1. Module 1: Server Roles and Initial Configuration Tasks

2. Overview
Identify and install application server roles that are integrated with Windows Server 2008
Identify and install Windows application server features available with Windows Server 2008
Implement Windows Activation 2.0

3. Lesson 1: Application Server Roles
Identify new features with the Web Server role in Windows Server 2008
Describe benefits of Windows Media Services 9.5
Explain how the Windows SharePoint Services role will benefit organizations

4. Web Server Flexible extensibility model for powerful customization
Powerful diagnostic and troubleshooting tools
Delegated administration
Enhanced security and reduced attack surface through customization
True application xcopy deployment
Integrated Application and health management for Windows Communication Foundation (WCF) services
Improved administration tools
Windows Server 2008 delivers a unified platform for Web publishing that integrates Internet Information Services (IIS), ASP.NET, Windows Communication Foundation, and Microsoft Windows SharePoint Services. IIS version 7.0 is a major enhancement to the existing IIS Web server and plays a central role in integrating Web platform technologies. These pillars help create a unified platform so that IIS 7.0 delivers a single, consistent developer and administrator model for Web solutions.
Key pillars of the IIS 7.0 release are:
• Flexible extensibility model for powerful customization
• Powerful diagnostic and troubleshooting tools
• Delegated administration
• Enhanced security and reduced attack surface through customization
• True application xcopy deployment
• Integrated Application and health management for Windows Communication
Foundation (WCF) services
• Improved administration tools

5. Windows Media Services
Improved Fast Streaming
~2x concurrent users per server
Server Core Installation Option
Cache/Proxy Plug-In
Server Manager and Remote Administration Tools
Microsoft Windows Media Services 9.5 (WMS 9.5) is part of the Microsoft Windows Server 2008 operating system. With WMS 9.5 is a powerful streaming media server that allows enterprises to deliver richer, more convenient communications and training and effectively manage network resources. Internet content providers (ICPs) can use the server to deliver a TV-like experience over the Internet with full advertising support and the ability to manage “channels” of content on the fly. With the improved scalability of Windows Media Services 9.5, content distribution networks (CDNs) will be able to reduce costs, and developers will be able to further integrate and extend their existing systems.
Key WMS 9.5 features include the following:
• Faster stream startup, new DVR and DVD-like features, and optimizations that enable business models for the wireless market.
• Removal of the older proprietary MMS protocol, although not the MMS URL moniker – the use of mms:// as the URL moniker for all streamed Windows Media content is still recommended, as this allows IE and Windows Media Player to instantly recognize the file type and initiate the protocol rollover sequence to find the best protocol for a given user’s network situation.
• WMS 9.5 allows for twice as many concurrent users per server.
• The Windows Server 2008 Server Core installation is a great tool for enterprises. Therefore, WMS 9.5 has been included with the Server Core installation.
• The new in-the-box Cache/Proxy Plug-in provides functionality to meet the majority of requested scenarios. Because Server Core does not currently support the .NET framework, this C++ plug-in is a perfect complement to Server Core for remotely managed servers in lights-out locations. This can benefit end users if latency is an issue on a network, because having the content cached locally will reduce the time an end user waits between clicking on a URL and when they see their content. In addition, if there are low-bandwidth WAN links on a network, the high-bit-rate content can be pre-loaded where it would have otherwise had to be posted on a share
or downloaded each time over the WAN.
• WMS 9.5 can be managed through the Server Manager, in addition to remote administration tools.
Note: Starting with Windows Server 2008 Beta 3, the following are not included in the operating system:
the Streaming Media Services role and the Streaming Media Services role administration tools for the Remote Server Administration Tools feature.
To obtain the new features that are available in Windows Media Services for Windows Server 2008 RC1, you must obtain and then run the Microsoft Update Standalone Package (MSU) file for the appropriate Streaming Media Services role.

