technet exclusive! hear from the guy that brought you microsoft’s enterprise computing to small...
TRANSCRIPT
TechNet Exclusive! Hear from the guy that brought you Microsoft’s enterprise computing to small and medium businesses
Nicholas King & Jamie Burgess
Windows Essential Server Solutions
Microsoft
Agenda
08.45 – 9.30 Welcome/Registration09.30 – 9.45 Introduction09.45 – 10.45 SBS 2008 10.45 – 11.00 Break11.00 – 12.00 EBS 2008 12. 00 – 12.30 Virtualization12.30 – 12.45 Q&A
Introduction
Small Business Server 2008Standard Edition
Designed for Small BusinessWindows Server® 2008 Standard technologies Microsoft® Exchange Server 2007 Standard Edition Windows® SharePoint® Services 3.0 Windows Server Update Services 3.0 Microsoft Forefront™ Security for Exchange Server1
Windows Live™ OneCare for Server1,2
Integration with Office Live Small Business 2
Premium EditionLine-of-Business Application Platform
Includes everything from Standard Edition, plus:Additional copy of Windows Server 2008 Standard Edition Microsoft SQL Server® 2008 Standard Edition for Small Business
Usage ScenariosLine of Business Application PlatformTerminal Services Application ModeHyper-V Parent PartitionBranch Office
1 120 day trial included in product.2 Windows Live OneCare for Server and Office Live Small Business are not available in all markets and languages; Microsoft Forefront Security for Exchange Server is not available in all languages. Please see www.microsoft.com/sbs08 for details.
Standard EditionEnterprise Class for MM
Management ServerWindows Server 2008 Standard technologiesMicrosoft System Center Essentials 2007Windows SharePoint Services 3.0 compatible 1
Messaging Server Windows Server 2008 Standard technologiesMicrosoft Exchange Server 2007 Standard EditionMicrosoft Forefront Security for Exchange Server2
Security ServerWindows Server 2008 Standard technologiesMicrosoft Exchange Server 2007 Standard EditionForefront Threat Management Gateway, Medium Business Edition 3
Essential Business Server 2008 Premium Edition
Line-of-Business Application PlatformIncludes everything from Standard Edition, plus:Additional copy of Windows Server 2008 Standard Edition Microsoft SQL Server® 2008 Standard Edition
Usage ScenariosLine of Business Application PlatformTerminal Services Application ModeHyper-V Parent PartitionBranch Office
1 While Windows® SharePoint® Services 3.0 is not shipped with Essential Business Server 2008, a step as part of the setup process is provided to download Windows SharePoint Services 3.0 at no additional cost.2One year Microsoft Forefront Security for Exchange Server subscription included in the product.3 One year Web Antimalware Subscription for Forefront Threat Management Gateway, Medium Business Edition included in product.
Reduce CostsConsolidation
Average Midsize company has between 7-15 serversSolutions reduce number of servers by integrating Core Infrastructure with best practiceDirect Savings in Management, Hardware, Power, Insurance…
StandardizationLess complex administration
Lowers costs to maintainIncrease securitySimplify deployment and planning
Automation70% of IT Administration is doing repetitive tasks
Automation of Application and Update ManagementIdentity Management
LicensingSeasonal workers
Deployment of Core Infrastructure rolesSaving time, money, complexity
Windows Essential Business Server is allowing Vineyard Music Productions to save administrative costs now and increase those saving as it grow. “Currently, Windows Essential Business Server is saving us at least $50,000 a year in reduced costs,” explains Bryan Lubeck, the Owner of Vineyard Music Productions.
