TechNet Exclusive! Hear from the guy that brought you
Download
Report
Transcript TechNet Exclusive! Hear from the guy that brought you
TechNet Exclusive! Hear from the guy that brought
you Microsoft’s enterprise computing to small and
medium businesses
Nicholas King & Jamie Burgess
Windows Essential Server Solutions
Microsoft
Agenda
08.45 – 9.30
09.30 – 9.45
09.45 – 10.45
10.45 – 11.00
11.00 – 12.00
12. 00 – 12.30
12.30 – 12.45
Welcome/Registration
Introduction
SBS 2008
Break
EBS 2008
Virtualization
Q&A
Introduction
Small Business Server 2008
Standard Edition
Premium Edition
Designed for Small Business
Line-of-Business Application Platform
Windows Server® 2008 Standard
technologies
Microsoft® Exchange Server 2007
Standard Edition
Windows® SharePoint® Services 3.0
Windows Server Update Services 3.0
Microsoft Forefront™ Security for
Exchange Server1
Windows Live™ OneCare for Server1,2
Integration with Office Live Small
Business 2
1
120 day trial included in product.
Live OneCare for Server and Office Live Small Business are not available in all markets and
languages; Microsoft Forefront Security for Exchange Server is not available in all languages. Please see
www.microsoft.com/sbs08 for details.
2 Windows
Includes everything from Standard
Edition, plus:
Additional copy of Windows Server 2008
Standard Edition
Microsoft SQL Server® 2008 Standard
Edition for Small Business
Usage Scenarios
Line of Business Application Platform
Terminal Services Application Mode
Hyper-V Parent Partition
Branch Office
Essential Business Server 2008
Premium Edition
Standard Edition
Enterprise Class for MM
Management Server
Windows Server 2008 Standard
technologies
Microsoft System Center Essentials 2007
Windows SharePoint Services 3.0
compatible 1
Line-of-Business Application Platform
Includes everything from Standard
Edition, plus:
Additional copy of Windows Server 2008
Standard Edition
Microsoft SQL Server® 2008 Standard
Edition
Messaging Server
Windows Server 2008 Standard
technologies
Microsoft Exchange Server 2007 Standard
Edition
Microsoft Forefront Security for Exchange
Server2
Usage Scenarios
Line of Business Application Platform
Terminal Services Application Mode
Hyper-V Parent Partition
Branch Office
Security Server
Windows Server 2008 Standard
technologies
Microsoft Exchange Server 2007 Standard
Edition
Forefront Threat Management Gateway,
Medium Business Edition 3
1 While
Windows® SharePoint® Services 3.0 is not shipped with Essential
Business Server 2008, a step as part of the setup process is provided to
download Windows SharePoint Services 3.0 at no additional cost.
2One year Microsoft Forefront Security for Exchange Server subscription
included in the product.
3 One year Web Antimalware Subscription for Forefront Threat Management
Gateway, Medium Business Edition included in product.
Reduce Costs
Consolidation
Average Midsize company has between 7-15 servers
Solutions reduce number of servers by integrating Core
Infrastructure with best practice
Direct Savings in Management, Hardware, Power,
Insurance…
Standardization
Less complex administration
Lowers costs to maintain
Increase security
Simplify deployment and planning
Automation
70% of IT Administration is doing repetitive tasks
Automation of Application and Update Management
Identity Management
Licensing
Seasonal workers
Deployment of Core Infrastructure roles
Saving time, money, complexity
Windows Essential Business
Server is allowing Vineyard
Music Productions to save
administrative costs now and
increase those saving as it
grow. “Currently, Windows
Essential Business Server is
saving us at least $50,000 a
year in reduced costs,”
explains Bryan Lubeck, the
Owner of Vineyard Music
Productions.
