How Windows Server 2008 fit in enterprises needs

Enterprise wants and needs far exceed anything the desktop or workstation consumer group can possibly offer. Most of those wants and needs center around managing resources or maintaining connections among desktops, workstations, and other server computers.


Active Directory
Active Directory (AD) is an implementation of the Lightweight Directory Access Protocol (LDAP), a protocol and service framework that delivers directory services to Windows-based networks. AD provides central authentication and authorization services, global policy assignment, widespread software deployment, and large-scale updates for an entire organization. AD Directory Service (DS) is used to centrally store and manage information about the network resources spread across a given domain. The framework itself holds a number of levels that include forests, domains, and trees.


Access controls
Employees are defined by their roles or capacities within an organization. There are leadership roles, management roles, and general occupational roles to fulfill, each defined by separate duties, privileges, and responsibilities. Among those privileges and responsibilities are varying layers of access to business-related information. For example, a general employee has no real reason to access or modify management-related information, such as work schedules or other employees’ contact information.

In much the same way, users are defined in a system by their access privileges on that system. Access controls are captive restrictions set in place on server computers necessary to prevent accidental, intentional, and unauthorized use of data, files, and settings, particularly those critical to system operation.

One feature Windows Server 2008 brings to the table is Network Access
Protection (NAP), which enforces strict health checks on all incoming client connections. That is, it inspects the state of the client to make sure it meets requirements for antivirus and antispyware coverage and currency, Windows update currency, and so forth.


Policy-based controls
Policy-based controls on the Windows Server 2008 platform are evident virtually anywhere a user or process interacts with the system. Active Directory (AD) Domain Services are a global configuration policy-driven framework used to define various Windows network parameters for an entire organization. Policy-based control is also apparent in protective access mechanisms deployed on the network to enforce certain requirements for connecting computers.

Authentication Dial-In User Service (RADIUS), a network-policy checking server and proxy for Windows Server 2008. NPS replaces the original Internet Authentication Service (IAS) in Windows Server 2003 and performs all the same functions for VPN and 802.1x-based wired and wireless links, and performs health evaluations before granting access to NAP clients.

Policy-based controls also encompass the variety of various Windows Server 2008 core components and features like network protocol-oriented QoS and system-wide directory services provided through AD.


Client management
In addition to NAP features that ensure an optimal level of health for Windows Server 2008 networks, a number of other useful client management tools are natively available on the platform. TS Remote Desktop Connection (RDC) 6.0 remotely verifies that clients are connecting to the correct computers or servers. This prevents accidental connections to unintended targets and the potential to expose sensitive client-side information with an unauthorized server recipient.

TS Gateway also provides for endpoint-to-endpoint sessions using the Remote Desktop Protocol (RDP) with HTTPS for a secure, encrypted communications channel between various clients that include FreeBSD, Linux, Mac OS X, and Solaris.


Software deployment
There’s a lot of redundancy in virtually every modern computing and networking environment. There are multiple workstation computers for multiple employees, possibly built with dual memory banks, dual-core processors, and doubled-up RAID drives and NICs, communicating with load-balanced servers operating in round-robin fashion — just to give a thumbnail perspective of a much bigger portrait. Chances are good that in an environment like this, when you configure, install, or modify something once, you’ll have to repeat that same action elsewhere.

Large-scale software deployments are one clear instance of this observation. Generally, you don’t install just one computer but several. It may be a few dozen, or it may be several hundreds or thousands. Either way, do you really want to process each case individually by hand? We didn’t think so, and neither do most administrators, which is why you hear things like “unattended” or “automated” installation.

Windows Server 2008 further enhances the software deployment cycle by realizing a simple principle: Build a modular, easily modified, unified image format through which all subsequent installation images are created, each unique only in the features it removes or adds to the base. The Windows Imaging Format (WIF) creates an abstract modular building block for operating system deployment so that you can create in-house install images that incorporate whatever applications, configurations, or extensions you deem necessary. Then, you can roll out multiple installs at a time in a completely self-contained, automated fashion that can even include previously backedup personal user data and settings.

Source of Information : For Dummies Windows Server 2008 For Dummies

No comments:

The many complications and risks of tape

Magnetic tape technology was adopted for backup many years ago because it met most of the physical storage requirements, primarily by being ...