Presentation is loading. Please wait.

Presentation is loading. Please wait.

Longhorn Academy Server Management

Similar presentations


Presentation on theme: "Longhorn Academy Server Management"— Presentation transcript:

1 Longhorn Academy Server Management
Dave & Sebastian

2 Agenda Current Situation Infrastructure Optimization Initiative
Server Management Overview Setup & Initial Configuration Tasks Server Core Server Roles SML Server Manager Print Management Server Deployment (WDS) Powershell Remote Management Group Policies

3 Issues Faced By Administrators Today
What steps do I need to perform to configure my Windows Server machine? If I’m installing a component, what are its dependencies and how do I install them? What tools do I use to manage installed components and where do I find them?

4 More Pressure than Ever on IT
3/25/ :42 AM Technology Change Regulatory Compliance Competition Security Cost Reduction Keep Business Up & Running Title: More Pressure on IT than Ever Talking Points: There are positive pressures and negative pressures on the typical IT infrastructure. There are positive pressures and there are negative pressures on the typical IT infrastructure. Positive Pressures: The positive, such as customer connection or end user productivity, usually result in more money and business productivity, while increasing business results and adding new value. The negative, such as cost reduction or regulatory compliance, represent the pressures that require IT groups to act in a reactionary mode. [BUILD1] Negative Pressures: Our Research indicates that of the $140 billion US spent every year on IT budgets, 70% of those budgets is being spent on administrative costs for IT personnel, reacting to situations that arise, and keeping the IT infrastructure up and running. This is opposed to the mere 30% of those budgets being spent proactively making improvements, automating processes, and adding business value. Windows Server 2008 contains a number of features that makes IT more efficient by providing better management and automation tools so that IT professional are able to keep the systems running and use their time efficiently. Additional Information: slide 6 Customer Connection End User Productivity Business Results & New Value

5 When IT Services Go Wrong People and Process Play a Major Part
Causes of Downtime Untested application Change management Overloaded Weak problem detection Forgot something Lack of procedures Backup errors/security Operations Operator error 40% Application failure 40% Other 20% Hardware/platform Network Power and disaster Gartner Group

6 More Control Spend Less Time on Everyday Tasks
3/25/ :42 AM Spend Less Time on Everyday Tasks Enhanced Scripting and Task Automation More Control Web Server Management Windows PowerShell IIS 7 Title: Spend Less Time on Everyday Tasks Talking Points: Windows Server 2008 lets IT Professionals spend less time on everyday tasks. Windows Server 2008 provides more control over your server and network infrastructure, allowing IT Professionals to focus on your most critical business needs. Next, we will discuss some of the areas where Windows Server 2008 provides more control. [BUILD1] Enhanced Scripting and Task Automation: Reduce time for common IT tasks by automating with a new powerful scripting environment, called Windows PowerShell. [BUILD2] Web Server Management: Simplify Web server management with advanced and easy-to-use options in Internet Information Services (IIS) 7.0. IIS 7.0 provides powerful customization, diagnostic, and troubleshooting tools. [BUILD3] Configuration and Role Management: Install and manage only the Windows services that you need with Windows Server 2008 Configuration and Role management. provided by Windows Server Manager and the Server Core installation options. The new Server Manager tool provides a great, out-of-the-box experience for adding, configuring, and managing server roles. Administrators can use the new Server Core installation to install Windows Server 2008 with only the features that the supported server roles require, and without any extra overhead. This limits the roles that the server can perform, but can improve security and reduce management. [BUILD4] Policy Based Networking: Control access to systems using the enhanced Windows Firewall and policy-based networking tools. Additional Information: Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn) Policy Based Networking Configuration and Role Management Windows Server Manager, Server Core Windows Firewall

7 Infrastructure Optimization
3/25/ :42 AM Infrastructure Optimization Technology framework to help maximize the value of your IT investments Structured way to drive cost reduction, security & efficiency gains and boost agility Based on industry analyst and academic work Provides guidance and best practices for step-by-step implementation KEY MESSAGE: Infrastructure Optimization Model SLIDE SCRIPT: The Infrastructure Optimization Model helps customers understand and subsequently improve the state of their IT infrastructure and describes what that means in terms of cost, security risk, and operational agility. Microsoft Infrastructure Optimization (IO) is structured around three information technology models: Core Infrastructure Optimization, Application Platform Infrastructure Optimization, and Business Productivity Infrastructure Optimization. Core IO focuses on the foundational elements of IT services and components and includes five key capabilities: Identity and Access Management, Desktop, Device and Server Management, Data Protection and Recovery, Security and Networking, and IT and Security Process. This clinic focuses on those technologies which support the Desktop, Server and Device Management category of the Core Infrastructure Optimization Model.

8 Server Management Overview
Initial Configuration Tasks Server Roles Server Roles Available Server Management Console Alternative Management Methods Printer Management Server Modeling Language Additional Methods

9 Windows Server Setup Process
• Post-Setup security updates • Manage your server • Configure your server wizard • Add/Remove components • Computer Management • Security Configuration Wizard • Operating system setup • Initial Configuration Tasks • Server Manager Windows Server 2003 Windows Server 2008

10 Initial Configuration Tasks
Administrator password Network IP address Domain membership Computer name Windows Updates Windows Firewall

