Unitek Microsoft Training Blog

Hey !!

As promised we’re going to keep exploring the new features of Windows Server 2008.  This time, let’s have a look the improved Web Services.

Windows Server 2008 includes improved Web administration, diagnostics, development, and application tools with Internet Information Services 7.0 (IIS 7.0), a major upgrade from IIS 6.0. Windows Server 2008 unifies the Microsoft Web publishing platform, including IIS 7.0, ASP.NET, Windows Communication Foundation, and Windows SharePoint Services.

Modular design and installation options allow installation of only the features needed, reducing attack surfaces and making patch management easier.
•    IIS Manager, a new task-based management interface, plus a new appcmd.exe command-line tool make administration easier.
•    Cross-site deployment allows you to easily copy Web site settings across multiple Web servers without additional configuration.
•    Delegated administration of applications and sites lets you give control to different parts of the Web server to those who need it.
•    Integrated Web server health management with comprehensive diagnostic and troubleshooting tools allow easy visibility and tracking of requests running on the Web server.
•    Programmatic access to configuration stores through WM or Microsoft.Web.Administration, a new management API that enables editing the XML configuration files for your Web server, sites, or applications.
•    Enhanced application pool isolation keeps sites and applications isolated from each other for greater security and stability.
•    Fast CGI support to reliably run PHP apps, Perl scripts, and Ruby applications.
•    Tighter integration with ASP.NET features and one configuration store for all Web platform configuration settings across IIS 7.0 and ASP.NET.
•    A flexible extensibility model enables customization such as the addition of new modules using either native or managed code.

Hyper-V          ACT 1, ACT 2, ACT 3

ACT 2 begins… But before that…

In ACT 1 (2007), Microsoft announced its new “hypervisor” based virtualization architecture (code name Viridian) and the commitment to make the technology a standard part of Server 2008. When Server 2008 was released in February 2008, Hyper-V was included, but not in the final form. In late June, 2008 (ahead of schedule) the upgrade (KB 950050) - the “official Hyper-V” became a standard part of Server 2008 upgrades/patches (Microsoft Update).

Now - ACT 2 begins…

Microsoft uses a Parent/Child partition architecture for Hyper-V. This is not the older Host/Guest model with the Guest sitting on top of the Host and its overhead/performance issues. The Parent and Child are side by side and uses a high performance “VMbus” (Synthetic devices) model. But it does start with a Parent being needed before the first “Virtual Machine” (VM) Child is deployed.

In some ways this is convenient - makes the installation simple. After the Parent install, it’s a simple - Add the Hyper-V “Role” with Server Manager. Also with the Parent and Child, there are 2 O/S licenses involved, but with Server 2008, the Standard edition includes the extra license - one for the physical and one for the virtual servers. Having the full O/S in the Parent can be useful, but does consume resources (memory). Server Core can address this problem, but better…

Microsoft has announced the new “Hyper-V Server” - engineered specifically for the Parent partition.
All of the extra code/roles have been removed. The one (only) Role that we can and need to add is the Hyper-V role. Microsoft had hinted at this new “Hyper-V Server” option for a couple of months (a new Server edition) and had indicated that it would only cost $28. “$28″?? No this was not a typo.

September 8th, Microsoft announced that within 30 days, Hyper-V Server would be a free (no cost) download - yes 0$… And at the same announcement, SC/VMM 2008, the missing piece, the impressive Virtual Machine manager will also release within 30 days.

Microsoft also shared a preview of the future ACT 3 -

The future Server 2008 R2 and its Hyper-V R2 should be able to finish the wish list (missing features). Microsoft showed a demo of the future “Live Migration”, a migration (moving a VM while running) feature that improves on the current “Quick Migration” suspend/resume option.

There will be a quite a few new features that Microsoft will talk about both at the upcoming PDC (Professional Developer’s Conference) in late October, as well as at WinHEC which is the first week of November. Microsoft will go into a lot of detail on Server 2008 R2 at that time.

