Upload
percival-brown
View
213
Download
0
Embed Size (px)
Citation preview
Server Core:Running A Minimal ServerJeff AlexanderIT Pro EvangelistMicrosoft Australia
SVR306
Agenda
Today’s ChallengesServer Core Overview and BenefitsServer Core ArchitectureServer Core Installation and Initial ConfigurationAdding Server RolesAdministering Server Core
Today’s Challenges
Windows Server is frequently deployed to support a single role or a fixed workload
In this scenario, administrators are required to deploy and service all of Windows ServerThese non-value add features (wrt fixed workload server) present a servicing and security burden
Administrators think of servers in terms of server roles
Today’s Challenges (cont.)
Value PropositionReduce the attack and servicing surface area for certain server roles by only installing what is required and administrators useServers optimized by role are easier to service and manage
Fewer patchesServer management lifecycle oriented around rolesIT Staff can specialize on their role(s)
Increased reliability and securityLess installed and less running
Server Core Overview
Server Core is:A minimal installation option for Windows Server 2008Included in the general purpose Windows Server 2008 SKUsAvailable for x86 and x64
Server Core Overview (cont.)
Server CoreProvides minimal server OS functionalityLow surface area server for targeted roles
In Beta 3, Server Core includesA set of server roles
DHCP, File, Print, AD, AD LDS, Media Services, and DNS
The following optional features:WINS, Failover Clustering, Subsystem for UNIX-based applications, Backup, Multipath IO, Removable Storage Management, Bitlocker Drive Encryption, SNMP, Telnet Client, QoS
Command Line interface, no GUI Shell
Server Core Introduction
demo
Benefits of Server Core
Fewer PatchesServer Core reduces # of patches by ~60%
Based on all Windows 2000 patches
Servicing burden is reduced by removing components that are most often serviced
More Secure, Reliable and Less Management
Removal of non-value add legacy & client components from server
Server Core: Smaller Footprint
demo
Windows Server Core
Minimal installation optionLow surface area Command line interfaceLimited set of server roles
Server Core Server Roles
Server CoreSecurity, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems
DNS DHCP FileAD
ServerWith WinFx, Shell, Tools,
etc.
TS IASWebServer
SharePoint Etc..
Server, Server Roles (for example only)
GUI, CLR, Shell, IE, Media, OE, etc.
AD LDS
IIS 7 WSV
Server Core
Core Subsystems
Security (Logon scenarios) Networking (TCP/IP)File SystemsRPCWinlogonNecessary dependencies
Resolved category dependenciesHALKernelVGALogonetc.
HW Support componentsDiskNet cardetc.
DHCP server role
Infrastructure features
Command shellDomain joinEvent LogPerf counter infra.WS-ManagementWMI infrastructureLicensing serviceWFPHTTP supportIPSec
“Thin” Management tools (Local and remote)Configure IP addressJoin a domainCreate usersetc.
