Network Access Protection (NAP) is a new platform and solution that controls access to network resources based on a client computer’s identity and compliance with corporate governance policy. NAP allows network administrators to define granular levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access.
Wednesday, April 20, 2011
Windows 2008 Editions and NPS
NPS provides different functionality depending on the edition of Windows Server 2008 and Windows 2008 R2 that you install.In Enterprise and Datacenter editions you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure a group of RADIUS clients by specifying an IP address range.
In Windows Server 2008 Standard, you can configure a maximum of 50 RADIUS clients and a maximum of two remote RADIUS server groups. You can define a RADIUS client by using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the NPS server uses the first IP address returned in the Domain Name System (DNS) query. Windows Web Server 2008 does not include NPS.
You can upgrade a server running Windows Server 2003 and IAS to Windows Server 2008 and NPS. During the upgrade process, the server configuration is preserved but, remote access policies change name to network policies.
Installing a Network Policy Server
1. Open Server Manager
2. Click the Add Roles link in the Actions pane.
3. On the Welcome page, click Next
4. From the list of roles to install, select Network Policy and Access Services from the list, and click Next
5. Review the information provided on the Welcome page, and click Next
6. On the Select Role Services page, select which role services to install on the server, Click Next
7.On the Certificate Authority page, choose whether to install a local CA for issuing health certificates or to use an existing remote CA. If using a remote CA, make sure it is dedicated to issuing only health certificates. Click Next
8. Select whether to configure the HRA to allow only domain-authenticated users to get health certificates. Click Next
9. Select a server authentication certificate to be used to encrypt the network traffic, the certificate should be from an authority that is trusted by all of the clients, an internal enterprise domain CA or an external third-party CA. Click Next
10. On the Confirmation page, click Install.
11. Click Close when the wizard completes
Network Policy Server
Network Policy Server is Microsofts implementation of Remote Authentication Dial-in User Service (RADIUS) Server and Proxy in Windows Server 2008, and replacement for Internet Authentication Service in Server 2003. NPS allows you to centrally configure and manage network access authentication, authorization, and client health policies with the following features:
RADIUS Server:
Performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network connection,and for connections to computers running Terminal Services Gateway. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests.To deploy NPS with TS Gateway,you must deploy TS Gateway on the local or a remote computer that is running Windows Server 2008.To deploy NPS with Routing and Remote Access configured as a VPN server,a member of a VPN site-to-site configuration, or a dial-up server, you must deploy Routing and Remote Access on the local or a remote computer that is running Windows Server 2008.
RADIUS Proxy:
When you use NPS as a RADIUS proxy, you can configure connection request policies that tell the NPS server which connection requests to forward to other RADIUS servers and to which RADIUS servers you want to forward connection requests.
Network Access Protection (NAP) policy server:
When configured as a NAP policy server, NPS evaluates statements of health sent by NAP-capable client computers that want to connect to the network.It also acts as a RADIUS server when configured with NAP, performing authentication and authorization for connection requests. You can configure NAP policies and settings including system health validators, health policy, and remediation server groups.Installation of the Network Policy and Access Services role installs the Network Policy Server component and the RADIUS role
802.3 Wired
You can configure 802.1X-based connection request policies for 802.3 wired client Ethernet network access. You can also configure 802.1X-compliant switches as RADIUS clients in NPS, and use NPS as a RADIUS server to process connection requests, authentication, authorization, and accounting for 802.3 Ethernet connections.
802.11 Wireless
You can configure 802.1X-based connection request policies for 802.11 wireless client network access. You can also configure wireless access points as RADIUS clients in NPS, and use NPS as a RADIUS server to process connection requests, perform authentication, authorization, and accounting for 802.11 wireless connections. You can integrate 802.11 wireless access with NAP when deploying a wireless 802.1X infrastructure so that wireless clients is verified against health policys before they are allowed to connect to the network.