11 Server Core Server Core Installation
Active Directory, AD Lightweight Directory Services, DHCP Server, DNS Server, File Services, Print Services, Windows Media Services, Windows Virtualization Services Server Core KEY MESSAGE: Server Core Overview SLIDE SCRIPT: A server core installation supports specific server roles including Active Directory Domain Services, Active Directory Lightweight Directory Services, DHCP Server, DNS Server, File Services, Print Services, , Windows Media Services and Windows Virtualization Services. You can run Windows Server Virtualization (WSv) using a Server Core installation of Windows Server 2008 as a host system. This will allow you to benefit from Server Core’s reduced software maintenance and file management needs and its smaller footprint (less than 1GB of disk space is required for operating system installation). The server core installation option installs only the subset of the Server binaries that are required by these roles. For example, the Explorer shell is not installed as part of a server core installation. Instead, the default user interface for a server running a server core installation is the command prompt Because a server core installation installs only what is required run the supported server roles, less maintenance is required than on a full installation of Windows Server Fewer applications run on the server, therefore the attack surface is decreased and there is less to manage. In addition, less disk space is required, lowering the hardware requirements for the server. A server core installation of Windows Server 2008 requires initial configuration from the command line because it does not include the traditional full graphical user interface. Once configured, it can be managed locally from the command line or remotely using a Terminal Server connection. It can also be managed remotely using the MMC or command line tools that support remote use. There are no changes to your environment or infrastructure required. Remote Management tools do not require any changes, as long as they use one of the protocols supported in Server Core to communicate with the remote management workstation, such as RPC. Local Management tools and agents might require changes to work with Server Core, since they cannot have any shell or user interface dependencies, nor use managed code. Benefits of Server Core Reduced maintenance Reduced attack surface Reduced management Less disk space required

12 Server Core - Recommendations
Implement Server Core whenever possible Publish cmd.exe using Terminal Services RemoteApp to allow you to run cmd.exe in a window on your local machine rather than in a full terminal services client Minimize administrative access to the system Ensure physical security of the server KEY MESSAGE: Server Core Recommendations SLIDE SCRIPT: To implement the best possible Server Core environment, you should keep the following in mind: Implement Server Core whenever possible to improve server security, increase server stability, reduce server management and maintenance needs, and reduce hardware requirements. Publish cmd.exe using Terminal Services Remote Programs to allow you to run cmd.exe in a window on your local machine rather than in a full terminal services client. Minimize administrative access to the system. Ensure physical security of the server. Implement BitLocker Drive Encryption when the physical security of the server cannot be guaranteed. Implement BitLocker Drive Encryption

13 Server Core - Summary Server Core provides a minimal installation option Server Core supports the following roles: AD Domain Services, AD Lightweight Directory Services, DHCP Server, DNS Server, File Services, Print Services, Windows Media Services, and Windows Virtualization Services Server Core is managed: Locally and remotely through the command line Remotely via MMC Remotely via Terminal Services Remotely via Windows Remote Shell Server Core provides a script for configuring settings that cannot be configured through a command-line or MMC snap-in KEY MESSAGE: Server Core Summary SLIDE SCRIPT: Server Core provides a minimal installation option for deploying Windows Server 2008 with a smaller footprint and attack surface, reducing management and maintenance needs. Initial installation of Server Core must be completed utilizing command-line tools or through an unattended installation process; however, ongoing administration can be managed locally and remotely through the command line or remotely via MMC, Terminal Services or the Windows Remote capabilities. Server Core also provides a script for configuring settings that cannot be configured through a command-line or MMC snap-in.

14 Server Roles A role is logical grouping of a set of components based on User scenarios Typical server workloads Dependencies Examples of roles are Windows Media Services, Terminal Services

15 Server Roles Role Description
Active Directory Certificate Services (AD CS) Enables creation and management of digital certificates for users, computers, and organizations as part of a public key infrastructure. Active Directory Domain Services (AD DS) Stores information about objects on the network and makes this information available to users and network administrators. Uses domain controllers to give network users access to permitted resources anywhere on the network. Active Directory Federation Services (AD FS) Provides simplified, encrypted identity federation and Web single sign- on (SSO) capabilities. Active Directory Lightweight Directory Services (AD LDS) Provides a store for application-specific data, for directory-enabled applications that do not require the infrastructure of Active Directory Domain Services. Multiple instances of AD LDS can exist on a single server, each of which can have its own schema. Active Directory Rights Management Services (AD RMS) Information protection technology that works to help safeguard digital information from unauthorized use. Application Server Provides central management and hosting of high-performance distributed business applications such as those built with Enterprise Services and .NET Framework 3.0. Dynamic Host Configuration Protocol (DHCP) Server Enables the central provisioning, configuration, and management of temporary IP addresses and related information for client computers. Domain Name System (DNS) Server Translates domain and computer DNS names to IP addresses. DNS is easier to manage when it is installed on the same server as Active Directory Domain Services. Fax Server Sends and receives faxes and allows you to manage fax resources such as jobs, settings, reports, and fax devices on this computer or on the network.

16 Server Roles Role Description File Services
Provides technologies for storage management, file replication, distributed namespace management, fast file searching, and streamlined client access to files. Network Policy & Access Services Provides support for routing LAN and WAN network traffic, creating and enforcing network access policies, and accessing network resources over VPN and dial-up connections. Print Services Provides access to and manages network printers and printer drivers Terminal Services Provides technologies that enable access to a server running Windows-based programs or the full Windows desktop. Users can connect to a terminal server to run programs, save files, and use network resources on that server. UDDI Services Provides Universal Description, Discovery, and Integration (UDDI) capabilities for sharing information about Web services within an organization’s intranet or between business partners on an extranet. Organizes and catalogs Web services and other programmatic resources. A UDDI Services site consists of a UDDI Web Application connected to a UDDI Database. Web Server (IIS) Provides a reliable, manageable, and scalable Web application infrastructure. Windows Deployment Services (WDS) Provides a simplified, secure means of rapidly deploying Windows operating systems to computers by using network-based installation, without the need for an administrator to work directly on each computer, or install Windows components from CD or DVD media. Windows SharePoint Services Helps organizations increase productivity by creating Web sites where users can collaborate on documents, tasks, and events and easily share contacts and other information.