Drive Business Value
Productivity Solutions
Anytime, anywhere more secure connected access to information
Mobile devices, Internet Kiosks
Line of Business application publishing
Bring teams together with collaboration technology
Gain efficiency through Software + Services
Internet marketing and presence
Core Infrastructure Value
Best practice deployment with pro-active management tools
Better uptime, issues resolved faster
More Secure
Integrated Update management
Best practice security deployment
Business "Agility"
Stable Predictable Core Platform provides
cost effective IT foundation
Line of Business applications ‘add-in’
Common look and feel
Get Enterprise tools, with Midsize enablement
Reduction of Infrastructure Costs aligning
teams to more business projects
Known technology state enables faster project
execution
Strong Third Party Eco-System supports
more choices
Purchase Flexibility
Competitively priced for SMB
Combined Server and CAL model
Recognition of existing investments
Credit for Exchange deployments
ISV add-in support and SDK
Forward looking transition path
Into Solutions, between Solutions, out of
Solutions
Microsoft Financing options
Windows Small Business Server 2008
SBS – technical briefing
First Look Demo
Hardware Sizing
Migration
Deployment
Getting Started
Managing Users
Managing Storage
Backup
Updates
Remote Access
Demo
First Look
Minimum System Requirements
Windows Small Business Server 2008
Processor*
2 GHz, 64-bit (4 physical sockets
supported, no limit on cores)
Memory*
4 GB RAM (32 GB Maximum)
OS Drive Partition
60 GB Minimum
DVD-ROM
Bootable from system BIOS
Network Adapter
1 x 100 Mb Ethernet adapter
Monitor and Video adapter
Super VGA (SVGA) monitor and
video adapter with 1024 x 768 or
higher resolution
Network Devices
Router that supports IPv4 NAT
Internet Connection
Required
Firewall
External Firewall required
*NOTE: Windows SBS 2008 has the same processor and memory limits as Windows Server 2008
Standard.
http://www.microsoft.com/windowsserver2008/en/us/compare-specs.aspx
Additional Recommended Hardware
Windows Small Business Server 2008
other requirements
Backup drive (USB 2.0 or faster
external hard disk drive)
Minimum of 1 External USB
Drive, for additional redundancy,
2 external USB hard disk drives
are recommended.
Storage
Consider additional storage for
your application data
Additional Server
(applies to Premium only)
Second Server
(Premium Edition)
Processor
2GHz (x86 and x 64 processors)
Memory – Minimum
2GB RAM (x64)
2GB RAM (x 86)
Memory – Max
32GB (x64 )
Memory – Max
4GB (x86)
OS Partition
10 GB Minimum 40GB Recommended
Storage Recommendations
Separate application and user data from System drive – using
Storage migration tools post setup
Choose high speed disk to increase performance
Some sizing guidelines
Allocate 2GB per mailbox
Estimate around 50GB of shared data and 2GB/user
More detailed guidance on Technet
Options to extend storage further or even at a later date.
These are basic guidelines only
Data Volume
Entry Level
Medium
Utilization
High Utilization
System drive
Raid 1 – 100GB
Raid 1 – 100GB
Raid 1 – 100GB
Application data
drive
Raid 1 – 100GB
Raid 5 – 100GB
Raid 5 – half of
available space
User drive
Raid 1 – 100GB
Raid 5 – 100GB
Raid 5 – half of
available space
Sample SBS network design
Connect router and internal devices to the Internet
ISP
connection
device
SBS 2008
192.168.x.
2
Switch
Public
Network
Router/ Firewall
192.168.x.1
Private Network/LAN
Prepare the SBS network
Upgrade operating systems on the client
• Minimum to: Windows® XP SP2 or
Windows Vista® Business
Connect computers on your network
Check for updated drivers and application
compatibility
Complete the Windows Server SBS 2008
Installation Worksheet
Document Router Firewall
Information
Service or
Application
TCP
SMTP
UDP
External
Port Number
Internal
Port Number
Forward to
IP Address
TCP
25
25*
192.168.x
.
HTTP
TCP
80
80*
192.168.x
.
HTTPS
TCP
443
443*
192.168.x
.
HTTPS for
SharePoint
Services
TCP
987
987
192.168.x
.
VPN
TCP
1723
1723
192.168.x
.
* If SBS configures router, ports are enabled by default
Screenshot walk
through Greenfield
Installation Issues
Windows SBS 2008 must be
connected to a local router/modem
Cannot be connected
directly to the Internet
Installation Issues
Operating System and Applications
Default Installation
Windows Server 2008 Standard technologies
Microsoft Exchange Server 2007 Standard Edition
Windows SharePoint Services 3.0 SP1
Windows Server Update Services 3.0 SP1
Microsoft® Forefront™ Security for Exchange Server1,2
Windows Live™ OneCare for Server1,2
Windows Small Business Server 2008
1120
day trial included in product.
