450 likes | 638 Vues
ADM350 Windows Server 2003: Management Capabilities. BJ Whalen Program Manager Windows Server Microsoft Corporation. Windows Server 2003 Manageability Focus. Usability of management features Management automation Remote & headless server management
E N D
ADM350Windows Server 2003:Management Capabilities BJ Whalen Program Manager Windows Server Microsoft Corporation
Windows Server 2003 Manageability Focus Usability of management features Management automation Remote & headless server management Built-in manageability for system services Security management
Agenda Directory & policy based management Scripting & command line management Role based management Remote and headless system administration Deployment solutions Resource management Security management Backup & Restore Summary of manageability enhancements
Active Directory Management Enhancements (Part 1) • Removed Irreversible Decisions • Domain rename • DC rename • Schema delete • Deployment improvements • Improved replication • Delta replication for group membership changes • 5000 member limit removed • Install replica from media • Cross Forest Trust • Improved Topology Generator (KCC) – support for 5000 sites • ADMT improvements: password migration, scripting & cmd-line interface
Active Directory Management Enhancements (Part 2) • Operational Improvements • Universal group caching • Cmdline access to DS: DSMod, DSAdd, DSGet • Quotas on object ownership • Replication & trust monitoring - RepAdmin • UI Enhancements • Multi-object editing • Drag & drop • Saved queries
New Policy Active Directory Many End User Results Many Computer Results Group Policy Goal: Improve the Admin Experience • GPMC • New admin tool for managing Group Policy • Ships via Web • Resultant Set of Policy (RSoP) • WMI Filters • Command Line tools • GPUpdate, GPResult • 32 GPMC Sample Scripts • Full list across all operating systems at: • New Policy Settings • http://go.microsoft.com/fwlink/?LinkId=15165 One Administrator Action
Group Policy Management Console • Improved User Interface • Based on how customers use Group Policy • Improved security management • Integration of RSoP • HTML and XML Reporting of GPOs and RSOP • New capabilities for rapid deployment of policy • Backup/restore, import/copy • Scriptability • Enables customization and automation • Support for Staging • First create in sandbox test environment • Replicate to production
New Scenarios with GPMC • Read only access to GPOs • Documenting all GPOs in the domain • Backing up all GPOs • Rapidly create and deploy managed configurations • Planning and Troubleshooting • Staging from test to production
Agenda Directory & policy based management Scripting & command line management Role based system administration Remote and headless system administration Deployment solutions Resource management Security management Backup & Restore Summary of manageability enhancements
WMI – What is it • Uniform management interface for distributed systems management • Common access and query capabilities and discovery via a common data model • Exposes relationships between various aspects of Management domains • Universal programmable agent for health monitoring and remote management • Out-of-the-box management for over 10,000 system objects • Historically geared for developers, but that is now changing… • With WMIC, WMI becomes accessible to Admins
C:\>wmic WMICOM Client WSH Script API DCOM Core Services Query Service View Service Event Filtering Pub/Sub Service Schema RT / Provider Subsystem Repository Provider subsystem COM WMI Providers (loaded on-demand) Registry Perf Counters NT Event Log WMI ext for WDM LOB app provider Active Directory IPC Managed applications and platform services WMI Architecture Client Services Sripting API COM API DCOM Remoting WMIC Core Services Namespace services Query Security Events subscriptions Provider Subsystem Secure provider hosting Providers Abstraction of the OS services and application APIs
WMI Enhancements • New WMI Console (WMIC) • Command line and console access to WMI • Simplified view to the WMI object model • New and updated WMI providers • AD replication and trust • Server clustering • DFS • Internet Information Server • Terminal Services • Others • Benefits: • WMI is now usable by admins • More stuff is manageable through WMI
Direct Access (PATH/CLASS) Access via Alias (FriendlyName) Alias schema Provider WMI WMI Provider WMIC Engine Provider Provider Provider Console HTML XML DOM XSLT XSLT XSLT CSV XSLT XSLT XSLT MOF Customer defined WMIC Architecture
WMIC Highlights • Command line tools that allows writing basic script in cmd.exe • Avail on XP and Server 2003 • Can manage Win2k computers • Supports interactive mode – admin console for WMI • Easy to learn command language • Common grammar • Progressive help discovery • Vocabulary driven by WMI instrumentation and aliases • Can access any WMI object • Simplified access to key WMI objects (80 aliases, 150 methods) • Transparent remoting • Multiple output formats • Built-in support for: Console, HTML, CSV, MOF • Customer defined formats (using XSLT)
Command Line Tools • Command line execution of common administration tasks • Simplifies top system administration tasks • Transparent remoting • 60+ commands • Documented in “ntcmds.chm”