17 How Server Manager uses the concept of Roles
List of roles displayed maps 1x1 to the list of role models Hierarchy within a role is captured from its model Settings and defaults are captured in the role specific model Information is then submitted to SML Platform infrastructure to make updates to the server

18 SML – Service Modeling Language
Service Modeling Language (SML) (http://www.serviceml.org) is the XML Schema based modeling language that provides a rich set of constructs for modeling complex IT services and systems Service Modeling Language (http://www.serviceml.org) An XML Schema based language providing constructs for modeling the elements in complex IT services and systems, their relationships and constraints Profile of XML Schema 1.0 is used for defining structural aspects Profile of Schematron is used for defining constraints Schematron is an ISO/IEC standard (http://standards.iso.org/ittf/PubliclyAvailableStandards/c040833_ISO_IEC_ _2006(E).zip)

19 SML – Service Modeling Language
Server Manger tool in Windows Server 2008 SML models of “in the box” server roles are used for installation, configuration, and on-going management of these roles via Document Collection processing Desired Configuration Monitoring (DCM) feature in SCCM (ConfigMgr) 07 SML models are used to define and verify the desired configuration of machines via Document Collection processing Configuration Management Database in Service Manager v1 Uses the SML-based Microsoft Model Library and the SQL store for defining and storing the past, present, and future planned configuration of IT assets in an enterprise Much other work in development

20 SML Based Role Models An SML model of a role captures:
Structure of the service: components and relationships, eg IIS Role Hierarchy Desired configuration, eg Default Settings Constraints, eg Domain Joined Requirement Management information such as events and performance counters, rules for determining the operational health of the service, etc.

21 Functional Behaviour With Dependencies
When a role, role service or feature is specified to be uninstalled in the answer file, any other role, role service or feature that depends on the item being uninstalled will also be uninstalled. This matches what happens in the RMT UI for the equivalent scenario. Example from diagram: if the user specifies that B should be uninstalled, A1 and C3 will also be uninstalled if they are installed on the computer. When non-top level node is specified in the answer file, its default child nodes will be installed. Additionally, all its parents will be installed but the parents’ defaults will not. Example from diagram: if the user specifies that A1 should be installed, A will also be installed (it is A1’s parent) but A2 will not be installed (it is A1’s default child node) The default behavior when a container node is specified in the answer file is to install its default child nodes. If that container has no defaults, all child nodes will be installed. Example from diagram: if the user specifies that A should be installed, A2 will also be installed (it’s a default child of A) but A1 will not be installed (it is a non-default child of A) Example from diagram: if the user specifies that D should be installed, both D1 and D2 will be installed as D has no default child node. If InstallAllSubFeatures=”true” is specified for a given node, all its child nodes will also be installed. This is transitive, so if a top-level node has more than one level of child nodes, all its child nodes (at all levels) will be installed. Example from diagram: if the user specifies that A should be installed and InstallAllSubFeatures=”true” is specified, A1 and A2 will also be installed. If InstallAllSubFeatures=”false” is specified for a given node, only its default child nodes will be installed. This is transitive, so if a top-level node has more than one level of child nodes, its default child nodes (at all levels) will be installed. Example from diagram: if the user specifies that A should be installed and InstallAllSubFeatures=”false” is specified, A2 will be installed but A1 will not as the latter is not a default of A. If InstallAllSubFeatures is not specified, InstallAllSubFeatures=”false” is assumed.

22 Server Manager New MMC snap in.
Provides consolidated view of server including: Configuration Status of Installed Roles Links for adding/removing installed roles and features Starting and Stopping Services managing local user accounts determining server status identifying critical events analyzing and troubleshooting configuration issues or failures.

23 Server Manager

24 Print Management Print Management provides centralized administration of all of the printers in the organization from any computer running: Windows Server 2003 R2 Windows Vista Windows Server 2008 operating systems. Windows XP clients (x86 and x64). Print Management can: Up-to-the-minute details about the status of all printers and print servers on the network from one console. Help find printers that have error conditions Send notifications or run scripts when a printer or print server needs attention. On printer models that provide a Web interface, it can access this additional data allowing information such as toner and paper levels to be managed easily.

25 Servermanagercmd.exe (command line interface)
To facilitate scripting and unattended role deployment/removal scenarios, the ServerManagerCmd.exe command line tool can be used. ServerManagerCmd exposes the key functions of Server Manager, such as installation/removal of roles, role services and features, command validation, and querying the current state of the machine. ServerManagerCmd also allows for: installation/removal of multiple server roles, role services and features together using XML answer files supports a set of command-line arguments to allow additional control over how the answer file should be executed. Full listing of the available ServerManagerCmd commands: ServerManagerCmd –help (or -?)

26 Servermanagercmd Commands
-query [<query.xml>] (Short form: -q) Display a list of all roles, role services, and features available, and shows which are installed. If <query.xml> is specified, the information is also saved to a query.xml file -install <name> (Short form: -i) Install the role, role service, or feature that is specified by the <name> parameter. -allSubFeatures (Short form: -a) Used with the -install parameter to install all subordinate role services and features along with the role. role service, or feature named with the -install parameter. -remove <name> (Short form: -r) Remove the role, role service, or feature that is specified by the <name> parameter. -restart Restart the computer automatically, if restarting is necessary to complete the operation. -logPath <log.txt> (Short form: -l) Specify the non-default location for the log file (ServerManager.log).

27 MMC 3.0 A new pane called the actions pane is available; it displays available commands for the selected node Provides Windows forms hosting capability Full integration with WinForm, unlike the older OCX views in MMC 2.0 Standard Visual Studio® designer and design guidelines available for view design Possible to isolate process and application domains Functionally rich views can be created using one of the four available view types: list, Windows Forms, HTML, and message Increased Reliability Improved detection and reporting of snap-in problems Because actions are logged, it is easier to debug and incrementally improve snap-in code Ability to isolate suspended snap-ins from the console

28 Task Scheduler 2.0 Isolating user actions in separate sessions
Credentials managements using new security services (S4U and CredMan) Removed limitations on the number of registered tasks API additions: Scripting Support: Interfaces are now derived from IDispatch providing full support for scripted development Task Scheduler Schema: Allows you to create/manage tasks through XML-formatted docs. New Triggers: New time/calendar/event triggers. All triggers support repetition, delay, start, and stop. Task Settings: Can now prioritize tasks, define multiple instance policies, starting a task only if the network is available, reset on failure, execution time limit, etc. New actions: Send an message, show a message box, start an executable, or fire a COM handler.