Live OneCare for Server and Office Live Small Business are not available in all markets and languages; Microsoft Forefront Security for Exchange Server is not available in all
languages.
2Windows
Added Server Roles
Default Installation
Active Directory Certificate Services
Active Directory Domain Services
DHCP Server
DNS Server
File Services
Network Policy and Access Service
Terminal Services Gateway
Web Server (IIS)
Installed Features
Default Installation
.NET Framework 3.0 Features
Group Policy Management
Remote Assistance
Remote Server Administration Tools
RPC over HTTP Proxy
Telnet Client
Windows Internal Database
Windows PowerShell
Windows Process Activation Service
Windows Server Backup Features
What about
Migration?
Preparing the Network for
Migration
Migration Highlights
•
•
•
•
21-day grace period
Answer file generator
Migrate without taking down servers
Destination server joins the existing domain (replica
DC)
• Uninterrupted mail flow between both servers
• No need to touch client workstations
Migration Network
Configuration
ISP connection
device
SBS 2003
Single NIC
Migration wizards
turns off DHCP on
source server during
migration
Router
Switch
SBS 2008
Single NIC
DHCP Server Service
Internet
Tasks Performed in Migration Mode
The Migration Wizard
Installs and configures SBS 2008 on the destination server
Joins the destination server to the existing domain
Extends the migration grace period to 21 days
Transfers the FSMO roles to the destination server
Destination server becomes a global catalog server
Destination server becomes the site licensing server
Installs and configures the DHCP service on the destination server
demo
Migration Wizard
demo
Getting Started
Installation Summary
Deployed complete SB environment
Setup all of the infrastructure plus;
Network IPv4 & IPv6
Firewall (uPNP)
DNS internal & external
DDNS
Email
Remote Access
Certificates
Smart Hosts
Mobile Devices
demo
Managing Users
demo
Managing Storage
Managing Server Backups
Backup and recovery technologies used in SBS
Overview
•
•
•
•
•
•
Newly written Backup Wizard
Uses Windows Server 2008 backup technologies
Performs block level backup
Uses volume snapshots
Stores incremental backup, restores as full version
SBS backup supports the backup and restore of Exchange
and SharePoint application data, using VSS technology
• Supports USB and firewire media
• Restores to dissimilar hardware
What is Windows Server Backup?
Configure your Server Backup wizard
Windows Server Backup features
• Back up all volumes or selected volumes
• Back up System state
What’s new?
• Faster backup technology (VSS and block
level backup technology)
• Ability to recover applications
• Simplified restoration
• Simplified operating system recovery
• Wbadmin command-line tool
• Configure backup performance
Windows System Components
System State Data
•
•
•
•
•
COM+ class registration database
Active Directory Certificate Services (AD CS) database
Cluster service information
Microsoft Internet Information Services (IIS) metadirectory
System files that are under Windows Resource Protection
Backing up critical volumes
• Boot files, Windows operating system, and the registry
• The SYSVOL tree
• The Active Directory database (Ntds.dit) and log files
Scheduled backups will automatically include all required system
state data and critical volumes.
Backup Media
Supported backup hardware
• External hard disks
• USB 2.0
• IEEE 1394
• Internal hard disks*
• Removable media drives
Recommendations:
• Rotate multiple disks
• Use disks with 2.5 times the storage
capacity of backup items
New backup drives will be formatted using NTFS
*Internal
hard disks used as a backup device cannot also be used to store data.
Managing Server Recovery
What is Windows Recovery Environment (WinRE)?
