Winserver 2012 R2 and Winserver 2012.Technet

1. Contents Windows Server 2012 R2 and Windows Server 2012 ................................................................ 371 What's New in Windows Server .................................................................................................. 372 What's New in Windows Server 2012 R2.................................................................................... 372 What's New in Windows Server 2012 ......................................................................................... 375 Technical Scenarios for Windows Server 2012 R2 and Windows Server 2012 ......................... 377 Windows Server 2012 R2 ........................................................................................................ 377 Windows Server 2012 .............................................................................................................. 378 Access and Information Protection.............................................................................................. 378 See Also................................................................................................................................... 379 Building Your Cloud Infrastructure: Scenario Overview .............................................................. 380 Scenario description................................................................................................................. 380 In this scenario ......................................................................................................................... 380 Practical applications ............................................................................................................... 380 Roles and features included in this scenario ........................................................................... 381 Hardware requirements............................................................................................................ 382 Software requirements ............................................................................................................. 382 See also ................................................................................................................................... 382 Designing Your Cloud Infrastructure ........................................................................................... 383 Cloud Infrastructure Technical Overview ................................................................................. 384 NIST Definition of Cloud Computing..................................................................................... 384 Essential Characteristics: .................................................................................................. 384 Service Models:................................................................................................................. 385 Deployment Models:.......................................................................................................... 385 Microsoft Private Cloud Overview......................................................................................... 385 Windows Server 2012 Cloud Infrastructure for Hosting Environments ................................ 386 Private Cloud Architecture Principles ................................................................................... 386 The Private Cloud Reference Model..................................................................................... 387 Conceptual ArchitectureInfrastructure .............................................................................. 388 Scale Units ........................................................................................................................ 388 Storage .............................................................................................................................. 389 Networking......................................................................................................................... 389 Virtualization Platform ....................................................................................................... 390 Cloud Infrastructure Design ..................................................................................................... 391 Designing the Cloud Storage Infrastructure ......................................................................... 391

2. Storage Options................................................................................................................. 391 Storage Protocols.............................................................................................................. 392 Storage Network................................................................................................................ 392 Cluster Shared Volumes ................................................................................................... 393 CSV Requirements............................................................................................................ 394 CSV Volume Sizing ........................................................................................................... 395 CSV Design Patterns......................................................................................................... 396 Single CSV per Cluster .................................................................................................. 396 Multiple CSVs per Cluster.............................................................................................. 396 Multiple I/O Optimized CSVs per Cluster....................................................................... 396 Storage Design.................................................................................................................. 396 Performance...................................................................................................................... 397 Drive Types ....................................................................................................................... 397 Multipathing ....................................................................................................................... 398 Fibre Channel SAN............................................................................................................ 398 iSCSI SAN......................................................................................................................... 399 Storage Spaces................................................................................................................. 401 Data Deduplication ............................................................................................................ 402 Thin Provisioning............................................................................................................... 403 Volume Cloning ................................................................................................................. 404 Volume Snapshot .............................................................................................................. 404 Storage Automation........................................................................................................... 404 Designing the Cloud Network Infrastructure ............................................................................ 405 Network Infrastructure .......................................................................................................... 406 Traffic Flow Isolation............................................................................................................. 407 Security Considerations........................................................................................................ 410 Secure Access Control...................................................................................................... 411 Traffic Control.................................................................................................................... 412 Avoid Rogue IP Distribution .............................................................................................. 412 Scalability and Performance Considerations........................................................................ 413 Host and Virtualization Design ................................................................................................. 415 Windows Server 2012 Hyper-V Host Design........................................................................ 415 Licensing ........................................................................................................................... 416 Operating System Configuration ....................................................................................... 416 Memory and Hyper-V Dynamic Memory Options.............................................................. 416 Storage Adapters............................................................................................................... 417 MPIO Configuration........................................................................................................ 418 Performance Options ..................................................................................................... 418 Network Adapter Teaming Configurations..................................................................... 419 Hyper-V Host Failover Cluster Design .............................................................................. 420 Private Cloud Infrastructure without Failover Clustering................................................ 421 Host Failover Cluster Topology...................................................................................... 422 Compute Cluster Traffic Profiles .................................................................................... 422 3. Hyper-V Guest Virtual Machine Design ................................................................................... 425 Virtual Machine Storage ....................................................................................................... 425 Dynamically Expanding Disks ........................................................................................... 426 Fixed Size Disks................................................................................................................ 426 Differencing Disks.............................................................................................................. 426 Pass-Through Disks .......................................................................................................... 426 Support for Guest Clustering............................................................................................. 427 In-Guest iSCSI Initiator...................................................................................................... 427 In-Guest Fibre Channel Synthetic HBA............................................................................. 427 Virtual Machine Network Interfaces...................................................................................... 