29 Server Deployment – The Past
3/25/ :42 AM Boot from the CD and install Supported since the original Windows NT days Sadly, still a very common way of installing Windows Server Some have “enhanced” the process with unattended answer files and customized CDs MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Server Deployment – The Past
3/25/ :42 AM Remote Installation Services Released with Windows 2000, February 17, 2000 Supports PXE boot to perform unattended installations of Windows (RISETUP), or installation of simple “images” (RIPREP) Simple menu creation and customization capabilities Remember the RIS Menu Editor from 3Com? Enabled RIS to boot floppy disk images Primarily used for desktop Oses Can boot Windows PE with some effort MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Server Deployment – The Past
3/25/ :42 AM Automated Deployment Services Released as an add-on to Windows Server 2003 in 2003 Required a Windows Server 2003 Enterprise or Datacenter license First Microsoft tool to use true images Images could be mounted Supported PXE boot, multicast Used virtual DOS boot floppies and could boot Windows PE Supported task sequencing for increased automation Used as core of Virtual Server Migration Toolkit (P2V) Updated version 1.1 released in 2005, with x64 support MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Server Deployment – The Past
3/25/ :42 AM Windows Server Deployment Solution Accelerator Released in September 2003 Built from the Business Desktop Deployment Solution Accelerator version 1.0 Uses ADS for image creation and deployment MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Server Deployment – The Past
3/25/ :42 AM Automated Purposing Framework (APF) Released in 2000, updated in 2003 Can be used with ADS or standalone Script-based deployment process APF Explorer for configuring hierarchical settings Used as part of the Microsoft Solution for Windows-based Hosting Largest current uses are with Microsoft UK and partners such as 1E MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Server Deployment – The Past
3/25/ :42 AM Branch Office Infrastructure Solution (BOIS) Released in 2005 Includes the Automated Deployment Toolkit, a derivative of APF Could leverage ADS for image capture and deployment Includes scripts for installation of some server roles MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Server Deployment – The Present
3/25/ :42 AM Vista and Longhorn change the landscape New image format and image-based installation process New core deployment tools provided in Windows Automated Installation Kit (WAIK) Products need to be updated (or replaced) Guidance and tools need to be updated (or replaced) Customers and partners will need to do some reengineering of processes MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Server Deployment – The Present
3/25/ :42 AM Windows Deployment Services Released in November 2006 The next generation of RIS, with support for image deployment, Windows PE 2.0, and PXE Available for Windows Server 2003 SP1 as a hotfix, part of SP2 and Longhorn Server A partial replacement for ADS MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Server Deployment – The Present
3/25/ :42 AM SMS 2003 OS Deployment Feature Pack Released in November 2004, updated in 2006 to support Vista/Longhorn deployment and image format While server deployment can be performed, there are limitations resulting in restricted support MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Server Deployment – The Future
3/25/ :42 AM Windows Deployment Services New features in Longhorn Server version: Multicast with an improved algorithm Improved TFTP performance EFI support MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 Server Deployment – The Future
3/25/ :42 AM System Center Configuration Manager 2007 (SCCM) To be released in Q3 CY07 A service pack or hotfix will be required to support LH Server deployment, available weeks after LH Server RTM Significant investments in OS deployment capabilities, task sequencing, integration with WDS Improves on the SMS 2003 OS Deployment Feature Pack Picks up most of the functionality from ADS MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40 Server Deployment – The Future
3/25/ :42 AM Windows Server Deployment Solution Accelerator To be released shortly after Longhorn Server Built on top of BDD 2007 (which will continue supporting Vista and XP deployments, also with SMS 2003 OSD), so consistent tools for client and server Provides guidance and tools for deploying Windows Server 2003 and Longhorn Server Leverages and extends capabilities of WDS and SCCM 2007, while also offering “Lite Touch” functionality that requires no management infrastructure MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 WSD Methodology and Best Practices
3/25/ :42 AM WSD Methodology and Best Practices Guidance WSD ZTI SCCM 2007 OSD Tools WSD LTI WDS and WAIK tools Good Better Best MICROSOFT CONFIDENTIAL © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Windows Deployment Services (WDS)
3/25/ :42 AM WDS Rapidly deploy Windows operating systems Updated and redesigned version of Remote Installation Services (RIS) Server components Client components Management components Windows Deployment Services provides several enhancements to RIS Title: Windows Deployment Services Talking Points: Windows Deployment Services (WDS) is a suite of components that work together on Windows Server 2008 to provide a simplified, secure means of rapidly deploying Windows operating systems to computers by using network-based installation, without the need for an administrator to work directly on each computer, or install Windows components from CD or DVD media. It contains a number of new or enhanced features that will save IT staff time. The Windows Deployment Services Process: Windows Deployment Services allow IT staff to rapidly deploy the Windows operating systems to computers by using network-based installation, without the need for an administrator to work directly on each computer, or install Windows components from CD or DVD media. WDS can also be used to quickly repurpose existing computers. [BUILD1] Windows Deployment Services: Windows Deployment Services, the updated and redesigned version of Remote Installation Services (RIS), is the feature name for a suite of components that work together on Windows Server 2008 to enable the deployment of Windows operating systems, particularly Windows Vista. These components are organized by the following three categories: server, client and management components. [BUILD2] Server components: These components include a Pre-Boot Execution Environment (PXE) server and Trivial File Transfer Protocol (TFTP) server for network booting a client to load and install an operating system. Also included is a shared folder and image repository that contains boot images, installation images, and files that you need specifically for network boot. [BUILD3] Client components: These components include a graphical user interface that runs within the Windows Pre-Installation Environment (Windows PE) and communicates with the server components to select and install an operating system image. [BUILD4] Management components: These components are a set of tools that you use to manage the server, operating system images, and client computer accounts. [BUILD5] Enhancements to Windows Deployment Services: Windows Deployment Services includes the Windows Deployment Services MMC snap-in, which provides rich management of all Windows Deployment Services features. Windows Deployment Services also provides several enhancements to the RIS feature set. These enhancements support the deployment of the Windows Vista and Windows Server 2008 operating systems. With Windows Deployment Services, IT staff can: Use the Windows Deployment Services snap-in to create a "capture image" that can create a custom image from a computer that has been prepared with Sysprep.exe Use the Windows Deployment Services Capture Wizard to create and add an image prepared with Sysprep.exe Use the Windows Deployment Services snap-in to associate unattended installation files with Windows images Associate one or more language packs with an image, eliminating your need for unique images for each language your organization supports Use the Windows Deployment Services snap-in to create a "discover image" for use with computers that do not support PXE boot Additional Information: SVR322_Niehaus.ppt Changes in Functionality to Windows Server Longhorn (January 2007).doc (also called the Book of Longhorn)  Windows Server 2008 Windows Vista

