All initiators that want to access that target need to use the same secret to start a logon session with the target. With this level of security, the iSCSI target and the initiator authenticate each other. A separate secret is set for each target and for each initiator. The IPsec protocol enforces. How to secure authentication at the IP packet layer. Securing Web Services Workloads Web services workloads are secured based on the protocol that provides access to the Web services workloads.
Table 25 lists the Web services protocols and how to secure the protocol. Use the HTTPS protocol instead to provide encryption of all communication between the appliance and the clients. Allow connectivity to the appliance only from computers on your internal network.
Ensure that all HTTP connections require authentication as necessary. HTTPS is a secure protocol and does not need further protection for confidentiality. Ensure that all FTP connections require authentication. This helps harden the security of applications and services running on IIS 7. Securing Print Services Workloads Print services workloads are secured based on the Print Server role service that provides access to the file services workloads.
Table 26 lists the Print Server role services and how to secure the role service. Use printer permissions to control access to the appliance running the Print Server role services using the Print Management snapin. There is no authentication available or security permissions available. Improving Availability of Windows Storage Server Workloads High levels of availability are essential for mission-critical applications and services.
Windows Storage Server includes all of the high availability features and technologies found in Windows Server. In addition, you can further improve the availability of your workloads using products and technologies from Microsoft partners. Improving Availability of File Services Workloads The availability of file services workloads in Windows Storage Server can be improved based on the protocol used to access the file services.
Table 27 lists the methods for improving the availability for file services workload and which protocols can use that method.
Failover clusters. Failover clusters in Windows Storage Server, as illustrated in Figure 8, can be used to improve the availability of SMB-based file services workloads. The method supports read and write access to the files. Windows Storage Server provides an easy to install and configure user interface for creating a two node failover cluster. This user interface reduces the learning curve, complexity, and effort required to create a two node cluster.
You can use DFS Replication to create replica copies of shared network folders. Then you can use DFS Namespace to provide automatic failover to replica copies of content when a local copy of the content is unavailable. For more information, see Distributed File System. Network Load Balancing. The most common method of improving the availability for file services workloads is by using failover clusters.
Figure 8 illustrates a typically two-node failover cluster for file services workloads. A failover cluster is a group of independent computers that work together to increase the availability of applications and services. Each iSCSI network interface card should be connected by using redundant switch infrastructures to provide continued access to storage in the event of a failure in a storage fabric component. Redundancy for iSCSI initiators on other operating systems or hardware iSCSI initiators is provided by network adapter teaming from the network adapter vendor.
Redundancy for file services and print services is also provided by network adapter teaming support from the network adapter vendor. This redundancy in the physical connectivity helps eliminate any single point of failures due to the network infrastructure for the storage fabric used by iSCSI, such as a switch failure or a disconnected network cable. As illustrated in Figure 11, you can use failover clusters to improve the availability of the computers or appliances running the Microsoft iSCSI Software Initiator in Windows Server operating systems.
However, there is no fault tolerance depicted in the connection between the clustered iSCSI initiators and the clustered iSCSI targets the storage fabric. Figure This redundancy in the physical connectivity helps eliminate any single point of failure due to the network infrastructure for the storage fabric used by iSCSI, such as a switch failure or a disconnected network cable.
The assumption of this solution is that each of the appliances in the NLB cluster have identical content and are continuously synchronized such as by DFS Replication. Note If the Web applications use a centralized SQL Server database for storing information, you can also use failover clustering to improve the availability of the database.
Figure 13 illustrates a typically two-node failover cluster for Print services workloads. Typical two-node failover cluster for Print services workloads This method helps prevent any print services outages due to the failure a node in the cluster.
Print services outages for specific printers occur in the event of a printer failure. However, the print jobs for the printer continue to be queued until the printer failure is resolved and the printer is restored to normal operation. Improving Performance and Scalability for Windows Storage Server Solutions The ability to take full advantage of the system resources of Windows Storage Server based appliance is essential to creating successful solutions. Windows Storage Server includes all of the performance and scalability features and technologies found in Windows Server In addition, you can further improve the performance and scalability of your workloads using products and technologies from Microsoft partners.
Improving Performance and Scalability for All Workloads Windows Storage Server includes a number of technologies and features that will improve the performance and scalability for all workloads. These performance and scalability improvements are inherent in Windows Storage Server.