• Launch on-disk using F8
• Relies on Windows boot manager and boot loader
Manual diagnosis and repair
•
•
•
•
Startup repair
System restore
Windows backup disaster recovery
Command prompt (Regedit, ChkDsk)
Options
• Restore to dissimilar hardware
• Processor architecture on both systems must match
Partial Recovery Options
Must be a member of the Backup Operators
or Administrators Group
You can recover:
Individual files and folders
Applications
Volumes
SBS Server Recovery
Performing a full server restore
• Insert SBS 2008 installation DVD
• “Repair your Computer”
SBS Server Recovery
Select
• Recovery tool: Windows Complete PC Restore
• Select backup location
• Format and repartition disks
• Exclude disks
• Install Drivers
• Confirm your actions
• Server reboots
demo
Backup
Configuring Mobile Devices
for Exchange Active Sync
What is Exchange ActiveSync? (EAS)
Mobile devices supported
• Microsoft® Windows Mobile® 5.0 (Messaging & Security
Feature Pack)
• Windows Mobile® 6.x
Exchange ActiveSync features
• Direct Push
• Device Security policy enforcement
• Remote device wipe
Configuring Mobile Devices
for Exchange ActiveSync
Using Windows Mobile Device Center
• Windows Mobile 6
• Windows Mobile 5.0
• Windows Mobile 2003
Using SPAddCert.exe
• Windows Mobile 5.0
• Windows Mobile 2003
• Windows Mobile 2002
Download Install Certificate Package.zip
• Windows Mobile 6
Review
Remote Access
Customizing Remote Web Workplace
Customizable features:
•
•
•
•
•
•
•
•
•
•
Remote Web Workplace user access
Remote Web Workplace sing-in page
Remote Web Workplace home page
Check e-mail
Connect to computer
Internal Web site (SharePoint)
Change password
Help
Organizational links
Administration links
Terminal Services Gateway Overview
Authenticates and
authorizes
Checks CAPs
Checks
RAPs
Uses TS Gateway
server SSL
certificate
Port
443
Port
3389
Internal Resources
Break
1045 - 1100
EBS technical briefing
Hardware Sizing
Preparation
Planning
Migration
Deployment
Post Installation
Admin Console
Security
Windows EBS 2008 Hardware Requirements
Server Hardware
Physical Servers
Processor
System Memory
Minimum requirement
Three
64-bit (x64)
Management Server 4 GB
Messaging Server 4 GB
Security Server 2 GB
Storage Capacity
Server | Partition
Management Server | system volume
Minimum partition size
50 GB
Management Server | Data Volume
30 GB
Security Server | system volume
Security Server | data volume
Messaging Server | system volume
50 GB
10 GB
50 GB
Messaging Server | data volume
Network Adapters
20 GB
One for the Management Server
One for the Messaging Server
Two for the Security Server
One per server
DVD Drive
Windows Essential Business Server 2008
Two editions of Windows Essential Business Server
2008
Windows Essential
Business Server
Standard
Windows Essential
Business Server Premium
EBS Standard CAL
EBS Premium CAL
Preparation and Planning Wizards
Windows Essential Business Server Preparation
Wizard performs over 100 infrastructure health checks
DNS configuration
Orphaned records
AD health
Convergence/replication testing (SYSVOL)
Integration mismatches
Broken delegation
Orphaned records
Network connectivity problems
Ghost NICs
Binding order (TIP: Internal network MUST be on first NIC)
169.254.x.x addressing (automatic private IP)
Exchange Health Checks
demo
Preparation & Planning Wizards
Common Network Infrastructure Issues
Intermittent connectivity issues
Improperly configured DNS
AD replication
IP address information
conflicts/inconsistency
Including non-standard or RFC violations
Ghost network cards
Certificates/certificate authorities
Custom GPOs
Resolve Infrastructure Issues Before
Windows EBS 2008 Migration
Intermittent connectivity
Verify/correct ALL cable plant/physical layer (layer 1)
errors
Correct DNS configuration issues
Consistent application of DNS settings
Configured by DHCP
Configured manually (servers)
AD replication
Fix DNS issues (if any) first
Correct IP connectivity
Address conflicts/inconsistency
Resolve ghost NICs (TIP: These will cause Windows
Essential Business Server installation to halt)
Correct binding order
Management Server Installation Summary
Application, Roles and Services installed
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Active Directory components
Certificate services
Domain Name System (DNS) service
DHCP Server service (optional installation)
Exchange Server management tools
File Server role
Threat Management Gateway (formerly called ISA Server) management
tools
Internet Information Services (IIS)
Microsoft® SQL Server® Express
Microsoft® System Center Essentials
Network Protection service
Print Server role
Remote Assistance optional component
Terminal Services RemoteApp™
Windows Server® 2008
Windows Essential Business Server Administration Console
Windows Essential Business Server licensing service
Windows Server Update Services (WSUS—installed as a component of
System Center Essentials)
Management Server Installation Summary
Network Status
• Management Server is assigned a name and a static IP address
• Active Directory is configured in one of the following two options:
• Management Server is joined to an existing Active Directory domain
as a domain controller
• Management Server is the domain controller for a new domain in a
new forest
• DNS is configured in one of the following two options:
• Management Server is the preferred DNS server
• existing DNS server is the preferred DNS server, and the
Management Server is the alternate DNS server
• Management Server DHCP scope is defined, if selected as an option
• Windows Essential Business Server DHCP service is started, if
selected as an option
• Management Server internal adapter points to the network default
gateway
• Windows Firewall service on the Management Server configured with
default firewall exceptions for Windows Essential Business Server.
