Opsommingscenter850009088120Waldemar botesITCA1000000Waldemar botesITCA
Module 1 (Installing, upgrading, and migrating servers and workloads)
Windows Server 2016 edition
Windows Server 2016 Essentials edition Windows Server 2016 Essentials edition is designed for small businesses. It corresponds to Windows Small Business Server from earlier versions of Windows Server. This edition allows up to 25 users and 50 devices. It supports two processor cores and up to 64 gigabytes (GB) of random access memory (RAM). It does not support many of the features of Windows Server 2016, including virtualization.
Windows Server 2016 Standard edition Windows Server 2016 Standard edition is designed for physical server environments with little or no virtualization. It provides many of the roles and features available for the Windows Server 2016 operating system. This edition supports up to 64 sockets and up to 4 terabytes (TB) of RAM. It includes licenses for up to two virtual machines.
(Note: You can run two virtual machines on one physical host, using one standard license, as long as the physical host is only used for hosting and managing the virtual machines. If the physical host is used to run other services, such as DNS, you can only run one virtual machine. For more information about Windows licensing, speak with a Microsoft licensing specialist.)
Windows Server 2016 Datacenter edition Windows Server 2016 Datacenter edition is designed for highly virtualized infrastructures, including private cloud and hybrid cloud environments. It provides all of the roles and features available for the Windows Server 2016 operating system. This edition supports up to 64 sockets, up to 640 processor cores, and up to 4 TB of RAM. It includes unlimited Windows Server-based virtual machine licenses for virtual machines that run on the same hardware. It also includes new features such as Storage Spaces Direct and Storage Replica, along with new Shielded Virtual Machines and features for software-defined datacenter scenarios.
Microsoft Hyper-V Server 2016 Acts as a stand-alone virtualization server for virtual machines, including all the new features around virtualization in Windows Server 2016. The host operating system has no licensing cost, but virtual machines must be licensed separately. This edition supports up to 64 sockets and up to 4 TB of RAM. It supports domain joining. It does not support Windows Server 2016 roles other than limited file service features. This edition has no GUI but does have a UI that displays a menu of configuration tasks.
Windows Storage Server 2016 Workgroup edition Acts as an entry-level unified storage appliance. This edition allows 50 users, one processor core, and 32 GB of RAM. It supports domain joining.
Windows Storage Server 2016 Standard edition Supports up to 64 sockets but is licensed on a two-socket, incrementing basis. This edition supports up to 4 TB of RAM. It includes two virtual machine licenses. It supports domain joining. It supports some roles, including Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) server roles, but does not support others, including Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), or Active Directory Federation Services (AD FS).
The absolute minimum required for a Server Core installation on a physical machine:
Processor architecture 64-bit
Processor speed 1.4 gigahertz (GHz)
RAM 512 MB
Hard drive space 32 Gb
(Virtualized deployments of Windows Server 2016 must match the same hardware specifications as those required for physical deployments. However, during installation you will need to allocate extra memory to the VM, which you can then deallocate after installation, or you will need to create an installation partition during the boot process.)
Desktop ExperienceIf you want to install Windows Server 2016 with the Desktop Experience installed, the hard drive space requirement is approximately 4 GB greater.
Other hardware requirements:
Greater disk space is required for network installations or for computers with more than 16 GB of RAM.
Storage and network adapters must be PCI Express compliant.
A Trusted Platform Module (TPM) 2.0 chip is required for certain features such as BitLocker Drive Encryption.
Overview of installation optionsWhen you install Windows Server 2016, you can select one of three installation options:
Windows Server 2016 with Desktop Experience. This is a full server installation and includes a complete graphical management interface. This installation option supports all Windows Server roles.
Windows Server 2016. This is the equivalent of Server Core in earlier versions of Windows Server and provides for a command-line management interface. This installation option has a reduced hardware footprint but does not support all Windows Server roles.