428 Virtual Processors................................................................................................................. 428 Overview of Suggested Cloud Infrastructure Deployment Scenarios...................................... 429 The Non-Converged Data Center Configuration .................................................................. 429 Networking......................................................................................................................... 430 Storage .............................................................................................................................. 430 Compute............................................................................................................................ 430 Overview of the Non-Converged Data Center Configuration............................................ 431 The Converged Data Center with File Server Storage Configuration .................................. 433 Design Considerations and Requirements for the Converged Data Center with File Server Storage Pattern.............................................................................................................. 433 Networking ..................................................................................................................... 433 Storage........................................................................................................................... 433 Compute......................................................................................................................... 434 Overview of the Converged Data Center with File Server Storage Configuration......... 434 The Converged Data Center without Dedicated Storage Nodes Configuration ................... 437 Design Considerations and Requirements for the Converged Data Center without Dedicated Storage Node Pattern ................................................................................... 437 Networking ..................................................................................................................... 437 Storage........................................................................................................................... 437 Compute......................................................................................................................... 438 Building Your Cloud Infrastructure: Non-Converged Data Center Configuration........................ 441 Design Considerations and Requirements for the Non-Converged Data Center Configuration Pattern .................................................................................................................................. 441 Networking............................................................................................................................ 441 Storage ................................................................................................................................. 442 Compute ............................................................................................................................... 442 Overview .................................................................................................................................. 442 Non-Converged Data Center Configuration Scenario Overview ............................................. 443 Install and configure ................................................................................................................. 445 Step 1: Initial node configuration .......................................................................................... 446 1.1 Enable BIOS settings required for Hyper-V for SR-IOV.............................................. 447 1.2 Perform a clean operating system installation ............................................................ 447 4. 1.3 Perform post-installation tasks .................................................................................... 447 1.4 Install roles and features using the default settings .................................................... 447 Step 2: Initial network configuration...................................................................................... 448 2.1 Disable unused and disconnected interfaces and rename active connections .......... 448 Step 3: Initial storage configuration ...................................................................................... 449 3.1 Present all shared storage to relevant nodes.............................................................. 449 3.2 Install and configure MPIO as necessary for multipath scenarios .............................. 449 Step 4: Failover cluster setup ............................................................................................... 449 4.1 Run through the Cluster Validation Wizard ................................................................. 450 4.2 Address any indicated warnings and/or errors............................................................ 450 4.3 Complete the Create Failover Cluster Wizard............................................................. 450 4.4 Create the witness disk ............................................................................................... 451 4.5 Create the virtual machine storage disk...................................................................... 451 4.6 Add the virtual machine storage disk and Witness disk to Cluster Shared Volumes.. 451 4.7 Add folders to the cluster shared volume.................................................................... 452 4.8 Configure Quorum Settings......................................................................................... 452 4.9 Configure cluster networks to prioritize traffic ............................................................. 452 Step 5: Configure Hyper-V settings ...................................................................................... 452 5.1 Create the Hyper-V virtual switch................................................................................ 453 5.2 Change default file locations for virtual machine files ................................................. 453 Step 6: Cloud validation........................................................................................................ 454 6.1 Create a new virtual machine...................................................................................... 454 6.2 Test network connectivity from the virtual machine .................................................... 455 6.3 Perform a live migration .............................................................................................. 455 6.4 Perform a quick migration ........................................................................................... 455 Building Your Cloud Infrastructure: Converged Data Center with File Server Storage............... 456 Design Considerations and Requirements for the Converged Data Center with File Server Storage Pattern..................................................................................................................... 456 Networking............................................................................................................................ 456 Storage ................................................................................................................................. 457 Compute ............................................................................................................................... 457 Overview .................................................................................................................................. 458 Install and configure the Converged Data Center with File Server Storage cloud infrastructure .............................................................................................................................................. 460 Step 1: Initial node configuration .......................................................................................... 464 1.1 Enable BIOS settings required for Hyper-V on the Nodes in the Hyper-V Cluster ..... 464 1.2 Perform a clean operating system installation on all nodes in the Hyper-V and File Server Clusters .............................................................................................................. 464 1.3 Perform post-installation tasks on all nodes in the Hyper-V and File Server Clusters 464 1.4 Install roles and features using the default settings on the Hyper-V Failover Cluster 465 1.5 Install roles and features using the default settings on the File Server Failover Cluster ....................................................................................................................................... 466 5. Step 2: Initial network configuration...................................................................................... 466 2.1 Disable unused and disconnected interfaces and rename active connections .......... 467 2.2 Create the infrastructure and the tenant networks NIC teams on each member of the Hyper-V cluster .............................................................................................................. 467 2.3 Create the infrastructure network NIC team on each member of the File Server cluster ....................................................................................................................................... 468 2.4 Configure QoS settings for infrastructure traffic.......................................................... 469 Step 3: Initial storage configuration ...................................................................................... 470 3.1 Present all shared storage to relevant nodes.............................................................. 471 3.2 Install and configure MPIO as necessary for multipath scenarios .............................. 471 3.3 Wipe, bring online, and initialize all shared disks........................................................ 471 Step 4: File server failover cluster setup............................................................................... 471 4.1 Run through the Cluster Validation Wizard ................................................................. 472 4.2 Address any indicated warnings and/or errors............................................................ 472 4.3 Complete the Create Failover Cluster Wizard............................................................. 472 4.4 Create a cluster storage pool ...................................................................................... 473 4.5 Create the quorum virtual disk .................................................................................... 473 4.6 Create the virtual machine storage virtual disk ........................................................... 474 4.7 Add the virtual machine storage virtual disk to Cluster Shared Volumes ................... 475 4.8 Add folders to the cluster shared volume.................................................................... 475 4.9 Configure Quorum Settings......................................................................................... 