Active Directory has proven itself as a robust directory service in Windows Server 2003 R2. Windows Server 2008 builds on the prior success of Active Directory with several new and improved features: (courtesy of Microsoft)

Active Directory Domain Services
Active Directory Domain Services (AD DS), formerly known as Active Directory Directory Services, is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications, and other directory-enabled objects from one secure, centralized location. Enhancements to AD DS in Windows Server 2008 include:
• Auditing. Changes made to Active Directory objects can be recorded so that you know what was changed on the object, as well as the previous and current values for the changed attributes.
• Fine-Grained Passwords. Password policies can be configured for distinct groups within the domain. No longer does every account have to use the same password policy within the domain.
• Read-Only Domain Controller. A domain controller with a read-only version of the Active Directory database can be deployed in environments where the security of the domain controller cannot be guaranteed, such as branch offices where the physical security of the domain controller is in question, or domain controllers that host additional roles, requiring other users to log on and maintain the server. The use of Read-Only Domain Controllers (RODCs) prevents changes made at branch locations from potentially polluting or corrupting your AD forest via replication. RODCs also eliminate the need to use a staging site for branch office domain controllers, or to send installation media and a domain administrator to the branch location.
• Restartable Active Directory Domain Services. Active Directory Domain Services can be stopped and maintained. Rebooting the domain controller and restarting it in Directory Services Restore Mode is not required for most maintenance functions. Other services on the domain controller can continue functioning while the directory service is offline.
• Database Mounting Tool. A snapshot of the Active Directory database can be mounted using this tool. This allows a domain administrator to view the objects within the snapshot to determine the restore requirements when necessary.

Active Directory Lightweight Directory Services
Active Directory Lightweight Directory Service (AD LDS), formerly known as Active Directory Application Mode, can be used to provide directory services for directory-enabled applications. Instead of using your organization’s AD DS database to store the directory-enabled application data, AD LDS can be used to store the data. AD LDS can be used in conjunction with AD DS so that you can have a central location for security accounts (AD DS) and another location to support the application configuration and directory data (AD LDS). Using AD LDS, you can reduce the overhead associated with Active Directory replication, you do not have to extend the Active Directory schema to support the application, and you can partition the directory structure so that the AD LDS service is only deployed to the servers that need to support the directory-enabled application. Enhancements to AD LDS in Windows Server 2008 include:
• Install from Media Generation. The ability to create installation media for AD LDS by using Ntdsutil.exe or Dsdbutil.exe.
• Auditing. Auditing of changed values within the directory service.
• Database Mounting Tool. Gives you the ability to view data within snapshots of the database files.
• Active Directory Sites and Services Support. Gives you the ability to use Active Directory Sites and Services to manage the replication of the AD LDS data changes.
• Dynamic List of LDIF files. With this feature, you can associate custom LDIF files with the existing default LDIF files used for setup of AD LDS on a server.
• Recursive Linked-Attribute Queries. LDAP queries can follow nested attribute links to determine additional attribute properties, such as group memberships.

Active Directory Certificate Services
Most organizations use certificates to prove the identity of users or computers, as well as to encrypt data during transmission across unsecured network connections. Active Directory Certificate Services (AD CS) enhances security by binding the identity of a person, device, or service to their own private key. Storing the certificate and private key within Active Directory helps securely protect the identity, and Active Directory becomes the centralized location for retrieving the appropriate information when an application places a request. Enhancements to AD CS in Windows Server 2008 include:
• Enrollment Agent Templates. Delegated enrollment agents can be assigned on a per-template basis.
• Integrated Simple Certificate Enrollment Protocol (SCEP). Certificates can be issued to network devices, such as routers.
• Online Responder. Certificate Revocation List (CRL) entries can be returned to the requestor as a single certificate response instead of the entire CRL. This reduces the total amount of network traffic consumed when clients validate certificates.
• Enterprise PKI (PKI View). A new management tool for AD CS, this tool allows a Certificate Services administrator to manage Certification Authority (CA) hierarchies to determine the overall health of the CAs and to easily troubleshoot errors.