• Remote Web Workplace
Security Server Installation Summary
Applications, Roles and Services
installed
• Active Directory Lightweight Directory
services
• Exchange Server Edge transport
• Exchange Intelligent Message filter
• Threat Management Gateway
• Routing and remote access service
• System Center Operations Manager agent
• SQL Server Express (required for Threat
Management Gateway logging)
• Windows Server 2008
demo
Setting up EBS
Guided Configuration & Migration Tasks
demo
Unified Administration
Environment Requirements for License Compliance
Must be domain controllers:
• Management Server
• Messaging Server
No trust relationships with other forests
Management Server holds roles of:
• Primary Domain Controller
• Domain Naming Master Server
All three servers are in the same domain
No child domains
EBS Domain is at the root of the AD forest
EBS Security Conceptual
Overview Internet
Threat Management Gateway
Exchange Edge
Perimeter
Pipeline
Management Server
(Data)
Messaging Server
(Data)
Client PCs
(Data)
Security workload consolidated and placed where it needs to be
Host firewall on Management/Messaging servers
Inbound & Outbound access rules set by default
Secure communications between EBS servers
Secure workstation data using ACLs, policies and secure coding practices
Security Server role in EBS
Consolidates Security workload
“Edge” role is critical
• Will deploy in “defense in depth” mode if edge sufficiently
covered
Configure secure remote access to workplace
services such as mail or access to desktops
Logging and auditing data in SQL Server
Provides holistic view of security in the
organization
Security Components in EBS
Perimeter protection provided by firewall feature of Forefront
TMG
AV protection for HTTP traffic provided by malware inspection in
TMG
Anti-spam protection by Exchange (Edge role)
Anti-virus for email by Forefront Security for Exchange Server
(FSE)
Pipeline protection by using secure channel or using encryption
for all server traffic
Data protection policies and ACLs, managed security updates to
all clients
Forefront Treat Management Gateway
Configuration
Built in policies setup for best practices
for medium sized businesses
Configured out-of box settings:
•
•
•
•
Firewall policy settings
Intrusion Detection settings
Web Listener settings
Web Proxy settings
One-click option to restore to default policy
settings in EBS Administration Console
Firewall Policy
Configured to allow access outbound and inbound
6 server publishing rules for Exchange (OWA, OMA), Terminal
Services Gateway and Remote Web Workplace
10 access rules to allow inbound and outbound access to
various commonly used protocol traffic, such as SMTP and
HTTP
36 system policy rules setup for EBS configuration
Fully documented in EBS TechNet site
Intrusion Detection settings
Forefront Treat Management Gateway
is configured to detect :
•
•
•
•
•
•
•
Windows out-of-band (WinNuke)
Land
Ping of death
IP half scan
UDP bomb
DNS host name overflow
DNS length overflow
Demo
Security Server logging
Exchange role separation in
EBS
Default configuration set to best practices for
midsize businesses
EBS installs Exchange Server 2007 Service
Pack 1
Security Server has Edge Transport role
• “Keep the unwanted traffic at the edge”
Messaging Server has Hub Transport, Mailbox
and Client Access Server roles
• Also has Forefront Security for Exchange so it can cover
both store and transport
Coexistence with Other Mail Solutions
Designed to be installed into an organization with
an existing email solution
Designed to be non disruptive install
Very minimal downtime needed during install
Can work with older Exchange or 3rd party product
Mail flows through EBS Messaging server to older
Exchange
After mailboxes are migrated, decommission older
system.
