1 / 29

MCTS: Windows Server administration 70-646

MCTS: Windows Server administration 70-646. Chapter 1, Lesson 1 Installing, upgrading and Depoying Windows Server 2008. Lesson 1 Objectives. After this lesson you will be able to: Plan for the installation of or upgrade to Windows Server 2008. Plan for the deployment of BitLocker.

xaria
Télécharger la présentation

MCTS: Windows Server administration 70-646

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MCTS: Windows Server administration 70-646 Chapter 1, Lesson 1 Installing, upgrading and Depoying Windows Server 2008

  2. Lesson 1 Objectives • After this lesson you will be able to: • Plan for the installation of or upgrade to Windows Server 2008. • Plan for the deployment of BitLocker.

  3. Selecting the Right Edition of Windows Server 2008 • Windows Server 2008 comes in several different editions, each appropriate for a specific role. • Windows Server 2008 Standard Edition • Windows Server 2008 Enterprise Edition • Windows Web Server 2008 • Windows Server 2008 Datacenter Edition • Windows Server 2008 for Itanium-Based Systems • Windows Server 2008 Server Core

  4. Windows Server 2008 min. Requirements • Hardware Component Minimum Requirements Recommended • Processor 1 GHz (x86), 1.4 GHz (x64) 2 GHz or faster • RAM 512 MB 2 GB • Disk Space 15 GB 40 GB • X86 (32-bit version) on hardware that can run x86 version. • You can install both x86 and x64 on x64 hardware. • Itanium 2 processor, you can only install Windows 2008 Itanium Edition.

  5. Windows 2008 Server Standard Edition • Targeted at the small to medium-sized business • The 32-bit version (x86) supports a maximum of 4 GB of RAM. Supports up to 4 processors in SMP configuration • The 64-bit version (x64) supports a maximum of 32 GB of RAM. Supports up to 4 processors in SMP configuration. • Supports Network Load Balancing clusters but does not support failover clustering. • Fill the roles of domain controller, file and print server, DNS server, DHCP server, and application server.

  6. Windows Server 2008 Enterprise Edition • Targeted at large businesses. • Deploy this version of Windows 2008 on servers that will run applications such as SQL Server 2008 Enterprise Edition and Exchange Server 2007. • These products require the extra processing power and RAM that Enterprise Edition supports. • Failover Clustering: Failover clustering is a technology that allows another server to continue to service client requests in the event that the original server fails. • Active Directory Federation Services (ADFS) : ADFS allows identity federation, often used by organizations with many partners who require access to local resources. • The 32-bit (x86) version supports a maximum of 64 GB of RAM and 8 processors in SMP configuration. • The 64-bit (x64) version supports a maximum of 2 TB of RAM and 8 processors in SMP configuration.

  7. Windows Server 2008 Datacenter Edition • Aimed directly at very large businesses. The key reason to deploy Windows Server 2008 Datacenter Edition over Enterprise Edition is that Datacenter Edition allows unlimited virtual image rights. • The 32-bit (x86) version supports a maximum of 64 GB of RAM and 32 processors in SMP configuration. • The 64-bit (x64) version supports a maximum of 2 TB of RAM and 64 processors in SMP configuration. • Supports failover clustering and ADFS. • Unlimited virtual image rights. • Available only through OEM manufacturers. A datacenter class server, colloquially known as Big Iron, will cost tens, if not hundreds of thousands of dollars, and is a significant capital investment

  8. Windows Web Server 2008 • Designed to function specifically as a Web applicationsserver. • Other roles, such as Windows Deployment Server and Active Directory Domain Services, are not supported on Windows Web Server 2008. • Given its stripped-down role, Windows Web Server 2008 does not support the high-powered hardware configurations that other editions of Windows Server 2008 do. • has the following properties: • The 32-bit version (x86) supports a maximum of 4 GB of RAM and 4 processors in SMP configuration. • The 64-bit version (x64) supports a maximum of 32 GB of RAM and 4 processors in SMP configuration. • Supports Network Load Balancing clusters. • Plan to deploy Windows Web Server 2008 in the Server Core configuration, which minimizes its attack surface • deploy the full version of Windows Web Server 2008 if your organization’s Web applications rely on features such as ASP.NET, because the .NET Framework is not included in a Server Core installation.

