Windows Server 2022 & Powershell All-in-One For Dummies. Sara PerrottЧитать онлайн книгу.
network (SAN) that is not cost prohibitive.
iSCSI Target Storage Provider: Allows applications connected to an iSCSI target to make volume shadow copies of the data on virtual iSCSI disks.
Server for NFS: Allows the server to serve files to Unix and Linux systems that use the NFS protocol.
Work Folders: Synchronizes files across multiple computers.
Host Guardian Service
This role was introduced for the first time in Windows Server 2016. It manages and releases keys for Hyper-V hosts that are considered trusted (known as guarded hosts). This allows the guarded hosts to power on shielded virtual machines (VMs) and perform live migrations. It uses two services to do its work:
Attestation Service: Validates the identity of the hosts that are communicating with it as well as their configuration
Key Protection Service: Gives access to the encrypted transport keys that allows the guarded hosts to work with the shielded VMs
If you want to learn more about shielded VMs, check out Book 7, Chapter 2.
Hyper-V
Installing the Hyper-V role installs a hypervisor on to the Windows Server operating system. On Server Standard edition, you’re limited to two VMs; you can run an unlimited number of VMs on Server Datacenter edition. Datacenter edition also includes the ability to work with shielded VMs.
I cover Hyper-V in great detail in Book 7.
Network Controller
Network Controller is a newer role that was introduced in Windows Server 2016. It’s only available in the Datacenter edition, not the Standard edition. Network Controller allows you to configure, monitor, program, and troubleshoot your physical and virtual network infrastructure. To do this work, it can leverage Windows PowerShell or the Representational State Transfer (REST) application programming interface (API) to communicate with the devices. If your organization wants to begin exploring Software-Defined Networking (SDN), this is a great way to start. Being able to use PowerShell to work with the Network Controller could be very powerful, but the REST API will allow you to build integrations with other products, including those that would not understand PowerShell. The communication is done through HTTP/HTTPS, so you don’t have to worry about opening any uncommon network ports to support REST APIs either.
Network Policy and Access Services
Network Policy and Access Services installs the Network Policy Server (NPS). This provides services like RADIUS and offers authentication, authorization, and accounting (AAA). NPS is very commonly used for authentication of network devices and VPN clients.
Note that you can only install this role on Server with Desktop Experience.
If this sparked your curiosity, check out Book 4, Chapter 3, where I cover the installation and configuration of NPS as a RADIUS server.
Print and Document Services
By installing the Print and Document Services role, you can turn your server into a network print server. This centralizes the management of printing, from working with queues to setting your desired default configurations for network printers. These are commonly things like printing in black and white or printing double-sided.
Remote Access
The Remote Access role allows you to do a few different things. It can provide connectivity to your network with DirectAccess and VPNs, and also offers a web application proxy. At its core, Remote Access is designed to be a VPN solution. Routing and Remote Access Service provides a traditional VPN service to support connectivity to your internal network, while DirectAccess offers end users a more seamless experience with VPN-like functionality. Your users will not have to stop or start their VPN connections; with DirectAccess, they’re connected to your organization when they have a good Internet connection. If you install the web application proxy, you can publish HTTP- and HTTPS-based web applications to devices on and off your network. The Routing functionality provides very similar functionality to a traditional router, including network address translation (NAT) and other methods needed to perform routing on an IP network.
Remote Desktop Services
Previously known as Terminal Services, Remote Desktop Services lets users access virtual desktops to run software just as they would if they were on their own desktops. This can be very helpful when you have limited licenses for applications, and the application can be used in this way. It can be especially helpful for client/server-style applications where upgrades can be an overwhelming effort due to configuration changes that need to occur after an upgrade. You can make the changes on each RDS server once, instead of having to do it on hundreds of desktops.
Volume Activation Services
This role creates a Key Management Service (KMS) server, which can manage all the keys for your Windows products and take care of automatic keying and activation for domain-joined systems, servers and clients alike. You can even set requirements like requiring systems to check in with the KMS server every 15 days or the key will no longer be valid. This can help to ensure that laptops find their way back on premises for patches and other things at least every 15 days as well.
Web Services
Web Server installs the Windows-based web server known as Internet Information Services (IIS). IIS can be used to host multiple websites and supports many of the server-side languages you know and love, like PHP and ASP. It also provides support for FTP services. With the Microsoft Web Platform installer, setting up applications like ASP.NET, Microsoft SQL Server, and non-Microsoft applications like WordPress or Joomla is very simple.
Windows Deployment Services
Windows Deployment Services (WDS) makes managing images for servers and desktops very simple. WDS is part Preboot Execution Environment (PXE) server and part Trivial File Transfer Protocol (TFTP) server with a nice, user-friendly graphical user interface (GUI) console to manage it. If you aren’t familiar with PXE, it allows a server with no operating system to boot from the network so that a system administrator can configure it and choose an operating system image for it. TFTP is used to transfer the image over the network. Images are saved as .wim
files and can be kept up to date with tools already available on the system. Systems that are imaged by WDS are booted from their network interface card (NIC) and are able to get the settings for the WDS server from DHCP options 66 and 67.
Windows Server Update Services
Windows Server Update Services (WSUS) is exactly what the name implies: a server role that installs software, which allows you to centrally manage security patches and other updates for all your Microsoft products. It scales well and can be deployed as a single server that does it all, or as an upstream server that downloads updates from Microsoft and then makes those updates available to other downstream WSUS servers.
Understanding Server Features
Roles get a lot of attention, but features provide the necessary support for roles and other applications to perform their functions. Features can provide everything from frameworks to support applications to management tools and encryption functionality.