476 4.10 Add the Scale-Out File Server for Applications Role ................................................ 476 Step 5: Hyper-V Failover Cluster Setup................................................................................ 476 5.1 Run through the cluster validation wizard ................................................................... 477 5.2 Address any indicated warnings and/or errors............................................................ 477 5.3 Complete the create cluster wizard............................................................................. 477 5.4 Verify cluster quorum configuration and modify as necessary.................................... 478 5.5 Configure Cluster Networks ........................................................................................ 478 Step 6: Configure Share and Hyper-V settings using a Script ............................................. 478 6.1 Create Shares and Configure Hyper-V Settings using a Script .................................. 479 6.2 Configure Kerberos Constrained Delegation .............................................................. 479 Step 7: Cloud validation........................................................................................................ 479 7.1 Create the TenentNetSwitch ....................................................................................... 480 7.2 Create a new virtual machine...................................................................................... 480 7.3 Test network connectivity from the virtual machine .................................................... 481 7.4 Perform a live migration .............................................................................................. 481 7.5 Perform a quick migration ........................................................................................... 482 Building Your Cloud Infrastructure: Converged Data Center without Dedicated Storage Nodes 482 Design Considerations and Requirements for the Converged Data Center without Dedicated Storage Node Pattern ........................................................................................................... 483 Networking............................................................................................................................ 483 Storage ................................................................................................................................. 483 6. Compute ............................................................................................................................... 483 Overview .................................................................................................................................. 484 Install and configure the Converged Data Center without Dedicated Storage Server cloud infrastructure......................................................................................................................... 487 Step 1: Initial node configuration .......................................................................................... 490 1.1 Add appropriate VLANS to the interface ports on the physical switch........................ 491 1.2 Enable BIOS settings required for Hyper-V ................................................................ 491 1.3 Perform a clean operating system installation ............................................................ 491 1.4 Perform post-installation tasks .................................................................................... 491 1.5 Install roles and features using the default settings .................................................... 492 Step 2: Initial network configuration...................................................................................... 493 2.1 Disable unused and disconnected interfaces and rename active connections .......... 493 2.2 Create a converged network adapter team................................................................. 493 2.3 Create the Hyper-V virtual switch and management virtual network adapter............. 494 2.4 Rename the management virtual network adapter (optional) ..................................... 495 2.5 Create additional virtual network adapters and assign VLAN IDs .............................. 495 2.6 Rename virtual network adapters (optional) ............................................................... 495 2.7 Assign static IP addresses to the virtual network adapters......................................... 496 2.8 Configure QoS for different traffic types and configure the default minimum bandwidth for the switch.................................................................................................................. 496 Step 3: Initial storage configuration ...................................................................................... 496 3.1 Present all shared storage to relevant nodes.............................................................. 497 3.2 Install and configure MPIO as necessary for multipath scenarios .............................. 497 3.3 Wipe, bring online, and initialize all shared disks........................................................ 497 Step 4: Failover cluster setup ............................................................................................... 497 4.1 Run through the Cluster Validation Wizard ................................................................. 498 4.2 Address any indicated warnings and/or errors............................................................ 498 4.3 Complete the Create Failover Cluster Wizard............................................................. 498 4.4 Create a clustered storage pool .................................................................................. 499 4.5 Create the quorum virtual disk .................................................................................... 499 4.6 Create the virtual machine storage virtual disk ........................................................... 500 4.7 Add the virtual machine storage virtual disk to Cluster Shared Volumes ................... 501 4.8 Add folders to the cluster shared volume.................................................................... 501 4.9 Configure Quorum Settings......................................................................................... 502 4.10 Configure cluster networks to prioritize traffic ........................................................... 502 Step 5: Configure Hyper-V settings ...................................................................................... 502 5.1 Change default file locations for virtual machine files ................................................. 502 Step 6: Cloud validation........................................................................................................ 503 6.1 Create a new virtual machine...................................................................................... 503 6.2 Test network connectivity from the virtual machine .................................................... 504 6.3 Perform a live migration .............................................................................................. 504 6.4 Perform a quick migration ........................................................................................... 505 7. Dynamic Access Control: Scenario Overview............................................................................. 505 In this scenario ......................................................................................................................... 505 Dynamic Access Control Content Roadmap............................................................................ 506 See also ................................................................................................................................... 514 Scenario: Central Access Policy.................................................................................................. 514 In this scenario ......................................................................................................................... 517 Roles and features included in this scenario ........................................................................... 517 Plan for a Central Access Policy Deployment ............................................................................. 518 Process to map a business request to a central access policy ............................................... 519 Understand and translate business intent ............................................................................ 519 Express access policy in Windows Server 2012 constructs................................................. 519 Determine the user groups, resource properties and claim types........................................ 519 Determine the servers where this policy should be applied to ............................................. 520 Planning Guidelines for Deploying Central Access Policies .................................................... 520 Using Security Groups for Dynamic Access Control................................................................ 520 Using security groups to limit access to data ....................................................................... 520 Using conditional expressions to reduce complexity of security groups .............................. 521 Using User Claims ................................................................................................................ 521 Operations to enable user claims...................................................................................... 522 Enable the domain controllers to provide claims and compound authentication on request .................................................................................................................................... 522 Considerations for using user claims in the file server discretionary ACLs without using Central Access Policies ................................................................................................. 523 Using Device Claims and Device Security Groups............................................................... 523 Considerations for using static device claims ................................................................... 523 Operations to enable device claims .................................................................................. 523 Enable the Windows 8 devices in domain to request claims and compound authentication ............................................................................................................. 523 Enable the Windows 8 devices to request claims and compound authentication using custom policy.............................................................................................................. 524 Enable the Windows 8 device to receive compound authentication.............................. 524 Configuring central access policies with different options........................................................ 