1 Active Directory networks based on Windows Server R2
In virtualized applications, both the underlying server Hyper-V server, Windows Server 2008 with the GUI, Windows Server 2012, or the Virtualization management tool, VMM, are inseparable from Active Directory support. In addition, for other Microsoft applications, whether it's virtualization or cloud-related, active Directory, such as DHCP, Windows Deployment Services, and so on. When it comes to building virtualized and cloud-based applications, whether you're using Microsoft's cloud computing products, VMware, or Citrix, you can't be separated from active Directory.
In addition to Active Directory, CA certificate servers, DHCP servers (administrative IP addresses), DNS (integrated with Active Directory), Windows Deployment Services (deploying systems in cloud computing datacenters, infrastructure servers for cloud computing, etc.) are required , it is also supported by Forefront TMG (or other hardware servers, software firewalls) that publish cloud servers or cloud desktops to the Internet, or protect cloud servers that are behind the Internet. This knowledge will be introduced in this series of topics. This article describes the Windows Server R2-based content that you can use to update your infrastructure server to Windows Server R2 or Windows Server 2016 after you release Windows Server 2016 this year. There are many things in common, and there will be some improvement, and this book is going to be one by one. First introduce the content of Windows Server R2.
1.1 Overview of cloud computing infrastructure services
Whether you are building a cloud data center, a cloud virtual desktop, or application virtualization, you need DHCP, DNS, Windows Deployment Services, and WSUS upgrade servers in addition to Active Directory servers. For enterprises with serious network dependence, or for medium-sized enterprises, the important servers are redundant, at least two servers with the same functions, such as active Directory, DHCP, and for "less important" servers are configured one, For example, Windows Deployment Services, WSUS upgrade server. Typically, building a cloud Application Center requires at least the following servers, as shown in 1-1.
650) this.width=650; "height=" 448 "title=" clip_image002 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/ M02/83/6e/wkiol1dzaxqyzienaaddhegjhpu385.jpg "border=" 0 "/>
Figure 1-1 Cloud Computing Center Base server
In Figure 1-1, although only one "certificate" server is configured, but it is not said that the certificate is not important, on the contrary, the Certificate server is very important, just configured a certificate Server because the Certificate server is easy to backup and recovery, the administrator can back up the Certificate Server after installation of the "private key", And after the certificate is issued, it can be restored by reinstalling when there is a problem with the certificate. With two Active Directory "backup to each other", when a server problem can be recovered through another. Here's a brief look at the features of common Windows servers.
1.1.1 Windows Server feature introduction and planning
Windows products are much more, and each product features, the use of different, in the actual network, few enterprises need to deploy all Windows products, usually based on their own enterprise characteristics and actual needs, the deployment of several of these servers. The names, uses, and related relationships of various Windows servers are described below so that users can choose according to their own business situation.
1. Active directory Servers
The Chinese name for Active Directory is "active catalog", which is referred to as AD. Active Directory servers are the foundation of other Microsoft servers that are responsible for "centralized" management of all workstations and all servers in the network, such as Exchange servers, DFS and file servers, RIS and Windows Deployment Services, and so on.
Starting with Windows 2000, Microsoft introduced concepts such as organizational unit (OU) and designed Active Directory networking, adding more functionality to Active Directory than previous Windows NT domains. The previous NT network basically in the "rule of man" state, if the network workstation needs to install programs, system upgrades or install operating system, and so on, need to be an administrator to each workstation directly operation, when the number of workstations is very long (such as 500 or 1 000 units or more), the workload will be very large, The use of Active Directory services is easy to solve. Active Directory Services can implement the following points:
Applications can be installed "automatically" over the network.
The user's documents, programs, and settings (such as settings for Office programs, icons for the desktop, parameter settings for other applications) are automatically saved on the file server in the network and are automatically synchronized with the local workstation. If required, employees can sign in with their own user name and password on the specified computer, and documents and settings are "followed" to each computer by the employee, and each employee can only use their own documents, cannot view other documents and data, and vice versa.
Since the employee's data has been backed up to a server on the network in advance, it is not necessary for the network administrator to recover the data when the employee's computer hard disk or computer is damaged. The data can be automatically restored from the server by having the employee replace the damaged part, reinstall the system, and log in with their user name and password.
If an employee forgets his or her login password and does not need to find the "network Manager", he can modify the login password of his department's employees by looking for a technician in his department.
Visible, as long as the above network environment and system, users can complete from the operating system installation, software deployment, user customization, user data backup and other steps of the automatic operation. With this, you only need to use Windows Server 2008 to implement it.
2. Windows Server 2008
Use Windows Server 2008,it professionals to control their servers and network infrastructure to focus on critical business needs. Windows Server 2008 improves security by strengthening the operating system and protecting the network environment, accelerating the deployment and maintenance of IT systems, making it easier to merge and virtualize servers and applications, and providing intuitive management tools for greater flexibility.