Managing servers remotely
Use the following options to remotely manage a computer that is running Windows Server 2016:
Remote Server Administration Tools (RSAT)
Management consoles for each role/feature
Windows PowerShell remoting and PowerShell Direct
Group Policy (not supported on Nano Server)
Firewall exceptions required for remote management.(The best practice is to manage servers remotely by using the Remote Server Administration Tools (RSAT) available for Windows 10. RSAT includes the full set of administrative tools, including Server Manager, the Active Directory Administrative Center, and management consoles. You can later choose to disable the tools by using Turn Windows features on or off in Control Panel.)
Server ManagerServer Manager is part of the Windows Server 2016 Desktop Experience, or you can run it from a Windows 10 workstation when installed as part of RSAT. Server Manager is the primary GUI tool to manage computers running Windows Server 2016. The Server Manager console can manage both local and remote servers.
You can also manage servers as groups, allowing you to perform the same administrative tasks quickly across multiple servers. You can also use Server Manager to run the Best Practices Analyzer to determine if the roles are functioning properly on the servers in your network.
Windows PowerShell remoting and PowerShell DirectYou can use Windows PowerShell to run Windows PowerShell commands or scripts against correctly configured remote servers if the script is hosted on the local server.
With Windows PowerShell remoting, where necessary, you can also load Windows PowerShell modules locally, such as those that are part of Server Manager, and run the cmdlets available in that module against appropriately configured remote servers.
In Windows Server 2016, you also have the option of using PowerShell Direct to run PowerShell scripts or cmdlets on virtual machines from a Hyper-V host.
Remote ShellWindows Remote Shell (WinRS) is a command-line tool that allows you to execute remote commands on a target server that supports Windows Remote Management (WinRM).
WinRM is a collection of standards-based technologies that enables administrators to manage server hardware when signed in directly or over the network.
Server Manager and Windows PowerShell remoting also rely on WinRM in Windows Server 2016.
Remote desktopYou can connect to a remote server computer that is running the Server Core installation or the full installation by using Remote Desktop. On Server Core, you must enable Remote Desktop by using Sconfig.cmd.
Group PolicyYou can use Group Policy to manage Server Core and full installations of Windows Server 2016, just like you can manage any other computer running Windows.
Firewall settingsMicrosoft Management Console (MMC) and some other tools used for remote server management rely on the Distributed Component Object Model (DCOM).
Even Server Manager, when managing servers running Windows Server 2008 without the Windows Management Framework updates installed, depends on DCOM. DCOM, unlike WinRM, requires Windows Firewall on the computer running the remote management tools to be configured to allow exceptions to multiple rules. These exceptions include:
COM+ Network Access (DCOM-In)
Remote Event Log Management (NP-In)
Remote Event Log Management (RPC)
Remote Event Log Management (RPC-EPMAP)
Using Windows PowerShell 5.0 to manage servers
Windows PowerShell 5.0 is a scripting language and command-line interface that is designed to assist you in performing day-to-day administrative tasks.
Windows PowerShell cmdlets execute at a Windows PowerShell command prompt or combine into Windows PowerShell scripts. You can also use Windows PowerShell to manage servers remotely.A headless server has no graphical user interface and there is no capability for local sign-in.
Importing modulesSome Windows PowerShell cmdlets are not available in the default Windows PowerShell library. When you enable some Windows features or want to administer particular environments, you must obtain additional Windows PowerShell functions. These additional functions are packaged in modules.
Windows PowerShell remote managementYou can use Windows PowerShell to remotely run cmdlets on other Windows systems. This is called remoting. Windows PowerShell remoting depends on the WinRM service running on the target systems. This service can be enabled manually or by running the Enable-PSRemoting cmdlet on the target.
The simplest way to use remoting is one-to-one remoting, which allows you to bring up an interactive Windows PowerShell session on the remote system. After the connection is established, the Windows PowerShell prompt displays the name of the remote computer.
PowerShell DirectPowerShell Direct enables you to run a Windows PowerShell cmdlet or script inside a virtual machine from the host operating system without regard to network and firewall configurations, and regardless of remote management configuration.(You must still authenticate to the virtual machine by using guest operating system credentials.)
To use PowerShell Direct, from your host, run the following Windows PowerShell cmdlet:
Enter-PSSession -VMName VMNameWindows PowerShell Desired State Configuration (DSC)Windows PowerShell DSC is a set of Windows PowerShell extensions, cmdlets, and resources that support configuring and managing remote computers in a scalable and standardized manner by pushing or pulling declarative configurations.