525 Configuration 1: Domains providing claims and compound authentication have all Windows Server 2012 DCs............................................................................................................... 525 Configuring forest root DCs............................................................................................... 525 Configuring domains which provide claims and compound authentication....................... 525 Configuring devices to request claims and compound authentication.............................. 526 Configuring resources to receive compound authentication ............................................. 526 Configuration 2: Only user claim-based access control, so file servers retrieve user claims and domains providing claims have Windows Server 2012 domain controllers in all the file server sites ........................................................................................................................ 526 Configuring forest root DCs............................................................................................... 526 8. Configuring domains which provides claims and compound authentication..................... 527 Configuring file servers to request claims on the behalf of users ..................................... 527 Configuration 3: Device-based access control needed, but cannot wait until all domain controllers can be upgraded.............................................................................................. 527 Considerations for using smartcards for Central Access Polices ............................................ 527 Best Practices for Deploying Central Access Policies ............................................................. 528 Delegating of administration for Dynamic Access Control ................................................... 528 Exception Mechanisms for Planning Central Access Policies.............................................. 529 Tools for Deployment ............................................................................................................... 530 Appendix: Deployment Configurations for Central Access Policies......................................... 531 Deploy a Central Access Policy (Demonstration Steps) ............................................................. 532 Set up a test environment ........................................................................................................ 532 Plan: Identify the need for policy and the configuration required for deployment.................... 533 Implement: Configure the components and policy................................................................... 534 Deploy the central access policy.............................................................................................. 540 Maintain: Change and stage the policy.................................................................................... 542 Next Steps................................................................................................................................ 545 Deploy Claims Across Forests .................................................................................................... 545 Claim transformation rules ....................................................................................................... 545 Linking claim transformation policies to forests ....................................................................... 545 In this scenario ......................................................................................................................... 546 Roles and features included in this scenario ........................................................................... 546 Deploy Claims Across Forests (Demonstration Steps) ............................................................... 547 Scenario overview.................................................................................................................... 547 Set up the prerequisites and the test environment .................................................................. 547 Set up claims transformation on trusted forest (Adatum) ........................................................ 548 Create a claims transformation policy in Adatum ................................................................. 549 Set a claims transformation link on Adatums trust domain object ....................................... 549 Set up claims transformation in the trusting forest (Contoso).................................................. 549 Create a claims transformation policy in Contoso ................................................................ 550 Set a claims transformation link on Contosos trust domain object ...................................... 550 Validate the scenario................................................................................................................ 551 Additional scenarios for claims transformation policies ........................................................... 551 See also ................................................................................................................................... 552 Claims Transformation Rules Language ..................................................................................... 553 Tools for authoring claims transformation policies................................................................... 553 Active Directory claims transformation rules language............................................................ 554 Syntax overview.................................................................................................................... 554 Runtime operation................................................................................................................. 554 Special rules semantics ........................................................................................................ 556 9. Security considerations ............................................................................................................ 556 Other language considerations ................................................................................................ 557 Sample transformation rules .................................................................................................... 558 Examples of rules parser errors............................................................................................... 558 Language terminals.................................................................................................................. 560 Language syntax...................................................................................................................... 561 Scenario: File Access Auditing .................................................................................................... 563 In this scenario ......................................................................................................................... 564 Roles and features included in this scenario ........................................................................... 565 Plan for File Access Auditing....................................................................................................... 565 Deploy Security Auditing with Central Audit Policies (Demonstration Steps) ............................. 567 Configure global object access policy...................................................................................... 567 Update Group Policy settings................................................................................................... 568 Verify that the global object access policy has been applied................................................... 569 See also ................................................................................................................................... 569 Scenario: Access-Denied Assistance.......................................................................................... 569 Scenario description................................................................................................................. 570 In this scenario ......................................................................................................................... 570 Practical applications ............................................................................................................... 571 Features included in this scenario............................................................................................ 571 Plan for Access-Denied Assistance............................................................................................. 571 1.1 Determine the access-denied assistance model ............................................................... 572 1.2. Determine who should handle access requests ............................................................... 572 1.3. Customize the access-denied assistance message ......................................................... 572 1.4. Plan for exceptions............................................................................................................ 573 1.5. Determine how access-denied assistance is deployed .................................................... 573 See also ................................................................................................................................... 573 Deploy Access-Denied Assistance (Demonstration Steps) ........................................................ 574 Step 1: Configure access-denied assistance........................................................................... 574 Step 2: Configure the email notification settings...................................................................... 578 Step 3: Verify that access-denied assistance is configured correctly...................................... 578 See also ................................................................................................................................... 579 Scenario: Classification-Based Encryption for Office Documents............................................... 579 Scenario description................................................................................................................. 579 In this scenario ......................................................................................................................... 580 Roles and features included in this scenario ........................................................................... 580 Planning Considerations for Encryption of Office Documents .................................................... 582 Determining files to automatically encrypt ............................................................................... 582 10. Determining the rights policy template to use when encrypting files ....................................... 584 Multi-machine considerations................................................................................................... 585 Dynamic scope using the FolderUsage property.................................................................. 585 Setting management property values................................................................................... 