Active Directory Federation Services
Active Directory Federation Services is a highly secure, highly extensible, and Internet-scalable identity access solution that allows organizations to authenticate users from partner organizations. Using AD FS in Windows Server 2008, you can simply and very securely grant external users access to your organization’s domain resources. AD FS can also simplify integration between untrusted resources and domain resources within your own organization. Enhancements to AD FS in Windows Server 2008 include:
• Availability As an Integrated Server Role. AD FS is a server role within Windows Server 2008 that can be easily deployed and managed using Server Manager, instead of handled as an added feature, as in Windows Server 2003 R2.
• Integration with Microsoft Office SharePoint Server 2007. AD FS can be used to facilitate a single sign-on solution for Office SharePoint Server 2007.
• Integration with Active Directory Rights ManagementServices (AD RMS). AD FS can integrate with AD RMS to support the sharing of rights-protected content between organizations without requiring AD RMS to be deployed in both organizations.
• Improved Administration. Importing and exporting trust information has been enhanced so that each organization can quickly export or import XML files to facilitate the configuration of trust information.

Active Directory Rights Management Services
Your organization’s intellectual property needs to be safe and highly secure. Active Directory Rights Management Services, a component of Windows Server 2008, is available to help make sure that only those individuals who need to view a file can do so. AD RMS can protect a file by identifying the rights that a user has to the file. Rights can be configured to allow a user to open, modify, print, forward, or take other actions with the rights-managed information. With AD RMS, you can now safeguard data when it is distributed outside of your network. Enhancements of AD RMS in Windows Server 2008 include:
• Application Support. Support for AD RMS is already included within Windows Vista. Internet Explorer 7 and the 2007 Microsoft Office system already have support for AD RMS. The AD RMS client can also be installed on other Windows operating systems.
• Persistent Protection. Your content can be protected on the go. You specify who can open, modify, print, or manage the content, and the rights stay with the content—even after it has been transferred outside of your organization.
• Usage Policy Templates. If you have a common set of rights that you use to control access to information, a Usage Policy Template can be created and applied to content. This alleviates the need to recreate the usage rights settings for every file you want to protect.
• AD RMS Software Development Kit. The AD RMS Software Development Kit (SDK) can be used by independent software vendors (ISVs) to rights-enable their applications, meaning the application investments you’ve already made may be (or will become) compatible with AD RMS.

Hey All!

I know that many of us are looking forward to getting certified and becoming an MCITP Server Administrator. One of the benefits of being certified is that we can stay up to date with what is new in Windows Server 2008. As we continue with the blog, I will try to keep giving you the new enhanced features of Server 2008 and I would like you to also add to it if you can and make it more interesting!!!

Personally, I’m a big fan of Active Directory, so I was very inquisitive about how it is better this time around. With that said, here’s a quick breakdown as how it’s been enhanced:

Active Directory provides the means to manage the identities and relationships that make up your organization’s network. Integrated with Windows Server 2008, the next generation of Active Directory gives you out-of-the-box functionality needed to centrally configure and administer system, user, and application settings. With Active Directory, you can simplify user and computer management, enable single sign-on (SSO) access to your network resources, and help enhance the privacy and security of stored information and communications.

When I check back in next, I’ll try and have the some of the specific new and improved features. Stay tuned!

“And Now for Something Completely Different”
- Monty Python’s Flying Circus

The new (as of Aug ’08) type of Microsoft certification questions are not completely different (emulation versus simulation), but different enough that we need to prepare in a new way.

Just as we began to adjust to the end of Microsoft’s MCSA and MCSE certifications, which has been replaced by the new MCTS/MCITP model - Microsoft is throwing us another twist.

IT professionals complained to Microsoft for years that they hated the multiple choice (e.g. A, B, C, D) style questions on certification exams. Over the years the questions had evolved into a “reading comprehension” challenge with the questions getting longer and longer (mind-numbing). Plus, if American English is not a examinee’s first language, it was a serious handicap.

The common feedback was, “Give me a system and I’ll show you that I know what to do.”

But we all know that you should be careful what you ask for, as you just might get it. Starting with the updated Windows Server 2003 exams (70-290 and 70-291), Microsoft had added a new style of question – the Simulation. During the exam, an examinee was dropped into a standard Microsoft desktop (with just a Start button) and challenged with, “Configure a Server for the following multiple features/functions”…

The “simulation” was almost what people were asking for, but with “sims” being based on VB scripts, there were limited, sometimes one way to do something. If you pick two or more people at random, they will each have a different way to use the interface – there are about six ways, on a normal system, to launch the “Task Manager”.