43 WDS - Components Server Components
Pre-Boot Execution Environment (PXE) server Trivial File Transfer Protocol (TFTP) server shared folder and image repository containing boot images installation images files that you may need specifically for network boot Client Components Graphical user interface Management Components a set of tools that you use to manage: the server operating system images client computer accounts

44 WDS - Enhancements Use the Windows Deployment Services snap-in to create a "capture image" that can create a custom image from a computer that has been prepared with Sysprep.exe Use the Windows Deployment Services Capture Wizard to create and add an image prepared with Sysprep.exe Use the Windows Deployment Services snap-in to associate unattended installation files with Windows images Associate one or more language packs with an image, eliminating your need for unique images for each language your organization supports Use the Windows Deployment Services snap-in to create a "discover image" for use with computers that do not support PXE boot

45 New Command-line shell & Scripting Language
Powershell 3/25/ :42 AM New Command-line shell & Scripting Language Improves productivity & control Accelerates automation of system admin Easy-to-use Works with existing scripts Partners Futures Title: Windows PowerShell Talking Points: Windows PowerShell accelerates automation of system administration. Windows PowerShell is a new command-line shell and task-based scripting technology that provides comprehensive control and automation of system administration tasks, with the goal of increasing IT productivity. Windows PowerShell includes many system administration utilities, consistent syntax and naming conventions, and improved navigation of common management data, such as the registry, certificate store, or WMI. Windows PowerShell also includes an intuitive scripting language specifically designed for IT administration. PowerShell is based on the .NET Framework, and takes advantage of the features presented by .NET. This allows IT staff to do such things as create system objects and have access to methods and properties of these objects, to build things like WinForms applications in the shell, or have access to Active Directory or SQL Server™. Even with all of the new features, an organization’s existing tools and scripts, such as PERL, batch files, or Visual Basic® scripts will still work. If an organization is using COM or WMI for automation, those scripts will also continue to work the same as before. In larger enterprises, management of multiple servers can be automated using Windows PowerShell. Windows PowerShell provides these benefits: Improve productivity: Allows IT organizations to automate tasks that are manual and time-consuming. It also improves the developer experience by making it easier to add command-line management capabilities, using .NET. Accelerate automation: Accelerates automation of system administration by enabling administrators to write secure automation scripts. Works with existing scripts: Is easy to use and works with existing scripts. It improves the administrative experience by enabling IT Pros to write secure automation scripts that can run locally or remotely. Windows PowerShell Features Windows PowerShell is an extensible scripting technology that is interactive, programmable, secure, and production-oriented. It provides the following components: A scripting language An interactive shell A way to produce task-oriented commands A set of domain-independent utility commands The following is an example of how an administrator might use PowerShell with Exchange. The goal of Windows PowerShell is to simplify an administrator’s view of Exchange using these tasks: recipient management tasks, organization management tasks, server management tasks, and diagnostic tasks. Tasks are further broken into categories based on server role and features: Roles: Edge/Hub Transport, CAS, Mailbox, UM Features: AntiSpam, Managed , Transport, Rules, etc. Windows PowerShell uses the Monad engine, which is a common management platform. All Exchange Management Console (E12) data access business logic is packaged as cmdlets. The graphical user interface is shielded from Monad by an ADO abstraction layer that makes writing Winforms applications easier. In this model, cmdlets are similar to SQL stored procedures. The unit of operation in Windows PowerShell is a cmdlet .NET class (e.g. remove-server). All Exchange operations are implemented as Monad cmdlets as follows:  Namespace providers enable groups or families of related cmdlets (that is, namespaces) File System, Registry, Local Certificate Store, Alias Provider, Environmental Variables, and Variables Pipelines are composed of classes (cmdlets) passing structured objects Extended Type System (ETS) simplifies developer experience Common interfaces for operating on pipeline objects independent of type (for example, .NET, WMI, XML, ADO, ADSI etc) [BUILD1] Partners Individuals and organizations seeking to get the most out of Windows Server 2008 can choose from a wide range of offerings from independent software vendors (ISVs), original equipment manufacturers (OEMs), and other vendors outside Microsoft. Some of these partners include: Fullarmer: FullArmor is adopting Windows PowerShell, Microsoft's new command-line shell and scripting language, to improve control over and accelerate automation of Group Policy settings. Future FullArmor products will enable customers to navigate and modify Group Policy settings directly from the command line and using scripts. /n Software: The /n software NetCmdlets extend the features of Microsoft Windows PowerShell with a broad range of network management and messaging capabilities. PowerGadgets: PowerGadgets is a Windows PowerShell snap-in, and lets you easily explore, visualize, and monitor enterprise data from virtually any data source, including traditional databases and text files, with little or no coding involved. Quest Software: Quest Software has created a graphical user interface for Windows PowerShell—PowerGUI. Quest Software has built PowerShell commands (cmdlets) for Active Directory, and is sponsoring a new independent online community dedicated to Windows PowerShell, PowerGUI.org. PrimalScript 4: PrimalScript 4.1 introduces support for Microsoft Windows PowerShell. Launched simultaneously with Windows PowerShell itself, the Professional and Enterprise editions provide a visual development environment for Microsoft's next-generation Windows automation platform. [BUILD2] Futures Ship in Windows: Windows PowerShell will be included with Windows Server 2008. Admin GUIs layered over PowerShell: While many aspects of Windows Server 2008 and other Microsoft applications will be manageable from PowerShell, admin GUIs layered over PowerShell will also be available. For example, Exchange 2007 is completely manageable by means of a Windows PowerShell, an admin GUI is also available to perform some tasks. One-to-many remote management using WS-MGMT: Microsoft plans for to leverage Web Service Management (WS-MGMT), the remoting protocol recently standardized through the Distributed Management Task Force (DMTF), to provide remote capability. Additional Information: MSG305_sharma.ppt, Session2-PowerShell-PACITPro Will ship in Windows Admin GUIs layered over PowerShell One-to-many remote management using WS-MGMT

