2008 MCITP Server Administrator
In This Video
About Your Instructor and Train Signal Whats Covered in this Course The Globomantics Scenario What You Will Need to Follow Along with the Course
About your Instructor and Train Signal

About Ed Liberman
MCT, MCP, MCSA, MCSE, MCDST, MCTS, MCITP, A+, NET+, SERVER+ Have worked in technology for 18 years Have been certified and instructing IT for 10 years Volunteer time in my local community as a math tutor for struggling grade school children
About Train Signal

Casual Training Method Scenario-Based Training
Whats Covered in this Course

2. Windows Server 2008 Installation and Upgrade 3. Simplifying Installation with Windows Deployment Services (WDS) 4. Installing Windows Server 2008 Server Core 5. Deploying Read Only Domain Controllers 6. Virtualization 7. Using Group Policy to Simplify Network Administration 8. Delegation of Control 9. Setting up a File and Print Server 10.Data Provisioning
Whats Covered in this Course

11.Setting up a VPN Server 12.Network Policy Server 13.Windows Server Update Services (WSUS) 14.Using Active Directory Certificate Services 15.Backup and Recovery 16.Deploying Terminal Services 17.Planning for High Availablity 18.Certification
The Globomantics Scenario

Globomantics, Inc. is a worldwide securities brokerage house headquartered in New York. They also have three satellite locations: o Chicago to keep tabs on the Chicago exchanges o Tokyoto keep up with the Asian markets o DallasBecause the boss is a native Texan and really doesnt like New York There are currently 640 employees scattered throughout all locations. 500 are in the New York Headquarters, 50 are in Tokyo, 80 are in Chicago, and 10 are in Dallas. There are also 12 mobile users who travel worldwide, accompanied by their faithful laptops, of course. 5 of the 80 users in Chicago telecommute from home.
The Globomantics Scenario
What You Will Need:
Are you ready to get started?
Lets go!!!
Video 2 Windows Server 2008 Installation and Upgrade
In This Video
Look at the different versions of Windows Server 2008. Install Windows Server 2008 from scratch. Install the Active Directory Domain Services role. Upgrade from Windows Server 2003.
Windows Server 2008 Versions

Standard Edition Enterprise Edition Datacenter Edition Windows Web Server 2008 Itanium-Based Systems

Standard Edition o This version is designed to meet the needs of small to medium sized organizations. o Should be used to support standard networking roles. o The 32-bit version supports up to 4 GB of physical RAM and up to 4 processors. o The 64-bit version supports up to 32 GB of physical RAM and up to 4 processors.

Enterprise Edition o This version is designed to meet the needs of larger organizations. o Supports failover clustering and Active Directory Federation Services (ADFS) o The 32-bit version supports up to 64 GB of physical RAM and up to 8 processors. o The 64-bit version supports up to 2 TB of physical RAM and up to 8 processors.

Datacenter Edition o This version is designed to meet the needs of very large organizations. o Comes with unlimited virtualization rights. o Can only be purchased OEM. o The 32-bit version supports up to 64 GB of physical RAM and up to 32 processors. o The 64-bit version supports up to 2 TB of physical RAM and up to 64 processors.

Windows Web Server 2008 o This version is designed to function specifically as a single-purpose Web server. o The 32-bit version supports up to 4 GB of physical RAM and up to 4 processors. o The 64-bit version supports up to 32 GB of physical RAM and up to 4 processors.

Itanium-Based Systems o This version is designed to be used strictly with the Intel Itanium 64-bit processor. o The 64-bit version supports up to 2 TB of physical RAM and up to 64 processors.
For more information go to:

http://www.microsoft.com/windowsserver2008/en/us/2008-IA.aspx

Standard Edition Enterprise Edition Datacenter Edition Windows Web Server 2008 Itanium-Based Systems
For more information go to:

http://www.microsoft.com/windowsserver2008/en/us/editions-overview.aspx
Lets go take a look!!!

Install Windows Server 2008 from scratch. Install the Active Directory Domain Services role. Upgrade from Windows Server 2003.
Globomantics Network
Globomantics Forest
Upgrading from Windows Server 2003

Upgrade must be done from within the operating system. You can only upgrade to the same version or higher. You must stay within the same architecture. Upgrade can be done either in place or through migration.
Review
After watching this video you should know how to: o Describe the different versions of Windows Server 2008 and know how to select the right version to meet your needs. o Install Windows Server 2008. o Install the AD DS role. o Upgrade from Windows Server 2003. In the next video I will show you how to automate server deployment.
Video 3 Simplifying Installation with Windows Deployment Services (WDS)
In This Video
Getting ready for WDS. Installing the WDS role. Deploying servers using WDS. Automating installations with Answer Files. o Creating an Answer File using WAIK. o Adding the Answer File to WDS.
Getting Ready for WDS

What is WDS? o Windows Deployment Services is a role which has been included with Windows Server 2008 used to remotely deploy Server 2008 and Vista. WDS Requirements: o Active Directory o DNS o DHCP o An NTFS partition for the storage of images

Install the WDS role. Deploy 2 servers using WDS. Create an answer file using WAIK Deploy a server using the answer file.
Where can I get the Windows AIK?