Improving the Web Application Platform
Windows Server 2008 R2 includes many enhancements that make this release the most robust Windows Server Web application platform yet. It offers an updated Web server role, Internet Information Services (IIS) 7.5, and greater support for .NET on Server Core. Design goals for IIS 7.5 concentrated on improvements that enable Web administrators to more easily deploy and manage Web applications, and that increase both reliability and scalability. Additionally, IIS 7.5 has streamlined management capabilities and provides more ways than ever to customize your Web serving environment.
The following improvements to IIS and the Windows Web platform are included in Windows Server 2008 R2:
Reduced Effort to Administer and Support Web-Based Applications
Reduced Support and Troubleshooting Effort
Improved File-Transfer Services
Ability to Extend Functionality and Features
Improved .NET Support
Improved Application Pool Security
IIS.NET Community Portal
Reduced Effort to Administer and Support Web-Based Applications
Reducing the effort required to administer and support Web-based applications is a key differentiator for IIS 7.5. Included with this release is support for increased automation, new remote administration scenarios, and improved content publishing for developers and authors. A short list of these features includes:
Expanding the capabilities of IIS Manager through new management modules
Automating common administrative tasks through the Windows PowerShell Provider for IIS
Support for .NET on Server Core, enabling ASP.NET and remote management through IIS Manager
Reduced Support and Troubleshooting Effort
Windows Server 2008 R2 reduces support and troubleshooting effort in the following ways:
Enhanced auditing of changes to IIS 7.5 and application configuration.
Failed Request Tracing for FastCGI.
Best Practices Analyzer (BPA).
Improved FTP Services
Windows Server 2008 R2 includes a new version of FTP server services. These new FTP server services offer the following improvements:
Reduced administrative effort for FTP server services.
Extended support for new Internet standards.
Reduced effort for support and troubleshooting FTP-related issues.
Ability to Extend Functionality and Features
One of the design goals for IIS 7.5 was to make it easy for you to extend the base functionality and features in IIS 7.5 IIS Extensions allow you to build or buy software that can be integrated into IIS 7.5 in such a way that the software appears to be an integral part of IIS 7.5.
Extensions can be created by Microsoft, partners, independent software vendors, and your organization. Microsoft has developed IIS Extensions since the RTM version of Windows Server 2008. These IIS Extensions are available for download from http://www.iis.net. Many of the IIS Extensions developed by Microsoft will be shipped as a part of Windows Server 2008 R2, including WebDAV, Integrated & Enhanced Administration Pack and Windows PowerShell Provider for IIS
The .NET Framework (versions 2.0, 3.0, 3.5.1 and 4.0) is now available on Server Core as an installation option. By taking advantage of this feature, administrators can enable ASP.NET on Server Core, which affords them full use of PowerShell cmdlets. Additionally, .NET support means the ability to perform remote management tasks from IIS manager and host ASP.NET Web applications on Server Core as well.
Building on the application pool isolation that was available with IIS 7.0, that increased security and reliability, every IIS 7.5 application pool now runs with a unique, less-privileged identity. This helps harden the security of applications and services running on IIS 7.5.
To stay current with new additions to IIS in Windows Server 2008 or Windows Server 2008 R2, make sure to visit the IIS.NET community portal (http://www.iis.net). The site includes news updates, in-depth instructional articles, a download center for new IIS solutions, and free advice via blogs and technical forums.
Microsoft SQL Server
Microsoft® SQL Server™ is a database management and analysis system for e-commerce, line-of-business, and data warehousing solutions. In this section you will find information for several versions of SQL Server. You will find articles on database and database application design, as well as examples of the uses that SQL Server can be put to.
SQL Server 2008, the latest version, includes enhanced XML support, integration of .NET Framework objects in databases, improved integration with Microsoft Visual Studio and the Microsoft Office System, as well as improved analysis, reporting, and data integration services.
SQL Server Programming Reference
Programming Reference
[This documentation is for preview only, and is subject to change in later releases. Blank topics are included as placeholders.]
The following features and technologies allow you to develop applications that access data in a SQL Server database.