3. Dhcp
The DHCP server can automatically assign TCP/IP addresses, subnet masks, gateway addresses, DNS server addresses, and WINS server addresses to all workstations in the network, which greatly reduces the burden on network administrators and avoids network failures caused by problems such as TCP/IP address settings.
4. Dns
The DNS server provides name resolution services for "all Workstations" (using DNS name access), "All workstations" and "All Servers", and "all workstations" and "all computers" access to the Internet, which is responsible for www.sohu.com-like, The server.heinfo.local resolves to the corresponding TCP/IP address.
5. Wins
The WINS server provides resolution services for mutual access between "all workstations", "All Servers" using "NetBIOS name", and is responsible for resolving computer-like computer names to their corresponding TCP/IP addresses.
6. RIS Remote Installation Server
The RIS server is a built-in service for Windows Server 2003, and you can remotely install Windows XP, Windows 2000, Windows Server for all workstations that do not have an operating system installed 2003 operating system.
7. Windows Deployment Services
Windows Deployment Services is an upgraded version of the RIS service that is integrated in Windows Server 2008 to remotely deploy Windows Vista with the Windows Server 2008 operating system for computers in your network.
8. WSUS server
WSUS is used to provide patching services for Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 operating systems, It also provides patching services for Microsoft-series software such as Office, SQL Server, ISA Server, and Exchange Server.
9. Forefront TMG Server
Forefront TMG Server is Microsoft's firewall with the proxy Server software. When you use Forefront TMG Server, you can have the specified computer access specified servers in specified networks at the specified time, with specified protocols. The configuration of Forefront TMG server is very flexible, simple and convenient to use.
10. Certificate Server
The Certificate server is used for secure communication between the LAN and WAN, and can be used to send secure encrypted e-mail between "All users", for "Web server" to provide secure Web access for "remote workstations", and secure access to the intranet in the enterprise.
11. Exchange Mail Server
The Exchange server family is a Microsoft E-mail server that provides e-mail services for all workstations, remote workstations, and Internet users. Exchange server requires Active Directory support when it is in use.
12. Video conferencing and instant messaging servers
Microsoft Lync 2010 is a true unified communications client with Instant messaging, conferencing, and voice features. Lync 2010 combines communication tools with an updated user interface that users can use in a customary way. This client is characterized by a dashboard that makes it easy for users to find and use common features such as dials, visual voice mail, contact lists, and active conversation lists.
13. SCOM 2007 System Management Server
The full name of SCOM 2007 is System Center Operations Manager 2007, which is used to manage Microsoft series servers and workstations, and it also requires Active Directory support.
14. Other servers
In a Windows network, other servers are also used. For example, a DFS server can federate all servers in the network so that users can access the resources available on all servers by accessing a single access point.
The file server is used to further manage all servers in the network, providing access to the folder quotas and file masking features, the ability to limit the size of shared folders that users use, and the files specified by the file server can only be saved.
The RRAS server is the short name of the Routing and Remote Access server and can be used as a proxy server for all workstations and all servers to access the Internet, or as a "remote access server" to access the corporate intranet over the Internet (or otherwise). It can also be used as a "router for remote access".
1.1.2 Switch Planning
In the Microsoft family of products, in addition to the DHCP server, the RIS server, and the Windows Deployment server need to configure the Enterprise layer three switch, the other servers do not involve the configuration of layer three switches. If you do not use a layer three switch in your corporate network, or if you use a three layer switch, but do not partition VLANs, you do not need to configure the three layer switch.
If the DHCP server, RIS, and Windows deployment Servers are in a VLAN environment, you need to configure DHCP relay in the layer three switch to point to the address of the DHCP server, RIS, and the Windows Deployment server, and the others do not need to be configured.
When using ISA Server, if you are involved in a multi-egress environment, you also need to configure a layer three switch, you need to configure a static route.
1.2 Upgrading Windows Server 2008 to Active Directory
Starting in this chapter, the content of the Active Directory Management network using Windows Server 2008, Windows Server R2, is described. For the sake of unification, the computer name of the server in this chapter is DC, the domain name is HEINFO.LOCAL,IP address is 172.30.5.15, the subnet mask is 255.255.255.0,dns server address is 172.30.5.15. All workstation addresses are 172.30.5.30~172.30.5.200, and the subnet mask is 255.255.255.0,dns server address 172.30.5.15.
To prepare a Windows Server 2008 (or Windows Server R2) computer or virtual machine, set the IP address of the computer to 172.30.5.15, DNS is 172.30.5.15 (see Figure 1-2), and after you modify the computer's name to DC (see figure 1-3), restart the computer.