What’s new since Windows Server 2008 was released?
New features and improvements introduced in Windows Server 2012 or Windows Server 2012 R2:
Work Folders.Provides a mechanism for both domain-joined computers and those that are not domain joined to access and synchronize corporate data files.
DHCP failover.Enables you to deploy two DHCP servers containing overlapping DHCP scopes. If a DHCP server goes offline, DHCP client computers can renew their IP configurations from the failover DHCP server.
IP Address Management (IPAM).Provides administrative and monitoring capabilities for the IP address infrastructure within your organization’s networks. With IPAM, you can monitor, audit, and manage servers running DHCP and DNS.
Dynamic Access Control.This claims-based authorization platform enables you to control access to file resources within your organization. This is in addition to any folder or shared folder permissions already protecting the resource. Dynamic Access Control enables you to apply access control permissions based on rules that can include the sensitivity of the resources, the job or role of the user, and the configuration of the device that is used to access these resources.
Data deduplication.Involves finding and removing duplication within data. By segmenting files into small, variable-sized pieces; identifying duplicate pieces; and maintaining a single copy of each piece, data deduplication enables you to store more data in less space.
Storage Spaces.Enables cost-effective, highly available, scalable, and flexible storage for critical deployments. Storage Spaces are based on virtual disks that are created from free space in a storage pool. Storage pools are collections of physical disks that enable you to aggregate disks, expand capacity in a flexible manner, and delegate administration.
Storage tiers.Automatically moves frequently accessed data to faster storage and less-frequently accessed data to slower storage.
Better support for domain controller virtualization.Although many organizations have virtualized domain controllers for several years, potential issues can affect the reliability of this configuration. A feature known as GenerationID changes whenever the virtual machine experiences an event that affects its position in time. During startup and normal operations, a virtual domain controller compares the current value of GenerationID against the expected value. A mismatch is interpreted as a rollback event, and the domain controller employs safeguards to prevent the virtual domain controller from creating duplicate security principals.
The ability to clone virtual domain controllers.Enables you to deploy new virtual domain controllers by cloning existing ones.
New features and improvements introduced in Windows Server 2016:
Windows Server containers and Hyper-V containers.Containers enable you to isolate your apps from the operating system environment. This improves security and reliability. Windows containers are isolated from one another but run on the host operating system. Hyper-V containers are further isolated, because they run within a virtual machine.
Docker.Docker is a technology for managing containers. Although Docker is usually associated with Linux, Windows Server 2016 provides support for Docker for managing Windows containers and Hyper-V containers. The latest version of Docker, Docker Enterprise Edition for Windows Server 2016, is freely available for all Windows Server 2016 installations, and it enables easier installation of Docker on Windows Server 2016.
Rolling upgrades for Hyper-V and storage clusters.These upgrades enable you to add Windows Server 2016 nodes to an existing Windows Server 2012 R2 failover cluster. The cluster continues to operate at a Windows Server 2012 R2 functional level until all the nodes are upgraded.
The ability to hot add and hot remove virtual memory and network adapters from virtual machines. In Hyper-V in Windows Server 2016, you can now add or remove virtual memory and network adapters while the virtual machines are running.
Nested virtualization.In Hyper-V in Windows Server 2016, you can enable nested virtualization, enabling you to run Hyper-V virtual machines within a virtual machine.
Shielded virtual machines.Shielding your virtual machines enables you to help protect the data on them from unauthorized access.
PowerShell Direct.This feature enables you to run Windows PowerShell commands against a guest operating system in a virtual machine without handling security policies, host network settings, or firewall settings.
Windows Defender.Windows Defender is provided to help protect your server against malware. Although the Windows Defender interface is not installed by default, the antimalware patterns are automatically kept up-to-date.
Storage Spaces Direct.This feature enables you to build highly available storage with directly attached disks on each node in a cluster. The Server Message Block 3 (SMB3) protocol provides resiliency.
Storage Replica.This feature enables you to synchronously or asynchronously replicate volumes at the block level.