6. Lesson 2: Application Server Features
Initial Configuration Tasks
Server Manager
List and describe the Server Roles and features available with Windows Server 2008 that allow it to work as an application server

7. Application Server Features
Internet Storage Naming Server (iSNS)
Messaging Queue (MSMQ)
Remote Procedure Call (RPC) over HTTP Proxy
Subsystem for UNIX-based Applications (SUA)
Windows Foundation Components for WinFX
Windows Internal Database (SQL Server 2005 Embedded Edition)
Windows Network Load Balancing (WNLB)
Features do not describe the primary function of a server; instead features provide auxiliary or supporting functions to servers. Typically, administrators add features not as the primary function of a server, but to augment the functionality of installed roles. For example, Failover Clustering is a feature which administrators can install after installing certain server roles, such as File Services, to add redundancy to File Services and shorten possible disaster recovery time.
Many features are available in Windows Server 2008, and can be installed using commands in Server Manager.
Internet Storage Naming Server (iSNS): Internet Storage Naming Server (iSNS) processes registration requests, de-registration requests, and queries from iSCSI devices. Microsoft iSNS Server is a Microsoft Windows service that processes iSNS registrations, deregistrations, and queries via TCP/IP from iSNS clients, and also maintains a database of these registrations. The Microsoft iSNS Server package consists of windows service software, a control-panel applet, a command-line interface tool, and a set of WMI interfaces. Additionally, there are DLLs allowing Microsoft Cluster Server to manage Microsoft iSNS Server as a cluster resource. A common use for Microsoft iSNS Server is to allows iSNS clients – such as the Microsoft iSCSI Initiator – to register themselves and to query for other registered iSNS clients. Registrations and queries are transacted remotely over TCP/IP. However, some management functions such as discovery-domain management are restricted to being transacted via WMI.
Messaging Queue (MSMQ): Message Queuing (also known as MSMQ) enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline. MSMQ provides guaranteed message delivery, efficient routing, security, and priority-based messaging. It can be used to implement solutions to both asynchronous and synchronous scenarios requiring high performance. Examples of where Message Queuing can be used are:
• Mission-critical financial services: for example, electronic commerce.
• Embedded and hand-held applications: for example, underlying communications to and from embedded devices that route baggage through airports by means of an automatic baggage system.
• Outside sales: for example, sales automation applications for traveling sales representatives.
• Workflow: Message Queuing makes it easy to create a workflow that updates each system. A typical design pattern is to implement an agent to interact with each system. Using a workflow-agent architecture also minimizes the impact of changes in one system on the other systems. With Message Queuing, the loose coupling between systems makes upgrading individual systems simpler.
Remote Procedure Call (RPC) over HTTP Proxy: Remote Procedure Call (RPC) over HTTP Proxy relays RPC traffic from client applications over HTTP to the server as an alternative to clients accessing the server over a VPN connection.
Simple Mail Transfer Protocol (SMTP) Server: Simple Mail Transfer Protocol (SMTP) Server supports the transfer of electronic mail between servers.
Subsystem for UNIX-based Applications (SUA): Subsystem for UNIX-based Applications (SUA), along with a package of support utilities available for download from the Microsoft Web site, enables the ability to run UNIX-based programs, and perform system administration tasks from within a UNIX-based command-line environment.
.NET Framework 3.0 Features: .NET Framework 3.0 Features supports applications built using presentation, communication, and workflow foundations.
Windows Internal Database (SQL Server 2005 Embedded Edition): Windows Internal Database uses SQL Server 2005 Embedded Edition (Windows) as a relational data store for Windows roles and features only, such as Windows SharePoint Services, Active Directory Rights Management Services, UDDI Services, or Windows Server Update.
Network Load Balancing (NLB): Network Load Balancing (WNLB) distributes incoming application requests among the group of servers that host instances of the application.