The Windows Automated Installation Kit can be downloaded from the following URL: http://go.microsoft.com/fwlink/?LinkId=79385
Review
After watching this video you should know how to: o Describe WDS and its requirements. o Install and configure the WDS role. o Create answer files using WAIK. In the next video I will show you how to do a server core installation.
Video 4 Installing Windows Server 2008 Server Core
10
In This Video
What is Server Core? Installing Server Core Configuring Server Core Remote Management o Remote Server Administration Tools (RSAT) o Remote Desktop
What is Server Core?

Server Core is a version of Windows Server 2008 which does not provide a GUI desktop. A computer which has the Server Core version installed will only have the command shell available and can only do very basic configuration tasks locally. All additional management must be done remotely.
When should I use Server Core?

Server Core should be used when you have limited hardware or need increased security. Since Server Core does not install all of the features of a full version of Windows Server 2008 it does not require as many resources and does not have nearly as much vulnerability if it is attacked.
11

Install Windows Server 2008 Server Core. Install the Core Configurator utility. Configure Server Core using the Core Configurator utility.
Remote Management
There are 2 general choices when it comes to remote management: o Remote Server Administration Tools (RSAT) o Remote Desktop
Remote Server Administration Tools

Require Vista with Service Pack 1. Replaces the old AdminPak. Can be downloaded from the Microsoft Download Center. Should be used for remote management using the Microsoft Management Console (MMC).
12
Remote Desktop
Puts you on the actual desktop of the remote server. Should be used when you are unable to manage using RSAT.

Remotely access Server Core using RSAT on a Vista client. Set up Remote Desktop so we can access all of our servers from a client computer.
Review
After watching this video you should know how to: o Explain what Server Core is and when to use it. o Install the Server Core version of Windows Server 2008. o Remotely access servers using RSAT or Remote Desktop.
13
Video 5 Deploying Read Only Domain Controllers
In This Video
What are the benefits of using an RODC? Installing an RODC in a branch office. Configuring a Password Replication Policy. Using Administrative Role Separation.
RODC Benefits
RODCs provide 3 main security benefits which satisfy needs of many branch offices. o By default RODCs do not maintain password properties for any users. o No changes can be made to the AD database on the RODC. o RODCs have local a Administrator group which allows users in the branch office to administrate the computer without having privileges to the domain.
14

Install a Read Only Domain Controller. Configure a Password Replication Policy. Take a look at Administrative Role Separation.
Globomantics Network
Review
After watching this video you should know how to: o Deploy an RODC. o Configure a Password Replication Policy. o Configure Administrative Role Separation.
15
Video 6 Virtualization
In This Video
What is Virtualization? Benefits of Using Virtualization Virtualization Products Virtualization Examples Potential Issues
What is Virtualization?
Virtualization is the concept of having one physical computer act as though it is multiple computers. Virtualization allows multiple instances of either the same or different operating systems to run on a single computer. Virtualization provides a range of benefits which can serve just about anyone ranging from home users to average business users to high end server solutions.
16
Benefits of Using Virtualization

Server Costs Saves Energy Separation of Services Easier to Manage Compatibility Issues Support for Different Platforms
Virtualization Products
Microsoft Hyper-V o Hyper-V is a role which is built in to the 64-bit versions of Windows Server 2008. Microsoft Virtual Server Microsoft Virtual PC VMWare Server VMWare Workstation
Virtualization Examples
You have a temporary need for an additional server and cant justify the cost of purchasing another computer. You have an application which will only run on an older operating system and you dont want to use another computer just for that one application. You need to test a new product, but dont have the budget to purchase a test computer.
17
Potential Issues
Make sure you do not overuse the physical resources available. If you have a server which will require a large quantity of a certain resource consider dedicating a single computer for that server. Make sure you always have plenty of free space on your Hard Drives. Hyper-V has additional hardware requirements which may not be met by older computers. For more information go to:
http://technet.microsoft.com/en-us/library/cc731898.aspx
Review
After watching this video you should know: o What virtualization is. o The benefits of using virtualization. o Some of the virtualization products currently available. o When you should and should not use virtualization. Coachs Hyper-V Installation Bonus Video is also included with this Course
Video 7 Using Group Policy to Simplify Network Administration
18
In This Video
Active Directory Review o Logical Components o Physical Components o Objects o Trusts What is a GPO? The Globomantics Scenario Using the Group Policy Management tool o Creating GPOs o Linking GPOs o Editing & Viewing GPO Settings o Using Starter GPOs How do GPOs get applied? Exceptions to the Rules o Block Inheritance o Enforced o Security Filtering Group Policy Modeling and Results Using Password Setting Objects (PSO)
Active Directory Review

