Windows Server 2012 On Premises Servers Today everything seems to be about the cloud, cloud computing and saving it to the cloud. We even see applications as a service, rent an app when needed, turn it off when you don’t. With Everyone moving to the cloud, why do I need to deploy Windows Server 2012 locally? The answer to this question is a hot topic among System and Network Administrators. If the Data pipe between the cloud and the local area network is compromised business can be disrupted or hacked. Security and High Availability MUST be considered when deploying a server in production. Not every service and application used daily should be hosted in the cloud. Locally-deployed servers still will continue to be the backbone of an organizational network for the foreseeable future. Because of this Windows Server 2012 was designed for cloud computing, private and public, as well as maintaining the traditional local on premise solution. No one solution can fit all the possibilities so several versions of the Windows Server 2012 have been developed. Each edition with its strengths, depending on the situation.

vs. Windows Server 2012 C L O U D SaaS On Premises Servers On Premise Server Today everything seems to be about the cloud, cloud computing and saving it to the cloud. We even see applications as a service, rent an app when needed, turn it off when you don’t. With Everyone moving to the cloud, why do I need to deploy Windows Server 2012 locally? The answer to this question is a hot topic among System and Network Administrators. If the Data pipe between the cloud and the local area network is compromised business can be disrupted or hacked. Security and High Availability MUST be considered when deploying a server in production. Not every service and application used daily should be hosted in the cloud. Locally-deployed servers still will continue to be the backbone of an organizational network for the foreseeable future. Because of this Windows Server 2012 was designed for cloud computing, private and public, as well as maintaining the traditional local on premise solution. No one solution can fit all the possibilities so several versions of the Windows Server 2012 have been developed. Each edition with its strengths, depending on the situation.

Windows Server 2012 What is Cloud Computing? So what is Cloud Computing. When we say Cloud we refer to “not on premise”, i.e. not on the LAN. If we are hosting a production environment off site, handling Backup and Disaster Recovery options for the LAN, or just supplying offsite data storage the data path is leaving the local environment. This is cloud computing. It can be owned and operated by our company, this is call a “Private Cloud”. Private clouds are cloud infrastructure that is dedicated to a single organization. Private clouds may be hosted by the organization itself, or may be hosted by a cloud services provider who ensures that the cloud services are not shared with any other organization. Or we can purchase services from a third party, this is a “Public Cloud”. A public cloud is a cloud service that is hosted by a cloud services provider, and is made available for public use. The most common forms of cloud computing are: ·         Infrastructure as a Service (IaaS). With this form of cloud computing, you run a full virtual machine or completely hosted site in the cloud. The cloud hosting provider manages the hypervisor platform, and you manage the virtual machine that runs on the cloud provider’s infrastructure. Windows Azure™ Compute is an example of IaaS. You can run Windows Server 2012 as a virtual machine in an IaaS cloud, or the operating system can be the host to the virtual machines in an IaaS cloud. Windows Server 2012 has many improvements with it’s Hyper-V solution. ·         Platform as a Service (PaaS). With PaaS, the cloud hosting provider provisions you with a particular platform. For example, a provider may allow you to host databases. You manage the database itself, and the cloud hosting provider hosts the database server. SQL Azure™ is an example of Platform as a Service. ·         Software as a Service (SaaS). The cloud hosting provider hosts your application and the entire infrastructure that supports that application. You purchase and run a software application from a cloud hosting provider. Windows InTune™ and Microsoft Office 365 are examples of SaaS.

