ms mason server core
Post on 10-Apr-2018
217 Views
Preview:
TRANSCRIPT
-
8/8/2019 MS Mason Server Core
1/35
Andrew MasonAndrew Mason
Program ManagerProgram Manager
Server Core:
Running a Minimal Server
-
8/8/2019 MS Mason Server Core
2/35
Agenda
Todays ChallengesServer Core Overview and Benefits
Server Core Architecture
Server Core Installation and Initial Configuration
Adding Server Roles
Administering Server Core
-
8/8/2019 MS Mason Server Core
3/35
Todays Challenges
Windows Server is frequently deployed to supporta single role or a fixed workloadIn this scenario, administrators are required to deploy andservice all of Windows Server
These non-value add features (wrt fixed workload server)present a servicing and security burden
Administrators think of servers in terms of serverroles
-
8/8/2019 MS Mason Server Core
4/35
Todays Challenges (cont.)
Value PropositionReduce the attack and servicing surface area for certainserver roles by only installing what is required andadministrators use
Servers optimized by role are easier to service andmanage
Fewer patches
Server management lifecycle oriented aroundroles
IT Staff can specialize on their role(s)Increased reliability and security
Less installed and less running
-
8/8/2019 MS Mason Server Core
5/35
Server Core Overview
Server Core is:A minimal installation option for Windows Server 2008
Included in the general purpose Windows Server 2008SKUs
Available for x86 and x64
-
8/8/2019 MS Mason Server Core
6/35
Server Core Overview (cont.)
Server CoreProvides minimal server OS functionality
Low surface area server for targeted roles
In Server Core includes
A set of server rolesDHCP, File, Print, AD, AD LDS, Media Services, DNS, IIS, andHyper-V
The following optional features:WINS, Failover Clustering, Subsystem for UNIX-based
applications, Backup, Multipath IO, Removable StorageManagement, Bitlocker Drive Encryption, SNMP, Telnet Client,QoS
Command Line interface, no GUI Shell
-
8/8/2019 MS Mason Server Core
7/35
Server Core Desktop
-
8/8/2019 MS Mason Server Core
8/35
Benefits of Server Core
Fewer PatchesServer Core reduces # of patches by
~60% based on all Windows 2000 patches
~40% based on Windows Server 2003 patches through the endof 2006
Servicing burden is reduced by removing componentsthat are most often serviced
More Secure, Reliable and Less ManagementRemoval of non-value add legacy & client components
from server
-
8/8/2019 MS Mason Server Core
9/35
Server Core Architecture
Server Core Server Roles
Server CoreSecurity, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems
DNS
DHCP
FileAD
ServerWith .NetFx, Shell, Tools, etc.
TS IASWebServ
er
Share
Point
Etc
GUI, CLR,Shell, IE,
Media, OE,Etc.
Server, Server Roles
(for example only)
ADLDS
Media
Server
IIS7
WVS
Print
-
8/8/2019 MS Mason Server Core
10/35
Server Core
Core Subsystems
Security(Logon scenarios)
Networking(TCP/IP)File Systems
RP CWinlogonNecessary dependencies
Resolved category dependenciesHAL
KernelVGALogon
etc.
DHCPserver role
Infrastructure features
Command shell
Domain joinEvent Log
Perf counter infra.WS-ManagementWMI infrastructure
Licensing serviceWFP
HTTP supportIPSec
Thin Management tools(Local and remote)
Configure IP addressJoin a domain
Create usersetc.