Programming Reference Sections
Common Language Runtime (CLR) Integration Programming Concepts
Native XML Web Services Concepts
SQL Server Native Client Programming
SQLXML 4.0 Programming Concepts
WMI Provider for Configuration Management Concepts
WMI Provider for Server Events Concepts
WMI Provider Events and Errors
SQL Server Management Objects (SMO)
SQL Distributed Management Objects (SQL-DMO)
Database Engine Extended Stored Procedure Programming
Data Collector Programming
Exception Message Box Programming
ADOMD.NET
Analysis Management Objects (AMO)
ASSL
OLE DB for Data Mining
Integration Services Developer's Guide
Replication Developer's Guide
Reporting Services Developer's Guide
Other Programming Resources
Developing a data-access application may require you to use one or more of the following technologies:
Accessing Data in Visual Studio
SQL Server 2005 Driver for PHP
JDBC
File Services Role
- The File Services server role in the Windows Server® 2008 operating system provides technologies that help manage storage, enable file replication, manage shared folders, ensure fast file searching, and enable access for UNIX client computers.
- The following topics describe changes in File Services functionality available in this release:
- Access-based Enumeration
- Distributed File System
- File Server Resource Manager
- Windows Server Backup
- Services for Network File System
- Storage Manager for SANs
- Transactional NTFS
- Self-Healing NTFS
- Symbolic Linking
Installing Remote Desktop Session Host Step-by-Step Guide
This step-by-step guide walks you through the process of setting up a working Remote Desktop Services infrastructure in a test environment. During this process, you create an Active Directory® domain, install the Remote Desktop Session Host (RD Session Host) role service, and configure the Remote Desktop Connection client computer.This guide is considered the basic Remote Desktop Services step-by-step guide. All other step-by-step guides developed for Remote Desktop Services will assume that this guide has been completed first. This step-by-step guide walks you through the process of setting up a working Remote Desktop Services infrastructure in a test environment. During this process, you create an Active Directory® domain, install the Remote Desktop Session Host (RD Session Host) role service, and configure the Remote Desktop Connection client computer. After you’ve completed this process, you can use the test lab environment to learn about Remote Desktop Services technology on Windows Server® 2008 R2 and assess how it might be deployed in your organization. The goal of a Remote Desktop Session Host (RD Session Host) server is to host Windows-based programs or the full Windows desktop for Remote Desktop Services clients. Users can connect to an RD Session Host server to run programs, to save files, and to use resources on that server.
Microsoft Remote Desktop Services VDI Step-by-Step Guides
New step-by-step guides have been posted for the new Remote Desktop Services (RDS) found in Windows Server 2008 R2 including the new VDI scenarios.
Installing Remote Desktop Session Host Step-by-Step Guide
This step-by-step guide walks you through the process of setting up a working Remote Desktop Services infrastructure in a test environment. During this process, you create an Active Directory® domain, install the Remote Desktop Session Host (RD Session Host) role service, and configure the Remote Desktop Connection client computer.
Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by-Step Guide
This step-by-step guide walks you through the process of setting up a working RemoteApp source accessible by using Remote Desktop Web Access (RD Web Access) in a test environment.
Deploying Personal Virtual Desktops by Using Remote Desktop Web Access Step-by-Step Guide
This step-by-step guide walks you through the process of setting up a working personal virtual desktop accessible by using Remote Desktop Web Access (RD Web Access) in a test environment.
Deploying Virtual Desktop Pools by Using Remote Desktop Web Access Step-by-Step Guide
Improvements to existing HyperV functionality
Dynamic virtual machine storage. Improvements to virtual machine storage include support for hot plug-in and hot removal of the storage. By supporting the addition or removal of virtual hard disks and physical disks while a virtual machine is running, it is possible to quickly reconfigure virtual machines to meet changing requirements. You can also add and remove both virtual hard disks and physical disks to existing SCSI controllers of virtual machines. Hot plug-in and removal of storage requires the installation of Hyper-V integration services (included in Windows Server 2008 R2) on the guest operating system.