Windows Server 2012 host built consume “SaaS” “IaaS” “PaaS” What is Cloud Computing? “SaaS” “IaaS” “PaaS” Infrastructure-as-a-Service host Platform-as-a-Service built Software-as-a-Service consume So what is Cloud Computing. When we say Cloud we refer to “not on premise”, i.e. not on the LAN. If we are hosting a production environment off site, handling Backup and Disaster Recovery options for the LAN, or just supplying offsite data storage the data path is leaving the local environment. This is cloud computing. It can be owned and operated by our company, this is call a “Private Cloud”. Private clouds are cloud infrastructure that is dedicated to a single organization. Private clouds may be hosted by the organization itself, or may be hosted by a cloud services provider who ensures that the cloud services are not shared with any other organization. Or we can purchase services from a third party, this is a “Public Cloud”. A public cloud is a cloud service that is hosted by a cloud services provider, and is made available for public use. The most common forms of cloud computing are: ·         Infrastructure as a Service (IaaS). With this form of cloud computing, you run a full virtual machine or completely hosted site in the cloud. The cloud hosting provider manages the hypervisor platform, and you manage the virtual machine that runs on the cloud provider’s infrastructure. Windows Azure™ Compute is an example of IaaS. You can run Windows Server 2012 as a virtual machine in an IaaS cloud, or the operating system can be the host to the virtual machines in an IaaS cloud. Windows Server 2012 has many improvements with it’s Hyper-V solution. ·         Platform as a Service (PaaS). With PaaS, the cloud hosting provider provisions you with a particular platform. For example, a provider may allow you to host databases. You manage the database itself, and the cloud hosting provider hosts the database server. SQL Azure™ is an example of Platform as a Service. ·         Software as a Service (SaaS). The cloud hosting provider hosts your application and the entire infrastructure that supports that application. You purchase and run a software application from a cloud hosting provider. Windows InTune™ and Microsoft Office 365 are examples of SaaS.

Domain Controllers What Are Active Directory Domain Services Domains? All of these logical objects are stored in the AD DS database, and a copy of this database is stored on every domain controller in the AD DS domain. There are several types of objects that can be stored in the AD DS database, including user and domain‑joined computer accounts, which can be organized in groups, for administrative or security reasons. The AD DS domain provides an authentication center. All user accounts and computer accounts in the domain are stored in the domain database, and users and computers must connect to a domain controller to authenticate. An AD DS domain is an administrative center. It contains an Administrator account and a Domain Admins group, which both have full control over every object in the domain. Unless they are in the forest root domain, however, their range of control is limited to the domain. The AD DS domain is also a replication boundary. When changes are made to any object in the domain, that change is replicated automatically to all other domain controllers in the domain.

Domain Controllers What Are Active Directory Domain Services Domains? Global Catalog Server User RODC Data Store All of these logical objects are stored in the AD DS database, and a copy of this database is stored on every domain controller in the AD DS domain. There are several types of objects that can be stored in the AD DS database, including user and domain‑joined computer accounts, which can be organized in groups, for administrative or security reasons. The AD DS domain provides an authentication center. All user accounts and computer accounts in the domain are stored in the domain database, and users and computers must connect to a domain controller to authenticate. An AD DS domain is an administrative center. It contains an Administrator account and a Domain Admins group, which both have full control over every object in the domain. Unless they are in the forest root domain, however, their range of control is limited to the domain. The AD DS domain is also a replication boundary. When changes are made to any object in the domain, that change is replicated automatically to all other domain controllers in the domain.

Domain Controllers AD DS Domains The Forest is logically organized into Domains, Domain Trees and Organizational Units To efficiently apply rules you need a logical structure. AD DS has a hierarchical structure logically shaped like a pyramid. The blocks that make up the pyramid have a broad base that responsible to the layer above until the last block is at the top. This shape is called a forest. The forest is made up of Domain Trees with each tree comprised of the main building blocks, the domains. Each domain can be further organized internally with Organization Units. These OUs, as the name suggests allow us to divide up the domain structure of Computers, Users, and Groups for better control.

Domain Controllers AD DS Domains Logical Structure The Forest is logically organized into Domains, Domain Trees and Organizational Units Domain Domains Organizational Units Trees and Forests Domain OU Domain OU OU Domain Domain Domain Domain To efficiently apply rules you need a logical structure. AD DS has a hierarchical structure logically shaped like a pyramid. The blocks that make up the pyramid have a broad base that responsible to the layer above until the last block is at the top. This shape is called a forest. The forest is made up of Domain Trees with each tree comprised of the main building blocks, the domains. Each domain can be further organized internally with Organization Units. These OUs, as the name suggests allow us to divide up the domain structure of Computers, Users, and Groups for better control.