Drive Business ValueProductivity Solutions
Anytime, anywhere more secure connected access to information
Mobile devices, Internet KiosksLine of Business application publishing
Bring teams together with collaboration technologyGain efficiency through Software + Services
Internet marketing and presence
Core Infrastructure ValueBest practice deployment with pro-active management tools
Better uptime, issues resolved fasterMore Secure
Integrated Update managementBest practice security deployment
Business "Agility"Stable Predictable Core Platform provides cost effective IT foundation Line of Business applications ‘add-in’
Common look and feelGet Enterprise tools, with Midsize enablement
Reduction of Infrastructure Costs aligning teams to more business projects
Known technology state enables faster project execution
Strong Third Party Eco-System supports more choices
Purchase FlexibilityCompetitively priced for SMBCombined Server and CAL model Recognition of existing investments
Credit for Exchange deploymentsISV add-in support and SDK
Forward looking transition pathInto Solutions, between Solutions, out of Solutions
Microsoft Financing options
Windows Small Business Server 2008
SBS – technical briefingFirst Look Demo
Hardware SizingMigrationDeploymentGetting StartedManaging UsersManaging StorageBackupUpdatesRemote Access
DemoFirst Look
Minimum System Requirements
Windows Small Business Server 2008
Processor* 2 GHz, 64-bit (4 physical sockets supported, no limit on cores)
Memory* 4 GB RAM (32 GB Maximum)
OS Drive Partition 60 GB Minimum
DVD-ROM Bootable from system BIOS
Network Adapter 1 x 100 Mb Ethernet adapter
Monitor and Video adapter Super VGA (SVGA) monitor and video adapter with 1024 x 768 or higher resolution
Network Devices Router that supports IPv4 NAT
Internet Connection Required
Firewall External Firewall required*NOTE: Windows SBS 2008 has the same processor and memory limits as Windows Server 2008 Standard.http://www.microsoft.com/windowsserver2008/en/us/compare-specs.aspx
Additional Recommended Hardware Windows Small Business Server 2008
other requirementsBackup drive (USB 2.0 or faster external hard disk drive)
Minimum of 1 External USB Drive, for additional redundancy, 2 external USB hard disk drives are recommended.
Storage Consider additional storage for your application data
Additional Server (applies to Premium only)
Second Server(Premium Edition)
Processor 2GHz (x86 and x 64 processors)
Memory – Minimum 2GB RAM (x64)2GB RAM (x 86)
Memory – Max 32GB (x64 )
Memory – Max 4GB (x86)
OS Partition 10 GB Minimum 40GB Recommended
Storage RecommendationsSeparate application and user data from System drive
– using Storage migration tools post setupChoose high speed disk to increase performanceSome sizing guidelines
Allocate 2GB per mailboxEstimate around 50GB of shared data and 2GB/user
More detailed guidance on TechnetOptions to extend storage further or even at a later date. These are basic guidelines only
Data Volume Entry Level Medium Utilization
High Utilization
System drive Raid 1 – 100GB Raid 1 – 100GB Raid 1 – 100GB
Application data drive
Raid 1 – 100GB Raid 5 – 100GB Raid 5 – half of available space
User drive Raid 1 – 100GB Raid 5 – 100GB Raid 5 – half of available space
Sample SBS network designConnect router and internal devices to the Internet
Private Network/LAN
Switch
Router/ Firewall192.168.x.1
ISP connection device
Public Network
SBS 2008 192.168.x.2
Prepare the SBS network
Upgrade operating systems on the client
• Minimum to: Windows® XP SP2 or Windows Vista® Business
Connect computers on your network
Check for updated drivers and application compatibility
Complete the Windows Server SBS 2008 Installation Worksheet
Document Router Firewall Information
Service orApplication
TCP UDP ExternalPort Number
InternalPort Number
Forward toIP Address
SMTP TCP 25 25* 192.168.x .
HTTP TCP 80 80* 192.168.x .
HTTPS TCP 443 443* 192.168.x .
HTTPS forSharePoint Services
TCP 987 987 192.168.x .
VPN TCP 1723 1723 192.168.x .
* If SBS configures router, ports are enabled by default
Screenshot walk through
Greenfield
Installation Issues
Cannot be connected directly to the Internet
Windows SBS 2008 must be connected to a local router/modem
Installation Issues
Operating System and Applications
Windows Server 2008 Standard technologies
Microsoft Exchange Server 2007 Standard Edition
Windows SharePoint Services 3.0 SP1
Windows Server Update Services 3.0 SP1
Microsoft® Forefront™ Security for Exchange Server1,2
Windows Live™ OneCare for Server1,2
Windows Small Business Server 2008
Default Installation
1120 day trial included in product.2Windows Live OneCare for Server and Office Live Small Business are not available in all markets and languages; Microsoft Forefront Security for Exchange Server is not available in all languages.Please see www.microsoft.com/sbs08 or details.