DNS server role
File server role
Domain Controller
role
WINS server roleServer Roles Optional Features
Deploying Server Core
There is a screen in Setup to select either:
Server with the shell and all Server RolesServer Core with Command Prompt and supported roles
Server Core initial configuration can be
done eitherManually using the command line toolsUsing an unattend file
Unattended Install
Same unattend and options as Vista and ServerCan set options that otherwise require editing the registry on Server Core
Display Resolution and Color Depth<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="x86">
<Display><HorizontalResolution>1024</
HorizontalResolution><VerticalResolution>768</VerticalResolution><ColorDepth>16</ColorDepth>
</Display></component>
</settings>
Selecting Server Core in Unattend
After the </InstallTo> section, add the appropriate <InstallFrom> sectionServer Core:<InstallFrom>
<MetaData><Key>/IMAGE/Name</Key><Value>Windows Longhorn Server Core</Value>
</MetaData></InstallFrom>
Server<InstallFrom>
<MetaData><Key>/IMAGE/Name</Key><Value>Windows Longhorn Server</Value>
</MetaData></InstallFrom>
No Server Core Upgrades
Only a clean install is supportedCannot upgrade from a previous version of Windows ServerCannot upgrade from Server Core to full Server with the GUI shellCannot upgrade from full Server with the GUI shell to Server Core
Server Core Initial Configuration
Set Administrator PasswordCTRL+ALT+DEL and click Change passwordnet user administrator *
ActivateSlmgr.vbs –ato
Configure Static IP Address (if required)
Netsh interface ipv4show interfacesset address name="ID" source=static address=StaticIP mask=SubnetMask gateway=DefaultGateway add dnsserver name="ID" address=DNSIP index=1
Join a domain (if required)Netdom
Server Core: Initial Configuration
demo
Adding Server Roles
Command line only, no Server Manager Start /w Ocsetup RolePackage
DHCP = DHCPServerCore DNS = DNS-Server-Core-Role File = File-Server-Core-Role File Replication service = FRS-InfrastructureDistributed File System service = DFSN-ServerDistributed File System Replication = DFSR-Infrastructure-ServerEditionNetwork File System = ServerForNFS-BaseMedia Server = MediaServer
Active DirectoryDcpromo /unattend:UnattendfileDcpromo now installs Active DirectoryOcsetup not supported for Active Directory
Server Core: Managing Server Roles
demo
IIS 7 On Server CoreNot included:
Management Service and GUI ToolsASP.NET supportPowerShell cmdlets
Can be managed remotely using IIS PowerShell cmdlets or managed codeSame installation granularity as on Server installations
Top level packages are:
IIS-WebServerManagementTools IIS-IIS6ManagementCompatibility IIS-ManagementScriptingToolsWAS-WindowsActivationService WAS-ProcessModel
IIS-WebServerRole IIS-FTPPublishingService IIS-FTPServer IIS-WebServer IIS-ApplicationDevelopment IIS-CommonHttpFeatures IIS-HealthAndDiagnostics IIS-Performance IIS-Security
Server Core: Installing IIS 7.0 Role
demo
Adding Optional Features
Start /w ocsetup OptionalFeaturePackage
Failover Cluster = FailoverCluster-CoreNetwork Load Balancing = NetworkLoadBalancingHeadlessServerSubsystem for UNIX-bases applications = SUAMultipath IO = Microsoft-Windows-MultipathIORemovable Storage Management = Microsoft-Windows-RemovableStorageManagementCoreBitlocker Drive Encryption = BitLockerBackup = WindowsServerBackupSimple Network Management Protocol (SNMP) = SNMP-SCTelnet Client = TelnetClientWINS = WINS-SC
Server Core: Managing Features
demo
Uninstalling Roles and Features
Start /w Ocsetup Package /uninstallExcept for Active Directory
You must use DCPromo and demoteThis will also remove the Active Directory binaries
No Remote GUI for installing or uninstalling roles and features
OCList.exe
Server Core only command line toolLists the Server Role and Optional Feature package names for use with OCSetupLists whether the packages are installed or not
Managing Server CoreCMD for local command execution Terminal Server using CMDWS-Management and Windows Remote Shell for remote command execution WMI
Can use WMI based PowerShell scripts and cmdlets remotely
Task Scheduler for scheduling jobs and tasksEvent Logging and Event ForwardingRPC and DCOM for remote MMC supportSNMPScripting host
SCRegEdit.wsf
Not all tasks can be performed from the command line or remotelySCRegEdit.wsf is included in Server Core to:
Enable automatic updatesEnable Terminal Server Remote Admin ModeEnable remote IPSec Monitor managementConfigure DNS SRV record weight and priority