Active Directorys logical structure consists of Forests, Trees, and Domains Active Directorys physical structure consists of Sites and Domain Controllers. The Active Directory database is made up of a hierarchical structure of objects. These objects can either be container objects which are used to hold other objects or leaf objects which represent a network entity and does not hold other objects.
Active Directory Logical Structure

Domains Act as the primary administrative containers within AD. Trees An area of namespace containing one or more domains. Forest A bunch of trees. Considered to be the top of the Active Directory hierarchy.
19
Globomantics Logical Structure
Active Directory Physical Structure

Domain Controllers These are the computers which hold copies of the Active Directory database. Sites Represent the physical locations which contain Domain Controllers. All Domain Controllers within a Site should be connected via a high speed network connection. Different Sites are typically separated by a slower WAN connection.
Globomantics Physical Structure
20
Active Directory Objects

Container Objects The most common container object in Active Directory is called an OU which stands for Organizational Unit. A good OU design will support 3 main functions: o Good Organization o Delegation of Control o Group Policy Management Leaf Objects Any AD object which does not hold other objects. A couple of examples are user objects and computer objects.
Active Directory Review - Trusts

Parent/Child Trust By default all domains within a forest have a 2-way transitive trust with any other domain directly above or below them in the hierarchy. Shortcut Trust A direct trust created between 2 domains. Typically used in a large complex forest. External Trust A direct trust created between a domain in the Forest and a domain outside the forest. Typically used with an old Windows NT domain. Realm Trust Used to create a trust between a Windows Domain and a Unix realm.
21

Forest Trust Creates a trust relationship between all domains in one forest with all domains in another forest. Federated Trust A cross forest trust in which communication takes place across the Internet via a Web application like SharePoint Server. Federated Trusts are implemented using the Active Directory Federation Services (AD FS) role.
What is a GPO?
A Group Policy Object (GPO) is an Active Directory object which contains configuration settings for computers and/or users. GPOs are used to simplify network administration by allowing administrators to establish settings once and have them applied to many users/computers. GPOs settings will be applied to user/computer objects held in any container object which the GPO is linked to.
Globomantics Scenario
In this lesson we are going to work in the Chicago office of the na.globomantics.com domain. The Chicago office has 80 users broken down as follows: o 10 Upper management o 10 Sales staff o 50 Call center workers o 5 Call center managers o 5 IT administrators
22
The na.globomantics.com AD OU structure is as follows: o 2 top level OUs for the Chicago and Dallas locations o The Chicago OU contains child OUs for Sales, Operations, Call Center, and Management o The Call Center OU contains 5 child OUs for the users who report to each of the call center managers. There is a Global Security group called IT Admins of which the 5 administrators are a member of.
Goals: o No one in the domain should be able to add removable devices to their computers except members of the IT Admins group. o All of the sales staff in Chicago need to have a shortcut to an important document on their desktop. o No one in the domain should be able to use the Add/Remove Programs Control Panel applet except operations staff in Chicago. o The IT administrators need to have different password requirements.

Group Policy Management Tool o Create and link GPOs. o Edit and view GPO settings. o Take a look at Starter GPOs.
23
How do GPOs get applied?
L S D OU
Local Site Domain Organizational Unit
How do GPOs get applied?
L S D OU OU OU
Exceptions to the Rules

Block Inheritance When this setting is enabled on a container object all GPOs inherited from parent containers will be ignored. Enforced When this setting is enabled on a GPO link all settings will on that link will take precedence in a conflict. Enforced also overrides Block Inheritance. Security Filtering You can further limit who a GPO will apply to within a container by denying the Apply Group Policy permission to users and groups.
24
25
26
27