Enhanced processor support. You can now have up to 32 physical processor cores. The increased processor support makes it possible to run even more demanding workloads on a single host. In addition, there is support for Second-Level Address Translation (SLAT) and CPU Core Parking. CPU Core Parking enables Windows and Hyper-V to consolidate processing onto the fewest number of possible processor cores, and suspends inactive processor cores. SLAT adds a second level of paging below the architectural x86/x64 paging tables in x86/x64 processors. It provides an indirection layer from virtual machine memory access to the physical memory access. In virtualization scenarios, hardware-based SLAT support improves performance. On Intel-based processors, this is called Extended Page Tables (EPT), and on AMD-based processors, it is called Nested Page Tables (NPT).
Enhanced networking support. Support for jumbo frames, which was previously available in nonvirtual environments, has been extended to be available on virtual machines. This feature enables virtual machines to use jumbo frames up to 9,014 bytes in size, if the underlying physical network supports it.
Availability
Hyper-V R2 is not available for Windows Server® 2008 R2 for Itanium-Based Systems and Windows® Web Server 2008 R2
What's new in Hyper-V Server R2
Failover Clustering
The initial release of Microsoft Hyper-V Server 2008 did not include support for failover clustering. However, with Microsoft Hyper-V Server 2008 R2, host clustering technology is included to enable support for unplanned downtime. It's advisable to use the new Cluster Shared Volumes (CSV) feature of Failover Clustering in Windows Server 2008 R2 with live migration. CSV provides increased reliability when used with live migration and virtual machines, and also provides a single, consistent file namespace so that all servers running Windows Server 2008 R2 see the same storage. In addition, failover clustering requires shared storage for the cluster nodes. This can include an iSCSI or Fiber-Channel Storage Area Network (SAN).
Live Migration
Microsoft Hyper-V Server 2008 R2 includes support for live migration. Live migration enables customers to move running applications between servers without service interruptions. Live migration requires the failover clustering role to be added and configured on the servers running Hyper-V.
Live migration does the following to facilitate greater flexibility and value:
Provides better agility. Datacenters with multiple servers running Hyper-V can move running virtual machines to the best physical computer for performance, scaling, or optimal consolidation without affecting users.
Reduces costs. Datacenters with multiple servers running Hyper-V can service their servers without causing virtual machine downtime or the need to schedule a maintenance window. Datacenters will also be able to reduce power consumption by dynamically increasing consolidation ratios and turning off unused servers during times of lower demand.
Increases productivity. It is possible to keep virtual machines online, even during maintenance, which increases productivity for both users and server administrators.
Processor and memory support
Microsoft Hyper-V Server 2008 R2 now supports up to 8-socket physical systems and provides support for up to 32-cores. In addition, Microsoft Hyper-V Server 2008 R2 supports up to 1TB of RAM on a physical system.
Updated Hyper-V Configuration Utility
The Hyper-V Configuration utility is designed to simplify the most common initial configuration tasks. It helps you configure the initial configuration settings without having to type long command-line strings. New configuration options have been added for R2 including:
Remote Management Configuration
Failover Clustering Configuration
Additional options for Updates
Virtualization Platform Comparison
The following is an overview comparison of the feature and support set for:
Microsoft Hyper-V Server 2008
Microsoft Hyper-V Server 2008 R2
Windows Server 2008 R2 (Enterprise and Datacenter Editions)
Hyper-V vs. Hyper-V R2
If you are planning to upgrade to Hyper-V Server R2, allow our Hyper-V Consultants help you in the process. Our Microsoft Virtualization Professionals are part of a Microsoft Gold Certified Firm with verifiable real world experience on Hyper-V R2. Miles Consulting Corp not only runs it own datacenter on Hyper-V R2, but has successfully deployed Microsoft Hyper-V for our early-adopter clients. We are also one of the first Gold Certified Partners to be awarded a Virtualization Competency from Microsoft.
What’s new in Windows Server 2008 R2 with Service Pack 1?