8. Windows Server as an Application Server
IIS 7.0
Windows SharePoint Services
Server Virtualization
Terminal Services
Network Load Balancing
Failover Clustering
Windows System Resource Manager
Windows Server 2008 provides roles that work together to form an efficient application server. The IIS 7.0 and Windows SharePoint Services roles both provide functionality that allows Windows Server 2008 to work towards an organization’s goals. Other roles and features are available to assist Windows Server 2008 to function as an application server.
• Hyper-V: The Windows Hyper-V hypervisor is a thin layer of software running directly on the hardware which works in conjunction with an optimized instance of Windows Server 2008 that allows multiple operating system instances to run on a physical server simultaneously.
• Terminal Services: Terminal Services provides technologies that enable access to a server running Windows-based programs or the full Windows desktop. Users can connect to a terminal server to run programs, save files, and use network resources on that server.
• Network Load Balancing: In Windows Server 2008, the improvements to Network Load Balancing (NLB) include support for Internet Protocol version 6 (IPv6) and Network Driver Interface Specification (NDIS) 6.0, Windows Management Instrumentation (WMI) enhancements, and improved functionality with Microsoft Internet Security and Acceleration (ISA) Server. NLB is a feature that distributes the load for networked client/server applications across multiple cluster servers. It is part of the Windows scale out functionality.
• Failover Clustering: A failover cluster is a group of independent computers that work together to increase the availability of applications and services. The clustered servers (called nodes) are connected by physical cables as well as by software. If one of the cluster nodes fails, another node begins to provide service (a process known as failover). Users experience a minimum of disruptions in service.
• Windows System Resource Manager: Microsoft Windows System Resource Manager (WSRM) on Windows Server 2008 allows control over how CPU and memory resources are allocated to applications, services, and processes on the computer. Managing resources in this way improves system performance and reduces the chance that applications, services, or processes will take CPU or memory resources away from one another and slow down the performance of the computer. Managing resources also creates a more consistent and predictable experience for users of applications and services running on the computer. WSRM can be used to manage multiple applications on a single computer or users on a computer on which Terminal Services is installed.

9. Lesson 3: Implement a Volume Licensing Strategy using KMS and MAK
Microsoft Volume Activation 2.0
Multiple Activation Keys
Key Management Service
Planning Volume Activation
Deployment Example for MAK independent activation and KMS activation
Deployment example for MAK proxy activation 9

10. Microsoft Volume Activation 2.0
Automates activation of Volume Licensed Vista and Windows Server 2008 Systems
Uses either Multiple Activation Keys or Key Management Service
Offers central management for Volume License keys
Is invisible to end user
Offers monitoring and reporting
Volume Activation 2.0 is a configurable solution that helps IT Pros automate and manage the product activation of Windows Vista Business, Windows Vista Enterprise and Windows Server 2008 systems licensed under volume licensing. Volume Activation 2.0 has the following benefits:
• Volume Activation 2.0 supports centrally managed Volume License keys. The KMS key used for KMS activation is only installed on the KMS host and never on individual computers. The MAK, although resident on the individual computer, is encrypted and kept in a trusted store so that users are not exposed to the key and are not able to obtain the key once it has been installed on the computer.
• Volume Activation 2.0 supports a simplified setup and is generally invisible to the end user. By default, Volume editions do not require a product key to be entered during setup. The computer must be activated during an automatic 30-day grace period.
• System Administrators can monitor activation status using standard system management software including Microsoft KMS Management Pack for System Center Operations Manager (MOM Pack), as well as the VAMT. Windows Management Infrastructure (WMI), extensive event logging, and built-in Application Programming Interfaces (APIs) may provide a wealth of detail about installed licenses and about the license state and current grace or expiration period of MAK and KMS-activated computers.
Multiple activation options are available using two types of customer specific keys, Multiple Activation Key (MAK) and Key Management Service (KMS) key.
Note: MAK and KMS can be used together or separately, depending on the requirements of the organization.
• Multiple Activation Key has a predetermined number of activations allocated to it, and two activation options:
• MAK Independent Activation to individually connect (online or phone) and activate with Microsoft
• MAK Proxy Activation to activate multiple systems with one connection to Microsoft (using the Volume Activation Management Tool (VAMT) available at
• Key Management Service enables organizations to perform local activations of systems in a managed environment without connecting them to Microsoft individually. A KMS key is used to enable the Key Management Service on a KMS host system controlled by an organization’s system administrator. The KMS host requires a minimum number of physical machines, but can activate a virtually unlimited number of systems. Each KMS-activated system must periodically renew with the KMS host.
Uses Volume Edition Product groups to simplify administration 10