DN Sserver role
File serverrole
DomainController
role
WINSserver roleServer Roles
OptionalFeatures
-
8/8/2019 MS Mason Server Core
11/35
Deploying Server Core
There is a screen in Setup to select either:Server with the shell and all Server Roles
Server Core with Command Prompt and supported roles
Server Core initial configuration can be done either
Manually using the command line toolsUsing an unattend file
-
8/8/2019 MS Mason Server Core
12/35
Unattended Install
Same unattend and options as Vista and Server
Can set options that otherwise require editing theregistry on Server Core
Display Resolution and Color Depth
1024 768
16
-
8/8/2019 MS Mason Server Core
13/35
Selecting Server Core in UnattendAfter the section, add the appropriate
sectionServer Core:
/IMAGE/Name
Windows Longhorn Server Core
Server
/IMAGE/Name Windows Longhorn Server
-
8/8/2019 MS Mason Server Core
14/35
No Server Core Upgrades
Only a clean install is supportedCannot upgrade from a previous version of WindowsServer
Cannot upgrade from Server Core to full Server with theGUI shell
Cannot upgrade from full Server with the GUI shell toServer Core
-
8/8/2019 MS Mason Server Core
15/35
Server Core Initial ConfigurationSet Administrator Password
CTRL+ALT+DEL and click Change password
net user administrator *
ActivateSlmgr.vbs ato
Configure Static IP Address (if required)Netsh interface ipv4
show interfaces
set address name="ID" source=static address=StaticIP
mask=SubnetMask gateway=DefaultGatewayadd dnsserver name="ID" address=DNSIP index=1
Join a domain (if required)Netdom
-
8/8/2019 MS Mason Server Core
16/35
Adding Server RolesCommand line only, no Server Manager
Start /w Ocsetup RolePackageDHCP = DHCPServerCore
DNS = DNS-Server-Core-Role
File = File-Server-Core-Role
File Replication service = FRS-Infrastructure
Distributed File System service = DFSN-ServerDistributed File System Replication = DFSR-Infrastructure-ServerEdition
Network File System = ServerForNFS-Base
Media Server = MediaServer
Active Directory
Dcpromo /unattend:UnattendfileDcpromo now installs Active Directory
Ocsetup not supported for Active Directory
-
8/8/2019 MS Mason Server Core
17/35
IIIS 7 on Server Core
Not included:Management Service and GUI Tools
ASP.NET support
PowerShell cmdlets
Can be managed remotely using IIS PowerShellcmdlets or managed code
Same installation granularity as on Serverinstallations
Top level packages areIIS-WebServerManagementTools
IIS-IIS6ManagementCompatibilityIIS-ManagementScriptingTools
WAS-WindowsActivationService
WAS-ProcessModel
IIS-WebServerRole
IIS-FTPPublishingServiceIIS-FTPServerIIS-WebServer
IIS-ApplicationDevelopmentIIS-CommonHttpFeaturesIIS-HealthAndDiagnosticsIIS-PerformanceIIS-Security
-
8/8/2019 MS Mason Server Core
18/35
Adding Optional Features
Start /w ocsetup OptionalFeaturePackage
Failover Cluster = FailoverCluster-CoreNetwork Load Balancing =NetworkLoadBalancingHeadlessServer
Subsystem for UNIX-bases applications = SUA
Multipath IO = Microsoft-Windows-MultipathIORemovable Storage Management = Microsoft-Windows-RemovableStorageManagementCore
Bitlocker Drive Encryption = BitLocker
Backup = WindowsServerBackup
Simple Network Management Protocol (SNMP) = SNMP-SC
Telnet Client = TelnetClient
WINS = WINS-SC
-
8/8/2019 MS Mason Server Core
19/35
Uninstalling Roles and Features
Start /w Ocsetup Package /uninstallExcept for Active Directory
You must use DCPromo and demote
This will also remove the Active Directory binaries
No Remote GUI for installing or uninstalling rolesand features
-
8/8/2019 MS Mason Server Core
20/35
OCList.exe
Server Core only command line toolLists the Server Role and Optional Featurepackage names for use with OCSetup
Lists whether the packages are installed or not
-
8/8/2019 MS Mason Server Core
21/35
Managing Server Core
CMD for local command executionTerminal Server using CMD
WS-Management and Windows Remote Shell forremote command execution
WMICan use WMI based PowerShell scripts and cmdletsremotely
Task Scheduler for scheduling jobs and tasks
Event Logging and Event ForwardingRPC and DCOM for remote MMC support
SNMP
Scripting host
-
8/8/2019 MS Mason Server Core
22/35
SCRegEdit.wsf
Not all tasks can be performed from the commandline or remotelySCRegEdit.wsf is included in Server Core to:
Enable automatic updates
Enable Terminal Server Remote Admin Mode Enable remote IPSec Monitor management
Configure DNS SRV record weight and priority