Added Server Roles
Active Directory Certificate Services
Active Directory Domain Services
DHCP Server
DNS Server
File Services
Network Policy and Access Service
Terminal Services Gateway
Web Server (IIS)
Default Installation
Installed Features
.NET Framework 3.0 Features
Group Policy Management
Remote Assistance
Remote Server Administration Tools
RPC over HTTP Proxy
Telnet Client
Windows Internal Database
Windows PowerShell
Windows Process Activation Service
Windows Server Backup Features
Default Installation
What about Migration?
Preparing the Network for Migration
Migration Highlights
• 21-day grace period• Answer file generator• Migrate without taking down servers• Destination server joins the existing domain (replica DC)• Uninterrupted mail flow between both servers• No need to touch client workstations
Migration Network Configuration
SBS 2003Single NIC
SBS 2008Single NICDHCP Server Service
ISP connection device
Switch
Router
Internet
Migration wizards turns off DHCP on source server during migration
The Migration Wizard
Tasks Performed in Migration ModeInstalls and configures SBS 2008 on the destination server
Joins the destination server to the existing domain
Extends the migration grace period to 21 days
Transfers the FSMO roles to the destination server
Destination server becomes a global catalog server
Destination server becomes the site licensing server
Installs and configures the DHCP service on the destination server
demoMigration Wizard
demoGetting Started
Installation SummaryDeployed complete SB environmentSetup all of the infrastructure plus;
Network IPv4 & IPv6Firewall (uPNP)DNS internal & externalDDNS EmailRemote AccessCertificatesSmart HostsMobile Devices
demoManaging Users
demoManaging Storage
Managing Server Backups
Overview
• Newly written Backup Wizard• Uses Windows Server 2008 backup technologies• Performs block level backup• Uses volume snapshots• Stores incremental backup, restores as full version• SBS backup supports the backup and restore of Exchange and
SharePoint application data, using VSS technology• Supports USB and firewire media• Restores to dissimilar hardware
Backup and recovery technologies used in SBS
What is Windows Server Backup?
Windows Server Backup features
• Back up all volumes or selected volumes• Back up System state
What’s new?
• Faster backup technology (VSS and block level backup technology)• Ability to recover applications• Simplified restoration• Simplified operating system recovery• Wbadmin command-line tool• Configure backup performance
Configure your Server Backup wizard
Scheduled backups will automatically include all required systemstate data and critical volumes.
Windows System Components
System State Data • COM+ class registration database• Active Directory Certificate Services (AD CS) database• Cluster service information• Microsoft Internet Information Services (IIS) metadirectory• System files that are under Windows Resource Protection
Backing up critical volumes
• Boot files, Windows operating system, and the registry• The SYSVOL tree• The Active Directory database (Ntds.dit) and log files
Backup MediaSupported backup hardware
• External hard disks• USB 2.0• IEEE 1394
• Internal hard disks*
• Removable media drives
Recommendations:
• Rotate multiple disks• Use disks with 2.5 times the storage
capacity of backup items
New backup drives will be formatted using NTFS
*Internal hard disks used as a backup device cannot also be used to store data.
Managing Server RecoveryWhat is Windows Recovery Environment
(WinRE)?
