Document

Download Report

Transcript Document 

Chapter 6: Windows Servers
on the LAN
History of Windows Networks
• Microsoft OS desktop market share?
• The first Windows network operating system was NT 3.1 (1993). It
had an interface similar to Windows 3.1 and integrated well with
other popular network operating systems.
• Windows NT4 (1995) was the network operating system that lead
to Microsoft’s current dominance?
NT 3.1 Server
• Main use as an Application Server
– Server Network Architecture (SNA)
History of Windows Networks
• Windows 2000 included Active Directory as well as many
improvements over Windows NT 4.
• Now uses only a single architecture
• Active Directory
• Four Windows Server 2000 editions:
Windows 2000 Professional (mixed)
Windows 2000 Server (departmental)
Advanced Server (web and applications)
Datacenter Server (high end server)
History of Windows Networks
• Windows Server 2003 was not as revolutionary as Windows 2000,
but included many security improvements. Expected to be
Microsoft’s flagship server product until 2007?
• Modular installation*
• More Security improvements
• Four Windows Server 2003 editions:
Standard Edition
Web Edition (IIS 6) can not be domain controller
Enterprise Edition
Datacenter Edition
Web Servers
• Statistics on Web servers: IIS vs. Apache
Organization / Web Server
Apache IIS
Google (June 2007)
66%
23%
Netcraft (October 2007)
48%
37%
Port80 (July 2007)
25%
55%
Security Space (Sept. 2007)
74%
19%
http://4sysops.com/archives/apache-vs-iis-what-is-yourfavorite-market-share-statistics/
Windows Server 2003 Hardware
Requirements
Minimum hardware requirements for Server 2003, Standard Edition ?
Windows Server 2003
Memory Model
• 32-bit and 64-bit addressing schemes supported
– Require different versions of Windows Server 2003
– Require different types of processors
– The larger the addressing size, the more efficiently
instructions can be processed
• Each application (or process) assigned its own 32-bit
memory area
– Helps prevent processes from interfering with each other
• Virtual Memory dialog box allows increase or
decrease of paging file size
Windows Server 2003 and Domains
• Windows Server 2003 networks are organized into domains.
• A domain is a centralized collection of common security
policies, user, and computer accounts.
• This collection of accounts is stored within Active Directory.
• called domain controllers which host the AD DB
• Users must log in and be authenticated by a domain
controller before they can access resources in a domain.
• Members of a domain share a common DNS suffix (such as
companyname.internal or cis121.local).
Domains (continued)
• Domain controllers: host the Active Directory database.
- should use at least two on each network
• Replication: identical copy of directory data on domain controller
• Member servers: do not store AD information and can not authenticate users
Trees and Forests
• A forest is a collection of
domains (uncommon
namespaces) that share the
same Active Directory
schema.
• A tree is a collection of
domains within a forest that
share a common DNS
namespace.
subsidiary.com
company.com
kid.company.com
child.company.com
child.subsidiary.com
west.kid.company.com east.kid.company.com
• A schema is the structure of the database
• what objects exist
• what attributes or properties of these objects can be assigned
Trees and Forests
• Active Directory organizes multiple domains
hierarchically in a domain tree
– Root domain: base of Active Directory tree
– Child domains: branch out to separate groups of objects
with same policies
– Organizational units branch out underneath child
domains to further subdivide network’s systems and
objects
OUs (Organizational Units)
Multiple domains in one organization
OUs (Organizational Units)
A tree with multiple domains and OUs
Trust Relationship
• A trust relationship means that users in one domain can
access resources in a different domain.
• Trust relationships exist between all domains in a forest.
• Forest trusts allow all domains in one forest to automatically
trust all domains in a second forest.
• Trusts can be changed: 2 way, 1 way
Trust Relationships
Two-way trusts between domains in a tree
Planning For Installation
• Critical preinstallation decisions:
– How many, how large, and what kind of partitions will the
server require?
– What type of file system will the server use?
– What will you name the server?
– Which protocols & network services should the server use?
– What will the Administrator password be?
– Should the network use domains or workgroups and, if so,
what will they be called?
– Will the server support additional services?
– Which licensing mode will you use?
– How can I remember all of this information?
Microsoft Management Console
• MMC is the primary tool used
to administer Windows
Server 2003.
• A large number of preconfigured MMC are
available in the
Administrative Tools menu.
• 3rd party software often ships
with custom MMC add-ons.
• You can build MMC for a particular task by creating a custom MMC. You
add snap-ins to the console that are relevant to the task. You can then save
or discard the console once you are finished with it.
• You can use the MMC to administer remote computers within a domain.
You add a snap-in with the focus set to the target remote computer.
Computer Management Console
• Built-in console that allows
an administrator to perform
most day-to-day system