Group Policy Management Tool o o o o o Block Inheritance Enforced Security Filtering Group Policy Modeling & Results Password Setting Objects
28
Review
After watching this video you should know how to: o o o o o o o Describe the Active Directory structure. Create and link GPOs Modify and view GPO settings. Create a Starter GPO to use as a template. Describe how GPOs get applied. Run reports to see how GPOs have or will be applied. Use PSOs to apply different password and account lockout policies within a domain.
Video 8 Delegation of Control
In This Video
Different Types of Permissions o NTFS o Shared Folder o Printer o Active Directory Configuring Permissions Globomantics Scenario Using the Delegation of Control Wizard Creating a Custom MMC
29
Different Types of Permissions

There are many different areas on a Windows Server 2008 computer where you can use permissions: o NTFS o Shared Folder o Printer o Active Directory Although each area has its own set of specific permissions, they are all configured using the same concepts.
Configuring Permissions
Permissions can be set as an allow or deny permission. The effective permissions for a user who belongs to multiple groups with different permissions will be cumulative. The deny permission always overrides the allow permission.
In this lesson we are going to work in the Chicago office of the na.globomantics.com domain. The Chicago office has 80 users broken down as follows: o 10 Upper management o 10 Sales staff o 50 Call center workers o 5 Call center managers o 5 IT administrators
30
The na.globomantics.com AD OU structure is as follows: o 2 top level OUs for the Chicago and Dallas locations o The Chicago OU contains child OUs for Sales, Operations, Call Center, and Management o The Call Center OU contains 5 child OUs for the users who report to each of the call center managers. There is a Global Security group called IT Admins of which the 5 administrators are a member of.
Goals: o The company help desk has determined that it can become more efficient and secure by having call center personal contact their immediate supervisor if they forget their password and need it reset. o Call center managers need to be given the Active Directory privileges to reset passwords for the users on their team. o A custom tool needs to be designed for the managers to use when resetting passwords. This tool must be very simple to use since the call center managers are not IT trained.

Setting permissions in Active Directory Delegation of Control Wizard Create a Custom MMC
31
Review
After watching this video you should know how to: o Assign AD permissions to users and groups manually. o Use the Delegation of Control Wizard to assign AD permissions for common tasks. o Create a custom MMC.
Video 9 Setting up a File and Print Server
In This Video
The Globomantics Scenario Installing the File Services Role Maintaining control using NTFS Permissions Setting up Disk Quotas using the File System Resource Manager (FSRM) Installing the Print Services Role Installing a Printer Sharing a Printer on a Network Managing Printer Permissions Troubleshooting Printer Problems
32
Globomantics is looking to set up a file and print server in their New York office. All of the users Documents folders will be redirected to a shared location on the file server. Users must be limited to 1 GB of data which they can store on the file server. A printer will be installed and shared so that users can quickly access and install the printer on their client computers.

Installing the File Services Role NTFS File & Folder Permissions Setting up Disk Quotas Using the File System Resource Manager Installing the Print Services Role Installing a Printer Sharing a Printer Printer Permissions
Troubleshooting
KISS Method o Out of paper o Out of toner o Paper jam o Not turned on (Offline) o Not plugged in Networking Problem Restart Spooler Service
33
NTFS Permissions Review

Microsoft recommends an NTFS Permissions strategy called AGDLP. User Accounts go into Global groups which go into Domain Local groups which are assigned the Permissions to access the resources. There are a few different versions of this strategy: o AGDLP o AGGDLP o AGUDLP o AGGUDLP

AGDLP Example: o Globomantics has users who work in the Accounting department and need access to documents in a spreadsheets folder.

AGGDLP Example: o Globomantics has users who work in the Accounting department. These users are divided into the Accounts Payable and Accounts Receivable and all need access to documents in a spreadsheets folder.
34

AGUDLP Example: o Globomantics has 3 domains and in each domain there are users who work in the Accounting department and they all need access to documents in a spreadsheets folder.
Review
After watching this video you should know how to: o Install the File and/or Print Services role. o Implement NTFS permissions. (AGDLP) o Setup Disk Quotas using the File System Resource Manager (FSRM). o Install and share a printer. o Troubleshoot printing problems.
Video 10 Data Provisioning
35
In This Video
The Globomantics Scenario Creating a Share Managing Permissions to a Shared Folder Accessing a Shared Folder Offline Creating a DFS Namespace Configuring DFS Replication
Globomantics has some important business data that it needs to make highly available its users. The data must be available to travelling users when they are away from the office. The data is vital to the daily operations of the company and therefore must be located in more than one location to provide fault tolerance in the event of a file server failure.