Microsoft Passport.This service replaces passwords with two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. This helps provide a more secure and convenient sign-in experience.
Remote Desktop Services.You can now use an Azure SQL database to create a high availability environment for Remote Desktop Connection Broker.
Active Directory Domain Services (AD DS).AD DS improvements include support for privileged access management (PAM), support for Azure AD Join, along with support for Microsoft Passport.
Windows Server Servicing Channels
Windows Server 2016 now uses the Windows-as-a-Service servicing model known as Channels.
Contains new or updated features released every six months
Only available through a Microsoft SA Agreement
Traditional deployment and versioning
Available in Server Core or Server with Desktop Experience modes.
Both channels will release security and driver updates as required as soon as available.
Nano Server no longer supported with infrastructure roles; use Server Core or Desktop Experience modes instead.
Windows-as-a-ServiceWindows 10 introduced a method of delivering new features and functional changes. This method is known as Windows-as-a-Service. Windows-as-a-Service uses the servicing model to introduce updates. The updates were called branches initially, and the three branches were Current Branch, Current Branch for Business, and Long-Term Servicing Branch.
Servicing ChannelsThe update servicing model nomenclature has changed from branches to channels. Windows Server 2016 has two channels; the Semi-Annual Channel and the Long-Term Servicing Channel (LTSC). Security and driver updates or design flaws will not change based on these channels; these updates automatically become available for all editions.
The distribution and methods for each are as follows:
Semi-Annual Channel.This is acquired with a Software Assurance (SA) agreement with Microsoft. The Semi-Annual Channel releases about every six months, and you can identify it by using a YYMM construct. For example, the first Windows Server 2016 Semi-Annual Channel release was version 1709, for September of 2017. The Semi-Annual Channel for Windows Server 2016 only comes in Server Core or a Nano Server that is running in a Windows container. This channel offers new or updated features that are not available on LTSC.
LTSC.Windows Server 2016, as released in late 2016, is the LTSC. The LTSC does not receive new or updated features through the update service channel. Basically, LTSC will not add or change within its own version. New features for the LTSC rolled out about every three years, which is the same as the rollout of new Windows Server versions in the past. You can install LTSC either as Windows Server Core or Server with Desktop Experience.
Planning for Server Core
Server Core is:
A more security-enhanced, less resource-intensive installation option than the Desktop Experience installation.
An installation that cannot be converted to a full graphical shell version of Windows Server 2016
The default installation option for windows Server 2016
Managed locally by using Windows PowerShell and other standard tools.
With remote management enabled, you rarely need to sign in locally.
(Server Core is the default installation option when you run the Windows Server 2016 Setup wizard. It uses fewer hardware resources than the full installation option. One of the ways it does this is by not installing a GUI for management purposes. Instead, you can manage Server Core locally by using Windows PowerShell or a command-line interface, or you can manage it remotely by using one of the remote management options described in the last lesson.)
Server Core has the following advantages over the full Windows Server 2016 installation option:
Reduced update requirements.Because Server Core installs fewer components, its deployment requires you to install fewer software updates. This reduces the number of monthly restarts required and the amount of time required for an administrator to service Server Core.
A reduced hardware footprint.Computers running Server Core require less RAM and less hard drive space. When Server Core is virtualized, this means that you can deploy more servers on the same host.
Smaller attack surface.Installing fewer components, especially the client interface, reduces the potential surface for security vulnerabilities for hackers to exploit.
Tools to manage Server Core deployments of Windows Server 2016:
Cmd.exe Allows you to run traditional command-line tools, such as ping.exe, ipconfig.exe, and netsh.exe.
PowerShell.exe Launches a Windows PowerShell session on the Server Core deployment. You then can perform Windows PowerShell tasks normally. Windows Server 2016 comes with Windows PowerShell version 5.0 installed.
Regedt32.exe Provides registry access within the Server Core environment.
Msinfo32.exe Allows you to view system information about the Server Core deployment.
Sconfig.cmd Serves as a command-line, menu-driven tool to perform common server administration tasks.
Taskmgr.exe Launches Task Manager.
