Schweitzer Fachinformationen
Wenn es um professionelles Wissen geht, ist Schweitzer Fachinformationen wegweisend. Kunden aus Recht und Beratung sowie Unternehmen, öffentliche Verwaltungen und Bibliotheken erhalten komplette Lösungen zum Beschaffen, Verwalten und Nutzen von digitalen und gedruckten Medien.
Chapter 2
Adding Server Roles and Functionality
In this chapter, you will learn to:
After you have installed your Windows Server 2008 R2 server, your job has just begun, even though installing the Windows Server 2008 R2 operating system can be a fairly straightforward process. More than likely, you had a purpose in mind for the server. Unlike earlier server operating systems from Microsoft where there were quite a few preinstalled roles and servers, in a Windows Server 2008 R2 installation there are no additional roles or features installed as a part of the base operating system. You have a blank slate for the server in which to create your environment.
As an administrator of a Windows Server 2008 R2 server, you get to choose the roles and features you want to install on the new server installation. Additionally, when you install the needed functionality on the server, Windows Server 2008 R2 will install only the necessary components for the functionality to properly run. This will increase the performance of the server by not installing unnecessary components on the server. This role-based installation methodology has the added benefit of reducing the potential attack surface of your server.
This role-based installation also offers some great flexibility; however, this will add time to your planning process. This also means that when the server operating system first boots up, some things may not work as you expect. This generally is a result of a role or feature that has not been installed yet and not indicative of a bigger problem or server error.
Although there are many roles and services that can be installed on a Windows Server 2008 R2 server, this chapter will focus on just a few. Each role you install on the server can have numerous considerations for installation and planning. The roles selected for this chapter are based on the most common elements in many infrastructures.
Knowing how to properly plan, install, and migrate the roles to Windows Server 2008 R2 are key factors to working with your server. In this chapter, you will learn about planning, installing, and migrating the more common roles you can install on a Windows Server 2008 R2 server. This chapter will discuss both a Windows Server 2008 R2 full installation as well as the Server Core version.
Plan for Windows Server 2008 R2 Roles
Before you can install any roles, you need to plan for the ones you will be installing on the server. Some of the roles will require minimal planning, such as the Fax Server role, but other roles will require a great deal of planning like the Active Directory roles. In this section, we'll cover some of the planning decisions for these common roles:
Plan for Active Directory
One of the most common functions installed on a Windows Server 2008 R2 server is Active Directory (AD). AD governs authentication and access to your network applications and resources. AD provides the directory services that allow you to organize and secure your network infrastructure. Before you begin to plan the AD environment, you need to understand some of the common terminology used in a typical AD deployment:
Forest This is the main and first logical structure for your directory structure. The forest is the main security boundary and will contain all the objects for your directory, starting with domains. Domains inside a single forest will automatically have a two-way transitive trust with all the other domains in the forest. The forest also defines several things for all the domains in the forest. First, the forest defines the schema for the AD structure. The schema contains the definition and attributes for all the objects in the forest. The schema is extremely important to the AD structure, because it defines the various objects such as the users and groups. It will also define what properties make up those objects; an example of a property would be a last name or phone number. Also, with some enterprise-wide applications, such as email, the schema will get extended to support any new objects or properties needed by the new application. Some applications need to extend the schema to provide the proper objects for the application to function. Second, the forest also contains the replication information for the directory to properly function. Lastly, the forest holds the global catalog, which provides search capabilities for the forest.
Domain Domains are how you divide the forest into logical units. Domains are created to help control data replication and are instrumental in allowing your directory structure to scale. The domain contains all the security principals (for example, users and groups are stored here) for your organization. The domain also handles the authentication for your network as well and through this provides the base for securing your resources. The domains also helps manage trusts. The domain is also considered one of the main security boundaries for your network. Domains not only allow you to quickly segment resource access for users but also provide a tool to delegate administrative tasks.
Trees Inside forests you have trees; these are where your domains reside. A tree is where you have domains sharing a common namespace as well as a security context for sharing the many resources located in a domain. Any domains you install underneath the first domain become child domains and get a new DNS name. However, the name inherits the parent domain name. For example, if the parent domain is called admin.com, you install a new child domain called server. The child domain's DNS name would be server.admin.com.
Trusts Trusts allow the domains to authenticate resources not natively stored in the domain. Trusts can be one-way or two-way. Typically trusts are two-way. For example, if a two-way trust exists between domain A and domain B, users from either domain could log on and be authenticated regardless of physical location. Inside a single tree in a forest, all the domains automatically have a two-way transitive trust between one and another, making the flow of information much easier. You can control and configure the trust relationships to meet your needs. Additionally, when you create a new forest, there is no trust relationship created between the two forests, but you can, however, create one.
Organizational unit (OU) This provides logical organization to a domain. Without the use of OUs, the domain is just one giant bucket of unorganized objects, making administration a headache. OUs offer the ability to logically organize the objects in your directory. Objects are generally user or group accounts; however, there are several objects you can find in a domain. However, the main objects you will use on a day-to-day basis are users and groups. This organization provides several administrative benefits. Being able to find users and edit properties of a group of users is easier with OUs. You can also delegate administration to the OUs, which allows you to have multiple administrators without having to grant them access to the entire domain. Lastly, OUs are used in the deployment of group policies. Group Policy provides you with the tools to centrally manage and control your clients. Chapter 5 will discuss Group Policy.
User The user is the account you grant access to log on to your network. This is one of the main objects inside your domain environment.
Group This is another important AD object. Providing another way to organize your users, groups are an invaluable resource when you're granting secure access to your networks resources, such as file shares, printers, or applications. Groups can have scopes that range from local to the domain to the entire forest.
Domain controller (DC) This is the main server (or servers) holding your domain objects (users, groups, and so on). The domain controller is also responsible for replication of the directory structure to other DCs as well as for providing support for search capabilities.
Read-only domain controller (RODC) This is a variation of the domain controller and holds only read-only copies of the directory. Traditional DCs can receive and deliver changes to other DCs in the directory structure, but RODCs can receive only replication updates. Normally these servers are used in branch-office scenarios but could also be used for other reasons such as web applications.
Sites When you're designing Active Directory domains, OUs, and the many other objects that offer logical containers to help organize your structure, an important physical element of Active Directory is the site. Sites allow you to control the physical structure of your network. Sites help govern three important functions in your environment: replication, authentication, and service location. Sites allow you to define boundaries of your network via IP...
Dateiformat: ePUBKopierschutz: Adobe-DRM (Digital Rights Management)
Systemvoraussetzungen:
Das Dateiformat ePUB ist sehr gut für Romane und Sachbücher geeignet – also für „fließenden” Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein „harter” Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.Bitte beachten Sie: Wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!
Weitere Informationen finden Sie in unserer E-Book Hilfe.