As of August ’08, Microsoft has a Pilot (Beta) for exam 70-113, which includes a new question style:

http://blogs.msdn.com/trika

“The Performance Based testing method we are piloting is an exam which emulates a Windows Server 2008 infrastructure. In this infrastructure you will be tasked with completing a series of tasks. Once complete, the system will evaluate each tasks end-state to determine if the tasks have been completed and correctly implemented. This process is different from simulations because you will have every tool and path available that you would normally have in a real world scenario. Simulations restrict you to a small number of expected paths, whereas emulations allow for any path, as long as the end result is correct.”

This Pilot is scheduled to run until mid September, then, who knows what an examinee might encounter during Microsoft Server 2008 Certification testing – maybe something completely different…

Hey All!

I’ve got more good news for MCTS (exchange 2007) and other exchange administrators, specifically in the form of the features of Microsoft Exchange 2007 with the new sp1.

A new administration user interface has been added to the Exchange Management Console for the POP3 and IMAP4 protocols. This administration user interface enables you to configure the following settings for POP3 and IMAP4 for your individual Client Access server: Port Settings, Authentication Settings, Connection Settings, and Message and Calendar settings.

Not only that, but Public folder management is also possible by using the Exchange Management Console. So now we can relax and handle it from the console rather than using Shell…

…Sweet.

Hey All!  Quick tidbit:  There is a revised book for exchange 2007 for the MCTS exchange 2007 Class.  It also talks about the new features with SP1.  And guess what?  It has the Virtual server images where Exchange 2007 is on Server 2008.

I just hope the exam (70-236) is the same as I feel the exam might change slightly because of the new questions on sp1.  We shall have to wait and see, but I will be certain to let you all know as soon as I do!

And now for the final pieces and a symphony…

Microsoft announced the RTM of Hyper-V™ on June 26th ‘08. They had promised it would be ready within six months of the RTM of Server 2008, which would have been August ‘08. At TechEd in early June, Microsoft announced that they were ahead of schedule for Hyper-V. They’d already gone into production, within Microsoft, with Hyper-V, for several months (e.g., all of the TechNet and MSDN web sites) with no significant (near zero) problems. So the quality is there - with the next question being, what about the performance? They wanted to get close to VMWARE with v1 of a major new architecture. The initial testing has exceeded their expectations - they were at or above VMWARE performance, even before release - credit the Microsoft Hyper-V VMBus and its “Synthetic” devices.

Hyper-V is the piece that will trigger customers moving to Server 2008. Hyper-V requires, but comes free with Server 2008. Installation is painless - it doesn’t require any complex training or complex steps. You start with a simple, normal, quick Server 2008 install - 2008 installs faster than ever, with all the distracting questions deferred to the post install - ICT, Initial Configuration Tasks.

After the normal server install, you just log on and add the Hyper-V “Role” using Server Manager - just like you would add “File Server” or “DNS” as a Role. The server then reboots and like magic, “jacks up the O/S” and inserts the “hypervisor” under the O/S - poof! done!…

The initial server installation is moved into a Hyper-V Parent partition. The Parent partition (Host) makes it easy to add/manage the Guest “virtual machines” (VMs) that will run in Child partitions. Hyper-V virtual machine (guests) management can be done using the Server Manager on the Parent – using the same Server Manager that was used to add the Hyper-V Role.

Once you gain experience with Hyper-V and Server 2008, you’ll want to take advantage of the option to install just the “Server Core” in the Parent partition, instead of a full Server install. Server Core being the “windows without windows” Server - perfect for production environments where you want and just need the “core” server - reduced resource requirements, fewer patches, fewer reboots.

We just need a “core” Parent/Host (mainly for its drivers). We can move back to our desktop for the remaining and full day-to-day VM management. Hyper-V doesn’t use the older (less than impressive) web interface console that we had with Virtual Server.