586 Moving configurations between computers .......................................................................... 586 Deploy Encryption of Office Files (Demonstration Steps) ........................................................... 587 Step 1: Enable resource properties.......................................................................................... 587 Step 2: Create classification rules............................................................................................ 588 Step 3: Use file management tasks to automatically protect documents with AD RMS.......... 591 Step 4: View the results ........................................................................................................... 592 Step 5: Verify protection with AD RMS .................................................................................... 593 Scenario: Get Insight into Your Data by Using Classification ..................................................... 593 Scenario description................................................................................................................. 593 In this scenario ......................................................................................................................... 594 Practical applications ............................................................................................................... 594 Features included in this scenario............................................................................................ 594 Plan for Automatic File Classification .......................................................................................... 594 1.1. Identify what information to classify in your environment ................................................. 595 1.2. Identify how to classify files............................................................................................... 595 1.3. Considerations for multiple computers.............................................................................. 596 See also ................................................................................................................................... 596 Deploy Automatic File Classification (Demonstration Steps) ...................................................... 596 Step 1: Create resource property definitions ........................................................................... 597 Step 2: Create a string content classification rule.................................................................... 597 Step 3: Create a regular expression content classification rule............................................... 599 Step 4: Verify that the files are classified correctly .................................................................. 600 See also ................................................................................................................................... 600 Set up Manual File Classification ................................................................................................ 600 Create Resource Properties..................................................................................................... 601 Set Group Policy Settings for Manual File Classification......................................................... 601 Classify files and folders manually........................................................................................... 602 Classification properties lists.................................................................................................... 602 Scenario: Implement Retention of Information on File Servers................................................... 603 Scenario description................................................................................................................. 603 In this scenario ......................................................................................................................... 603 Features included in this scenario............................................................................................ 603 Plan for Retention of Information on File Servers ....................................................................... 604 1.1. Determine the retention schedule ..................................................................................... 604 11. 1.2. Identify files to be retained ................................................................................................ 605 1.3 Considerations for multiple computers............................................................................... 605 See also ................................................................................................................................... 605 Deploy Implementing Retention of Information on File Servers (Demonstration Steps)............. 605 Prerequisites ............................................................................................................................ 606 Step 1: Create resource property definitions ........................................................................... 606 Step 2: Configure notifications ................................................................................................. 606 Step 3: Create a file management task.................................................................................... 607 Step 4: Classify a file manually ................................................................................................ 609 See also ................................................................................................................................... 609 Appendix A: Dynamic Access Control Glossary.......................................................................... 609 See Also................................................................................................................................... 612 Appendix B: Setting Up the Test Environment ............................................................................ 612 Prerequisites ............................................................................................................................ 612 Build the test lab virtual machines............................................................................................ 613 Install the Hyper-V role ......................................................................................................... 613 Create an internal virtual network ......................................................................................... 613 Build the domain controller ................................................................................................... 613 Build the file server and AD RMS server (FILE1) ................................................................. 616 Install File Services Resource Manager............................................................................ 616 Install the Microsoft Office Filter Packs on the file server ................................................. 616 Configure email notifications on FILE1.............................................................................. 617 Create groups on FILE1 .................................................................................................... 617 Create files and folders on FILE1...................................................................................... 617 Install Active Directory Rights Management Services....................................................... 618 Build the mail server (SRV1) ................................................................................................ 623 Build the client virtual machine (CLIENT1)........................................................................... 623 Lab setup for deploying claims across forests scenario .......................................................... 624 Build a virtual machine for DC2 ............................................................................................ 624 Set up a new forest called adatum.com ............................................................................... 624 Set contoso.com as a trusting forest to adatum.com ........................................................... 625 Create additional users in the Adatum forest ....................................................................... 626 Create the Company claim type on adataum.com ............................................................... 626 Enable the Company resource property on contoso.com .................................................... 627 Enable Dynamic Access Control on adatum.com ................................................................ 627 Create the Company claim type on contoso.com................................................................. 628 Create the central access rule .............................................................................................. 628 Create the central access policy........................................................................................... 629 Publish the new policy through Group Policy ....................................................................... 629 Create the Earnings folder on the file server ........................................................................ 630 Set classification and apply the central access policy on the Earnings folder ..................... 630 12. Hosting-Friendly Web Server Platform (IIS): Scenario Overview................................................ 631 Scenario Description ................................................................................................................ 631 Web Server Scenarios ............................................................................................................. 631 Practical Applications ............................................................................................................... 632 See Also................................................................................................................................... 633 Build a Static Website on IIS ....................................................................................................... 633 Prerequisites ............................................................................................................................ 634 Step 1: Install the IIS Web Server............................................................................................ 634 Step 2: Add a Website ............................................................................................................. 635 Step 3: Configure Anonymous Authentication ......................................................................... 637 Step 4: Configure the Default Documents ............................................................................... 638 Step 5: Configure Static Content Compression ....................................................................... 638 Next Steps................................................................................................................................ 