• If older Exchange in organization, no changes needed
• After decommissioning 3rd party products, minor fix up needed in
Exchange 2007
Default Mail Flow: Existing Config
ISP DNS Record
MX :
207.157.132.11
Internet
Internet
207.157.132.11
Firewall
192.168.1.1
EBS
Management
192.168.1.xx1
Existing
Mail Server
192.168.1.x
192.168.1.1
Existing
PCs
IP
GW
Goals :
• Mail flows
through Exch Edge
to Messaging to
Existing servers
• No loss of mail
flow
Default Mail Flow: After Security
ISP DNS Record
MX :
207.157.132.11
Internet
Internet
207.157.132.11
Forward Port
25 to
192.168.2.2
Firewall
192.168.1.1
192.168.2.1
192.168.2.2
- Exch Edge filters
mail and forwards to
existing mail server
EBS
Security
192.168.1.1
Goals :
• Mail flows through
Exch Edge to
Messaging to
Existing servers
• No loss of mail
flow
Mail Flow Change:
• Need to change
firewall configuration
to send to EBS
Security Server
EBS
Management
192.168.1.xx1
Existing
Mail Server
192.168.1.x
192.168.1.1
Existing
PCs
IP
GW
Default Mail Flow
Internet
ISP DNS Record MX
: 207.157.132.11
Internet
Forward Port 25 to
192.168.2.2
207.157.132.1
Firewall
1
192.168.1.1
192.168.2.1
192.168.2.2
- Exch Edge filters
mail
- Edge connector set
to EBS Messaging
EBS
Security
192.168.1.1
192.168.1.xx1
EBS
Messaging
192.168.1.xx3
Mail Flow Change:
• Need to change
firewall configuration to
send to EBS Security
Server
• EdgeSync subscription
is done
• Mail flows through
Messaging server to old
server.
RGC
EBS
Management
Goals :
• Mail flows through
Exch Edge to
Messaging to
Existing servers
• No loss of mail flow
Existing
Mail Server
192.168.1.x
192.168.1.1
Existing
PCs
IP
GW
Virtualization
Overview
Scenarios
Technical Benefits
Business Benefits
Examples
Guide for Scenario Slides
Premium SKU of EBS
ideal for Virtualizing
Includes Windows Server
2008 Standard w/ Hyper-V
Allows license to be reused as
a child partition as long as the
parent instance only supports
Hyper-V services
Hyper-V Server also a
viable option but
requires configuration
of separate
management tools
Best practice is not to
install these on a child
partition
Physical machines are
indicated with a
machine icon,
instances are illustrated
with a container
Terminology
OSE
Parent/Child
Hypervisor
Physical Machine
Applications
Hyper-V Enabled
Operating System
Hyper-V Compatible
Operating System
Parent Partition
Child Partition(s)
Windows Hypervisor
““Designed for Windows” - Physical Hardware
EBS Scenarios – Fully Virtualized
Technical Impact
Business Impact
Hardware requirements stay
the same as physical
Check potential HW savings –
ensure you maintain the HW
requirements
Some flexibility over time
when moving between servers
Good scenario for small low load EBS deployments (25
users)
Remember EBS has 40-60%
density already before
virtualizing!
Disk, CPU, RAM
Exposure when co-existing all
infrastructure on a Server
Backup/Restore Plans?
Snapshots/Quick Migration not
supported
Virtualized Firewall
Detailed setup step-by-step
will be on Technet
Do not join parent partition to
domain
Virtual Machines
Physical Machine
EBS Premium 4th
Server
Licensing Required – EBS Premium with
the 4th Server configured as Parent partition, or Hyper-V Server
Parent Partition
Applications
Applications
Applications
EBS 2008
Management Server
EBS 2008
Messaging Server
EBS 2008
Security Server
Child Partition(s)
Windows Hypervisor
““Designed for Windows” - Physical Hardware
EBS Scenarios – Two Physical Machines
Technical Impact
Business Impact
Hardware requirements stay
the same as physical
Reuse onsite x64 HW for
Security Server
Disk, CPU, RAM
Requirements need to be
met
Deciding which roles to split
Security Physical?