Share a folder with the data. Look at the permissions available for the share. Make the data in the shared folder available to users when they are offline. Create a DFS namespace. Configure DFS replication.
36
Review
After watching this video you should know how to: o o o o o Share a folder. Set permissions for the share. Make the share available to offline users. Create a DFS namespace. Configure DFS replication.
Video 11 Setting up a VPN Server
In This Video
What is a VPN? Supported Authentication Protocols Choosing a VPN Protocol The Globomantics Scenario Installing the Remote Access Service Configuring the Remote Access Service
37
What is a VPN?
VPN stands for Virtual Private Network. VPNs allow users to securely connect to the local network from a remote computer. The remote computer virtually becomes part of the local network.
Supported Authentication Protocols

Unauthenticated BAD IDEA PAP Password Authentication Protocol (Low Security) CHAP Challenge Handshake Authentication Protocol (Medium Security) MS-CHAPv2 Microsoft Challenge Handshake Authentication Protocol (High Security) EAP-TLS Extensible Authentication Protocol Transport Level Security (Highest Security)
Choosing a VPN Protocol

PPTP Point to Point Tunneling Protocol o Uses MPPE encryption o Primarily used with pre-Windows 2000 clients L2TP Layer Two Tunneling Protocol o Uses IPsec encryption o First supported in Windows 2000 SSTP Secure Socket Tunneling Protocol o Uses the SSL channel of HTTPS for encryption o New to Windows Server 2008 o Primarily used when PPTP/L2TP are blocked at the firewall o Client must have Vista with Service Pack 1
38
Globomantics would like to allow sales users to be able to connect to the New York office while away on business trips.

Install the Remote Access Service. Configure the Remote Access Service to support VPN connectivity. Create a VPN connection from a client.
Review
After watching this video you should know how to: o Install the Remote Access Service. o Configure the Remote Access Service to support VPN connections. o Set up a VPN connection on a Vista client.
39
Video 12 Network Policy Server
In This Video
What is RADIUS? Globomantics Scenario Installing NPS Using NPS as a RADUIS Server o Policies o Accounting
What is a RADIUS?
RADIUS stands for Remote Authentication Dial-In User Service. RADIUS is an industry standard protocol used to provide authentication, authorization and accounting services for remote connectivity to a local network. Microsoft uses NPS for its implementation of RADIUS.
40
What is a RADIUS?
What is a RADIUS?
Globomantics now has multiple remote access servers throughout its network. They would like to centralize the management of all the remote access servers.
41

Install the Network Policy Server role. Configure the NPS server as a RADIUS server. Configure the Remote Access server as a RADIUS client. Create a Network Policy. Test the Network Policy.
Review
After watching this video you should know how to: o Install the Network Policy Server Role. o Configure NPS as a RADIUS Server. o Configure a Remote Access Server as a RADIUS client. o Create a Network Policy to control access to the network.
Video 13 Windows Server Update Services (WSUS)
42
In This Video
What is WSUS? WSUS Scenarios o Single Server o Independent o Autonomous Mode o Replica Mode o Disconnected Globomantics Scenario Downloading and Installing WSUS How to Configure Computer Groups o Server-side Targeting o Client-side Targeting Configuring Clients Using Group Policy
What is WSUS?
What is WSUS?
43
Why use WSUS?

WSUS helps save Internet bandwidth and makes more efficient use of the Microsoft Update Servers. WSUS gives administrators control over what updates are sent to the clients by allowing them to test and approve updates first.
Where can I get WSUS?

WSUS is not included with Windows Server 2008 WSUS is a free download from Microsoft WSUS 3.0 SP1 can be downloaded from the following links:
http://www.microsoft.com/wsus http://technet.microsoft.com/en-us/wsus/default.aspx
WSUS Scenarios Single Server
44
WSUS Scenarios Independent
WSUS Scenarios Autonomous Mode
WSUS Scenarios Replica Mode
45
WSUS Scenarios Disconnected
Globomantics needs to streamline the process of getting updates out to its clients world wide. Only one server in the Globomantics organization should communicate with Microsofts update server. Administrators in New York, Chicago, and Tokyo will be responsible for testing and approving updates for their own respective office. The Chicago Administrators will also be responsible for approving updates for the Dallas office.

