Week 2 - Deployment Basics and Intro to ADDS (3).pptx

Full Transcript

Getting Started with Windows Server
To get started with Windows Server, you
must deploy it first. Deployment can fall
under a few different categories:
• Simple install from media
• Network Deployment
• Unattended Deployment / From Template
• Cloud Deployment

Deployment: Install from Media
Much like Windows 10 or
11, Windows Server can be
deployed from bootable
media such as a USB drive
or CD/DVD disk containing
the installation media.
Remote media can be used
as well, such as an ISO
mounted on a virtual server.

This Photo by Unknown Author is licensed under CC BY-SA-NC

Deployment: Network Install
Very frequently, system
administrators do not install
Operating Systems from media,
instead, relying on tools such as
Network Deployment. These tools
allow for “images” to be deployed
onto a physical or virtual machine.
Images can either be preconfigured, or a bare “basic”
install.
An example of this is the
“Windows Deployment Services”

Deployment: Unattended
It is very time consuming to
deploy and configure a server,
especially one with a multitude of
configuration changes, policies,
and programs installed. After
installation, additional patching
may also be required, extending
the time required for a proper
deployment to happen, how do
we fix this? By deploying a preconfigured installation, either via
unattended installation tools, or
templates.

This Photo by Unknown Author is licensed under CC BY-NC-ND

Deployment: Deployment Tools
Certain tools, such as Windows Deployment
Services, allow you to specify an “unattend”
file, which streamlines the installation and
configuration of the server. Other tools allow
you to script software installation and
patching after the server has been deployed.
Some examples of tools and scenarios are
provided in the Value Added Learning.

Deployment: Templates
When deploying Servers to Virtual
Machines, a common deployment method
is to use a template..
A template is simply a pre-configured
starting point for a Server
An example of a Template is a preconfigured Web Server, which would
include a Windows Server installation,
combined with the IIS Server Role,
configurations, and applicable security
settings and patches.
Most templates also allow you to
customize certain aspects of the
configuration and installation – such as
server name, IP addresses, and
credentials.

This Photo by Unknown Author is licensed under CC BY-SA-NC

Who controls/makes templates?
Templates are typically something that is created internally,
however sometimes provided by vendors:
• An “appliance” – is a template that is usually
preconfigured by a vendor, containing an operating
system (Windows Server or Linux) and software.
• Templates can also be “captured” by your technicians
after a Server has been configured.
• Unattended files are typically made by your technicians,
containing “steps” needed for automating installation or
post-installation configuration.

Deployment: Cloud
Cloud deployments are similar to templates,
however are typically not ones you have control
over (with the exception of configuration
changes).
These templates are made by the CSP (Cloud
Services Provider) and made available to you.
Cloud templates can be base installations of
Servers, or contain additional software.
Templates obtained from Cloud Service
Providers are typically almost always up-todate with all applicable patches.
In some cases, you can also create custom
templates in Cloud environments (depending
on the provider)

This Photo by Unknown Author is licensed under CC BY-SA

What are the differences between the Server
Versions?
All recent Windows Server
versions (2016, 2019 and
2022) are built on Windows 10
and offer nearly identical
functionality. Some differences
include:
• All roll-up patches (i.e. more
patching will be required to
update core components of
earlier server versions)
• Later servers (2019 and
2022) focus more on security
of virtual machines, targeting
HyperV use.
• For more information about
features, please consult the
Value Added Learning
section

Windows Server
As you are now aware, we will be focusing
on Server 2019 in this class. While newer
versions of Windows Server are available,
Windows Server 2019 is still the gold
standard for many organizations.
It is also worth mentioning that the
functionality and setup/configuration process
for Server 2016, 2019 and 2022 is nearly
identical.

The SMD Dashboard
The Server Manager
Dashboard is your
central utility for
administrating the
server. The SMD can be
configured for both
remote servers as well
as server cluster groups

What can you do with the Server Manager Dashboard?

• Add/Remove Roles and Features
• Local Server Properties
– Can change IP, Remote Settings, Internet
Options

•
•
•
•

Events
Service Status
Access to Tools
BPA (Best Practice Analyzer)

SMD: Roles and Features
Adding Roles and
Features is as simple as
clicking the “Manage” in
the top right corner, then
clicking “Add roles and
Features”
You can also add Roles
and Features from the
“Configure this local
server” heading.

SMD: Roles and Features, cont’d
You will then be prompted
to select the destination
server, followed by a list,
showing all the applicable
roles and features.
Note: Other roles – such
as SQL Server, or
Exchange Mail Server are
installed via separate
applications

SMD: Roles and Features, cont’d (2)
Some features may
automatically be added based
on the specific role.
An example would be the IIS
Management Console which
comes with the IIS Web Sever.
The next screen (after
selecting Roles) – will allow
you to install Supporting
Server features.

SMD: Local Server

SMD: Local Server (2)
The “Local Server”, located in the left-hand pane,
allows you quick access at-a-glance settings and
configuration. You can configure some common
options such as:
• IE Enhanced Security Mode
• Server Name (Including joining to the domain)
• IP Address (IP, DNS, etc)
• Windows Updates
• Remote Desktop
• View Event Viewer

SMD: Dashboard – Roles View
The “Local Server” pane also
allows you a quick glance at all
the Roles across both a local
and a multi-server environment.
You can see certain specifics
such as:
• Manageability
• Events
• Services
• Performance
• BPA

Info breakdown on the SMD
• Manageability: Status of the server/service, is it
on, reporting?
• Events: Alerts based on severity levels - you can
set these yourself.
• Services: Are the services not started? Error
state?
• Performance: Resource utilization such as high
CPU or network.
• BPA: Best Practices Analyzer (future topic)

What is Active Directory?
Active Directory (AD) is a hierarchical structure that stores
information about objects on the network.
Active Directory stores information about objects on the network
and makes this information easy for administrators and users to
find and use. Active Directory uses a structured data store as the
basis for a logical, hierarchical organization of directory
information.
The Active Directory can simply be though of as a database of all
the objects in your organization.

What does Active Directory Store?
Active Directory stores
many types of objects –
such as:
• Users
• Computers
• Groups
• Printers

How are objects stored in Active Directory?
Active Directory uses an OU – or
Organizational Unit structure to store other
objects.
These OUs are like folders on your computer
We’ll discuss OUs, Leaf, and Container objects
in a later lecture.

Example

Windows Domain Controllers

What is a Domain Controller
A Domain Controller (DC) is a Server with
the Active Directory Domain Services Role
installed.
Domain Controllers form the foundation of
our Server Infrastructure, by handling user
authentication requests, access, permission,
policies. Domain Controllers use the Active
Directory to achieve this.

What is a Domain?
An AD domain is a logical group of objects
that share common administration, security
and replication settings.
In a multi-domain environment, Domains are
arranged as “Trees” that are part of a
“Forest”. We will discuss these in later
lectures.

The purpose of Domains
Domains serve a number of critical functions:
• Authentication — Ensuring that the user or service is who they claim to be
(logging in, for example, or assertion)
• Authorization — Ensuring that users or services have access to the
resources that they need or are authorized
• Communication Name resolution — Allows Users, Computers, and other
resources to find each other and establish secure communication
• Centralized management — Allows centralized administrative oversight
over the entire domain structure, including security policies and centralized
user and device management

Domain Requirements
In order to establish a Domain, a few requirements
must be met, we will discuss these requirements in
detail in later lectures:
• A Server running Windows Server
• DNS (If not present, installed as part of the setup)
• IP Addressing (Static)
• The ADDS (Active Directory Domain Services)
role