Management Management Technologies In Technologies In Windows Server 2003Windows Server 2003

Windows Server - ManagementWindows Server - Management

One of the FundamentalsOne of the Fundamentals Security, performance, scalability, Security, performance, scalability,

manageabilitymanageability, availability, availability Pillars of ManageabilityPillars of Manageability

1.1. Deployment and configurationDeployment and configuration2.2. Keeping systems up-to-date and secureKeeping systems up-to-date and secure3.3. Manage systems - many-as-oneManage systems - many-as-one4.4. Administrator control and flexibilityAdministrator control and flexibility5.5. Server operations managementServer operations management

Common InfrastructureCommon Infrastructure

Windows Management Windows Management SolutionsSolutions

LessLess MoreMoreComplexityComplexity

Third Party

Solutions

Third Party

Solutions

Fu

nc

tio

nF

un

cti

on

MoreMore

Microsoft Management Microsoft Management Products (SMS, MOM, AC)Products (SMS, MOM, AC)

Solutions shipping in WindowsSolutions shipping in Windows

(1) Easier Deployment (1) Easier Deployment And ConfigurationAnd Configuration Problem spaceProblem space

No ability to do a one time, rapid install for a No ability to do a one time, rapid install for a small number of servers (Windows 2000 small number of servers (Windows 2000 supported desktops only)supported desktops only)

Role based server configurationRole based server configuration SolutionsSolutions

Improved Remote Installation ServicesImproved Remote Installation Services Added ‘Manage Your Server’ and Improved Added ‘Manage Your Server’ and Improved

‘Configure Your Server’ tools‘Configure Your Server’ tools

Remote Installation ServiceRemote Installation Service

Support for rapid install of a small Support for rapid install of a small number of servers or desktops:number of servers or desktops: All versions of Windows 2000 (including All versions of Windows 2000 (including

Server and Advanced Server)Server and Advanced Server) Windows XP ProfessionalWindows XP Professional All Windows Server 2003All Windows Server 2003 All 64-bit versions of Windows Server 2003*All 64-bit versions of Windows Server 2003*

Boot floppy supports select additional Boot floppy supports select additional network cards that are not PXE capablenetwork cards that are not PXE capable

*RISetup only, not RIPrep-based images*RISetup only, not RIPrep-based images

RIS - Enhancements RIS - Enhancements

Significant performance increase over Significant performance increase over Windows 2000 RIS ServerWindows 2000 RIS Server

RIPrep image HAL filteringRIPrep image HAL filtering User only offered HAL-compatible User only offered HAL-compatible

RIPrep imagesRIPrep images Lowers support calls from incompatible Lowers support calls from incompatible

install failuresinstall failures

AutoEnter functionality in OSChoiceAutoEnter functionality in OSChoice Specify SIF file and/or startrom.com for Specify SIF file and/or startrom.com for

each machine in Active Directoryeach machine in Active Directory

‘‘Manage Your Server’ AndManage Your Server’ And‘Configure Your Server’‘Configure Your Server’ Wizards simplify installing and Wizards simplify installing and

configuring a server for specific rolesconfiguring a server for specific roles Web, AD, TS, DHCP, File, Print, etc…Web, AD, TS, DHCP, File, Print, etc… Installs and configures the relevant Installs and configures the relevant

optional components for the optional components for the selected rolesselected roles

Simplified installation of the first server Simplified installation of the first server on a networkon a network DHCP, DNS, and AD are all installed with DHCP, DNS, and AD are all installed with

default settingsdefault settings

Manage Your ServerManage Your Server

(2) Staying Up-To-Date (2) Staying Up-To-Date And SecureAnd Secure Problem spaceProblem space

Keep clients and servers up to date with the latest patches Keep clients and servers up to date with the latest patches automaticallyautomatically

Prevent the execution of hostile code by usersPrevent the execution of hostile code by users SolutionsSolutions

Software Update Services (SUS) and Auto Update (AU) to Software Update Services (SUS) and Auto Update (AU) to keep machines up to date with the latest critical updates in keep machines up to date with the latest critical updates in small/medium sized organisationssmall/medium sized organisations

Software Restriction Policies to prevent unauthorised code Software Restriction Policies to prevent unauthorised code execution (sandbox)execution (sandbox)