Windows Server 2008 R2 with SP1 delivers valuable new functionality and powerful improvements to the core Windows Server operating system to help organizations of all sizes increase control, availability, and flexibility for their changing business needs. New Web tools, virtualization technologies, scalability enhancements, and management utilities help save time, reduce costs, and provide a solid foundation for your information technology (IT) infrastructure.
Windows Server 2008 R2 with SP1 has five core pillars which provide updates to existing functionality and new features.
Virtualization
Virtualization is a major part of today’s data centers. The operating efficiencies offered by virtualization allow organizations to dramatically reduce operational effort and power consumption while increasing IT’s flexibility. Besides server virtualization, Windows Server 2008 R2 with SP1 supports the following server-based desktop virtualization scenarios with Remote Desktop Services: Virtual Desktop Infrastructure (VDI) and session virtualization (formerly known as terminal services).
Web Application Platform
Windows Server 2008 R2 with SP1 includes many enhancements that make this release the most robust Windows Server Web application platform yet. It offers an updated Web server role, Internet Information Services (IIS) 7.5, and greater support for .NET on Server Core.
Scalability and Reliability
Windows Server 2008 R2 is capable of unprecedented workload size, dynamic scalability, and across-the-board availability and reliability. A host of new and updated features will be available, including leveraging sophisticated CPU architectures, increased operating system componentization, and improved performance and scalability for applications and services.Management
The ongoing management of servers in the data center is one of the most time-consuming tasks facing IT professionals today. Any management strategy you deploy must support the management of both your physical and virtual environments. To help with this problem, Windows Server 2008 R2 has new features to reduce the ongoing management of Windows Server 2008 R2 and to reduce the administrative effort for common day-to-day operational tasks.Better Together with Windows 7
Windows Server 2008 R2 has many features that are designed specifically to work with client computers running Windows 7.
New features Win ser 2008 R2]
A reviewer guide published by the company describes several areas of improvement in version R2.[12] These include new virtualization capabilities (Live Migration, Cluster Shared Volumes using Failover Clustering and Hyper-V), reduced power consumption, a new set of management tools and new Active Directory capabilities such as a "recycle bin" for deleted AD objects. IIS 7.5 has been added to this release which also includes updated FTP server services. Security enhancements include the addition of DNSSEC support for DNS Server Service (note: even though DNSSEC as such is supported, only one signature algorithm is available[13] (#5 / RSA/SHA-1). Since many zones use a different algorithm - not least the root zone - this means that in reality Windows still can't serve as a recursive resolver) and encrypted clientless authenticated VPN services through DirectAccess for clients using Windows 7. The DHCP server supports a large number of enhancements [14] such as MAC address-based control filtering, converting active leases into reservations or Link Layer based filters, IPv4 address exhaustion[clarification needed] at scope level[clarification needed], DHCP Name protection for non-Windows machines to prevent name squatting, better performance through aggressive lease database caching, DHCP activity logging, auto-population of certain network interface fields, a wizard for split-scope configuration, DHCP Server role migration using WSMT, support for DHCPv6 Option 15 (User Class) and Option 32 (Information Refresh Time). The DHCP server runs in the context of the Network Service account which has less privileges to reduce potential damage if compromised.
Windows Server 2008 R2 supports up to 64 physical processors [15] or up to 256 logical processors per system. (Note:Only the Datacenter and Itanium editions can take advantage of the capability of 64 physical processors. Enterprise, the next-highest edition after those two, can only use 8.)[16] When deployed in a file server role, new File Classification Infrastructure services allow files to be stored on designated servers in the enterprise based on business naming conventions, relevance to business processes and overall corporate policies.[17]
Server Core includes a subset of the .NET Framework, so that some applications (including ASP.NET web sites and Windows PowerShell 2.0) can be used.
Performance improvement was a major area of focus for this release; Microsoft has stated that work was done to decrease boot time, improve the efficiency of I/O operations while using less processing power, and generally improve the speed of storage devices, especially iSCSI.