  9. Windows Server 2008 Itanium based Systems • Designed for the Intel Itanium 64-bit processor architecture, which is different from the x64 architecture that you will find in chips such as the Intel Core 2 Duo or AMD Turion series of processors. • Both application server and Web server functionality are provided by Windows Server 2008 for Itanium-based systems. • virtualization and Windows Deployment Services, are not available. • Up to 64 processors in SMP configuration and 2 terabytes of RAM are supported on Windows Server 2008 for Itanium-based Systems

  10. Windows Server 2008 Server Core • Server Core is a stripped-down version of an edition of Windows Server 2008. Rather than providing a full desktop, Windows Server 2008 is administered from the command shell. • Remote Management is done with Microsoft Management Console (MMC) and you can also use Remote Desktop Protocol (RDP) session to a computer running Server Core. • Two Primary Benefits: • Reduced attack surface: Fewer components are installed, which reduces the number of components that might be attacked by someone attempting to compromise the computer. • Lower hardware requirements:allows organizations to utilize older hardware, such as hardware purchased to run Windows 2000 Server as a platform for a Windows Server 2008 installation.

  11. Cont’d • When you purchase a license for a particular edition of Windows Server 2008, you have the option of installing the full version or the scaled-down server core version of the operating system. • Use the same commands to manage server core that you can use to manage a fully featured installation of Windows Server 2008. • However! Server Core does not support PowerShell directly. • You can run several important tools graphically on a Server Core installation, including regedit and Notepad. • Two more important commands are oclist.exe and ocsetup.exe. • Oclist.exe provides a list of all server roles that are currently installed on the server and what roles are available to install. • Ocsetup.exe command is used to add and remove these features. • It is not possible to upgrade a computer running the Server Core version of a specific edition to the full version, just as it is not possible to upgrade a computer running Windows Server 2003 to a Server Core version of Windows Server 2008. • Active Directory Certificate Services, Active Directory Federation Services, Application Server, and Windows Deployment Services • are not available on Server Core installations

  12. Installing Windows Server 2008 • Start the Media • Select Language • Enter Product Key • Other options if you do not have a DVD player: • Preboot Execution Environment (PXE) capable network card, you can configure Windows Deployment Services (WDS) • Windows Preinstallation Environment (Windows PE) and use operating system files hosted on a network share to perform a network installation

  13. Upgrading from Windows Server 2003 You can perform an upgrade only if you start the upgrade process from within Windows Server 2003. It is not possible to perform an upgrade by booting from the installation media. You can upgrade only to an equivalent edition or a higher edition. This means that you can upgrade from Windows Server 2003 Standard Edition to Windows Server 2008 Standard or Enterprise Edition, but you cannot upgrade Windows Server 2003 Enterprise Edition to Windows Server 2008 Standard Edition. This rule does not apply to Windows Web Server or the Datacenter Edition You can only upgrade from Windows Server 2003 Web Edition to Windows Web Server 2008 and from Windows Server 2003 Datacenter Edition to Windows Server 2008 Datacenter Edition. You also cannot upgrade to Server Core from any edition of Windows Server 2003 It is not possible to perform a direct upgrade from any edition of Windows 2000 Server to Windows Server 2008

  14. Upgrade Cont’d To perform an upgrade, Windows Server 2003 must have Service Pack 1 or later applied. This means that Windows Server 2003 R2 can be upgraded to Windows Server 2008 without the application of any additional service packs. It is not possible to upgrade to a different processor architecture Windows Server 2003 R2 x64 Standard Edition, you cannot perform an upgrade to Windows Server 2008 x32 Standard Edition. It is not possible to upgrade a server from the 32-bit version of Windows Server 2003 to a 64-bit version of Windows Server 2008, even if the hardware supports it.