639 See also ................................................................................................................................... 639 Configure Request Filtering in IIS................................................................................................ 640 Prerequisites ............................................................................................................................ 640 General Request Filter Settings ............................................................................................... 640 File Name Extensions .............................................................................................................. 642 Filtering Rules .......................................................................................................................... 643 Hidden Segments..................................................................................................................... 644 URL Filtering ............................................................................................................................ 644 HTTP Verbs.............................................................................................................................. 645 Header Size Limits ................................................................................................................... 646 Query Strings ........................................................................................................................... 646 Request Filter Logging ............................................................................................................. 646 See Also................................................................................................................................... 647 Configure Logging in IIS .............................................................................................................. 647 Prerequisites ............................................................................................................................ 648 Configure Logging at the Site Level......................................................................................... 648 Configure Per-site Logging at the Server Level....................................................................... 650 Configure Per-server Logging at the Server Level................................................................... 650 Select W3C Fields to Log......................................................................................................... 650 Configure Log File Rollover Options ........................................................................................ 651 See Also................................................................................................................................... 652 Build a Classic ASP Website on IIS ............................................................................................ 652 Prerequisites ............................................................................................................................ 653 Step 1: Install the IIS Web Server............................................................................................ 653 Step 2: Add a Classic ASP Website......................................................................................... 655 Step 3: Edit ASP Application Settings...................................................................................... 656 Next Steps................................................................................................................................ 663 13. See also ................................................................................................................................... 663 Build an ASP.NET Website on IIS............................................................................................... 663 Scenario Description ................................................................................................................ 663 In This Scenario ....................................................................................................................... 664 Practical Applications ............................................................................................................... 664 Software Requirements............................................................................................................ 664 See Also................................................................................................................................... 664 Plan an ASP.NET Website on IIS................................................................................................ 665 Step 1: Plan IIS Web Server and ASP.NET Modules Installation ............................................... 665 1.1. Plan to Install IIS and ASP.NET Modules ......................................................................... 666 1.2. Plan to Add the ASP.NET Application .............................................................................. 666 See Also................................................................................................................................... 666 Step 2: Plan ASP.NET Settings................................................................................................... 667 2.1. Session State Settings ...................................................................................................... 667 Store session state in process.............................................................................................. 667 Store session state by using state server............................................................................. 668 Store session state by using SQL server ............................................................................. 669 Cookie mode for session state ............................................................................................. 669 2.2. Pages and Controls Settings............................................................................................. 671 2.3. Application Settings........................................................................................................... 671 2.4. .NET Compilation Settings................................................................................................ 672 2.5. .NET Globalization Settings .............................................................................................. 672 Step 3: Plan Data Source Settings.............................................................................................. 673 3.1. Data source connection strings......................................................................................... 673 3.2. ASP.NET providers ........................................................................................................... 673 3.3. .NET profiles...................................................................................................................... 674 3.4. .NET roles ......................................................................................................................... 675 3.5. .NET users ........................................................................................................................ 675 Step 4: Plan Application Security ................................................................................................ 675 4.1. Isolate Web Applications................................................................................................... 676 4.2. .NET Trust Levels ............................................................................................................. 676 4.3. .NET Authentication .......................................................................................................... 677 ASP.NET Forms Authentication ........................................................................................... 677 Forms authentication basics.............................................................................................. 678 Authentication cookies ...................................................................................................... 678 ASP.NET Impersonation Authentication............................................................................... 680 4.4. Machine Key Settings ....................................................................................................... 681 4.5. TLS/SSL Communication.................................................................................................. 681 Server Certificates ................................................................................................................ 682 14. SSL Binding .......................................................................................................................... 682 Require SSL for Your Site .................................................................................................... 683 Client Certificates.................................................................................................................. 683 Configure an ASP.NET Website on IIS ....................................................................................... 683 Step 1: Install IIS and ASP.NET Modules ................................................................................... 684 Installing IIS and ASP.NET Modules........................................................................................ 684 Adding the ASP.NET Application............................................................................................. 686 See Also................................................................................................................................... 687 Step 2: Configure ASP.NET Settings .......................................................................................... 687 2.1. Session State Settings ...................................................................................................... 688 Store Session State in Process ............................................................................................ 688 Store Session State by using State Server .......................................................................... 689 Store Session State by using SQL Server............................................................................ 690 Cookie Mode for Session State ............................................................................................ 692 2.2. Pages and Controls Settings............................................................................................. 694 Edit Pages and Controls ....................................................................................................... 694 Add a Custom Control .......................................................................................................... 694 2.3. Application Settings........................................................................................................... 