Agenda Directory & policy based management Scripting & command line management Role based system administration Deployment solutions Resource management Security management Backup & Restore Summary of manageability enhancements
Manage Your Server Roles • Configure Your Server wizard • Wizard based setup for server roles • ‘Typical’ or standard ‘Specific’ roles • Can be run multiple times • Manage Your Server console • Central place to find configuration and management tools • Server role discovery, removal, and management • Key Benefits • Easy to configure, discover, and manage server roles • Confidence that server roles are correctly set up • Easy to find configuration and management tools and resources
Agenda Directory & policy based management Scripting & command line management Role based system administration Remote and headless system administration Deployment solutions Resource management Security management Backup & Restore Summary of manageability enhancements
RDP TCP/IP Remote Management Using Terminal Services Remote Management Scenarios • HelpDesk • Remote Assistance to view and interact with remote user’s desktop • IT Pro Administration • Remote Desktop for Administration – remotely manage servers • Remote access to console (session 0) • “Remote Desktops” MMC snap-in – for managing multiple computers from single interface Remote Mgmt of Terminal Servers • Group Policy settings – computer and user setting, permissions, etc. • TS WMI provider – scriptable interface for managing TS settings Terminal Server Client
Emergency Management Services (EMS) • What it does: • Provides ‘out of band’ capabilities to bring distressed system back to ‘in-band’ management state • Customer Scenarios: • Remote emergency management of Windows computers when traditional methods not avail. • Headless (no KVM) and data centers • Key OS Scenarios: • Boot • System Crash • System setup • How it works: • Enables console redirection of boot loader, textmode setup, blue screens for headless server support • Secure Administration Console (SAC) provides limited set of powerful commands to return system to ‘in-band’ state
Agenda Directory & policy based management Scripting & command line management Role based system administration Remote and headless system administration Deployment solutions Resource management Security management Backup & Restore Summary of manageability enhancements
Target Serveror Desktop Windows Pre-Installation Environment* (Windows PE) • Minimal footprint subset of Windows Server 2003/Windows XP • TCP/IP networking support • Scriptable disk configuration tools • Replaces DOS as pre-installation environment • Hardware independent • Scriptable • Customizable • Boot target with Windows PE • Prepare disk withDiskpart (scriptable) • Format disk withFormat (scriptable) • Apply image or runscripted install fromdistribution point File Share *Windows PE is available to Enterprise Agreement, Select, and Software Assurance customer only
DHCPServer Desktops or Servers RISServer AD Remote Installation Services (RIS) • Automated network install of OS or OS + Apps • For bare metal/full refresh deployments • Initiated by PXE or floppy boot • Scripted or imaged deployments • Key Enhancements • Supports all version of Windows 2000 & Windows Server 2003 + Windows XP Pro • Fully automated deployment enabled • Support for headless server deployment • Security – password encryption, secure domain join, etc. • HAL filtering for RIPrep
ADS Imaging Tools WMI Interface ADS Controller DB (MSDE /SQL) MMCUI CustomerScripts CommandLine Tools NetworkBoot Service Image Distribution Service Controller Service ADS Deployment Agent Target Server Post-OS Stage ADS Admin Agent Target Server Automated Deployment Services (ADS) • Designed for high bandwidth datacenter environment • Framework for mass server administration – deployment and scripting • New flexible Microsoft imaging format and tools • Initiated by PXE boot • Multicast, multi-server deployments • Deploys Windows 2000 and Windows Server 2003 servers • Key Benefits • Rapid automated bulk deployment of servers • New powerful, flexible imaging format and tools from Microsoft • Deployment and script based administration of 1000 servers as easily as one *ADS provided with Enterprise & Datacenter Editions of Windows Server 2003
Agenda Directory & policy based management Scripting & command line management Role based system administration Remote and headless system administration Deployment solutions Resource management Security management Backup & Restore Summary of manageability enhancements
Windows System Resource Manager (WSRM) • What it does • WSRM facilitates consolidation of applications onto a single instance of Windows • Lets you throttle individual processes based on: • % CPU • Real memory • Virtual memory • How it works • Identify processes, what to manage • Create resource management policies to define caps • Apply policies based on a date/time schedule • Create, store, view and export accounting records • Availability • WSRM ships with Windows Server 2003, Enterprise and Datacenter Editions
Consolidation with WSRM • Benefits • Facilitates server consolidation in poor use of resources scenarios • Increases availability of critical applications in mixed workload scenarios • Results in improved understanding of application resource utilization behavior • Scenarios • Single or multiple important LOB apps with other applications or services • Manage Users on a large Terminal Server system • Multiple SQL Server instances • Manage resource usage of individual IIS6 Application Pools on a server • SQL Server and IIS6 running on the same machine