Domain Controllers There are several designs, depending on your organizations business structure, for Active Directory Domain Services but the key physical component to Active Directory Domain Services is the Active Directory Domain Controller. The domain controllers in your network are the centerpiece of your Active Directory service. All DCs in a forest are connected so the replication of AD DS data can be synchronized though out the Forest. They each contain a exact copy of the Schema, which is the description of what objects make up the unique structure of the AD DS. They each contain a exact copy of the domain structure for their unique Domain. Abbreviated as DC, domain controller is a server on a Microsoft Windows Server 2012 network that is responsible for allowing host access to Windows domain resources. It stores user account information, authenticates users and enforces security policy for a Windows domain. When we install AD Domain Services we create or extend an Active Directory Domain. When we install the AD Domain Controller service we take control over that portion of the AD DS. The original DC becomes the “Root” and hosts the “Schema” and its “Global Catalog.” The Global Catalog list all the object created in Active Directory and a partial set of attributes.

Domain Controllers Root Domain Domain Controllers Sub Domain Switch Switch Domain Clients Computer 1 Computer 2 Computer 3 Domain Clients Computer 1 Computer 2 Computer 3 Domain Clients Network Printer Computer 4 Printer Domain Clients Network Printer Computer 4 Printer There are several designs, depending on your organizations business structure, for Active Directory Domain Services but the key physical component to Active Directory Domain Services is the Active Directory Domain Controller. The domain controllers in your network are the centerpiece of your Active Directory service. All DCs in a forest are connected so the replication of AD DS data can be synchronized though out the Forest. They each contain a exact copy of the Schema, which is the description of what objects make up the unique structure of the AD DS. They each contain a exact copy of the domain structure for their unique Domain. Abbreviated as DC, domain controller is a server on a Microsoft Windows Server 2012 network that is responsible for allowing host access to Windows domain resources. It stores user account information, authenticates users and enforces security policy for a Windows domain. When we install AD Domain Services we create or extend an Active Directory Domain. When we install the AD Domain Controller service we take control over that portion of the AD DS. The original DC becomes the “Root” and hosts the “Schema” and its “Global Catalog.” The Global Catalog list all the object created in Active Directory and a partial set of attributes.

Managing DNS Zones Active Directory–Integrated Zones A DNS server can store zone data in the AD DS database provided that the DNS server is an Active Directory–Integrated DNS server residing on a AD DS domain controller. When the DNS server stores zone data in this way, this creates an Active Directory–integrated zone. The benefits of an Active Directory–integrated zone are significant. We use Multimaster Replication for updates. Unlike standard primary zones —which can only be modified by a single primary server—Active Directory–integrated zones can be written to by any writable domain controller to which the zone is replicated. In addition, Multimaster updates are particularly important in geographically distributed organizations that use dynamic update zones. The DNS zone data is handled with AD DS replication. One of the characteristics of Active Directory replication is attribute-level replication in which only changed attributes are replicated rather than replicating the entire zone file as in traditional DNS zone transfer models. An Active Directory–integrated zone can enforce secure dynamic updates. And we have Granular security model. As with other Active Directory objects, an Active Directory-integrated zone allows you to delegate administration of zones, domains, and resource records by modifying the access control list (ACL) on the zone.

Managing DNS Zones Active Directory–Integrated Zones contoso.com ZONE hqdc01 filesvr01 desktop101 ZONE A DNS server can store zone data in the AD DS database provided that the DNS server is an Active Directory–Integrated DNS server residing on a AD DS domain controller. When the DNS server stores zone data in this way, this creates an Active Directory–integrated zone. The benefits of an Active Directory–integrated zone are significant. We use Multimaster Replication for updates. Unlike standard primary zones —which can only be modified by a single primary server—Active Directory–integrated zones can be written to by any writable domain controller to which the zone is replicated. In addition, Multimaster updates are particularly important in geographically distributed organizations that use dynamic update zones. The DNS zone data is handled with AD DS replication. One of the characteristics of Active Directory replication is attribute-level replication in which only changed attributes are replicated rather than replicating the entire zone file as in traditional DNS zone transfer models. An Active Directory–integrated zone can enforce secure dynamic updates. And we have Granular security model. As with other Active Directory objects, an Active Directory-integrated zone allows you to delegate administration of zones, domains, and resource records by modifying the access control list (ACL) on the zone.