Server roles available in Server Core:
File Services (including File Server Resource Manager)
Active Directory Lightweight Directory Services (AD LDS)
Print and Document Services
Streaming Media Services
Web Server (including a subset of ASP.NET)
Windows Server Update Server
Active Directory Rights Management Server
Routing and Remote Access Server and the following subroles:
Remote Desktop Connection Broker
Installing Server Core and Server with Desktop Experience
Perform preinstallation tasks:
Back up server if applicable
Disable antivirus software
Run the Windows Setup Wizard from the installation media:
Provide locale information (language, date, currency, keyboard)
Select Server Core Installation
Review and accept license
Select installation location
Provide administrator password
Before installing Windows Server 2016 you should perform several tasks to prepare for installation:
Disconnect any uninterruptible power supply (UPS) that is connected to the destination computer with a serial cable. Setup attempts to detect any devices connected to serial ports and UPS equipment can cause problems with this process.
Back up your server if this is not a clean install.
Disable virus protection software that might be installed on the target computer.
Copy any mass storage driver files provided by the manufacturer to a disk, flash drive, or other portable media so that the driver can be provided during setup.
The actual installation process includes the following steps:
Connect to the installation source. Options for this include:
Insert a DVD-ROM containing the installation files, and boot from the DVD-ROM.
Connect a specially prepared USB drive that hosts the installation files.
Perform a PXE boot, and connect to a Windows Deployment Services server.
On the first page of the Windows Setup Wizard, select the following locale-based information:
Language to install
Time and currency format
Keyboard or input method
On the second page of the Windows Setup Wizard, click Install now.You also can use this page to select Repair Your Computer. You use this option if an installation has become corrupted and you are no longer able to boot into Windows Server 2016.
In the Windows Setup Wizard, on the Select The Operating System You Want To Install page, choose from the available operating system installation options. The default option is Server Core Installation.
On the License Terms page, review the terms of the operating system license. You must choose to accept the license terms before you can proceed with the installation process.
On the Which Type Of Installation Do You Want page, you have the following options:
Upgrade. Select this option if you have an existing installation of Windows Server that you want to upgrade to Windows Server 2016.You should launch upgrades from within the previous version of Windows Server rather than booting from the installation source.
Custom. Select this option if you want to perform a new installation.
On the Where do you want to install Windows page, choose an available disk on which to install Windows Server 2016.You can also choose to repartition and reformat disks from this page. When you click Next, the installation process will copy files and reboot the computer several times.
On the Settings page, provide a password for the local Administrator account.
(Unlike Windows Server 2012, you cannot convert from Server Core to Server with Desktop Experience, or from Server with Desktop Experience to Server Core.)
Post-installation configuration settings(In earlier versions of Windows Server, the installation process required you to configure network connections, the computer name, user accounts, and domain membership information. The Windows Server 2016 installation process reduces the number of questions that you must answer. The only information that you provide during installation is the password that the default local Administrator account uses.)
After you have installed Windows Server 2016, you typically should complete the following:
Configure the IP address.
Set the computer name.
Join an Active Directory domain.
Configure the time zone.
Enable automatic updates.
Add roles and features.
Enable the Remote Desktop feature.
Configure Windows Defender Firewall settings.
On Windows Server with Desktop Experience, you can use Server Manager on the local server to complete these post-installation tasks. On Server Core, you can use Windows PowerShell or other command-line tools, such as Netsh.exe, locally. Alternatively, you can enable remote management and then complete these tasks by using Windows PowerShell Remoting. You can also use Server Manager to configure the Server Core installation remotely.)
In-place upgrades vs. server migration
Upgrading from Windows Server 2008 R2 or later.
Can upgrade from Windows Server 2008 R2 or later
Can only upgrade to same or newer editions
Requires same processor architecture
Migrating to Windows Server 2016
Must migrate from x86 version of Windows Server
Can use the Windows Server Migration Tools feature.
When deploying Windows Server 2016, organizations must make the following choice:
Use existing hardware and upgrade from supported editions of Windows Server 2008 or later.
Install Windows Server 2016 on new hardware, and, if required, migrate the roles, features, and settings from servers that are running supported earlier Windows Server editions.