695 2.4. .NET Compilation Settings................................................................................................ 696 2.5. .NET Globalization Settings .............................................................................................. 698 Step 3: Configure Data Source Settings ..................................................................................... 700 3.1. Data Source Connection Strings....................................................................................... 700 3.2. ASP.NET Providers........................................................................................................... 701 3.3. .NET Profiles ..................................................................................................................... 704 3.4. .NET Roles........................................................................................................................ 706 3.5. .NET Users........................................................................................................................ 707 Step 4: Configure Application Security........................................................................................ 707 4.1. Isolate Web Applications................................................................................................... 708 4.1. .NET Trust Levels ............................................................................................................. 709 4.2. .NET Authentication .......................................................................................................... 709 ASP.NET Forms Authentication ........................................................................................... 710 ASP.NET Impersonation Authentication............................................................................... 712 4.3. Machine Key Settings ....................................................................................................... 714 4.4. TLS/SSL Communication.................................................................................................. 714 SSL Binding .......................................................................................................................... 714 Require SSL for Your Site .................................................................................................... 715 Client Certificates.................................................................................................................. 716 Build an FTP Site on IIS .............................................................................................................. 717 Prerequisites ............................................................................................................................ 717 15. Step 1: Install FTP on an Existing IIS Web Server .................................................................. 718 Step 2: Add an FTP Site .......................................................................................................... 718 Step 3: Configure FTP Site Defaults........................................................................................ 720 Step 4: Configure Firewall Support .......................................................................................... 721 Step 5: Configure User Isolation .............................................................................................. 722 Step 6: Configure Directory Browsing Options ........................................................................ 723 Step 7: Configure Logon Attempt Restrictions......................................................................... 724 Step 8: Configure Request Filtering......................................................................................... 724 Step 9: Configure FTP Logging................................................................................................ 725 Step 10: Configure FTP Messages.......................................................................................... 725 See Also................................................................................................................................... 726 Build a PHP Website on IIS......................................................................................................... 727 Scenario Description ................................................................................................................ 727 In This Scenario ....................................................................................................................... 727 Practical Applications ............................................................................................................... 727 Software Requirements............................................................................................................ 728 See Also................................................................................................................................... 728 Plan a PHP Website on IIS.......................................................................................................... 728 Step 1: Plan IIS Web Server and PHP Installation...................................................................... 729 1.1. Plan to Install IIS ............................................................................................................... 729 1.2. Plan to Download and Install PHP .................................................................................... 729 1.3. Plan to Add a PHP Application.......................................................................................... 730 See Also................................................................................................................................... 730 Step 2: Plan PHP Settings........................................................................................................... 730 2.1. Plan WinCache Configuration........................................................................................... 731 2.2. Plan Other PHP Settings................................................................................................... 731 Required Settings ................................................................................................................. 731 Optional Settings................................................................................................................... 732 2.3 Plan PHP Extensions ......................................................................................................... 733 See Also................................................................................................................................... 734 Step 3: Plan PHP Application Security........................................................................................ 734 3.1. PHP Configuration Settings for Security........................................................................... 734 Disable File Handling for Remote URLs............................................................................... 734 Disable Register_Globals ..................................................................................................... 735 Restrict File System Read/Write........................................................................................... 735 Disable Safe Mode................................................................................................................ 735 Limit Script Execution Time .................................................................................................. 735 Limit Memory Usage and File Size....................................................................................... 735 Configure Error Logging ....................................................................................................... 736 Enable FastCGI Impersonation ............................................................................................ 736 16. Disable FastCGI Logging...................................................................................................... 736 Hide PHP Presence.............................................................................................................. 736 3.2. Web Server and PHP Application Security....................................................................... 736 Isolate Web Applications ...................................................................................................... 736 Enable Per-site PHP Configuration ...................................................................................... 737 Use Request Filtering ........................................................................................................... 737 See Also................................................................................................................................... 737 Configure a PHP Website on IIS ................................................................................................. 737 Step 1: Install IIS and PHP .......................................................................................................... 738 1.1. Install IIS............................................................................................................................ 738 1.2 Install PHP by using Web PI .............................................................................................. 739 1.3. Download and Install PHP Manually................................................................................. 740 1.4. Add Your PHP Application ................................................................................................ 741 See Also................................................................................................................................... 742 Step 2: Configure PHP Settings .................................................................................................. 742 2.1. Configure WinCache ......................................................................................................... 743 2.2. Configure Other PHP Settings .......................................................................................... 743 2.3 Configure PHP Extensions................................................................................................. 744 See Also................................................................................................................................... 744 Step 3: Configure PHP Application Security ............................................................................... 744 3.1. Configure PHP Settings for Security................................................................................. 744 3.2. Configure Web Server and PHP Application Security ...................................................... 745 Isolate Web Applications ...................................................................................................... 745 Enable Per-site PHP Configuration ...................................................................................... 