Download WSUS 3.0 SP1 Install WSUS Configure WSUS Configure Computer Groups Configure Clients
46
Review
After watching this video you should know how to: o Download and Install WSUS. o Configure a WSUS server. o Install downstream WSUS servers in either Autonomous or Replica mode. o Create Computer Groups. o Use Group Policy to enable Client-side Targeting and other Windows Update related options . o Approve Updates
47
Video 14 Using Active Directory Certificate Services
In This Video
What is a Certificate? What is a Certificate Authority (CA)? What are the different types of CAs? How do I get a Certificate? o Auto Enrollment o Web Enrollment What is Credential Roaming? What is a Certificate Revocation List (CRL)? What is an Online Responder? Installing Active Directory Certificate Services.
What is a Certificate?
Certificates are a form of digital identification. Certificates are used to identify an entity such as a user or computer. Certificates are issued by a Certificate Authority. Certificates contain information about the entity and about its issuer. Certificates have an expiration date. Certificates can be revoked prior to expiration.
48
What is a Certificate Authority (CA)?

A Certificate Authority is a trusted third party which is responsible for validating the identity of the entity requesting a certificate. The CA issues a certificate after it has validated the identity of the requestor.
I AM THE CERTIFICATE AUTHORITY! YOU MUST PROVE YOURSELF TO ME BEFORE GETTING A CERTIFICATE!
What are the different types of CAs?

External CA. Internal Active Directory Certificate Services. o Enterprise Root o Enterprise Subordinate o Standalone Root o Standalone Subordinate
Creating a CA Hierarchy
49
How do I get a Certificate?

Auto Enrollment o Certificates are distributed using templates and generally do not require user intervention. Web Enrollment o Users can submit certificate requests to a CA through their web browser.
What is Credential Roaming?

Certificates can be stored in Active Directory to allow for credential roaming. Users can access their certificates from any computer within the domain.
What is a Certificate Revocation List (CRL)?

If a certificate is no longer valid it can be revoked. A certificate may be revoked if it is compromised, the CA is compromised, or for any reason that the certificate can no longer be trusted. The CRL is used to publish information about the certificates which have been revoked. When a certificate is used, it is checked against the CRL to see if it has been revoked.
You Are On the Revocation List. No Soup for You!
50
What is an Online Responder?

An Online Responder is used to help make the process of validating a certificate more efficient. Previously, the entire CRL would have to be downloaded to the client in order to check the validity of a certificate. The Online Responder only checks information about the certificate in question.
Install and Configure the Active Directory Certificate Services Role.
Review
After watching this video you should know how to: o Describe the different components which make up a Public Key Infrastructure (PKI). Certificate CA CRL Online Responder o Install and configure the Active Directory Certificate Services Role.
51
Video 15 Backup and Recovery
In This Video
How to Configure the Shadow Copy Service o Setting up the Schedule o Picking a Storage Location o Previous Versions Installing the Windows Server Backup Feature How to Create a Backup of a Volume How to Recover Lost Data o Recovering Individual Files o Recovering a Complete Volume o Recovering the Operating System Additional Backup Tips
Additional Backup Tips

Make sure that users store important data in a location which is backed up. Be familiar with the backup media you are using. Have a backup strategy. Perform regular recovery drills.
52
Review
After watching this video you should know how to: o Setup the Shadow Copy Service to automatically create backups of individual files. o Install and the Windows Server Backup feature. o Backup your volumes. o Recover lost data.
Video 16 Deploying Terminal Services
In This Video
What is Terminal Services? Additional Role Services o Terminal Services Gateway o Terminal Services Web Access o Terminal Services Session Broker Globomantics Scenario How to Install the Terminal Services Role How to Configure Sessions on a Terminal Server Using Remote App vs. Remote Desktop
53
What is Terminal Services?

Terminal Services is really nothing more than an extension of Remote Desktop Services. Using Terminal Services a client can access a session on a Terminal Server using the Remote Desktop Client. The main difference between Terminal Services and Remote Desktop Services is Licensing.
Additional Role Services

TS Gateway o Allows users to securely connect over the Internet using RDP over HTTPS. TS Web Access o Allows users to connect to a Terminal Server via a web page instead of the Remote Desktop Client. TS Session Broker o Manages connections to a farm of Terminal Servers.
Globomantics needs to roll out a new line-ofbusiness application for all of its sales users. The new application has hardware requirements which exceed the current client configurations. They do not want to upgrade any of the client computers hardware or software. Users must be able to use the application while connecting from anywhere in the world. The solution must provide for complete SPF protection.
54
Globomantics will deploy 2 Terminal Servers. Access to these servers will be managed with the Terminal Services Session Broker. The Terminal Services Gateway and Terminal Services Web Access will be installed in order to provide access from outside the local network. The Remote Desktop Client 6.1 will be installed on any Windows XP clients to allow full featured connectivity from those clients.