Group Policy Processing Once we have created and edited a GPO we use the GPMC to link the GPO to the desired container. Until the GPO in Linked to a container it does not effect the container. Once Linked it saves a GPO template in the Sysvol Partition to be copied to each Client as they boot up or refresh their copy of the Sysvol. This GPO template is applied to the client is a specific order. GPOs are not applied simultaneously; rather, they are applied in a logical order. GPOs that are applied later in the process of applying GPOs overwrite any conflicting policy settings that were applied earlier. GPOs are applied in the following order: As the local machine boots it’s Local GPOs is applied Each operating system that is running Windows 2000 or newer potentially already has a local Group Policy configured. Once these policy setting are active the computer will look for Site GPOs. Setting for the computers OS site membership will over write any conflict with the local GPO. Now the Computer will look for Domain GPOs. Again the matching process takes place the Domain GPOs are overlaid on the combination Local and Site settings. Any conflict will be overwritten by the Domain setting. There are often multiple polices at the domain level. These policies are processed in order of preference. Then we move to the OUs. These policies contain settings that are unique to the objects in that OU. For example, the Sales users might have special required settings. You can link a policy to the Sales OU to deliver those settings. If there is a conflict the OU being applied last will win out. If we have nested or “Child OU” policies that are linked to child OUs these are processed last. Again, GPOs in the containers receive the cumulative effect of all polices in their processing order. In the case of a conflict between settings, the last policy applied takes effect. If there is a policy that is absolutely got to be, we can apply an “Enforced” tag with the GPMC and subsequent GPOs will not override this setting.

Group Policy Processing GPO 1 xxx Local Group GPO 2 xxx SITE GPO 3 xxx DOMAIN GPO 4 xxx OU Once we have created and edited a GPO we use the GPMC to link the GPO to the desired container. Until the GPO in Linked to a container it does not effect the container. Once Linked it saves a GPO template in the Sysvol Partition to be copied to each Client as they boot up or refresh their copy of the Sysvol. This GPO template is applied to the client is a specific order. GPOs are not applied simultaneously; rather, they are applied in a logical order. GPOs that are applied later in the process of applying GPOs overwrite any conflicting policy settings that were applied earlier. GPOs are applied in the following order: As the local machine boots it’s Local GPOs is applied Each operating system that is running Windows 2000 or newer potentially already has a local Group Policy configured. Once these policy setting are active the computer will look for Site GPOs. Setting for the computers OS site membership will over write any conflict with the local GPO. Now the Computer will look for Domain GPOs. Again the matching process takes place the Domain GPOs are overlaid on the combination Local and Site settings. Any conflict will be overwritten by the Domain setting. There are often multiple polices at the domain level. These policies are processed in order of preference. Then we move to the OUs. These policies contain settings that are unique to the objects in that OU. For example, the Sales users might have special required settings. You can link a policy to the Sales OU to deliver those settings. If there is a conflict the OU being applied last will win out. If we have nested or “Child OU” policies that are linked to child OUs these are processed last. Again, GPOs in the containers receive the cumulative effect of all polices in their processing order. In the case of a conflict between settings, the last policy applied takes effect. If there is a policy that is absolutely got to be, we can apply an “Enforced” tag with the GPMC and subsequent GPOs will not override this setting. OU OU

Virtualization Technologies Server virtualization has only been a part of the Windows Server® operating system since the release of Windows Server 2008 and the introduction of the Hyper-V® role. To use Server Virtualization more efficiently server administrators need to be able to decide which server workloads will run effectively in virtual machines, and which server workloads must remain deployed in a more traditional server environment. Here we look at the Hyper-V role in Windows Server 2012, the components of the role, how best to deploy the role, and the new features of the Hyper-V role that are introduced with Windows Server 2012. You can deploy many different types of virtualization technologies on networks where Windows® operating systems are deployed. The types of virtualization technologies that you select depends on what your organization needs to accomplish.

Virtualization Technologies Physical Servers Virtual Host Server virtualization has only been a part of the Windows Server® operating system since the release of Windows Server 2008 and the introduction of the Hyper-V® role. To use Server Virtualization more efficiently server administrators need to be able to decide which server workloads will run effectively in virtual machines, and which server workloads must remain deployed in a more traditional server environment. Here we look at the Hyper-V role in Windows Server 2012, the components of the role, how best to deploy the role, and the new features of the Hyper-V role that are introduced with Windows Server 2012. You can deploy many different types of virtualization technologies on networks where Windows® operating systems are deployed. The types of virtualization technologies that you select depends on what your organization needs to accomplish. Virtual Guests