WSRM Screenshots Impact of resource allocation changes Administration GUI Policy scheduling calendar Accounting reports
Agenda Directory & policy based management Scripting & command line management Role based system administration Remote and headless system administration Deployment solutions Resource management Security management Backup & Restore Summary of manageability enhancements
Security Management • Security configuration & policy enforcement • Group Policy is key deployment mechanism • Strong password enforcement by default • Software restriction policies • Security auditing • Per user and operation based auditing • Logon/logoff & account management auditing • Vulnerability assessment & security updates • Windows Update Service • Microsoft Baseline Security Analyzer • Software Update Services • SMS with Feature Pack
Upcoming Security Tools* • Security Configuration Editor (SCE)* • Server role based security configuration • In-the-box server roles • Wizard will allow construction of customized server role security configurations • Lockdown testing to verify system functions as expected • Microsoft Audit Collection Services (MACS) • Real-time security event collection tool for servers & desktops • Events encrypted, signed, compressed & collected in SQL database allowing as-needed reporting • Separates administrator and auditor roles • Subscriber API allows intrusion detection applications to get real-time filtered events • Release planned at same time as WS2003 SP1 *Planned for release in H2 2003
Software Update Services (SUS) Microsoft Windows Update Service • Corporate solution for Windows OS critical and security patch management • Supports critical and security (critical and medium) patches and security patch rollups today • SUS server automatically downloads patches from Windows Update Service • Target computers can be centrally configured (via GP) to synchronize with either SUS server or WU Service • Various download and patch application configuration options Intranet Target computers withAutomated Updates (AU) SUS Server Geographically Distributed Enterprise
Agenda Directory & policy based management Scripting & command line management Role based system administration Remote and headless system administration Deployment solutions Resource management Security management Backup & Restore Summary of manageability enhancements
Shadow Copy Backup & Restore • Administrators can configure point-in-time backups of user data • Incremental backup minimized disk space consumption • Self-service document restore for users • Reduces administrator workload and user frustration & downtime Server side Client side
Agenda Directory & policy based management Scripting & command line management Role based system administration Remote and headless system administration Deployment solutions Resource management Security management Backup & Restore Summary of manageability enhancements
Summary of Manageability Enhancements • Usability of management features • AD enhancements, GPMC, server role based management, WMIC • Management automation • RIS, ADS, WMIC, Command line utilities, New WMI providers, new GP settings, GP scripting, SFU 3.0 • Remote & headless server management • EMS + RIS + Terminal Server enhancements provide full support for remote, headless system management • Built-in manageability for system services • IIS manageability, Server Cluster & Network Load Balancing management, WSRM, monitoring, tracing & diagnostics enhancements • Security management • Security Templates, Software Restriction Policies, Security Configuration Editor, MACS, SUS, Network Quarantine, etc.
Management Capabilities:WS2003 vs. WinNT 4.0 and Win2K *Delivered after initial release of Windows 2000 †Available via Microsoft Services for Unix product
More Information at • Windows Server Management page: http://www.microsoft.com/windowsserver2003/technologies/management/default.mspx • Windows Server Management at Technet: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/management/default.asp • Microsoft Management page:http://www.microsoft.com/management • Microsoft Solutions for Management page:http://www.microsoft.com/solutions/msm
Community Resources • Community website:http://www.microsoft.com/windowsserver2003/community/centers/management/default.asp • Windows Server Management Support: http://support.microsoft.com/default.aspx?scid=fh;EN-US;winsvr2003mgmt • Group Policy Newsgroup: http://www.microsoft.com/windowsserver2003/community/newsgroups/windows_grouppolicy.asp • Software Update Services Newsgroup: http://www.microsoft.com/windowsserver2003/community/newsgroups/softwareupdatesvcs.asp • Windows Server Scripting Newsgroup: http://www.microsoft.com/windowsserver2003/community/newsgroups/windows_server_scripting.asp
Suggested Reading And Resources The tools you need to put technology to work! TITLE Available Active Directory® for Microsoft® Windows® Server 2003 Technical Reference Today • Visit the Microsoft Press Kiosk today to receive 40% off books purchased from Amazon.com • Microsoft Press books are available at the TechEd Bookstore and also at the Ask the Experts area in the Expo Hall
© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.