Add-on: Microsoft Systems Management Server (SMS) Add-on: Microsoft Systems Management Server (SMS) for advanced software distribution and management in for advanced software distribution and management in large organisationslarge organisations

Software Update ServicesSoftware Update Services

Windows keeps itself up-to-date with Windows keeps itself up-to-date with the latest critical and security updates the latest critical and security updates

IT administrator can automatically IT administrator can automatically deploy updates based on customised deploy updates based on customised Windows Update contentWindows Update content

Web-based infrastructure means no Web-based infrastructure means no additional infrastructure or network additional infrastructure or network modifications requiredmodifications required

ArchitectureArchitecture

WindowsUpdateWindowsUpdate

InternetInternet

IntranetIntranet

Running Running SUSSUS

Windows: critical security updates, Windows: critical security updates, security rollups, service packssecurity rollups, service packs

Configured via web based admin Configured via web based admin tool; Admin approves updatestool; Admin approves updates

Sync updatesSync updates

Download and Download and installinstall approved approved updatesupdates

Corporate servers, desktops Corporate servers, desktops and laptops with the and laptops with the automatic updates clientautomatic updates client

Group Group policy policy configconfig

SUS Scale-OutSUS Scale-Out

Windows UpdateWindows Update

InternetInternet IntranetIntranetSUS/distribution serverSUS/distribution server

SUSSUS

Sync Sync

ContentContent and and List of List of Approved Approved UpdatesUpdates

SUSSUS

SyncSync

ContentContent

AutoUpdate clientsAutoUpdate clients

Win2k and WinXPWin2k and WinXP

Site in City BSite in City B

HTTPHTTP

AutoUpdate clientsAutoUpdate clients

Win2k and WinXPWin2k and WinXP

Site in City ASite in City A

Client can be directed Client can be directed to auto download and to auto download and install updatesinstall updates

ProxyProxy

ProxyProxy

Client can be directed Client can be directed to pull approved to pull approved updates from updates from Microsoft.comMicrosoft.com

Firewal

l

Firewal

l

SUS ComponentsSUS Components

Auto update client Auto update client Update of the Windows XP Auto Update technologyUpdate of the Windows XP Auto Update technology Can be configured by the Administrator using Can be configured by the Administrator using

Group PolicyGroup Policy Can auto-download and install updates under Can auto-download and install updates under

admin controladmin control Check SUS or WU for updatesCheck SUS or WU for updates Ships in Windows Server 2003, Win2K SP3, Win XP Ships in Windows Server 2003, Win2K SP3, Win XP

SP1, Stand-alone (MSI)SP1, Stand-alone (MSI) SUSSUS

Hosted on the corporate intranetHosted on the corporate intranet Synchronises critical/security updates from Synchronises critical/security updates from

Windows UpdateWindows Update Administrator control over updates Administrator control over updates

Software Update ServicesSoftware Update Services

Software Restriction PolicySoftware Restriction Policy

Administrator defined rules about what software can Administrator defined rules about what software can execute, deployed via Group Policyexecute, deployed via Group Policy

Prevent hostile software from executingPrevent hostile software from executing Manages execution of .EXEs, scripts, and Windows Manages execution of .EXEs, scripts, and Windows

installer packagesinstaller packages Software can be identified bySoftware can be identified by

PathPath MD5 HashMD5 Hash Digital Signature CertificateDigital Signature Certificate Internet ZoneInternet Zone

Allow only specific software to executeAllow only specific software to execute Useful for highly restricted environments like kiosksUseful for highly restricted environments like kiosks Provides highest security, with increased Provides highest security, with increased

administration overheadadministration overhead

Systems Management Server Systems Management Server And Windows Server 2003And Windows Server 2003 SMS extends Windows Server 2003 manageabilitySMS extends Windows Server 2003 manageability

Hardware/software inventory of serversHardware/software inventory of servers Software distribution to serversSoftware distribution to servers Software distribution to Terminal ServersSoftware distribution to Terminal Servers

Value Pack extends capabilities for security Value Pack extends capabilities for security patch managementpatch management Integrated with HFNetChk for inventoryIntegrated with HFNetChk for inventory of security updatesof security updates Update WizardUpdate Wizard