All permutations supported
Scale over time
Options to choose
between fully virtualized
two machines or split
physical/virtual
Additional licensing required
No support for split locations
Do not domain join parent
partitions
Creates cyclic dependency
Virtual Machines
Virtual Machines
Physical Machine
Licensing Required – EBS Premium with the
4th Server configured as Parent partition and additional
Hyper-V compatible server for 2nd Physical machine. HyperV Server is an option
Applications
Physical Machine
Windows Server
2008 Standard
EBS 2008
Security Server
Windows Server
2008 Standard
Parent Partition
Child Partition(s)
Parent Partition
Applications
Applications
EBS 2008
Management Server
EBS 2008
Messaging Server
Child Partition(s)
Windows Hypervisor
Windows Hypervisor
Physical Hardware
““Designed for Windows” - Physical Hardware
EBS Scenarios – Consolidation
Business Impact
Technical Impact
Does not effect the EBS
configuration as it runs
physical
Can join parent partition
to the EBS Domain
Allow for consolidation of
legacy OSE, or rapid
deployment of new OSEs
Provides physical
isolation of Core
infrastructure roles
Hyper-V + EBS = great
management of OSEs
Great scenario for LOB
with Premium licensing
SQL 2008 + Windows 2008
Standard
Great solution for
consolidating and
securing branch
Virtual Machines
Physical Machines
Physical Machine
Essential Business
Server 2008
4th Server
Parent Partition
Applications
Applications
Essential Business
Server 2008 4th
Server
Other Operating
Systems
Child Partition(s)
Windows Hypervisor
Windows Essential
Business Server 2008
Licensing Required – EBS Premium with
the 4th Server configured as Parent partition, or Hyper-V Server
““Designed for Windows” - Physical Hardware
EBS Scenarios – Presentation Virtualization
Technical Impact
Premium is the ideal
server for Terminal
Services/Presentation
virtualization
Messaging Server has
TS Gateway installed
Security Server is
publishing the TSG
Premium Server has TS
application mode
enabled
Licensing Required – EBS Premium with
the 4th Server configured with Terminal Services application
mode. TS users require a TS CAL
Business Impact
Simplify management
and reduce servicing
cost of client devices
Provide common user
experience increasing
usability
Provide outside system
access with RWW and
TSG
Unsupported Configurations
It is NOT supported to use
any of the EBS roles as a
parent partition
Due to the nature of the
parent partition, best practice
suggests you use only for
supporting child partitions
Snapshots are NOT
supported
Snapshots can corrupt AD
when FSMO roles are virtual
Quick Migration is NOT
supported
Due to its use of snapshots
Terminal Services is
NOT supported on
application mode on
any of the EBS Servers
Impact to AD security
Preparing to set up EBS
Check hardware sizing – Proc, RAM, Disk
Decide on firewall configuration
• Virtualized Security Server + External Firewall
• Double NAT?
• Virtualized Security Server
• Physical Security Server
Plan and Prepare backup and recovery
Choose your Hyper-V enabled platform
• EBS Premium 4th Server
• EBS Premium 4th Server Core
• Hyper-V Server
Set up Hyper-V
• http://technet.microsoft.com/en-us/library/cc732470.aspx
Hints and Tips
Create a test environment once you have
completed all setup tasks
Shut down all machines and export the VHDs.
Monitor the performance of the Parent
Partition. Watch for
Disk/Proc/Memory/Network exhaustion
Disk capacity in the VHD
Managing updates for Hyper-V server
http://technet.microsoft.com/enus/library/cc720464.aspx
SBS Scenarios – Fully Virtualized
Technical Impact
Hardware requirements stay
the same as physical
Disk, CPU, RAM
Exposure when co-existing all
infrastructure on a Server
Backup/Restore Plans?
Snapshots/Quick Migration not
supported
Fax Service not supported
Detailed setup step-by-step
will be on Technet
Do not join parent partition to
domain
Some features change- details
next slide
Business Impact
Check potential HW savings –
ensure you maintain the HW
requirements
Some flexibility over time
when moving between servers
Good scenario for small low load SBS deployments (<10
users)
Remember SBS has 40-60%
density already before
virtualizing!