11. Multiple Activation Keys
MAK Proxy
MS Activation
Clearinghouse
Each product key can activate a specific number of computers. MAK activation is a onetime event; there is no requirement to periodically renew activation unless there are significant hardware changes.
Under MAK management, a MAK is used to activate each system. Activation can be performed over the Internet or by telephone. As each system is activated, the assigned allocation is decremented. Customers can check the number of remaining activations from the Microsoft Licensing Web sites or by using the Volume Activation Management Tool (VAMT). Additional activations can be requested by contacting the Microsoft Activation Call Center.
There are two ways to activate computers using MAK:
• MAK Proxy Activation: Enables a centralized activation request on behalf of multiple computers with one connection to Microsoft, using VAMT.
• MAK Independent Activation: Requires that each desktop independently connect and activate against Microsoft.
Additional MAK requirements include:
• Requesting more activations when the number of activations passes the predetermined limit
• Managing the installation of MAKs (automated by the Solution Accelerator for server deployments or Business Desktop Deployment (BDD) 2007 for Vista deployments)
• Reactivation when significant hardware changes occur 11

12. Key Management Service
KMS Server
The KMS enables organizations to perform local activations for computers in a managed environment without connecting to the Microsoft activation clearinghouse individually. A KMS Key is used to enable the Key Management Service on a host machine controlled By an organization’s system administrator. KMS is targeted for managed environments where at least 5 servers or 25 Vista desktops are consistently connected to the
organization’s network.
After initializing KMS, the KMS activation infrastructure is self-maintaining. Users can install a KMS key and enable the KMS service on Windows Vista or Windows Server 2008 systems. The KMS service can easily be co-hosted with other services, and it does not require any additional software for downloading or installing. Additionally, KMS for Windows Server 2003 allows KMS to be hosted on the Windows Server 2003 platform. A single KMS host can support hundreds of thousands of KMS clients. Most organizations will be able to operate with just two KMS hosts for their entire infrastructure.
KMS clients must renew their activation by connecting to the KMS host at least once every 180 days. Clients that are not yet activated will attempt to connect with the KMS host every two hours (by default). Once activated, they will attempt to reconnect to the KMS host every seven days (by default), and if successful will renew their activation for another 180 days.
Clients locate the KMS host using one of the two methods:
• Auto-Discovery, in which a KMS client uses DNS records to automatically locate a local KMS host.
• Direct connection, where a system administrator specifies the KMS host location and communication port.
After installation, clients have a 30-day grace period to complete activation. Clients not activated within this time period will go into Reduced Functionality Mode (RFM). If clients are unable to reconnect to a KMS host for more than 180 days after initial activation, they enter a 30-day grace period after which they enter RFM until a connection can be made with a KMS host, or until a MAK is installed and the system is activated online by proxy or via telephone. This feature prevents computers that have been removed from the organization from functioning indefinitely without adequate license coverage.
The KMS host counts activation requests, and replies to each valid request with the value of the current count (the n-count). If the n-count meets the activation policy requirements for a Windows volume client, that client will activate. Systems operating in virtual machine (VM) environments can also be activated using KMS, but they do not contribute to the n-count.
The n-count is cumulative between all Windows Vista and Windows Server 2008 machines that are requesting activation or renewing their activation with the KMS host. The minimum requirement for any of the Windows Server 2008 clients to activate is minimum 5 machines, including at least 1 Windows Server So if there are 5 clients in the n-count so far—1 Windows Server 2008 and 4 Windows Vista—the Windows Server 2008 machine will activate but not the Windows Vista machines. For the Windows Vista clients to activate, there must be at least 25 machines in the n-count, in any combo of Windows Server 2008 and Windows Vista machines. The KMS host does not contribute to the n-count. 12

13. Product Groups Product Groups
To simplify Volume Activation across the variety of Windows client and server editions, Microsoft has introduced the concept of Volume Edition product groups. KMS and MAK keys apply to product groups rather than to specific product editions. This greatly simplifies key management by reducing the number of possible keys. The following table illustrates the existing product croups and the Windows volume editions belonging to each.