Improvements in Processor and Memory Capacity The improvements in computer design have resulted in modern server computers that support an ever increasing number of processors and increased memory capacity.
Current server computers are only shipping with bit processors, multiple processors, and higher memory capacity than ever before. These improvements allow you to create application platforms that are able to support larger workloads, reduce rack space in your data center, reduce power consumption, provide improved reliability, and reduce your overall administrative effort.
Improved Physical Processor and Memory Resources bit processors impose system resource limitations that restrict your ability to handle increased workloads without investing in additional server computers.
Also, server consolidation by using virtualization requires bit processors to provide the processing and memory resources to support higher ratios of server consolidation. To support the increased processor performance and memory capacity provided by 64bit processors, Windows Storage Server is only available for bit processor architectures.
Windows Storage Server supports up to logical processor cores for a single operating system instance. This increased processor support makes it possible to run even more demanding workloads on a single computer, or scale workloads to greater extremes to match changing demand.
SLAT uses special processor functionality available in recent Intel and AMD processors to carry out some virtual machine memory management functions, significantly reducing hypervisor processor time and saving about 1MB of memory per virtual machine. CPU Core Parking enables power savings by scheduling virtual machine execution on only some processor cores and placing the remaining processor cores in a sleep state. However, the exact number of connections is vendor specific.
For example, when the computer is performing a backup over the network. This feature automatically determines the value of the maximum receive window size for a connection based on the current conditions of the network. Optimizing the network to receive TCP data can substantially increase overall network utilization by applications. This feature works with the Compound TCP feature on the sender side.
Automatically tuning the receive window size allows the maximum amount of data to be transmitted between Windows Server and Windows Vista, and improves overall network performance, especially on high latency connections. CTCP more aggressively increases the Send window for connections with large Receive window sizes and large bandwidth-delay products. CTCP attempts to maximize throughput on these types of connections by monitoring delay variations and losses.
Aggressively increasing the TCP Send window size allows the maximum amount of data to be transmitted between Windows Server and Windows Vista, and improves overall network performance. Reducing the number of retransmitted TCP segments improves the overall performance of traffic that used the TCP protocol. TCP peers receiving marked IP packets lower their transmission rate to ease congestion.
NDIS 5. NDIS 6. RSS also supports dynamic load balancing, a secure hashing mechanism, parallel interrupts, and parallel DPCs. Figure 14 illustrates how the architecture of NDIS 6. Because all processors are able to process incoming network traffic, all processors have available capacity and none are a bottleneck for incoming network traffic.
In prior versions of Windows, the selection of processors to interrupt and perform completion processing was statically chosen when the device was detected similar to a round-robin order across all processors. Furthermore, if the completion processing accesses data read from the disk for example to perform virus detection, decryption, or decompression of the data , that data will have to go from memory to Processor 2 over the node interconnect and then back over the node interconnect to Processor 3 when the application starts to access the data.
If the completion processing accesses the data read from the disk, the data will go from memory to Processor 3, and the application will experience a high cache hit ratio when it accesses the data. Improving Performance and Scalability for File Services Workloads File services workloads in Windows Storage Server have improved performance and scalability compared to previous versions of Windows Server. These improvements are largely due to improvements in the SMB2 protocol.
Improving network performance between client computers and Windows Storage Server for the folder redirection and offline files features. The SMB2 protocol provides a number of communication enhancements, including greater performance when servers connect to file shares over high-latency links, and better security through the use of mutual authentication and message signing.
This reduces the number of packets sent between an SMB client and server, a common issue in the effective tuning of SMB 1. Examples include an increase in the number of concurrent open file handles on the server and the number of file shares that a server can have. Figure 17 illustrates how SMB 1 processes multiple write operations between a client computer running Windows XP and a server computer running Windows Server In SMB 1, each write request must wait for the write response from a previous write request.
For example, write request 2 must wait for the write response from write request 1. In SMB2, multiple write requests can be issued before receiving a write response. The overall effect, especially on high-latency network connections, is that remote file operations are much faster.
Figure 19 illustrates the environment for tests performed over a WAN connection. The test results for Windows Server do not include Windows Firewall. Windows Firewall imposes a minimal impact approximately 5 percent on network throughput.