Install the Terminal Services Role on 2 servers. Install TS Gateway, TS Web Access, and TS Session Broker Configure session rules for our Terminal Servers Configure the Terminal Servers to participate in a farm. Deploy an application using RemoteApp.
Review
After watching this video you should know how to: o Install and configure the Terminal Services role. o Install and configure the TS Gateway, TS Web Access, and TS Session Broker role services. o Configure multiple Terminal Servers to participate in a farm. o Configure RemoteApp to simplify the process of accessing a Terminal Server when a specific application is needed.
55
Video 17 Planning for High Availablility
In This Video
What does High Availability mean? DNS Round Robin Network Load Balancing (NLB) Failover Clustering o Using RAID o Working with SANs o Quorum Models
What does High Availability mean?

High Availability uses a combination of redundancy and fault tolerance in order to provide a level of operational continuity. Redundancy means that there is more than one instance of resources available. Fault Tolerance means that resources will be available even if there is a hardware failure.
56
DNS Round Robin

DNS Round Robin is used to provide more than one IP address to a single hostname. Each IP address represents a different physical host, and requests will be sent to each of the hosts in a rotation order. Netmask ordering can be used to help send requests from clients to the host closest to them.
DNS Round Robin

IP: 192.168.10.25 Host Name: Server1
IP: 192.168.10.27 Host Name: Server1 IP: 192.168.10.26 Host Name: Server1
Network Load Balancing (NLB)

Network Load Balancing uses a more sophisticated form of distribution than DNS Round Robin. All of the servers within an NLB cluster communicate with each other using heartbeats and convergence. With NLB, clients are directed to the server which is most readily available to serve that client. Windows Server 2008 includes a utility called the Network Load Balancing Manager to easily manage NLB clusters.
57
Failover Clustering
DNS Round Robin and Network Load Balancing are used for services and applications which maintain an internal data store. Failover Clustering is used for applications which use an external and/or shared data store. Servers in a Failover Cluster use shared data. Servers using NLB each maintain a copy of the data. Failover Clusters typically use a shared disk technology such as RAID or a SAN.
NLB vs. Failover Clusters

NLB Cluster Failover Cluster
Using RAID
RAID 0 Striping RAID 1 Mirroring RAID 5 Striping with Parity RAID 10 Striped Mirrors
58
Working with SANs

LUN VDS MPIO iSCSI FC
Working with SANs

A Logical Unit Number (LUN) is a number assigned to a logical unit. This logical unit can be a single disk or an array of disks. The Virtual Disk Service (VDS) is an API which allows for standard Windows tools to be used for complete storage management even in a mixed storage environment. Multipath I/O (MPIO) is a feature which allows a server to use multiple data paths to a storage device.
Working with SANs

iSCSI is a protocol which utilizes traditional networking technologies. iSCSI is typically used with existing Ethernet networks. Fiber Channel (FC) provides a direct secure connection to the data store which will typically be separate from an existing Ethernet network.
59
Quorum Models
Node Majority
o Typically used when there is an odd number of cluster nodes. Will remain available as long as more than half the nodes are available.
Node and Disk Majority

o Typically used when there is an even number of cluster nodes. Will remain available as long as half of the nodes and the witness disk are available.
Node and File Share Majority

o Used in the same way that Node and Disk Majority is used except that there is a witness share instead of a witness disk.
No Majority: Disk Only

o Typically used in test environments only.
Review
After watching this video you should know how to: o Describe what High Availability is and know when to implement: DNS Round Robin Network Load Balancing Failover Clustering o Describe the different types of RAID and the different components of a SAN.
Video 18 Certification
60
Certification: Its Really Not That Scary

Train Signal, Inc. Ed Liberman
In this video:
The New Generation of Certifications for Server 2008 The Upgrade Paths for MCSAs/MCSEs How to Sign Up for a Microsoft Exam Exam Prep Tips
The New Generation of Server 2008 Certifications

New Alphabet Soup for Everyone!
The Three New Server Certification Blocks for Network Admins o MCTS o MCITP: Server Administrator o MCITP: Enterprise Administrator There is no MCSE 2008 There is no MCSA 2008
The New Generation of Server 2008 Certifications

What you need to take for each Credential MCTS - Take any one exam from a large selection
When you get mulitple TS certs, you can build a nifty logo using MSs Logo Builder!
MCITP: Server Administrator Exams (From Scratch - Three Exams) o 70-640: TS Active Directory o 70-642: TS Network Infrastructure o 70-646 Pro: Server Administrator MCITP: Enterprise Administrator (From Scratch - Five Exams) o 70-620 or 70-624: TS Vista o 70-640: TS Active Directory o 70-642: TS Network Infrastructure o 70-643: TS Application Infrastructure o 70-647 Pro: Enterprise Administrator
61
The Upgrade Paths for MCSAs/MCSEs