• Launch on-disk using F8• Relies on Windows boot manager and boot loader
Manual diagnosis and repair
• Startup repair• System restore• Windows backup disaster recovery• Command prompt (Regedit, ChkDsk)
Options
• Restore to dissimilar hardware• Processor architecture on both systems must match
Partial Recovery OptionsMust be a member of the Backup
Operators or Administrators GroupYou can recover:
Individual files and foldersApplicationsVolumes
SBS Server RecoveryPerforming a full server restore
• Insert SBS 2008 installation DVD• “Repair your Computer”
SBS Server Recovery
Select
• Recovery tool: Windows Complete PC Restore• Select backup location• Format and repartition disks
• Exclude disks• Install Drivers
• Confirm your actions• Server reboots
demoBackup
Configuring Mobile Devices for Exchange Active SyncWhat is Exchange ActiveSync? (EAS)
Mobile devices supported
• Microsoft® Windows Mobile® 5.0 (Messaging & Security Feature Pack)• Windows Mobile® 6.x
Exchange ActiveSync features
• Direct Push• Device Security policy enforcement• Remote device wipe
Configuring Mobile Devices for Exchange ActiveSyncUsing Windows Mobile Device Center
• Windows Mobile 6• Windows Mobile 5.0• Windows Mobile 2003
Using SPAddCert.exe
• Windows Mobile 5.0• Windows Mobile 2003• Windows Mobile 2002
Download Install Certificate Package.zip
• Windows Mobile 6
ReviewRemote Access
Customizing Remote Web Workplace
Customizable features:
• Remote Web Workplace user access• Remote Web Workplace sing-in page• Remote Web Workplace home page• Check e-mail• Connect to computer• Internal Web site (SharePoint)• Change password• Help • Organizational links• Administration links
Terminal Services Gateway Overview
Checks CAPs
Uses TS Gateway server SSL certificate
Internal Resources
Authenticates and authorizes
Port 443
Port3389
ChecksRAPs
Break1045 - 1100
EBS technical briefingHardware Sizing
PreparationPlanning MigrationDeploymentPost InstallationAdmin Console Security
Windows EBS 2008 Hardware Requirements
Server Hardware Minimum requirement Physical Servers ThreeProcessor 64-bit (x64)System Memory Management Server 4 GB
Messaging Server 4 GBSecurity Server 2 GB
Storage CapacityServer | Partition Minimum partition sizeManagement Server | system volume 50 GB
Management Server | Data Volume 30 GB
Security Server | system volume 50 GBSecurity Server | data volume 10 GBMessaging Server | system volume 50 GB
Messaging Server | data volume 20 GBNetwork Adapters One for the Management Server
One for the Messaging ServerTwo for the Security Server
DVD Drive One per server
Two editions of Windows Essential Business Server 2008
Windows Essential Business Server 2008
Windows Essential Business Server Premium
Windows Essential Business Server
Standard
EBS Standard CAL
EBS Premium CAL
Preparation and Planning WizardsWindows Essential Business Server Preparation
Wizard performs over 100 infrastructure health checks
DNS configurationOrphaned records
AD healthConvergence/replication testing (SYSVOL)Integration mismatchesBroken delegationOrphaned records
Network connectivity problemsGhost NICsBinding order (TIP: Internal network MUST be on first NIC)169.254.x.x addressing (automatic private IP)
Exchange Health Checks
demoPreparation & Planning
Wizards
Common Network Infrastructure Issues
Intermittent connectivity issuesImproperly configured DNSAD replicationIP address information conflicts/inconsistency
Including non-standard or RFC violationsGhost network cards
Certificates/certificate authoritiesCustom GPOs
Resolve Infrastructure Issues Before Windows EBS 2008 MigrationIntermittent connectivity
Verify/correct ALL cable plant/physical layer (layer 1) errors
Correct DNS configuration issuesConsistent application of DNS settings
Configured by DHCPConfigured manually (servers)
AD replicationFix DNS issues (if any) first
Correct IP connectivityAddress conflicts/inconsistencyResolve ghost NICs (TIP: These will cause Windows Essential Business Server installation to halt)Correct binding order
Management Server Installation Summary
Application, Roles and Services installed