Managing Virtual Networks Hyper-V provides several different options for network communication between virtual machines. You can configure virtual machines that communicate with an external network in a manner similar to traditionally deployed physical hosts. You can configure virtual machines to communicate only with a limited number of other virtual machines that are hosted on the same server. Hyper-V Network Virtualization makes it possible for you to isolate virtual machines that share the same physical server. Creating Vlans on the Virtual network. To do this we need a switch. Hyper–V virtual hardware now includes a virtual switch, a virtual version of a network switch. (The term virtual network, which was used in Windows Server 2008, has been replaced by the term virtual switch in Windows Server 2012.) Virtual switches control how network traffic flows between virtual machines that are hosted on the virtualization server, and between virtual machines and the rest of the organizational network. You manage virtual switches through the Virtual Switch Manager, which is accessible through the Actions pane of the Hyper-V Manager console. Hyper-V on Windows Server 2012 supports three different types of virtual switches: External. This type of switch maps a network to a specific network adapter or network adapter team. Windows Server 2012 supports mapping an external network to a wireless network adapter if you have installed the wireless local area network (LAN) service on the virtualization server, and if the virtualization server has a compatible adapter. Internal. Internal virtual switches communicate between the virtual machines on the virtualization server, and between the virtual machines and the virtualization server itself. Private. Private switches communicate only between virtual machines on the virtualization server. You cannot use private switches to communicate between the virtual machines and the virtualization server itself. When configuring a virtual network, you can also configure a virtual LAN (VLAN) ID to be associated with the network. This allows you to extend existing VLANs on the external network to VLANs within the virtualization server's network switch. VLANs allow you to partition network traffic, and they function as separate logical networks. Traffic can only pass from one VLAN to another if it passes through a router. You can configure the following extensions for each virtual switch type: ·         Microsoft NDIS Capture. This extension allows data that is travelling across the virtual switch to be captured. ·         Microsoft Windows Filtering Platform. This extension allows data that is travelling across the virtual switch to be filtered.

Managing Virtual Networks Hyper-V Virtual Machine Virtual Application Virtual network adapter Hyper –V Extensible Switch Physical Network Adapter Hyper-V Extensible Switch Virtual Switch VMNET Virtual Management OS NICs Management vNIC VLAN ID 10 TCP/IP Hyper-V provides several different options for network communication between virtual machines. You can configure virtual machines that communicate with an external network in a manner similar to traditionally deployed physical hosts. You can configure virtual machines to communicate only with a limited number of other virtual machines that are hosted on the same server. Hyper-V Network Virtualization makes it possible for you to isolate virtual machines that share the same physical server. Creating Vlans on the Virtual network. To do this we need a switch. Hyper–V virtual hardware now includes a virtual switch, a virtual version of a network switch. (The term virtual network, which was used in Windows Server 2008, has been replaced by the term virtual switch in Windows Server 2012.) Virtual switches control how network traffic flows between virtual machines that are hosted on the virtualization server, and between virtual machines and the rest of the organizational network. You manage virtual switches through the Virtual Switch Manager, which is accessible through the Actions pane of the Hyper-V Manager console. Hyper-V on Windows Server 2012 supports three different types of virtual switches: External. This type of switch maps a network to a specific network adapter or network adapter team. Windows Server 2012 supports mapping an external network to a wireless network adapter if you have installed the wireless local area network (LAN) service on the virtualization server, and if the virtualization server has a compatible adapter. Internal. Internal virtual switches communicate between the virtual machines on the virtualization server, and between the virtual machines and the virtualization server itself. Private. Private switches communicate only between virtual machines on the virtualization server. You cannot use private switches to communicate between the virtual machines and the virtualization server itself. When configuring a virtual network, you can also configure a virtual LAN (VLAN) ID to be associated with the network. This allows you to extend existing VLANs on the external network to VLANs within the virtualization server's network switch. VLANs allow you to partition network traffic, and they function as separate logical networks. Traffic can only pass from one VLAN to another if it passes through a router. You can configure the following extensions for each virtual switch type: ·         Microsoft NDIS Capture. This extension allows data that is travelling across the virtual switch to be captured. ·         Microsoft Windows Filtering Platform. This extension allows data that is travelling across the virtual switch to be filtered. VLAN ID 11 Live Migration vNIC TCP/IP