The performance gains that are illustrated in these tests are a direct result of the performance and scalability features in Windows Server This tool simulates a home folders file workload on a set of client computers and computes the maximum number of users a server can support based on the response time of simulated scenarios as illustrated in Figure File Services Role scalability test results The scenarios include common operations such as browsing a directory, copying files, and modifying Microsoft Office files.
For a given number of users accessing data on a file server, the tool will compute a throughput number corresponding to the average scenario per second that the server is able to sustain. The tool also provides the ability to collect performance counters such as processor, memory, network, and disk subsystem utilization details to help identify potential bottlenecks. Table 28 lists example performance characteristics for appliances with different system resources.
In these examples, the appliances contained only a single or dual processor socket that is typical for these types of appliances at the time of writing. As reflected by these performance characteristics, you can expand the processor and disk resources of the appliances to support tens of thousands of users on a single appliance.
A significantly higher number of users can be supported by adding more drives, memory, and processors. The number and speed of the drives has the largest influence on the number of users who can be supported.
In the first scenario, 1-megabyte MB files were copied between the client computers and the server computers. In the second scenario, one MB file was copied between the client computers and the server computers. In the chart in Figure 21, a lower length of time indicates that the file copy process occurred faster. Accessing Files at a Remote Location Over a WAN Connection This test series provides an indication of how typical user applications perform when accessing files and folders on network shared folders on server computers running Windows Server and Windows Server In the chart in Figure 22, a lower length of time indicates that the file operation occurred faster.
This improvement helps performance by sending larger SMB packets. In SMB version 2. This increase in packet size significantly improves the performance for file copies and directory enumerations. For example, a single packet can now contain thousands of directory entries. This improvement helps performance when multiple files are opened in sequence or in parallel by the same client.
This method helps improve application performance when opening and closing files, such as files for Microsoft Office System applications. This improvement helps file copy operations performed remotely on network shared folders using the SMB protocol.
Figure 23 and Figure 24 illustrate the SMB performance differences between Windows Server and Windows Server R2 on two servers with different system resources. As illustrated in Figure 24, the increased system resources allow Windows Server R2 to support almost twice as many users as the system resources in Figure The performance improvements in SMB 2.
Table 29 shows the version of SMB used between two computers running different combinations of operating systems. SMB 2. Improving Performance for Branch Offices Using BranchCache One of the largest problems facing branch offices is how to improve the performance of accessing intranet resources in other locations, such as the head office or regional data centers.
Typically branch offices are connected by wide area networks WANs that usually have slower data rates than your intranet. Reducing the network utilization on the WAN network segments provides available network bandwidth for applications and services.
The BranchCache feature in Windows Storage Server and Windows 7 reduces the network utilization on WAN segments that connect branch offices by locally caching frequently used files on computers in the branch office. Distributed Cache Mode In Distributed Cache mode, content is cached on the branch on client computers running Windows 7.
The disadvantage to this solution is that content is cached on client computers, so if the computer containing the cached content is unavailable, the content must be retrieved over the WAN connection, as illustrated in Figure Client 1 issues a request for a file on a BranchCache-enabled server in the head office. The client computer indicates to the server that it is BranchCache capable, using fields, messages, or headers that are already part of the BranchCache-enabled protocol.
The server responds, and transmits a set of identifiers that describe the chunks of content the client computer wants to download. These identifiers are transmitted by using the BranchCache-enabled protocol. Client 1 searches locally for a computer that has already downloaded and cached the content. Client 1 is the first computer in the branch to download this piece of content, so it does not receive any responses.
This request is not marked as BranchCache capable. The server responds with the requested data. The client then adds this data to its local cache. Client 2 issues a request for the same content that Client 1 downloaded earlier. Client 2 receives identifiers describing the content from the server in the head office. Client 2 uses the BranchCache discovery protocol to search for the content. Client 1 receives this request, finds the requested content in its local cache, and sends a response to Client 2.
Client 1 transmits the content to Client 2, protecting it with the BranchCache encryption scheme. Client 2 verifies the data against the identifiers downloaded from the server in the head office.