Gets necessary updates from Windows UpdateGets necessary updates from Windows Update Automatically create SMS package on flyAutomatically create SMS package on fly SMS control - targeting, scheduling, statusSMS control - targeting, scheduling, status SMS server platforms - WDNS, Win2k, NT4SMS server platforms - WDNS, Win2k, NT4

Value Pack ReleasedValue Pack Released

(3) Managing Many-As-One(3) Managing Many-As-One

Problem space: Problem space: Centralised configuration of many clientsCentralised configuration of many clients

Possible with Windows 2000 using Possible with Windows 2000 using Group PolicyGroup Policy

Simplify management of Group PolicySimplify management of Group Policy

SolutionsSolutions Group Policy Management Console Group Policy Management Console

(GPMC)(GPMC) Improvements to the Group Improvements to the Group

Policy infrastructurePolicy infrastructure

GPMC OverviewGPMC Overview

What is it? What is it? Set of scriptable interfaces for managing GPSet of scriptable interfaces for managing GP MMC Snap-in, built on these interfacesMMC Snap-in, built on these interfaces

Design goalsDesign goals Unify management of Group PolicyUnify management of Group Policy Address key deployment issuesAddress key deployment issues Provide better UI for visualisationProvide better UI for visualisation Enable programmatic access to GPEnable programmatic access to GP

GPMC Feature SummaryGPMC Feature Summary

UI based on direct customer UI based on direct customer (administrator) feedback(administrator) feedback

Reporting (incl. read-only access to GPO)Reporting (incl. read-only access to GPO) Backup/restore of GPOsBackup/restore of GPOs Import/export, copy/pasteImport/export, copy/paste

For GPOs and WMI FiltersFor GPOs and WMI Filters

Resultant Set of Policy (RSoP) IntegrationResultant Set of Policy (RSoP) Integration Scripting of GPO operationsScripting of GPO operations

Note: not settings within GPOsNote: not settings within GPOs

Search capabilitiesSearch capabilities

Group Policy ImprovementsGroup Policy Improvements

Resultant Set of Policy (RSoP)Resultant Set of Policy (RSoP) Report on currently applied policyReport on currently applied policy Improved planning and modelingImproved planning and modeling

WMI filteringWMI filtering Greater policy targeting granularityGreater policy targeting granularity

Registry based policyRegistry based policy Approximately 240 new settings can be managedApproximately 240 new settings can be managed

SUS/AU, Terminal Server, DNS etc.SUS/AU, Terminal Server, DNS etc. The MMC Web-view provides detailed explanations on each The MMC Web-view provides detailed explanations on each

settingsetting Software InstallationSoftware Installation

Install at logon option, in addition to on-demand installInstall at logon option, in addition to on-demand install

GPMCGPMC

(4) Enable Richer Admin (4) Enable Richer Admin Control And FlexibilityControl And Flexibility Problem spaceProblem space

Command line tools for admin functionsCommand line tools for admin functions Operate server in “headless” modeOperate server in “headless” mode

SolutionsSolutions New admin task based command line toolsNew admin task based command line tools WMI command line WMI command line Emergency Management Service (EMS)Emergency Management Service (EMS)

Command Line/ScriptingCommand Line/Scripting Provide tools in the box for all admin tasks:Provide tools in the box for all admin tasks:

Add key Resource Kit and PSS Support tools Add key Resource Kit and PSS Support tools to productto product

Build command line tools for existing UI only Build command line tools for existing UI only tasks/capabilitiestasks/capabilities

Document common admin tasks, scenarios and Document common admin tasks, scenarios and current toolscurrent tools

~60 new tools in Windows Server 2003~60 new tools in Windows Server 2003 Better online documentation and education:Better online documentation and education:

Improved online help for cmd line: A-Z list Improved online help for cmd line: A-Z list (ntcmds.chm) (ntcmds.chm)

New Resource Kit scripting book show how to New Resource Kit scripting book show how to script with tools script with tools

Make tools more consistent and discoverable Make tools more consistent and discoverable

WMI Command LineWMI Command Line

Allows command line scripts access to Allows command line scripts access to the thousands of system parameters the thousands of system parameters available through WMIavailable through WMI Information retrieval from WMI schemaInformation retrieval from WMI schema Can be used to write to the schema for Can be used to write to the schema for

providers that support itproviders that support it

Aliases allow the schema to be mapped Aliases allow the schema to be mapped to a format convenient to specific to a format convenient to specific management tasksmanagement tasks Many built in aliasesMany built in aliases Can be extendedCan be extended