  15. Upgrade Cont’d Table 1-2 Windows Server 2008 Upgrade Paths: Windows Server 2003 Edition Upgrade Path Windows Server 2003 Standard Edition Windows Server 2008 Standard Edition Windows Server 2008 Enterprise Edition Windows Server 2003 Enterprise Edition Windows Server 2008 Enterprise Edition Windows Server 2003 Datacenter Edition Windows Server 2008 Datacenter Edition Windows Server 2003 Web Edition Windows Web Server 2008 Windows Server 2003 for Itanium Enterprise Edition Windows Server 2008 for Itanium-Based Systems Windows Server 2008 installation routine will perform a Compatibility Check . This report will attempt to advise you of any problems that might occur if the upgrade commences, but the compatibility report can only inform you of problems that Microsoft is aware of.

  16. Upgrade Summarize To summarize, keep in mind the following points about upgrades as compared to installations: You must initiate upgrades from within Windows Server 2003. You can initiate installations from within Windows or by starting from the installation media. An upgrade requires that more free space be available on the volume where Windows Server 2008 is being installed compared to a clean installation. Upgrades work best when a significant amount of customization is required that cannot be implemented simply by restoring backed-up data and installing applicationson a new Windows Server 2008 installation. Implementing BitLocker on a computer upgraded from Windows Server 2003 is very difficult. For more details, see “BitLocker Volume Configuration” later in this chapter.

  17. Planning Bit Locker Deployment • Windows BitLocker and Drive Encryption (BitLocker) is a feature that debuted in Windows Vista Enterprise and Ultimate Editions and is available in all versions of Windows Server 2008 • BitLocker serves two purposes: • protecting server data through full volume encryption and • providing an integrity-checking mechanism to ensure that the boot environment has not been tampered with. • Encrypting the entire operating system and data volumes means that not only are the operating system and data protected, but so are paging files, applications, and application configuration data. • If the hard drive is stolen data cannot be recovered. • Do Not Loose the Bit Locker keys for the server! Very Very Bad!

  18. Bit Locker Requires Bit Locker Requires: • a chip capable of supporting the Trusted Platform Module (TPM) 1.2 or later standard. • A computer must also have a BIOS that supports the TPM standard. • BitLocker-protected volumes are locked and cannot be unlocked unless the person doing the unlocking has the correct digital keys. • Protected startup components include the BIOS, Master Boot Record, Boot Sector, Boot Manager, and Windows Loader • Important to disable BitLocker during maintenance periods when any of these components are being altered. For example, you must disable BitLocker during a BIOS upgrade. • Recovery process involves entering a 48-character password that is • generated and saved to a specified location when running the BitLocker setup wizard

  19. Bit Locker Cont’d • You can also configure BitLocker to save recovery data directly to ActiveDirectory; this is the recommended management method in enterprise environments. • You can also implement BitLocker without a TPM chip. When implemented in this manner there is no startup integrity check. A key is stored on a removable USB memory device, which must be present and supported by the computer’s BIOS each time the computer starts up. • Data backed up to Tapes are not encrypted!

  20. Bit Locker Volume Configuration • One of the most important things to remember is that a computer must be configuredto support BitLocker prior to the installation of Windows Server 2008. • Create a separate 1.5-GB partition, formatting it, and making it active as the System partition prior to creating a larger partition, formatting it, and then installing the Windows Server 2008 operating system.

  21. Bit Locker Group Policies • BitLocker group policies are located under the Computer Configuration\Policies\AdministrativeTemplates\Windows Components\BitLocker Drive Encryption node of a Windows Server 2008 Group Policy object. • Allows Bit Locker to work on computers that do not have a compatible TPM chip. • Turn On BitLocker Backup To Active Directory Domain Services When this policy is enabled, a computer’s recovery key is stored in Active Directory and can be recovered by an authorized administrator.

  22. Bit Locker Group Policies Other BitLocker policies include: • Control Panel Setup: Configure Recovery Folder When enabled, this policy sets the default folder to which computer recovery keys can be stored. • ■ Control Panel Setup: Configure Recovery Options When enabled, this policy canbe used to disable the recovery password and the recovery key. If both the recovery password and the recovery key are disabled, the policy that backs up the recovery key to Active Directory must be enabled. • ■ Configure Encryption Method: This policy allows the administrator to specify theproperties of the AES encryption method used to protect the hard disk drive. • ■ Prevent Memory Overwrite On Restart: This policy speeds up restarts, butincreases the risk of BitLocker being compromised. • ■ Configure TMP Platform Validation Profile: This policy configures how the TMP security hardware protects the BitLocker encryption key.