/cli switch that lists common command line tools andswitches
Located in \Windows\System32
-
8/8/2019 MS Mason Server Core
23/35
Managing with Windows Remote Shell
Windows Remote Management (WinRM) WS-Management - secure firewall friendly mgmt
protocol
Windows Remote Shell (WinRS)
Requires Windows Vista or Windows Server 2008 Only command line tools or scripts without UI can be
executed
Prompts are problematic, full interactive mode not
supported For example, press any key
-
8/8/2019 MS Mason Server Core
24/35
Configuring WinRM on Server Core
The Server side of WS-ManagementFrom the command line
WinRM quickconfig
Through an unattend file In the section add:
true
Can also be configured using Group Policy
-
8/8/2019 MS Mason Server Core
25/35
Using WinRS
The Client side of WS-ManagementWinRS r: command
Remote endpoint can be -r:https://myserver.com
-r:myserver -r:http://127.0.0.1
-r:http://169.51.2.101:80
For example
Winrs r:myserver dir c:\windows\system32\*.dll
-
8/8/2019 MS Mason Server Core
26/35
WinRS examples
Turn on Terminal Services remote admin winrs -r:myserver cscript
\windows\system32\scregedit.wsf /ar 0
Allow pre-Vista/Longhorn TS clients winrs -r:myserver cscript
\windows\system32\scregedit.wsf /cs 0
Join a domain
winrs -r:myserver netdom add myserver/domain:testdomain /userd:administrator/passwordd:
Add domain admin to local admins
winrs -r:myserver net localgroup administratorstestdomain\administrator /add
-
8/8/2019 MS Mason Server Core
27/35
Hardware on Server Core
Plug and Play is included in Server Core If you add hardware with an inbox driver, PnP will
silently install the driver
If the driver is not included, but you have a PnP
driver for the hardware Copy the driver files to the Server Core box
Pnputil i a driverinf
To list installed drivers sc query type= driver
To remove a driver sc delete service_name
-
8/8/2019 MS Mason Server Core
28/35
Control Panel in Server Core?
Limited functionality for specific scenariosTime zone, to change
Control timedate.cpl
Keyboards and/or language, to change Control intl.cpl
-
8/8/2019 MS Mason Server Core
29/35
Notepad and Regedit
Notepad Has the following limitations
Help does not work
Open, Save and Save As work in Beta 3
Copy, Paste, Find, Replace, etc all workRegedit
Help does not work
-
8/8/2019 MS Mason Server Core
30/35
Restarting CMD.EXE
If you close the command prompt windowLocally, you can either:
Press ctrl-alt-del, click Start Task Manager, click File,click Run, and enter cmd.exe
Log off and back on againIn a Terminal Services session:
You can use the Terminal Services MMC snapin toremotely logoff
You can use the Terminal Serivces command line toolsremotely: query session /server:
logoff /server:
-
8/8/2019 MS Mason Server Core
31/35
Limitations of Server Core
No support for Managed CodeNo balloon notifications, such as for activation
Password expiration is now a balloon notification, so itwill not appear on Server Core
Runonce is not supported on Server Core
-
8/8/2019 MS Mason Server Core
32/35
Mgmt Tools on Server Core
Server Core is not an application platformServer Core does support development of
Management tools, utilities, and agents Remote Management tools should not require changes
Need to use one of the protocols supported in Server core,such as RPC
-
8/8/2019 MS Mason Server Core
33/35
-
8/8/2019 MS Mason Server Core
34/35
Demo
-
8/8/2019 MS Mason Server Core
35/35
Server Core Resources
Step by Step GuideOnline athttp://technet2.microsoft.com/windowsserver/longhorn/en/library/bab0f1a1-54
Download in Word Document in the Download Center
http://download.microsoft.com/
Newsgroupshttp://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=582&SiteID=17
Server Core Blog
http://blogs.technet.com/server_core/default.aspxEmail
srvcfdbk@microsoft.com
Command-line reference A-Z in Help is very helpfulOnline at: http://go.microsoft.com/fwlink/?LinkId=20331
http://technet2.microsoft.com/windowsserver/longhorn/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=truehttp://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/Server%20Core%20Installation%20Option%20of%20Windows%20Server%20Longhorn%20Step-By-Step%20Guide.dochttp://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/Server%20Core%20Installation%20Option%20of%20Windows%20Server%20Longhorn%20Step-By-Step%20Guide.dochttp://technet2.microsoft.com/windowsserver/longhorn/en/library/bab0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=true
top related