• Active Directory components• Certificate services• Domain Name System (DNS) service• DHCP Server service (optional installation)• Exchange Server management tools• File Server role• Threat Management Gateway (formerly called ISA Server) management tools• Internet Information Services (IIS)• Microsoft® SQL Server® Express• Microsoft® System Center Essentials• Network Protection service• Print Server role• Remote Assistance optional component• Terminal Services RemoteApp™• Windows Server® 2008• Windows Essential Business Server Administration Console• Windows Essential Business Server licensing service• Windows Server Update Services (WSUS—installed as a component of System Center Essentials)
Management Server Installation Summary
Network Status
• Management Server is assigned a name and a static IP address• Active Directory is configured in one of the following two options:
• Management Server is joined to an existing Active Directory domain as a domain controller• Management Server is the domain controller for a new domain in a new forest
• DNS is configured in one of the following two options:• Management Server is the preferred DNS server• existing DNS server is the preferred DNS server, and the Management Server is the alternate DNS server
• Management Server DHCP scope is defined, if selected as an option• Windows Essential Business Server DHCP service is started, if selected as an option• Management Server internal adapter points to the network default gateway• Windows Firewall service on the Management Server configured with default firewall exceptions for
Windows Essential Business Server.• Remote Web Workplace
Security Server Installation Summary
Applications, Roles and Services installed
• Active Directory Lightweight Directory services • Exchange Server Edge transport• Exchange Intelligent Message filter• Threat Management Gateway• Routing and remote access service• System Center Operations Manager agent• SQL Server Express (required for Threat Management Gateway logging)• Windows Server 2008
demoSetting up EBS
Guided Configuration & Migration Tasks
demoUnified Administration
Environment Requirements for License Compliance
Must be domain controllers: • Management Server• Messaging Server
No trust relationships with other forests
Management Server holds roles of:• Primary Domain Controller• Domain Naming Master Server
All three servers are in the same domain
No child domains
EBS Domain is at the root of the AD forest
EBS Security Conceptual Overview
Security workload consolidated and placed where it needs to be
Host firewall on Management/Messaging servers
Inbound & Outbound access rules set by default
Secure communications between EBS servers
Secure workstation data using ACLs, policies and secure coding practices
Internet
Threat Management GatewayExchange Edge
Perimeter
Management Server(Data)
Messaging Server(Data)
Client PCs(Data)
Pipeline
Security Server role in EBS
Consolidates Security workload
“Edge” role is critical
• Will deploy in “defense in depth” mode if edge sufficiently covered
Configure secure remote access to workplaceservices such as mail or access to desktops
Logging and auditing data in SQL Server
Provides holistic view of security in the organization
Security Components in EBS
Perimeter protection provided by firewall feature of Forefront
TMGAV protection for HTTP
traffic provided by malware inspection in
TMGAnti-spam protection by Exchange (Edge role)Anti-virus for email by Forefront Security for
Exchange Server (FSE)Pipeline protection by using secure channel or using encryption for all
server trafficData protection policies
and ACLs, managed security updates to all
clients
Forefront Treat Management Gateway Configuration
Built in policies setup for best practicesfor medium sized businesses
Configured out-of box settings:
• Firewall policy settings• Intrusion Detection settings• Web Listener settings• Web Proxy settings
One-click option to restore to default policy settings in EBS Administration Console
Firewall Policy
Configured to allow access outbound and inbound
6 server publishing rules for Exchange (OWA, OMA), Terminal Services Gateway and Remote Web Workplace