  23. EFS vsBitLocker • EFS is used to encrypt individual files and folders and can be used to encrypt these items for different users. BitLocker encrypts the whole hard disk drive. TURNING OFF BITLOCKER: • Disable Bitlocker: removes protection without decrypting the encrypted volumes • Decrypting: The Drive when you want to completely remove Bitlocker from a computer.

  24. Lesson Summary • Windows Server 2008 comes in the Standard, Enterprise, Datacenter, Web Server, and Itanium editions. The Enterprise and Datacenter editions support failover clustering, Active Directory Federated Services, and more powerful hardware configurations. • Server Core is an installation option that allows Windows Server 2008 to be deployed with a smaller attack surface and smaller hardware footprint. • Upgrades can be initiated only from within Windows Server 2003. • You cannot upgrade a 32-bit version of Windows Server 2003 to a 64-bit version of Windows Server 2008. • To implement BitLocker on a computer, you must configure hard disk partitions prior to installing the operating system. • Computers with TPM chips can use BitLocker to verify that the boot environment has not been tampered with. • Using Group Policy, you can configure BitLocker to function on computers that do not have TMP chips. • You can configure group policy so that BitLocker keys are archived within Active Directory.

  25. Lesson review • 1. Your organization has a Windows Server 2003 R2 Standard Edition computer that is used as an intranet server. Which of the following upgrade paths are possible for this computer? (Each correct answer presents a complete solution. Choose two.) • A. Windows Server 2008 Datacenter edition • B. Windows Web Server 2008 • C. Windows Server 2008 Enterprise Edition • D. Windows Server 2008 Standard Edition • E. Windows Server 2008 Standard Edition (Server Core)

  26. Lesson review • 2. Your organization has a computer with a Core 2 Duo processor that has the 32-bit Windows Server 2003 R2 Standard Edition operating system installed. Which of the following versions of Windows Server 2008 can this computer be upgraded to? • A. 32-bit version of Windows Server 2008 Standard Edition • B. 64-bit version of Windows Server 2008 Standard Edition • C. 32-bit version of Windows Server 2008 Datacenter Edition • D. 64-bit version of Windows Server 2008 Enterprise Edition

  27. Lesson review • 3. You have been asked to encrypt the hard disk drive of a Windows Server 2008 file server using BitLocker. The file server has two disk drives. The first disk has a single volume that hosts the operating system. The second disk has a single volume that hosts the shared files. The computer’s motherboard has an activated TPM 1.2 chip and a TCG compliant BIOS. What steps do you need to take to enable BitLocker to encrypt the volume hosting the operating system and the volume hosting the shared files? • A. Configure the appropriate group policy. • B. Repartition the disk hosting the operating system volume and reinstall Windows Server 2008. • C. Deactivate the TPM chip. • D. Upgrade the TPM chip.

  28. 4. You are in the process of configuring BitLocker for a file server that will be located at a branch office. The server’s hard disk drive is partitioned so that it starts from a system volume that is separate from the operating system volume. The computer does not have a TPM chip, so BitLocker will be implemented using a USB startup key. After the BitLocker feature is installed, you open the BitLocker Control Panel item and are presented with a screen identical to Figure 1-21. • Figure 1-21 BitLocker Control Panel item • Which of the following steps must you take so that you can enable BitLocker onthis computer? • A. Insert a removable USB memory device. • B. Upgrade the computer’s BIOS. • C. Configure local Group Policy settings. • D. Install the BitLocker feature.

  29. 5. Which edition of Windows Server 2008 would you choose if you wanted to deploy an Exchange Server 2007 clustered mailbox server, which requires that a failover cluster be configured prior to the installation of Exchange? • A. Windows Web Server 2008 (x64) • B. Windows Server 2008 Standard Edition (x64) • C. Windows Server 2008 Enterprise Edition (x64) • D. Windows Server 2008 Standard Edition (x86)

More Related