Note Hosted Cache mode and Distributed Cache mode are mutually exclusive. A client computer can be configured to use only a single caching mode at one time. The advantage to this mode is that the server is always available, so the cached content is always available. The unavailability of any client computer running Windows 7 does not affect the availability of the content cache, as illustrated in Figure Client 1 issues a request to a BranchCache-enabled server in the head office.
The server responds, and transmits a set of identifiers that describe the chunks of content that the client computer wants to download. The hosted cache response informs Client 1 that the target data is not available. This request is not marked BranchCache capable. The hosted cache responds with the data. Client 2 verifies the data by using the identifiers downloaded from the server in the head office.
If a client computer cannot locate content on the hosted cache server, the client computer returns to the server in the head office and requests a download. Windows Storage Server includes a Group Policy administrative template that you can use to administer the BranchCache configuration settings. Folder redirection allows users to quickly recover from local failures of their computer. This feature allows users to locally cache files stored on a shared folder on Windows Storage Server.
Users are able to modify local copies of files in the event they are disconnected from the network. Both of these features require access to shared network folders on Windows Storage Server. All of the performance features listed in this section will also improve the performance for folder redirection and offline files. Ensure that the appliance has sufficient resources to provide adequate performance and scaling. Always size disks for performance in addition to capacity. Isolate different types of workloads using dedicated physical arrays.
Dedicate a physical array for each conflicting workload. Isolate different types of workloads using separate physical network segments. Different types of workloads on the same physical network can cause overutilization and performance problems.
When encountering network utilization problems, segregate each type of workload to a separate physical network segment to reduce network contention. Sector alignment allows Windows Storage Server to create partitions that align with the underlying physical disk.
You can configure sector alignment for physical disks using the Diskpart. Note Consult your storage vendor to determine the proper values to use with the Diskpart. Figure 27 illustrates a Windows Storage Server solution that has been optimized to provide improved performance and scalability. Sufficient system resources of the Windows Storage Server appliance for the given workloads. Separate network adapters in the Exchange server to support the separate network segments. For this test, the server computer had 16 dual-core processors for a total of 32 processor cores.
These improvements are largely due to improvements in data compression of content and caching of content. IIS also lets you use bandwidth more effectively and efficiently by using common compression mechanisms such as Gzip and Deflate. HTTP compression lets you make more efficient use of bandwidth and enhances the performance of sites and applications. You can configure HTTP compression for both static and dynamic sites. Output caching allows you to manage output caching rules and to control the caching of served content.
In IIS Manager, you can create caching rules, edit existing caching rules, and configure output cache settings. The results were obtained by closely monitoring the performance over a hour period for both test cases. The chart in Figure 29 illustrates the performance gain by running IIS 7. This improvement in performance results in www. Improving Performance and Scalability for Print Workloads Print server scalability plays a key role in the deployment of Windows Storage Server print servers.
The maximum load and performance level of a print server greatly depends on key configuration decisions. For more information about improving the performance and scalability of print services workloads, see the Windows Print Server Scalability and Sizing Technical Overview.
Overview of Windows Storage Server Configurations Window Storage Server provides a wide range of storage solutions for all size organizations. However, some Microsoft partners provide additional storage in external enclosures. They provide highly-available configurations based on solution availability requirements.
Creating Branch Office Solutions In a branch office solution, an organization has a number geographically distributed branch office locations that are connected to one or more centralized head offices. Table 30 lists the types of data to manage in the branch office solution, as illustrated in Figure 34, and a description of the type of data. Contains user home directories and user shares within the branch office in addition to the well-known Windows folders, such as Documents, Videos, Pictures, and Music.
The well-known Windows folders are typically stored on the local computer, but can be stored on network shared folders using the Folder Direction feature. The Folder Redirection feature allows user folders to be stored on appliances in the branch offices and to be replicated to appliances in the head office for backup and centralized management using DFS Replication.
The user folders are accessed within the branch office, but are archived in the head office. Contains content that is published from the head offices to the branch offices as read-only content. Contains content used in collaborative efforts between branch offices. The collaboration content is stored on the Windows Storage Server appliances in the head office. Users in the branch offices access the collaboration content over the WAN connections. The collaboration content can be stored in network shared folders or in Windows SharePoint Service document libraries.
Most of the configuration and all of the support is provided by the IT personnel in the head office. Centralized management of the appliances in the branch office is essential and remote administration is required.