Command Line and Command Line and WMICWMIC

Out-of-band emergency management Out-of-band emergency management functionality functionality A supplement, not a replacement, for in-band A supplement, not a replacement, for in-band

management toolsmanagement tools Aimed at completing Setup or returning the Aimed at completing Setup or returning the

system to the networksystem to the network Compatible with Sun and Unix out of Compatible with Sun and Unix out of

band infrastructure (serial terminal band infrastructure (serial terminal concentrators, etc.) concentrators, etc.)

Working with OEMs to integrate with Working with OEMs to integrate with on-board service processors (such as on-board service processors (such as Compaq Remote Insight Board, Lights Out Compaq Remote Insight Board, Lights Out Edition, RIBLOE)Edition, RIBLOE)

Emergency Management Emergency Management ServicesServices

Emergency Management ServicesEmergency Management ServicesWhen Windows isn’t on the Network When Windows isn’t on the Network

PowerPowerOffOff FirmwareFirmware WindowsWindows

LoaderLoader

WindowsWindows

In DistressIn Distress

HungHung

BlueBlueScreenScreen

EMS available while EMS available while WindowsWindows is active is active

Firmware console Firmware console redirectionredirection

Wake on LANWake on LAN

Console redirectionConsole redirection

Console redirection and SACConsole redirection and SAC

Special Admin Console (SAC)Special Admin Console (SAC)with CMD promptwith CMD prompt

(5) Better Server (5) Better Server Operations ManagementOperations Management Problem spaceProblem space

Smart status and health monitoring Smart status and health monitoring of serversof servers

Solution:Solution: Add-on: Microsoft Operations Manager for Add-on: Microsoft Operations Manager for

status and health monitoringstatus and health monitoring New knowledge packs for key New knowledge packs for key

Windows servicesWindows services

MOM And Windows Server MOM And Windows Server 20032003 Microsoft Operations Manager for event and Microsoft Operations Manager for event and

performance monitoringperformance monitoring Enterprise event filtering and correlationEnterprise event filtering and correlation Built-in knowledge that codifies best practicesBuilt-in knowledge that codifies best practices Automate in-house procedures and processesAutomate in-house procedures and processes

New in MOM for Windows Server 2003New in MOM for Windows Server 2003 New Windows Server 2003 Management PackNew Windows Server 2003 Management Pack New ASP.NET/.NET Framework Management PackNew ASP.NET/.NET Framework Management Pack Updated Management PacksUpdated Management Packs

Active DirectoryActive Directory Internet Information ServerInternet Information Server Domain Name ServiceDomain Name Service File Replication ServiceFile Replication Service

Other Management Other Management Enhancements In Windows Enhancements In Windows Server 2003Server 2003

Content indexingContent indexing Virtual Disk Service (VDS)Virtual Disk Service (VDS) Dynamic Volume Dynamic Volume

managementmanagement Easier Printer ManagementEasier Printer Management Location via Active DirectoryLocation via Active Directory Disk Quota ManagementDisk Quota Management Hierarchical Storage Hierarchical Storage

ManagementManagement Color Management for Color Management for

new printersnew printers Network Load Network Load

Balancing ManagerBalancing Manager

Secure credential and cert Secure credential and cert managementmanagement

Health monitoring visibilityHealth monitoring visibility Improved interfacesImproved interfaces Better event tracking Better event tracking

and reportingand reporting Clustering - easier resource Clustering - easier resource

configuration and Active configuration and Active Directory Integration Directory Integration

Veritas Volume Veritas Volume Manager supportManager support

SummarySummary

Manageability is one of the major Manageability is one of the major fundamentals of Windows Server 2003fundamentals of Windows Server 2003

Windows Server 2003 provides enhanced Windows Server 2003 provides enhanced and new features forand new features for

Deployment and configurationDeployment and configuration Keeping systems up-to-date and secureKeeping systems up-to-date and secure Manage systems - many-as-oneManage systems - many-as-one Administrator control and flexibilityAdministrator control and flexibility Server operations managementServer operations management

© 2002 Microsoft Corporation. All rights reserved.© 2002 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.