/cli switch that lists common command line tools and switchesLocated in \Windows\System32
Managing with Windows Remote Shell
Windows Remote Management (WinRM)
WS-Management - secure firewall friendly
mgmt protocolWindows Remote Shell (WinRS)
Requires Windows Vista or Windows Server 2008Only command line tools or scripts without UI can be executed Prompts are problematic, full interactive mode not supported
For example, “press any key”
Configuring WinRM on Server CoreThe Server side of WS-Management
From the command lineWinRM quickconfig
Through an unattend fileIn the <settings pass=“specialize”> section add:<component name=“Microsoft-Windows-Web-
Services-for-Management-Core” publicKeyToken=“31bf3856ad364e35” language=“neutral” versionScope=“nonSxS” processorArchitecture=“x86”>
<ConfigureWindowsRemoteManagement>true</ConfigureWindowsRemoteManagement>
</component>
Can also be configured using Group Policy
Using WinRS
The Client side of WS-ManagementWinRS –r:<remote endpoint> command
Remote endpoint can be-r:https://myserver.com-r:myserver-r:http://127.0.0.1-r:http://169.51.2.101:80
For exampleWinrs –r:myserver dir c:\windows\system32\*.dll
WinRS Examples
Turn on Terminal Services remote adminwinrs -r:myserver cscript \windows\system32\scregedit.wsf /ar 0
Allow pre-Vista/Longhorn TS clientswinrs -r:myserver cscript \windows\system32\scregedit.wsf /cs 0
Join a domainwinrs -r:myserver netdom add myserver /domain:testdomain /userd:administrator /passwordd:<password>
Add domain admin to local adminswinrs -r:myserver net localgroup administrators testdomain\administrator /add
Server Core: Remote Management
demo
Hardware on Server Core
Plug and Play is included in Server Core
If you add hardware with an inbox driver, PnP will “silently” install the driver
If the driver is not included, but you have a PnP driver for the hardware
Copy the driver files to the Server Core boxPnputil –i –a driverinf
To list installed driverssc query type= driver
To remove a driversc delete service_name
Control Panel in Server Core?
Limited functionality for specific scenariosTime zone, to change
Control timedate.cplKeyboards and/or language, to change
Control intl.cpl
Notepad and Regedit
NotepadHas the following limitations
Help does not workOpen, Save and Save As work in Beta 3
Copy, Paste, Find, Replace, etc all workRegedit
Help does not work
Restarting CMD.EXE
If you close the command prompt windowLocally, you can either:
Press ctrl-alt-del, click Start Task Manager, click File, click Run, and enter cmd.exeLog off and back on again
In a Terminal Services session:You can use the Terminal Services MMC snapin to remotely logoffYou can use the Terminal Serivces command line tools remotely:
query session /server:<servername>logoff <session_id> /server:<servername>
Limitations of Server Core
No support for Managed CodeNo balloon notifications, such as for activation
Password expiration is now a balloon notification, so it will not appear on Server Core
Runonce is not supported on Server Core
Mgmt Tools on Server Core
Server Core is not an application platformServer Core does support development of Management tools, utilities, and agents
Remote Management tools should not require changes
Need to use one of the protocols supported in Server core, such as RPC
Mgmt Tools on Server Core (cont)
Management agents may require changes to work on Server Core
Agents cannot have shell or gui dependenciesAgents cannot use managed codeTest your agents on Server CoreBeta SDK includes a list of APIs supported in Server Core
Server Core: Additional Tools
demo
Server Core ResourcesStep by Step Guide
Online athttp://technet2.microsoft.com/windowsserver/longhorn/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=true
Download in Word Document in the Download Centerhttp://download.microsoft.com/
Newsgroupshttp://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=582&SiteID=17
Server Core Bloghttp://blogs.technet.com/server_core/default.aspx
“Command-line reference A-Z” in Help is very helpful
Online at: http://go.microsoft.com/fwlink/?LinkId=20331
ResourcesTechnical Communities, Webcasts, Blogs, Chats & User Groupshttp://www.microsoft.com/communities/default.mspx
Microsoft Developer Network (MSDN) & TechNet http://microsoft.com/msdn http://microsoft.com/technet
Trial Software and Virtual Labshttp://www.microsoft.com/technet/downloads/trials/default.mspx
Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx
Evaluation Forms
Questions?
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.