One option to manage the VMs is to use the new RSAT (Remote Server Admin Tools) - next generation “Adminpak” - and its Hyper-V mmc snap-in. Or step up to, and take advantage of, the current and future SC VMM (System Center Virtual Machine Manager) - the new SC VMM 2008 was announced in April and is currently in Beta.

Click Here for the pdf.

…”System Center Virtual Machine Manager 2008 was designed to fully utilize the foundational features and services of Windows Server 2008 and Microsoft Hyper-V™ Server. This includes Hyper-V’s 64-bit architecture, attack hardened security model, and fail-over cluster support.”…

Since SC VMM has the ability to easily “snap-shot” a running, production system and convert it into a VM - P2V (physical to virtual) and then deploy the VM to your new Hyper-V host, it won’t be long before you have a bunch of production servers running as “guests” VMs on one physical host, better known as server consolidation. I’m sure that you bought a really reliable “brand name” server that would provide “availability through reliability”. But what if the hardware does fail or you’d like to step up to the world of HA - High Availability, the world of 99.99% availability, the four 9’s, the less than one hour downtime per year availability.

Server 2008 features a complete redesign of the 2003 Server Cluster option - renamed Failover Clusters. It’s still the HA solution to reduce downtime. But instead of the complex steps of a creating a cluster; then adding file shares or print shares, you can just add the “feature” clustering to an existing file server when you want to increase the uptime.

Even more significant (exciting) - Failover Clusters are fully aware of Virtual Machines, with both Host and Guest clustering options. A VM can be moved (quick migration) to a different Host or all the VMs can failover to a standby host, in the event of a Host failure.

Click here for the PDF.

“…In VMM 2008, creating a high availability virtual machine (HA VM) has never been easier. Gone are the complex multi-step manual processes from before – now, an administrator clicks a simple checkbox which designates a VM as highly available. Behinds the scenes, VMM orchestrates the creation of that HA VA which includes instructing the Intelligent Placement feature of VMM 2008 to recommend only hosts that are part of a host cluster for the newly minted HA VM. “….

So now we have a symphony of:

Server 2008,
Server Manger,
Hyper-V,
Server Core,
Failover Clusters, and
SC VMM…

Hey all!! Deepika again. Guess what? I have good news: if you guys are MCDST, you just need to pass one upgrade exam 70-621 to be a MCITP: Enterprise Support Technician. So dont wait and get certified !!!

Now there are three reasons to attend the Unitek 5-day: Updating Your MCSE / MCSA Windows Server 2003 to Windows Server 2008 Boot Camp.

1. Review of Server 2003 and “What’s new or changed in Server 2008”
2. Get recertified as a Server 2008 MCTS with one “not as challenging as 2003” Server 2008 exam – one exam for a “triple” MCTS.
3. Become an expert with Microsoft acronyms.

Yes folks. It’s all about the acronyms. Before, you were an expert if you knew all the Microsoft acronyms. Now, the experts have to know how many meanings the same acronym has. SUA, for example, has at least three!

Even the Microsoft official TLA (Three Letter Acronym) Resource can’t keep up.

RDC SUA NLA NAS RAP WSS ACT CCS … – all have double (or more) meanings and to understand NAC vs. NAP, one would need to be comfortable with: NAC, NAD, NAS, NAP, NAQ, NAT (plus the NPS/IAS thing) – tough even when some have a single meaning.

Here’s are a few examples of what exactly I’m talking about.

RDC
Remote Desktop Connection
Remote Differential Compression, part of DFS

SUA
Standard User Account
Subsystem for UNIX-based Applications
Standard User Analyzer tool, part of ACT (either Application Compatibility Toolkit or Application Center Test)

NLA
Network Level Authentication
Network Location Awareness

NAS
Network Access Server
Network Attached Storage

RAP
Resource Allocation Policy
Resource Authorization Policy

WSS
Windows Storage Server
Windows SharePoint Services

ACT
Application Compatibility Toolkit
Application Center Test

CCS
Computer Cluster Server
Current Control Set

It’s worth attending just to find out that a BLOB isn’t really a Binary Large OBject, as you’ve been taught.
And be one of the first to learn the answer to: What’s a Vocsproot (clue: vOCSProot)? - correctly pronounced with a German accent…