14. Planning Volume Activation
Key considerations:
Number of computers in the target network
Network and Internet connectivity
DNS servers support for DDNS and SRV records
Centralized KMS recommended if bandwidth is sufficient
MAK recommended for remote computers with limited connectivity
There are several planning steps to devising an overall activation plan. These include:
1. Assess current infrastructure capabilities, connectivity, network policies, and business requirements and organization policies
2. Map computers to activation options
3. Plan monitoring and reporting
Assess Current Infrastructure Capabilities
For each target environment where Windows Server 2008 will be deployed, determine the current infrastructure capabilities. Some common questions to answer are:
Infrastructure Questions Considerations
1. How many computers will be deployed in the target network?
Vista KMS clients require 25 or more computers be consistently connected to the organization’s KMS host. Windows Server 2008 KMS clients require that 5 or more KMS clients be regularly connected to the KMS host.
2. Does the network support TCP/IP connectivity?
KMS activation requires TCP/IP connectivity (port TCP/1688 default). A KMS activation request and response takes approximately 550 bytes. Consider the impact of periodic activation for slow and/or high-latency links.
3. Does the current Domain Name System (DNS) service support SRV records and DDNS?
Dynamic DNS and SRV record support are required for the default auto-publishing and auto-discovery functionality used by KMS. Microsoft Windows® 2000 or later DNS and BIND 8.x or newer fully support these features.
Connectivity Considerations
Connectivity to the network, Internet access, and number of computers that regularly connect to the network are some of the important characteristics to identify. Some organizations may have a combination of environments where some systems are connected to the corporate network while others are not. In such cases, more than one activation option is indicated.
Business Requirements and Organizational Policies
It is equally important to consider any organizational policies, for example regarding KMS host sizing or co-hosting.
KMS Host Sizing
KMS host processing capacity should not be a limiting factor for virtually any size organization. A single KMS host is capable of supporting hundreds of thousands of KMS clients, and KMS requests are only a few hundred bytes each.
Following are some considerations for planning a KMS host:
• KMS is processor intensive while actively processing requests. CPU usage can momentarily reach 100 percent on a single-processor computer during request processing. Normally, a client computer activates with the initial request.
• KMS memory usage can vary from approximately 10 MB to around 25 MB, depending on the number of incoming requests.
• Network overhead is minimal. Less than 250 bytes are sent in each direction for a complete client-KMS exchange, plus TCP session setup and teardown. The only additional network traffic is for auto-discovery, which usually occurs only once per client computer, as long as the same KMS host continues to be available for subsequent renewals.
• Large organizations may want multiple KMS hosts for load-balancing and redundancy purposes.
Co-Hosting KMS
To minimize cost, most organizations prefer to co-host KMS along with other functions. KMS is designed to support co-hosting, and can easily coexist with common server roles, including domain controllers. It has a small resource footprint during normal operation, although it can become compute-bound as noted above. This is most likely to occur after a large deployment of KMS clients or if most users start their computers in a short period.
If CPU consumption is an issue, KMS supports a low-priority option.
Map Computers to Activation Solutions
The second step to selecting appropriate activation options is to map computers to activation solutions. The goal is to ensure that all computers are associated with an activation option. The table below is an example of how to map your computers to activation solutions. To use a table like this, determine the following:
• Total number of computers that need to be activated using a Volume Activation 2.0 method
• Number of computers that will not connect at least once every 180 days
• Number of computers in environments where there are less than 5 servers/25 client computers
• Number of computers that will regularly connect to the network
• Number of computers in disconnected environments where there are more than 5 servers/25 client computers and there is no Internet connectivity
• Number of computers in disconnected environments where there are less than 5 servers/25 client computers and there is no Internet connectivity
Plan Monitoring and Reporting
It is critical to establish monitoring and reporting for KMS and MAK. In particular for MAKs, be sure to include monitoring the number of MAK activations used. Administrative tools include VAMT and KMS Management Pack for System Center Operations Manager (MOM Pack). 14