650) this.width=650; "height=" 588 "title=" clip_image004 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/ M00/83/6e/wkiol1dzax-rbwtvaaelpuw8dpi118.jpg "border=" 0 "/>
650) this.width=650; "height=" 422 "title=" clip_image006 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/ M00/83/6e/wkiol1dzaydjr2n0aac-xnc_q6y335.jpg "border=" 0 "/>
Figure 1-2 Setting the IP address and DNS figure 1-3 modifying the computer name
After you enter Windows Server 2008 again, log in as an Administrator account (Administrator) and do the following:
(1) Open the Run dialog box, run the dcpromo command, and start the Active Directory Installation Wizard, as shown in 1-4.
(2) in the Select a Deployment Configuration dialog box, select the new domain in New Forest radio button, 1-5.
650) this.width=650; "height=" 497 "title=" clip_image008 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/ M01/83/6e/wkiol1dzayhbb9giaac80ecjq9e066.jpg "border=" 0 "/>
650) this.width=650; "height=" 499 "title=" clip_image010 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/ M02/83/6e/wkiol1dzaykzb7azaaced7w8qgc715.jpg "border=" 0 "/>
Figure 1-4 Active Directory Installation Wizard figure 1-5 new domain in New Forest
(3) in the name Forest root domain dialog box, enter the planned domain name heinfo.local in the FQDN of the forest root domain text box, click the Next button to begin checking the domain name, 1-6.
(4) in the Set Forest functional Level dialog box, select the forest functional level, if the network has only Windows Server 2008 servers, select Windows Server 2008, if you have Windows Server 2003 servers in your network, Select Windows Server 2003, or if you have Windows 2000 servers on your network, select Windows 2000. If you select Windows 2000 or Windows Server 2003, you can promote forest functional level to Windows Server 2008 after all servers in your network are upgraded to Windows Server 2008. In this example, you select Windows Server 2008, 1-7, as shown in.
650) this.width=650; "height=" "title=" clip_image012 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image012 "src=" http://s3.51cto.com/wyfs02/ M02/83/6f/wkiom1dzayewe0onaacjz8xde8u127.jpg "border=" 0 "/>
650) this.width=650; "height=" "title=" clip_image014 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image014 "src=" http://s3.51cto.com/wyfs02/ M01/83/6f/wkiom1dzaymzsfwyaadgvd4buf8187.jpg "border=" 0 "/>
Figure 1-6 DNS name Figure 1-7 Choosing a forest functional level
(5) In the Additional Domain Controller Options dialog box, select the DNS server check box, as shown in 1-8.
650) this.width=650; "height=" 555 "title=" clip_image016 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image016 "src=" http://s3.51cto.com/wyfs02/ M02/83/6e/wkiol1dzayrdnsgsaadxzy6r9pi648.jpg "border=" 0 "/>
Figure 1-8 Installing a DNS server
(6) In the database, log files, and SYSVOL Locations dialog box, specify the database log file/folder location, which is usually the default value.
(7) In the Directory Service Restore Mode Administrator Password dialog box, set the Directory Service Restore Mode password as shown in 1-9. This password differs from the administrator's password and must be entered when using Directory Services Restore mode.
(8) In the Summary dialog box, check that the relevant settings are correct and 1-10 are shown. After you have determined that the settings are correct, click the Next button to start the installation of Active Directory services, as shown in 1-11.
(9) After the installation is complete, display 1-12 shows. Click the Finish button to restart the Windows Server 2008 computer to complete the installation of Active Directory, as prompted by the system.
650) this.width=650; "height=" "title=" clip_image018 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image018 "src=" http://s3.51cto.com/wyfs02/ M02/83/6f/wkiom1dzayvafeycaadrq8i8pay551.jpg "border=" 0 "/>
650) this.width=650; "height=" "title=" clip_image020 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image020 "src=" http://s3.51cto.com/wyfs02/ M01/83/6f/wkiom1dzaziwew3waadn4nfd258722.jpg "border=" 0 "/>
Figure 1-9 Setting the directory Service Restore Mode password Figure 1-10 Summary dialog box
650) this.width=650; "height=" 374 "title=" clip_image022 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image022 "src=" http://s3.51cto.com/wyfs02/ M00/83/6e/wkiol1dzazngl28haab3s-_kg-u011.jpg "border=" 0 "/>
650) this.width=650; "height=" 499 "title=" clip_image024 "style=" border:0px;padding-top:0px;padding-right:0px; Padding-left:0px;background-image:none, "alt=" clip_image024 "src=" http://s3.51cto.com/wyfs02/M00/83/6F/ Wkiom1dzazuqhquvaac7sgkpi3s434.jpg "border=" 0 "/>
Figure 1-11 Installing active Directory Diagram 1-12 installation complete
After reading the article, please vote for my vote (Wang Chunhai), thank you
Http://edu.51cto.com/activityvote/voteRanking
This article is from the "Wang Chunhai blog" blog, make sure to keep this source http://wangchunhai.blog.51cto.com/225186/1794158
Virtualization Infrastructure Windows 2008 Article 1-Virtualization Basic Services Overview