Active Directory has several new features when raising the forest and domain functional levels[18] to Windows Server 2008 R2. When raising the domain function level, two added features are Authentication Mechanism Assurance and Automatic SPN Management. When raising the forest functional level, the Active Directory recycle bin feature is available and can be enabled using the Active Directory Module for Powershell.
System requirements for winser 2008 R2
System requirements for Windows Server 2008 R2 are as follows:[21]
Processor
1.4 GHz x86-64 or Itanium 2 processor
Memory
Minimum:512 MB RAM (may limit performance and some features)
Recommended:1 GB RAM
Maximum: 8 GB RAM (Foundation), 32 GB RAM (Standard), or 2 TB RAM (Enterprise, Datacenter and Itanium-Based Systems)
Display
Super VGA (800 x 600) or higher
Disk Space Requirements
Minimum (editions higher than Foundation): 32 GB or more
Minimum (Foundation edition) 10 GB or more.
Computers with more than 16 GB of RAM require more disk space for paging and dump files.[citation needed]
Other
DVD drive, keyboard and mouse, Internet access (Optional, but required for updates and online activation)
Windows Server 2008 R2
Windows Server 2008 R2 is a server operating system produced by Microsoft. It was released to manufacturing on July 22, 2009[3] and launched on October 22, 2009.[4] According to the Windows Server Team blog, the retail availability was September 14, 2009.[5] It is built on Windows NT 6.1, the same core operating system used with the client-oriented Windows 7. It is the first 64-bit-only operating system release from Microsoft. Windows Server 2008 R2 is an update of Windows Server 2008.
Version enhancements include new functionality for Active Directory, new Virtualization and Management features, the release of IIS 7.5, and support for up to 256[6] logical processors.
There are seven editions: Foundation, Standard, Enterprise, Datacenter, Web, HPC Server and Itanium.
Microsoft introduced Windows Server 2008 R2 at the 2008 Professional Developers Conference as the server variant of Windows 7.
On January 7, 2009, a beta release of Windows Server 2008 R2 was made available to subscribers of Microsoft's TechNet and MSDN programs, as well as those participating in the Microsoft Connect program for Windows 7. Two days later, the beta was released to the public via the Microsoft Download Center.[7]
On April 30, 2009, the release candidate was made available to subscribers of Microsoft's TechNet and MSDN.[8] On May 5, 2009, the release candidate was made available to the general public via the Microsoft download center.[9]
According to Windows Server Division WebLog,[10] the following are the dates of the year 2009 when Microsoft Windows Server 2008 R2 has been made available to various distribution channels:
OEMs received Windows Server 2008 R2 RTM in English and all Language Packs on July 29. The remaining languages were available around August 11.
ISV (Independent software vendor) and IHV (Independent hardware vendor) partners have been able to download Windows Server 2008 R2 RTM from MSDN starting on August 14.
IT Professionals with TechNet Subscriptions were able to download Windows Server 2008 R2 RTM and obtain product keys for in English, French, German, Italian, and Spanish beginning August 14 and all remaining languages beginning August 21.
Developers with MSDN Subscriptions have been able download and obtain product keys for Windows Server 2008 R2 RTM in English, French, German, Italian, and Spanish starting August 14 and all remaining languages starting August 21.
Microsoft Partner Program Gold/Certified Members were able to download Windows Server 2008 R2 RTM through the Microsoft Partner Program (MPP) Portal on August 19.
Volume License (VL) customer with an existing Software Assurance (SA) license were able to download Windows Server 2008 R2 RTM on August 19 via the Volume License Service Center (VLSC).
Volume License customers without a Software Assurance (SA) license can purchase Windows Server 2008 R2 through Volume Licensing on September 1.
Additionally, qualifying students have been able to download Windows Server 2008 R2 RTM Standard Edition in 15 languages from DreamSpark.[11]
Microsoft has announced that Server 2008 R2 will be the last version of Windows supporting the Itanium architecture.
Subscribe to:
Posts (Atom)