Virtual Machines
Physical Machine
Small Business
Server 2008
Premium – 2nd Server
Parent Partition
Applications
Applications
Small Business
Server 2008
Premium – 1st Server
Small Business
Server 2008
Premium – 2nd Server
Child Partition(s)
Windows Hypervisor
Licensing Required SBS Premium with
the 2nd Server configured as Parent partition, or Hyper-V Server
““Designed for Windows” - Physical Hardware
SBS Scenario – Fully Virtualized cont.
Technical Impact
Backup relies on direct
attached storage
Create a fixed sized VHD
that resides on a separate
disk drive
Drive should be external to
protect from HW failure
Add the VHD to the child
partition as an additional
drive
Alternatively USB hard
disk drives can be taken
offline in the physical
device manager and
then mounted into the
VM as an internal drive
You can backup the VM
Must copy the answer file
to either a virtual floppy
disk or a virtual hard disk
that is then connected to
the VM. -> Cdimage.exe
COM ports are not
virtualized. Devices such
as UPS, Fax/Modems are
impacted
The Windows Server 2008
Fax server role is not
supported in a virtual
machine.
SBS Scenarios – Premium Hyper-V Parent
Technical Impact
Does not effect the SBS
configuration as it runs
physical
Can join parent partition
to the SBS Domain
Allow for consolidation of
legacy OSE, or rapid
deployment of new OSEs
Provides physical
isolation of Core
infrastructure roles
Business Impact
Hyper-V + SBS = great
management of OSEs
Great scenario for LOB
with Premium licensing
SQL 2008 + Windows 2008
Standard
Great solution for
consolidating and
securing branch
Virtual Machines
Physical Machines
Physical Machine
Small Business
Server 2008
2nd Server ( Hyper-V
and support services
only)
Parent Partition
Licensing Required – SBS Premium with
the 2nd Server configured as Parent partition, or Hyper-V
Server
Applications
Applications
Small Business
Server 2008 2nd
Server
Other Operating
Systems
Child Partition(s)
Windows Hypervisor
Windows Small
Business Server 2008
““Designed for Windows” - Physical Hardware
SBS Scenarios – Presentation Virtualization
Technical Impact
Premium is the ideal
server for Terminal
Services/Presentation
virtualization
SBS Standard Server
has TS Gateway
installed
Premium Server has TS
application mode
enabled
Licensing Required – SBS Premium with
the 2nd Server configured with Terminal Services application
mode. TS users require a TS CAL
Business Impact
Simplify management
and reduce servicing
cost of client devices
Provide common user
experience increasing
usability
Provide outside system
access with RWW and
TSG
Unsupported Configurations
It is NOT supported to use
the SBS Standard Server
as a parent partition
Due to the nature of the
parent partition, best practice
suggests you use it only for
supporting child partitions
Snapshots are NOT
supported
Snapshots can corrupt AD
when FSMO roles are virtual
Quick Migration is NOT
supported
Due to its use of snapshots
Terminal Services is
NOT supported on
application mode on
the SBS Standard
Server
Impact to AD security
Preparing to set up SBS
Check hardware sizing – Proc, RAM, Disk
Plan and Prepare backup and recovery
Choose your Hyper-V enabled platform
• SBS Premium 2nd Server
• SBS Premium 2nd Server Core
• Hyper-V Server
Set up Hyper-V
• http://technet.microsoft.com/en-us/library/cc732470.aspx
Appendix
Hints and Tips
Create a test environment once you have
completed all setup tasks
Shut down all machines and export the VHDs.
Monitor the performance of the Parent Partition.
Watch for
Disk/Proc/Memory/Network exhaustion
Disk capacity in the VHD
Managing updates for Hyper-V server
http://technet.microsoft.com/enus/library/cc720464.aspx
Read up on performance tuning
http://www.microsoft.com/whdc/system/sysperf/Perf_tu
n_srv.mspx
Server Core, Server, and Hyper-V Server
Can choose between
Hyper-V Server – web
download
Only Hyper-V role
available
Additional Windows
Server as part of SBS
Premium
Deployed as either
Standard Core or
Standard Full Installation
Able to deploy Premium
Server as both virtual and
physical as long as the
physical is used only to
support Hyper-V
Think carefully about using a
OS without a GUI
Remote management
tools
Technical training
requirements for staff
Practice using command line
to configure services
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.