46 Books & Training Materials
Powershell 3/25/ :42 AM More Control TechNet ScriptCenter Exchange Server 2007 Terminal Server WMI, Registry, Hardware, etc. Community-Submitted scripts MyITForum.com Hundreds of Scripts Books & Training Materials Manning Publications O’Reilly Media Sapien Press & others… Title: Windows PowerShell Resources Talking Points: Support for Windows PowerShell is available in the form of scripts, books, training, and community support. Scripts: Scripting for Windows PowerShell brings together resources for system administrators who are interested in learning about the Windows PowerShell command line and scripting environment. The TechNet ScriptCenter provides a one-stop shop for all of your Windows PowerShell scripting needs. The TechNet ScriptCenter contains scripts for items such as: Exchange Server 2007, Terminal Services, WMI, Registry, Hardware, and Community submitted scripts among others. myITforum.com, Inc. is the premier online destination for IT Professionals responsible for managing their corporations' Windows-based systems, especially for IT Pros working with Microsoft Systems Management Server (SMS), System Center, Microsoft Operations Manager (MOM), Scripting, Windows Mobile, Group Policy (GPO), and patching and security. The centerpiece of myITforum.com, Inc. is a collection of member forums, lists, blogs, and technical articles where IT Professionals actively exchange technical tips, share their expertise, and download utilities that help them better manage their Windows environments. Any member of myITforum.com can upload files and utilities to help Admins across the world to get the job done in less time. Visit: [BUILD1] Books and Training Materials: There are a number of good books from these and other publishers that will help you use and get the most out of Windows PowerShell. A few such books are: Windows PowerShell in Action by Bruce Payette, from Manning Publications. Bruce is one of the founding members of the Windows PowerShell team, co-designer of the PowerShell language, and is the principal author of the PowerShell language implementation. You will gain a deep understanding of the language and how best to use it, and gain insights into why PowerShell works the way it does. Monad (AKA PowerShell) Introducing the MSH Command Shell and Language by Andy Oakley, from O’Rielly Media, Windows PowerShell, formerly known by its codename "Monad," is available now for Windows Server® 2003, Windows® XP, and Windows Vista™; and soon for Exchange Server 2007 and MOM. PowerShell is the future of Windows administration. Monad, Oakely’s innovative, hands-on introduction to the tool is an exciting tour of some of the new capabilities that PowerShell puts into the hands of system administrators and power users, and is the perfect complement to existing PowerShell documentation. Windows PowerShell: TFM by Don Jones and Jeffery Hicks, from Sapien Press. Authors Don Jones (Managing Windows with VBScript and WMI, Advanced VBScript for Windows Administrators) and Jeffery Hicks (Advanced VBScript for Windows Administrators) teach you PowerShell scripting from the ground up: You don't need any prior PowerShell, VBScript, or any other scripting or programming experience. You'll learn about cmdlets, snap-ins, scripts, PowerShell's security model, and the .NET Framework. Written in an easygoing, casual style, with plenty of examples, you'll find yourself producing useful PowerShell scripts after the second chapter! [BUILD2] Community Support: There are a variety of different support options and information from different community sources. MS MVPs: Microsoft Most Valuable Professionals (MVPs) are exceptional technical community leaders from around the world, who are awarded for voluntarily sharing their high-quality, real-world expertise in offline and online technical communities. Microsoft MVPs are a select group of experts that represent the technical community's best and brightest, and they share a deep commitment to community and a willingness to help others. MVPs represent a broad spectrum of Microsoft product users. PowerShell Team Blog: Keep up to date with the latest announcements directly from the team responsible for building Windows PowerShell with the PowerShell Team blog. Active Newsgroup: There is the very active newsgroup microsoft.public.windows.powershell that is patrolled by most of the PowerShell MVPs.  Channel 9 DFO Show: Channel 9 is designed to facilitate communication between Microsoft and its developer and customer constituencies. The site uses video clips, moblog technology, RSS feeds; wikis, and forums to reach out to users. Design for Operations, or DFO, is a key element of the Microsoft Dynamic Systems Initiative, that will lead to the ability to build self-managing dynamic systems. The DFO show has started a series about PowerShell which can be found at channel9.msdn.com/shows/The_DFO_Show. IIS.net: The IIS.net site is a portal site for the IIS.NET development community. This site contains new PowerShell information in regards to IIS.NET. Additional Information: manning.com/powershell/ mvp.support.microsoft.com/communities/mvp.aspx blogs.msdn.com/PowerShell/ channel9.msdn.com/tags/Monad MS MVPs PowerShell Team Blog Active Newsgroup Channel 9: DFO Show IIS.net Community Support

47 What is Powershell? Revolutionary new interactive shell and scripting language Based on .NET New set of built-in tools (+120) New language to take advantage of .NET A new “object-pipeline” system view Can continue to use current tools Can continue to use current automation (COM)

48 Benefits Automate administration of multiple servers through a task-oriented scripting language Accelerate script authoring, testing and debugging and write customer tools in a new command shell environment Utilize new scripts and Cmdlets Manage command-line services, processes, registry, and WMI data Manage and/or automate administration tasks for server roles such as IIS and Active Directory Automate Terminal Server configuration changes by means of PowerShell scripts, and examine configuration similarities and differences across a Terminal Server farm. Manage an Internet Information Services 7.0 environment. Remotely manage servers.