746 Per-site PHP Process Pools.............................................................................................. 746 Specifying Php.ini Location ............................................................................................... 747 Use Request Filtering ........................................................................................................... 748 See Also................................................................................................................................... 748 Build a Web Farm with IIS Servers.............................................................................................. 749 Scenario Description ................................................................................................................ 749 In This Scenario ....................................................................................................................... 749 Practical Applications ............................................................................................................... 750 Software Requirements............................................................................................................ 750 See Also................................................................................................................................... 750 Plan a Web Farm with IIS Servers .............................................................................................. 750 Step 1: Plan IIS Web Farm Infrastructure ................................................................................... 751 1.1. Decide on Web Farm Infrastructure.................................................................................. 751 Local Content Infrastructure ................................................................................................. 751 17. Shared Network Content Infrastructure ................................................................................ 752 The Infrastructure Chosen for This Scenario........................................................................ 752 1.2. Use ARR for Load Balancing ............................................................................................ 753 1.3. Start with a Functional Website......................................................................................... 753 See Also................................................................................................................................... 753 Step 2: Plan IIS Web Farm Configuration ................................................................................... 753 2.1. Plan for Shared Content.................................................................................................... 754 2.2. Plan for Shared Configuration........................................................................................... 754 2.3 Plan to Add Web Servers................................................................................................... 754 See Also................................................................................................................................... 754 Step 3: Plan IIS Web Farm Load Balancing................................................................................ 755 3.1. Plan Load Balancing with ARR ......................................................................................... 755 3.2. Survey Other Features of ARR ......................................................................................... 755 See Also................................................................................................................................... 757 Step 4: Plan SSL Central Certificate Store.................................................................................. 758 4.1. Introduction to Centralized Certificates ............................................................................. 758 4.2 Plan a Central Certificate Store.......................................................................................... 758 See Also................................................................................................................................... 758 Step 5: Plan Application Deployment .......................................................................................... 759 5.1. Deploy Websites with FTP................................................................................................ 759 5.2 Deploy Web Applications with Web Deploy ....................................................................... 759 See Also................................................................................................................................... 760 Configure a Web Farm with IIS Servers...................................................................................... 760 Step 1: Install IIS Web Farm Infrastructure ................................................................................. 760 1.1. Install IIS with Appropriate Modules.................................................................................. 761 1.2 Install ARR for Load Balancing .......................................................................................... 762 1.3 Set up Your Website on One Web Server ......................................................................... 763 See Also................................................................................................................................... 763 Step 2: Configure IIS Web Farm Servers.................................................................................... 763 2.1. Prepare Your Back-end File Server .................................................................................. 763 2.2. Configure Shared Content ................................................................................................ 764 2.3. Set up Shared Configuration............................................................................................. 765 2.4. Add Web Servers to Your Farm........................................................................................ 765 See Also................................................................................................................................... 766 Step 3: Configure IIS Web Farm Load Balancing ....................................................................... 766 3.1. Create a Server Farm with ARR ....................................................................................... 767 3.2. Configure Load Balancing with ARR................................................................................. 767 3.3. Change Application Pool Settings..................................................................................... 767 18. See Also................................................................................................................................... 768 Step 4: Configure SSL Central Certificate Store ......................................................................... 768 4.1. Configure a Central Certificate Store ................................................................................ 768 See Also................................................................................................................................... 769 Step 5: Configure Application Deployment.................................................................................. 769 5.1. Install and Configure FTP for Your Web Farm.................................................................. 769 5.2. Install and Test Web Deploy for Your Web Farm ............................................................. 771 5.3. Where do I go from here? ................................................................................................. 772 See Also................................................................................................................................... 773 Increasing Server, Storage, and Network Availability: Scenario Overview................................. 773 In this scenario ......................................................................................................................... 774 See also ................................................................................................................................... 774 Deploying Fast and Efficient File Servers for Server Applications .............................................. 775 Overview .................................................................................................................................. 775 Requirements and recommendations ...................................................................................... 775 SMB Direct............................................................................................................................ 775 SMB Multichannel................................................................................................................. 776 Install the required roles, role services, and features .............................................................. 776 Step-by-step instructions.......................................................................................................... 776 Step 1: Verify the basic network configuration ..................................................................... 777 Step 2: Configure a failover cluster....................................................................................... 777 Step 3: Configure the networks for the failover cluster......................................................... 777 Step 4: Configure a Scale-out File Server ............................................................................ 778 Step 5: Verify each file server name has two addresses...................................................... 778 Step 6: Configure a Hyper-V or Microsoft SQL Server client ............................................... 779 Step 7: Verify servers are using SMB Multichannel and SMB Direct ................................... 779 Step 8: Monitor file shares using Performance Counters..................................................... 779 See also ................................................................................................................................... 780 Scale-Out File Server for Application Data Overview.................................................................. 780 Scenario description................................................................................................................. 780 In this scenario ......................................................................................................................... 781 When to use Scale-Out File Server.......................................................................................... 782 Practical applications ............................................................................................................... 784 Features included in this scenario............................................................................................ 784 Plan for Scale-Out File Server.

Education

Winserver 2012 R2 and Winserver 2012.Technet