10 access rules to allow inbound and outbound access to various commonly used protocol traffic, such as SMTP and HTTP
36 system policy rules setup for EBS configuration
Fully documented in EBS TechNet site
Intrusion Detection settings
Forefront Treat Management Gatewayis configured to detect :
• Windows out-of-band (WinNuke)• Land• Ping of death• IP half scan• UDP bomb• DNS host name overflow• DNS length overflow
DemoSecurity Server
logging
Exchange role separation in EBS
Default configuration set to best practices formidsize businesses
EBS installs Exchange Server 2007 Service Pack 1
Security Server has Edge Transport role
• “Keep the unwanted traffic at the edge”
Messaging Server has Hub Transport, Mailboxand Client Access Server roles
• Also has Forefront Security for Exchange so it can cover both store and transport
Coexistence with Other Mail SolutionsDesigned to be installed into an organization
withan existing email solution
Designed to be non disruptive install
Very minimal downtime needed during install
Can work with older Exchange or 3rd party product
Mail flows through EBS Messaging server to older Exchange
After mailboxes are migrated, decommission older system.• If older Exchange in organization, no changes needed
• After decommissioning 3rd party products, minor fix up needed in Exchange 2007
Default Mail Flow: Existing Config
192.168.1.1
EBS Management
Internet
Existing Mail Server
ExistingPCs
Firewall
192.168.1.x IP192.168.1.1 GW
207.157.132.11
192.168.1.xx1
ISP DNS Record MX : 207.157.132.11
Goals :• Mail flows
through Exch Edge to Messaging to Existing servers
• No loss of mail flow
Internet
Default Mail Flow: After Security
192.168.1.1
EBS Management
Internet
Existing Mail Server
ExistingPCs
Firewall
Mail Flow Change:
• Need to change firewall configuration to send to EBS Security Server
EBS Security
192.168.1.x IP192.168.1.1 GW
207.157.132.11
192.168.2.1
192.168.2.2
192.168.1.xx1
ISP DNS Record MX : 207.157.132.11
Forward Port 25 to 192.168.2.2
- Exch Edge filters mail and forwards to existing mail server
Goals :• Mail flows
through Exch Edge to Messaging to Existing servers
• No loss of mail flow
192.168.1.1
Internet
Default Mail Flow
192.168.1.1
EBS Management
EBS Messaging
Internet
Existing Mail Server
ExistingPCs
Firewall
Mail Flow Change:• Need to change firewall configuration to send to EBS Security Server
• EdgeSync subscription is done • Mail flows through Messaging server to old server.
EBS Security
192.168.1.x IP192.168.1.1 GW
207.157.132.11
192.168.2.1
192.168.2.2
192.168.1.xx1 192.168.1.xx3
ISP DNS Record MX : 207.157.132.11
Forward Port 25 to 192.168.2.2
- Exch Edge filters mail- Edge connector set to EBS Messaging
RGC
Goals :• Mail flows through
Exch Edge to Messaging to Existing servers
• No loss of mail flow192.168.1.1
Internet
VirtualizationOverviewScenariosTechnical BenefitsBusiness BenefitsExamples
Guide for Scenario SlidesPremium SKU of EBS
ideal for VirtualizingIncludes Windows Server 2008 Standard w/ Hyper-VAllows license to be reused as a child partition as long as the parent instance only supports Hyper-V services
Hyper-V Server also a viable option but requires configuration of separate management tools
Best practice is not to install these on a child partition
Physical machines are indicated with a machine icon, instances are illustrated with a containerTerminology
OSEParent/ChildHypervisor
““Designed for Windows” - Physical Hardware
Hyper-V Enabled Operating System
Windows Hypervisor
Child Partition(s)Parent Partition
Hyper-V Compatible Operating System
ApplicationsPhysical Machine
EBS Scenarios – Fully VirtualizedTechnical Impact
Hardware requirements stay the same as physical
Disk, CPU, RAMExposure when co-existing all infrastructure on a Server
Backup/Restore Plans?Snapshots/Quick Migration not supported
Virtualized FirewallDetailed setup step-by-step will be on TechnetDo not join parent partition to domain
Business ImpactCheck potential HW savings – ensure you maintain the HW requirementsSome flexibility over time when moving between serversGood scenario for small low -load EBS deployments (25 users)Remember EBS has 40-60% density already before virtualizing!