49 No Fear, Uncertainty or Doubt
Do I need to learn .NET before I can use PowerShell? No - you can continue to use existing tools. Do I need to rewrite all my existing tools? No - existing tools will run just fine. Do I need to learn the new language? No - You can easily run existing commands without modification. Learning the new Online help is full of examples that are ready to use The new language elements make interacting with .NET a snap. Using .NET can help you where new tools don’t exist and opens a vast space of productivity Learn at your own pace, PowerShell will be ready for you

50 CMDlets A cmdlet (pronounced "command-let")
is a single-feature command that manipulates objects in Windows PowerShell. You can recognize CMDlets by their name format – a verb and noun separated by a dash (-), Get-Help Get-Process Start-Service.

51 Powershell - Recommendations
Start using Windows PowerShell immediately! Don’t throw away any existing scripts or batch files – they can still be used! Don’t forget the power of the wildcard, such as “*” Don’t deploy Windows PowerShell on any machine where it is not actually needed KEY MESSAGE: Windows PowerShell Recommendations SLIDE SCRIPT: To get the greatest benefits from Windows PowerShell, administrators should keep the following in mind: Start using Windows PowerShell immediately. Because it is backward-compatible, existing knowledge and experience can be used while learning to use the new cmdlets and scripting language. Don’t throw anything away! Existing batch files and scripts will all still run in the PowerShell environment. When using cmdlets, don’t forget the power of the wildcard. While security was a design priority of PowerShell, like any other powerful administrative tool is should only be deployed on administrator machines where it will be utilized. Immediately deploy a Group Policy Object to centrally-control security settings for Windows PowerShell, even if PowerShell is not yet being used in the organization. Centrally-Control Windows PowerShell security settings through GPOs – do it now!

52 Remote Management Remote Hardware Management Windows Remote Management
KEY MESSAGE: Windows Remote Management Overview SLIDE SCRIPT: Remote hardware management is intended to reduce overall IT administration costs by providing monitoring and control of remote hardware components, especially before the system is started and after an operating system failure. Original Equipment Manufacturers (OEMs) have developed a common architecture to address the need for hardware management. An important piece of this architecture is the baseboard management controller (BMC). A BMC is a specialized device that monitors the state of the server computer. The BMC provides remote control of server hardware, retrieves status data, and receives notifications about critical errors and other hardware state changes. A script or application that is monitoring a remote server can obtain data from the server either in-band, through the remote operating system, or out-of-band, directly from the BMC. A BMC has sensors that can detect, for example, when the server computer is overheating or when voltage is out of the acceptable range. Several standards exist to define the architecture of BMC. The Intelligent Platform Management Interface (IPMI) is one such standard that is used frequently. However, despite the IPMI standard, management access to server hardware is proprietary and requires use of management tools supplied by OEMs. Also, remote access to a BMC is provided using a specialized wire protocol, Remote Management Control Protocol (RMCP), which has non-standard security mechanisms for authentication of access. The Microsoft IPMI provider and IPMI driver, allow you to obtain BMC data from remote server computers through a standard WMI provider with WMI classes. While you can write a normal WMI script that obtains remote data through DCOM, in many cases the preferred method of obtaining IPMI data is through the WinRM command line utility, the WinRM Scripting API, or WinRM C++ API. The BMC also has an event database called the System Event Log (SEL) which records events in the monitored computer. You cannot subscribe to have these events delivered to a script as you can with WMI event classes. However, you can use the Wecutil.exe command line tool to subscribe to them. Windows Remote Management is the Windows implementation of WS-Management, an industry-standard Web services-based protocol. Windows Remote Management provides a secure, efficient way for management applications and scripts to communicate with local and remote computers. The Windows service that Windows Remote Management installs and uses is called WinRM. When a server is connected to a BMC that supports the WS-Management standard, applications and scripts can use Windows Remote Management to communicate directly with the BMC, even when the operating system is offline (pre-boot or post-failure). When a server is not connected to a BMC, Windows Remote Management can still be used to connect to WMI remotely in situations where DCOM communication is impeded (for example, across a firewall). This is possible because the WS-Management standard is firewall-friendly and uses a single port configurable by the system administrator. Windows Remote Management exposes its own application programming interface (API) for scripting, which can be used by scripts written in any Windows Script Host-compatible language. Winrm.cmd. The command-line tool provided as the primary administrative interface for managing WinRM is a batch file (Winrm.cmd) that runs a Visual Basic Scripting Edition (VBScript) script named Winrm.vbs. Because it is a script, you can open it as a text file and view the code to learn how it works. You can also write your own VBScript scripts that take advantage of the WinRM scripting API. Winrm.vbs runs under Cscript.exe, the command-line scripting engine of Windows Script Host. Prerequisites. Winrm.vbs enables system administrators to configure and manage WinRM. Because WS-Management is a Web service that uses XML as its message format, Winrm.vbs output is natively XML as well. The tool provides switches to output more readable XML or plain text. Prerequisites. WinRM is part of the operating system. However, to obtain data from remote computers, you must configure a WinRM listener. If a BMC is detected at system startup, then the IPMI provider loads; otherwise, the WinRM scripting objects and the WinRM command-line tool are still available. Benefits. With Windows Remote Management you can: Perform local and remote server management by accessing multiple data management stores such as WMI, ADSI, COM, Certificates, Registry, and XML configuration files Automate the management of local and remote servers Obtain management data from local and remote computers that may have baseboard management controllers (BMCs) Utilize WMI on Windows systems Utilize WS-Management Protocol for non-windows systems Remote Hardware Management Windows Remote Management Winrm.cmd Prerequisites Benefits