15. Deployment Example for MAK Independent Activation and KMS Activation
Many enterprises have networks that are separated into multiple security zones. Fortunately, there are several options when deploying Windows in a heterogeneous environment.
This example shows the example of a potential network configuration using MAK Independent activation and KMS activation. Note that this example is intended for illustration purposes only to show common scenarios.
In this example, the enterprise has computers in the following different scenarios:
• Core network: The core network has redundant KMS hosts. All computers in the main corporate network query DNS for the KMS SRV record and activate themselves after contacting the KMS service running on one of these computers. The KMS hosts were activated directly through the Internet.
• Secure zone: Many enterprises have secure zones that are carved out of the corporate network by installing a firewall to block all traffic between the secure zone and the rest of the network. To allow these computers to activate using the corporate KMS using RPC over TCP/IP, the network administrator has to allow TCP port 1688 outbound from the secure zone and allow RPC reply back in.
• Isolated lab: In the isolated lab scenario, corporate security policy does not allow any traffic between computers in the isolated lab and the rest of the corporate network. This could be through a firewall that blocks all but a very limited number of ports or where there is no network connectivity at all. Because the lab has more than 25 computers, users can deploy KMS to activate Windows Vista in the lab. The KMS host itself is activated by telephoning Microsoft and getting the confirmation ID (CID).
• Disconnected computers: Vista Computers that are not on the corporate network and/or are in a lab that has less than 25 computers must activate using MAK. Likewise, Windows Server 2008 computers in groups of less than 5 KMS clients must also use MAK. The computer needs connectivity to the Internet only once (to activate) and will not need to be reactivated unless there is a major change in the hardware. If a computer is in a lab and has no network connectivity at all, it can be activated by telephone the same way the KMS host is activated in the isolated lab scenario, or the computers can be activated via MAK Proxy Activation using VAMT. 15

16. Deployment Example for MAK Proxy Activation
There are some customers who may not want to use KMS. This section covers the example of an enterprise using the VAMT to perform all activations for Windows volume editions. The following is an example of potential network configurations in an organization, utilizing MAK and VAMT.
The figure above shows computers in the following scenarios:
• Core network: In the core network scenario, VAMT is installed on a computer that can access the Internet. The administrator can perform an “Add Machine” function against the Active Directory domain or workgroups to find computers on the network. Computers can also be added explicitly by IP or name. After discovering available computers and their licensing status, the administrator can activate selected volume clients using MAK Independent Activation or MAK Proxy Activation. MAK independent activation installs a MAK on a client computer and instructs the target computer to activate against Microsoft servers over the Internet. In MAK proxy activation, VAMT installs a MAK on a client computer, obtains the installation ID (IID) from the target computer, sends the IID to the Microsoft web site on behalf of the client and obtains a confirmation ID (CID). The tool then activates the client by installing the CID.
• Secure zone: In this scenario, the tool can activate computers using MAK proxy activation. This assumes that the clients in the secure zone do not have Internet access. The following two issues need to be addressed:
• The computers must be discoverable (through Active Directory, by name or IP, or by membership in a Workgroup).
• The tool has to make a call to the WMI services on the target computer to get status, and to install MAKs and CIDs. This requires the firewall to be configured to allow remote WMI from the VAMT host. Additionally, VAMT must be provided with credentials that have local admin access to the target computer.
• Isolated lab: In the isolated lab scenario, VAMT is hosted inside the Isolated Lab. VAMT performs discovery, obtains status, installs a MAK, and obtains the IID of all computers in the lab. VAMT then exports the list of computers to a file on removable media. The administrator imports the XML file onto a computer running VAMT in the core network. Once this is done, the tool sends the IIDs to Microsoft and obtains the corresponding CIDs, which the administrator then exports to a file on removable media and takes back to the isolated lab. Once this data is imported into the tool, the administrator can activate the isolated lab computers by installing the CIDs on the corresponding computers. 16