““Designed for Windows” - Physical Hardware
EBS Premium 4th Server
Windows Hypervisor
Child Partition(s)Parent Partition
EBS 2008Management Server
EBS 2008Messaging Server
Virtual Machines
ApplicationsApplicationsPhysical Machine
EBS 2008Security Server
Applications
Licensing Required – EBS Premium with the 4th Server configured as Parent partition, or
Hyper-V Server
EBS Scenarios – Two Physical MachinesTechnical Impact
Hardware requirements stay the same as physical
Disk, CPU, RAMDeciding which roles to split
Security Physical?All permutations supported
Additional licensing requiredNo support for split locationsDo not domain join parent partitions
Creates cyclic dependency
Business ImpactReuse onsite x64 HW for Security Server
Requirements need to be met
Scale over timeOptions to choose between fully virtualized two machines or split physical/virtual
Licensing Required – EBS Premium with the 4th Server configured as Parent partition and additional Hyper-V compatible server for 2nd Physical machine. Hyper-V Server is an option ““Designed for Windows” - Physical Hardware
Windows Server 2008 Standard
Windows Hypervisor
Child Partition(s)Parent Partition
EBS 2008Management Server
EBS 2008Messaging Server
Virtual Machines
ApplicationsApplicationsPhysical MachinePhysical Machine
Physical Hardware
Windows Server 2008 Standard
Windows Hypervisor
Child Partition(s)Parent Partition
EBS 2008Security Server
Virtual Machines
Applications
EBS Scenarios – ConsolidationTechnical Impact
Does not effect the EBS configuration as it runs physicalCan join parent partition to the EBS DomainAllow for consolidation of legacy OSE, or rapid deployment of new OSEsProvides physical isolation of Core infrastructure roles
Business ImpactHyper-V + EBS = great management of OSEsGreat scenario for LOB with Premium licensing
SQL 2008 + Windows 2008 Standard
Great solution for consolidating and securing branch
Licensing Required – EBS Premium with the 4th Server configured as Parent partition, or
Hyper-V Server
““Designed for Windows” - Physical Hardware
Essential Business Server 2008
4th Server
Windows Hypervisor
Child Partition(s)Parent Partition
Essential Business Server 2008 4th
ServerOther Operating
Systems
Virtual Machines
ApplicationsApplications
Windows Essential Business Server 2008
Physical MachinePhysical Machines
EBS Scenarios – Presentation VirtualizationTechnical Impact
Premium is the ideal server for Terminal Services/Presentation virtualizationMessaging Server has TS Gateway installedSecurity Server is publishing the TSGPremium Server has TS application mode enabled
Business ImpactSimplify management and reduce servicing cost of client devicesProvide common user experience increasing usabilityProvide outside system access with RWW and TSGLicensing Required – EBS Premium
with the 4th Server configured with Terminal Services application mode. TS users require a TS CAL
Unsupported ConfigurationsIt is NOT supported to
use any of the EBS roles as a parent partition
Due to the nature of the parent partition, best practice suggests you use only for supporting child partitions
Snapshots are NOT supported
Snapshots can corrupt AD when FSMO roles are virtual
Quick Migration is NOT supported
Due to its use of snapshots
Terminal Services is NOT supported on application mode on any of the EBS Servers
Impact to AD security
Preparing to set up EBSCheck hardware sizing – Proc, RAM, Disk
Decide on firewall configuration• Virtualized Security Server + External Firewall
• Double NAT?• Virtualized Security Server • Physical Security Server
Plan and Prepare backup and recovery
Choose your Hyper-V enabled platform• EBS Premium 4th Server • EBS Premium 4th Server Core• Hyper-V Server
Set up Hyper-V
• http://technet.microsoft.com/en-us/library/cc732470.aspx
Hints and TipsCreate a test environment once you have completed all setup tasks
Shut down all machines and export the VHDs.
Monitor the performance of the Parent Partition. Watch for
Disk/Proc/Memory/Network exhaustionDisk capacity in the VHD
Managing updates for Hyper-V serverhttp://technet.microsoft.com/en-us/library/cc720464.aspx
SBS Scenarios – Fully VirtualizedTechnical Impact
Hardware requirements stay the same as physical
Disk, CPU, RAMExposure when co-existing all infrastructure on a Server
Backup/Restore Plans?Snapshots/Quick Migration not supported
Fax Service not supportedDetailed setup step-by-step will be on TechnetDo not join parent partition to domainSome features change- details next slide
Business ImpactCheck potential HW savings – ensure you maintain the HW requirementsSome flexibility over time when moving between serversGood scenario for small low -load SBS deployments (<10 users)Remember SBS has 40-60% density already before virtualizing!