53 Remote Management Installation and Configuration
KEY MESSAGE: Windows Remote Management Technical Background Overview SLIDE SCRIPT: Remote Management Architecture. WinRM Scripting API. This scripting API enables you to obtain data from remote computers using scripts that perform WS-Management protocol operations. Winrm.cmd. This command–line tool for system management is implemented in a Visual Basic Script file (Winrm.vbs) written using the WinRM scripting API. This tool allows an administrator to configure WinRM and to get data or manage resources. Winrs.exe. This command line tool allows administrators to remotely execute most Cmd.exe commands using the WS-Management protocol. For more information, see the online help provided by the command line Winrs /?. Intelligent Platform Management Interface (IPMI) driver and WMI provider. Hardware management through the Intelligent Platform Management Interface (IPMI provider and driver allows you to control and diagnose remote server hardware through BMCs when the operating system is not running or deployed. WMI service. The WMI service continues to run side-by-side with WinRM and provides requested data or control through the WMI plug-in. You can continue to obtain data from standard WMI classes, such as Win32_Process, as well as IPMI-supplied data. WS-Management protocol. WS-Management protocol, a SOAP-based, firewall-friendly protocol, was designed for systems to locate and exchange management information. The intent of the WS-Management protocol specification is to provide interoperability and consistency for enterprise systems that have computers running on a variety of operating systems from different vendors. Remote Management Installation: If Windows Remote Management is not installed and configured, WinRM scripts do not run and the WinRM command line tool is unable to carry out data operations. The Windows Remote Shell command line tool, WinRS, and event forwarding also depend on WinRM configuration. WinRM and Intelligent Platform Management Interface (IPMI) WMI provider components are installed by default with Windows Server 2008 and the WinRM service starts automatically. On Windows Vista, the service must be started manually. On Windows Server 2003 R2, WinRM is not installed by default but is available as the Hardware Management feature through the Add/Remove System Components feature in the Control Panel under Management and Monitoring Tools. By default, no WinRM listener is configured. Even if the WinRM service is running, WS-Management protocol messages that request data cannot be received or sent. Internet Connection Firewall (ICF) blocks access to required ports by default. Scripting in WinRM: The Scripting API in WinRM and the accompanying COM API for C++ are designed to reflect closely the operations of the WS-Management protocol. The WinRM Scripting API in Windows Remote Management supports all the WS-Management protocol operations except one. It does not allow subscriptions to events. To subscribe to events from the BMC System Event Log, you must use the Wecutil or Wevtutil command-line tools. The WinRM Scripting API is called by Winrm.vbs, a command-line tool, which is written in Visual Basic Scripting Edition (VBScript). Winrm.vbs provides examples of how to use the WinRM Scripting API. Authentication for Remote Connections: Windows Remote Management maintains security for communication between computers by supporting several standard methods of authentication and message encryption. The default credentials, user name and password, are the credentials for the logged-on user account that runs the script. Kerberos is the default method when the client is in a domain and the remote destination string is not one of the following: localhost, , or [::1]. Negotiate is the default method when the client is not in a domain. Negotiate is also the default method when the client is in domain, but the remote destination string is one of the following: localhost, , or [::1]. Basic and Digest Authentication are also available. Remote Management Architecture Installation and Configuration Scripting in Windows Remote Management Authentication for Remote Connections

54 Usage Scenarios Manage PCs in restricted environments (e.g. DMS, Internet, through firewalls/NATs) Remotely connect WMI instrumentation for asset and configuration management Execute remote scripts or command-line utilities with Windows Remote Shell KEY MESSAGE: Summary of Windows Remote Management Implementation/Usage Scenarios SLIDE SCRIPT: Windows Server 2008 administrators will have the need to manage PCs in restricted environments, collect information for asset and configuration management, remotely manage servers, and monitor PC health. With Windows Remote Management you can do all of these things. You can: Perform local and remote server management by accessing multiple data management stores such as WMI, ADSI, COM, Certificates, Registry, and XML configuration files. Automate the management of local and remote servers. Obtain management data from local and remote computers that may have baseboard management controllers (BMCs). Utilize WMI on Windows systems. Utilize WS-Management Protocol for non-windows systems. Monitor PC health by forwarding events to a central collector. Monitor PC health by forwarding events to a central collector

55 Group Policies Feature Description Benefit
XML-based policy definition files Administrative template files are replaced by an XML-based file format that incorporates multilanguage support and strong versioning. Group Policy tools display in the administrator's operating system language • Managing registry-based policy settings while accommodating automated or fully manual change management processes Central store of ADMX files The central store is a domain-wide directory created in the Sysvol. Reduces the need for additional storage and greater replication traffic resulting from increasing numbers of GPOs Group Policy administrative tools read both ADMX and ADM files Group Policy administrative tools use the core operating system ADMX files from the local machine before the creation of the central store. In addition, the administrative tools can read any other ADM file stored locally or in a GPO Ensures interoperability with earlier platforms for administering Group Policy KEY MESSAGE:

56 General Recommendations
For single server administration, use xx To manage roles from a command prompt, use xx For multiple server administration, use Windows xx For Remote Management, use xx (based on xx Standard) KEY MESSAGE: Server Management Recommendations SLIDE SCRIPT: You should use Server Manager to manage single servers, but for multiple server management or for remote management, you should use Windows PowerShell and Windows Remote Management. Use the ServerManagerCmd.exe utility to manage roles from a command-line environment. Take advantage of the new Event Subscription capabilities in Windows Server 2008 for collecting data from Event Viewer event logs on multiple servers. Use Microsoft’s System Center family of tools for enterprise-wide management. Use xx to collect Event Viewer logs from multiple servers Use xx for enterprise-wide management

57 Q/A


Download ppt "Longhorn Academy Server Management"

Similar presentations


Ads by Google