administration tasks as well
as remotely administer other
Windows computers.
• Access the Computer Management Console by right-clicking the My
Computer icon and then selecting Manage.
• You can manage other servers using this console by right-clicking
Computer Management and then selecting Connect to another computer.
• Target computer must be a member of the same domain.
Web-Based Administration
• Windows Server 2003 has a Web-based administrative
interface.
• This allows you to perform administrative duties via a Web
browser, including checking logs, managing users, and groups
and starting and shutting down services.
• This Admin method can tolerate connection interruptions
and delays that other administration methods cannot.
• Only basic administrative functions can be performed via the
Web interface.
Remote Desktop for Administration
• Allows you to connect to a server and view its screen the
same as though you were sitting in front of the computer.
• Up to two administrators can be connected at once, each
viewing a different screen.
• Requires more bandwidth than other administration methods.
• Remote Desktop clients exist for Mac OSX, Linux, Solaris,
and Windows.
LAN Infrastructure
• Windows Server 2003 can host a variety of LAN
infrastructure services such as DNS, DHCP, and WINS
servers.
• Use the Add/Remove Windows Components section of
Add/Remove programs in the Control Panel to add services.
• When Windows Server
2003 provides these
infrastructure services,
it must use a static IP
address.
Configure a Static IP
1. Open Network Connections
from the Control Panel.
2. Right-click Local Area
Connection and select Properties.
3. Select Internet Protocol and then
click Properties.
4. Select Use the following IP
address and enter IP address
information.
Windows Server 2003 DHCP
• Once you have added the DHCP service to Windows Server 2003,
you will need to create a new scope.
• A DHCP scope is a pool of IP addresses that a DHCP server
allocates to DHCP clients on the network.
• You can set other information, such as DNS server address, subnet
mask, mail server address, proxy server address, and default
gateway as scope options.
Windows Server 2003 DHCP
• You should set a DHCP lease time that is appropriate to your
network.
o Long lease times if hosts are added and removed from your
network occasionally.
o Short lease times if hosts are regularly added and removed
from the network.
• Use reservations to ensure that certain hosts (such as servers)
always have the same IP address.
• Use exclusions for those hosts that have statically configured IP
addresses.
Windows Server 2003 DNS
• By default, Windows Server 2003 uses Active Directory Integrated Zones
(ADI Zones) which are stored within Active Directory.
• ADI Zones can only be hosted on domain controllers. ADI Zones can be
replicated to all domain controllers in the domain or forest. Any DNS server
hosting an ADI Zones can process updates to that zone.
• Only one server can host a primary zone. This server does not need to be a
domain controller. Only the server hosting the primary zone can process
updates to that zone. The zone data is stored in a zone file.
• Any DNS server can host a secondary zone. A secondary zone is a readonly copy of an ADI or primary zone.
• A stub zone is an abbreviated zone that contains only a list of name servers
for the target zone. Stub zones are read only and are updated by contacting a
DNS server hosting the primary zone. Any Windows Server 2003 DNS
server can host a stub zone.
WINS Server
• Windows Internet Naming System is a legacy name resolution protocol.
• WINS translates NetBIOS names into IP addresses.
• WINS is required for LANs that must support Windows NT4 and
Windows 9x clients.
• WINS is not required if all computers on the LAN are Windows 2000,
Windows XP or Windows Server 2003. DNS is used for these
computers.
• WINS uses Push/Pull replication. When a pull occurs, all information is
transferred to the server performing the pull. When a push occurs, only
updates are transferred to the target server.
Server A
Server B
Server A pulls all information
from Server B.
Server A
Server B
Server A pushes updates
to Server B.
Summary
• A domain is a centralized collection of common security policies, user and computer
accounts.
• Domain controllers are special computers that host Active Directory. Domain
controllers authenticate logons and host common security policy, user and computer
accounts.
• A forest is a collection of domains that share the same Active Directory schema. All
domains in a forest automatically trust each other.
• A tree is a collection of domains within a forest that share a common DNS namespace.
• Windows Server 2003 can be managed via MMC, Web Interface, or Remote Desktop.
• Infrastructure servers should use static IP addresses.
• ADI Zones are hosted on domain controllers. Any DNS server hosting an ADI Zone can
process updates to that zone.
• WINS servers are used to support older clients such as WinNT4 & Win9x.
Discussion Questions
 In what types of situations would you configure a short
DHCP lease?
 What are the benefits of an ADI zone over a primary zone?
 Why should an infrastructure server (DNS, DHCP) be
configured with a static, rather than dynamic, IP address?
 What is the difference between a domain, a tree, and a
forest?
 What are the limitations of remotely administering via
MMC as opposed to Remote Desktop?