For an MCSA 2003 to Move Up To MCITP: Server Administrator
Take Two Exams o 70-648: Provides 2 Additional MCTS Certs o 70-646: Provides MCITP

For an MCSA 2003 to Upgrade to MCITP: Enterprise Administrator
Take 4 Tests: o 70-648: Provides 2 MCTS o 70-620 or 70-624: TS Vista o 70-643: TS Applications Infrastructure o 70-647: MCITP Enterprise

For an MCSE 2003 to MCTIP: Server Administrator
Take Two Tests: o 70-649: Provides 3 MCTS o 70-646: MCITP Server Administrator
62

For an MCSE 2003 to MCTIP: Enterprise Administrator
Take 3 Exams: o 70-649: Provides 3 MCTS o 70-620 or 70-624: TS Vista o 70-647: MCITP Enterprise Administrator
How to Sign Up for a Microsoft Exam

One Web Site To Sign Up For Them All!
Go to Prometric.com its easy! Prometric is the exclusive provider of Microsoft exams. Microsoft periodically offers free Second Shots check the Microsoft site first!
70-646 Exam Prep Tips

Prep
I recommend:
MCTS Self-Paced Training Kit (Exam 70-646): Windows Server Administration from Microsoft Press
Take the Transcender Practice Exam Several TimesLook up the stuff that you miss in this Video Course or in the Microsoft Press Book. Review this course at least twice Get some Virtual Machines and push buttons! Go to the Microsoft Learning website and make sure you know the objectives. o http://www.microsoft.com/learning
63
Additional Exam Prep Tips

On the day of the test
Do not stay up all night studying get good sleep! When you go in to the test center, leave your cell phone and anything else in your car. Bring in only 2 forms of ID and your car keys. You must have 2 forms of ID!!! Before taking the test, stop and breathe. Relax. During the test, do not forget to breathe. Mark Questions for Review the first time through if you have to think too long about any one of them. You can go back at the end of the test and answer them later.
Additional Exam Prep Tips

The Biggest Tip I Can Give You--
Know the material.
What We Covered
After watching this video, you should be able to:
Describe the Requirements for MCTS and the MCITP Tracks Describe the Upgrade Paths for MCSAs\MCSEs to MCITP Sign up for an Exam on the Prometric Web Site
64

Notes

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Notes

Transféré par

Droits d'auteur :

Formats disponibles

Video 1 Welcome to Windows Server 2008 MCITP Server Administrator

About your Instructor and Train Signal

About Train Signal

Whats Covered in this Course

Whats Covered in this Course

The Globomantics Scenario

The Globomantics Scenario

What You Will Need:

Are you ready to get started?

Video 2 Windows Server 2008 Installation and Upgrade

Windows Server 2008 Versions

Windows Server 2008 Versions

Windows Server 2008 Versions

Windows Server 2008 Versions

Windows Server 2008 Versions

Windows Server 2008 Versions

For more information go to:

Windows Server 2008 Versions

For more information go to:

Lets go take a look!!!

Upgrading from Windows Server 2003

Video 3 Simplifying Installation with Windows Deployment Services (WDS)

Getting Ready for WDS

Lets go take a look!!!

Where can I get the Windows AIK?

Video 4 Installing Windows Server 2008 Server Core

What is Server Core?

When should I use Server Core?

Lets go take a look!!!

Remote Server Administration Tools

Lets go take a look!!!

Video 5 Deploying Read Only Domain Controllers

Lets go take a look!!!

Benefits of Using Virtualization

Video 7 Using Group Policy to Simplify Network Administration

Active Directory Review

Active Directory Logical Structure

Globomantics Logical Structure

Active Directory Physical Structure

Globomantics Physical Structure

Active Directory Objects

Active Directory Review - Trusts

Active Directory Review - Trusts

Active Directory Review - Trusts

Lets go take a look!!!

How do GPOs get applied?

How do GPOs get applied?

Exceptions to the Rules

Lets go take a look!!!

Video 8 Delegation of Control

Different Types of Permissions

Lets go take a look!!!

Video 9 Setting up a File and Print Server

Lets go take a look!!!

NTFS Permissions Review

NTFS Permissions Review

NTFS Permissions Review

NTFS Permissions Review

Video 10 Data Provisioning

Lets go take a look!!!

Video 11 Setting up a VPN Server

Supported Authentication Protocols

Choosing a VPN Protocol