Licensing Required SBS Premium with the 2nd Server configured as Parent partition, or
Hyper-V Server
““Designed for Windows” - Physical Hardware
Small Business Server 2008
Premium – 2nd Server
Windows Hypervisor
Child Partition(s)Parent Partition
Small Business Server 2008
Premium – 1st Server
Small Business Server 2008
Premium – 2nd Server
Virtual Machines
ApplicationsApplicationsPhysical Machine
SBS Scenario – Fully Virtualized cont.Technical Impact
Backup relies on direct attached storage
Create a fixed sized VHD that resides on a separate disk driveDrive should be external to protect from HW failureAdd the VHD to the child partition as an additional drive
Alternatively USB hard disk drives can be taken offline in the physical device manager and then mounted into the VM as an internal drive
You can backup the VMMust copy the answer file to either a virtual floppy disk or a virtual hard disk that is then connected to the VM. -> Cdimage.exeCOM ports are not virtualized. Devices such as UPS, Fax/Modems are impactedThe Windows Server 2008 Fax server role is not supported in a virtual machine.
SBS Scenarios – Premium Hyper-V ParentTechnical Impact
Does not effect the SBS configuration as it runs physicalCan join parent partition to the SBS DomainAllow for consolidation of legacy OSE, or rapid deployment of new OSEsProvides physical isolation of Core infrastructure roles
Business ImpactHyper-V + SBS = great management of OSEsGreat scenario for LOB with Premium licensing
SQL 2008 + Windows 2008 Standard
Great solution for consolidating and securing branch
Licensing Required – SBS Premium with the 2nd Server configured as Parent partition, or
Hyper-V Server
““Designed for Windows” - Physical Hardware
Small Business Server 2008
2nd Server ( Hyper-V and support services
only)
Windows Hypervisor
Child Partition(s)Parent Partition
Small Business Server 2008 2nd
ServerOther Operating
Systems
Virtual Machines
ApplicationsApplications
Windows Small Business Server 2008
Physical MachinePhysical Machines
SBS Scenarios – Presentation Virtualization
Technical ImpactPremium is the ideal server for Terminal Services/Presentation virtualizationSBS Standard Server has TS Gateway installedPremium Server has TS application mode enabled
Business ImpactSimplify management and reduce servicing cost of client devicesProvide common user experience increasing usabilityProvide outside system access with RWW and TSGLicensing Required – SBS Premium
with the 2nd Server configured with Terminal Services application mode. TS users require a TS CAL
Unsupported ConfigurationsIt is NOT supported to
use the SBS Standard Server as a parent partition
Due to the nature of the parent partition, best practice suggests you use it only for supporting child partitions
Snapshots are NOT supported
Snapshots can corrupt AD when FSMO roles are virtual
Quick Migration is NOT supported
Due to its use of snapshots
Terminal Services is NOT supported on application mode on the SBS Standard Server
Impact to AD security
Preparing to set up SBSCheck hardware sizing – Proc, RAM, Disk
Plan and Prepare backup and recovery
Choose your Hyper-V enabled platform
• SBS Premium 2nd Server • SBS Premium 2nd Server Core• Hyper-V Server
Set up Hyper-V
• http://technet.microsoft.com/en-us/library/cc732470.aspx
Appendix
Hints and TipsCreate a test environment once you have completed all setup tasks
Shut down all machines and export the VHDs.
Monitor the performance of the Parent Partition. Watch for
Disk/Proc/Memory/Network exhaustionDisk capacity in the VHD
Managing updates for Hyper-V serverhttp://technet.microsoft.com/en-us/library/cc720464.aspx
Read up on performance tuninghttp://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv.mspx
Server Core, Server, and Hyper-V Server
Can choose between Hyper-V Server – web download
Only Hyper-V role available
Additional Windows Server as part of SBS Premium
Deployed as either Standard Core or Standard Full Installation
Able to deploy Premium Server as both virtual and physical as long as the physical is used only to support Hyper-V
Think carefully about using a OS without a GUI
Remote management toolsTechnical training requirements for staff
Practice using command line to configure services
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.