Due to cost constraints and lack of local IT personnel, failover clusters can be an optional part of this solution, depending on the availability requirements of the branch offices. The available network speed of the WAN connections between the head offices and the branch offices is a limited resource in terms of both available bandwidth and cost.
The solution must minimize the utilization of the WAN connection as much as possible. Most of the computers in the branch office are running Windows operating systems. In some instances there may be computers running other operating systems, such as Linux or the Mac OS. Vista on the other hand, has probably attracted more wiz-kid techies. It seems to me as though the server team have incorporated the best ideas of the Vista developers, while rejecting anything that would compromise the integrity of their beloved server.
The Aero graphics on the other hand, whilst appealing on the eye, are never going to be a high priority for a server. My point is you can turn off the Aero graphics without compromising the ability to run or configure your server. In fact the server may run 0. Windows Code name Longhorn is a Microsoft server operating system, thus it shares many feature with W2K3.
Those who turn off the new security feature — UAC User account control. Improved Management: What does this means? Reduced Costs: How can it do that? Faster and Smarter: How So? An Outline of Windows Server with Vista As both Vista and Windows Server were part of the Longhorn project it is not surprising that they share a common look and feel. About The Author Guy Thomas.
Related Posts. More info. Therefore, it is important that she minimizes the amount of time she spends on deployment. To accomplish this, Monica chooses to use Windows Deployment Services because she can:.
Adds the Boot. Adds the Install. Uses the MMC snap-in to create a capture image from the boot image she added in step 3. This image contains Windows PE and a wizard that will capture her custom image into a. All users at Fabrikam have the same desktop hardware, which was purchased from a single vendor. To deploy a standard image to the computers, Monica does the following:. Boots a reference computer from the network and installs the Install.
Uses the Image Capture Wizard to recapture the operating system and upload it directly to the Windows Deployment Services server. Now, Monica is ready to install the new operating systems. She does not need to migrate any user data, because all of the employees store their user data on a server rather than on their hard disks. She reboots a client computer and then presses F12 to perform a network boot. This boots her into the Boot. She selects the disk partition and image she wants, and then the installation begins.
While waiting for the image to be applied to the first computer, Monica boots another computer and starts the same process on that one. Northwind Traders is a shipping firm with three offices: a central office in Tooth City, and branch offices in the towns of Brushville and Flosston. His responsibility is maintaining the client computers used by the company's employees. These are mostly desktop computers, but the sales force uses laptops for customer presentations.
There are computers in the central office in Tooth City, and 25 each in the Brushville and Flosston offices. Each site has an internal network running at MB per second MBps , and the branch sites are connected to the Tooth City office by a T1 line.
Ron has three Windows Deployment Services servers at the Tooth City office and one in each of the branch offices, which are administered remotely. Previously, this would have involved many expensive trips to Brushville and Flosston, and it would have taken Ron several weeks to complete. He wants to use Windows Deployment Services to deploy Windows remotely; however, company policy dictates that there can be only one DHCP server on the corporate network, and this server is located at the Tooth City office.
Remotely deploying images to the 50 computers at the branch offices would cause immense congestion on the connection. Use the network boot referral system to minimize network traffic between the branch sites and the central office.
Ron prestages each client computer and assigns the appropriate branch office server as the referral server for each. This ensures that the client downloads files and images from the local server, which minimizes traffic on the line between the offices. Ron has two standard operating system configurations — one for the desktop computers and one for laptops that contains the sales presentations and drivers for projectors.
Therefore, he builds two images: one with the desktop configuration, and one with the laptop configuration with no applications.
I would.. Import the wim image as an operating system Make sure you select the copy source files in this step. Create a server task sequence, enter all the details, and choose the operating system you imported. Go back into the task sequence you just created, and click on the os info tab, click on edit unattend. Friday, March 11, AM. Thanks, Andrew and Paul. Paul, Do you run the sysprep and capture from inside the OS like Andrew? Andrew, At what step do you start using your unattend.
Thanks again for all the help. I feel like I'm finally getting a grasp on things. Tuesday, March 22, PM. This way you will know exactly which settings are being applied. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question.
Dont forget to vote on if you find the answer helpful. This can be beneficial to other community members reading the thread. Any advice given in these forums should be tested in a non production environment before implementing.
0コメント