Windows Server 2008 - Understanding the Server Roles

The roles that you see defined for your server depend on which version of Windows Server 2008 you purchase. Advanced versions of the product include more roles. In addition, the GUI version of Windows Server 2008 provides more roles than does the Server Core version. The following sections describe the roles that come with the GUI version of Windows Server 2008 Enterprise Edition. The roles you see with your server setup may vary from this list.

Considering the Active Directory Certificate Service role
You install this role to create a new Certificate Authority (CA). A CA is a special server used to issue certificates, such as those used to sign applications or enhance the security of your e-mail. The certificate tells someone else who you are and helps them determine whether they can trust you. These certificates are the same ones you see when you go to a secure Web site. In fact, you can use this role to help you create a certificate for your Web server, making secure communications possible.

This role has limited functionality in the real world, but the functionality it provides is extremely important. Normally, the CA is a trusted third party, such as VeriSign. A self-signed certificate of the kind created by this role is good only in situations where the person seeing your certificate already trusts you. The certificate acts only as verification that it really is you and not someone posing as you. Common uses for this kind of certificate include testing setups of Internet Information Server (IIS) and in-house applications. Using a self-signed certificate saves money and lets you preserve the thirdparty certificate you own for external, public use.

Considering the Active Directory Domain Services role
This role is the one that Windows Server 2008 installs when you promote the server to a domain controller. Active Directory is a special kind of database that holds all the settings for everything on your network. You find user, application, and system settings in this database. In addition to storing settings, Active Directory provides support for major applications such as Microsoft Exchange Server. The Domain Services portion of an Active Directory setup is essentially the Database Management System (DBMS) that provides access to the Active Directory database.

You can’t install this role by itself. Windows Server 2008 looks for a number of additional features. In addition, the setup for this role is more complicated than just about any other role you can install.

An overview of the Active Directory Federation Services role
One problem with modern networks is that the user has to remember so many logons. Every time the user wants to access another resource, it requires a logon of some sort. When you install Active Directory Domain Services (AD DS), you obtain federated logon capability for the local network. A federated logon is one in which a Single Sign On (SSO) acts as a key to access all areas of the network for which the user has the appropriate credentials. Using SSO makes working with the network considerably easier.

Unfortunately, the federated services provided with AD DS don’t extend to Web applications. When a user logs on to your server from a remote location through multiple Web applications, every Web application requires a separate logon. The Active Directory Federation Services (AD FS) role adds support for SSO to your server. The user can now log on once and access every application for which the user has the proper credentials. Of course, not just local users require these services. You can also use this feature to make things easier for your business-to-business (B2B) relationship. The more complex the B2B relationship, the more sense it makes to install this role on your server.

Microsoft uses standardized technologies to provide AD FS support, in the form of the WS-* standards. A complete discussion of all these standards is outside the scope of this book. However, you can read about them, and see how they relate to each other, at

Working with the Active Directory Lightweight Directory Services role
Most of the applications on your network don’t use Active Directory for data storage. Only the large applications, such as Exchange Server, require extensive data storage in Active Directory. However, some applications fall between these two extremes of needing no Active Directory support and requiring the complete package. In this case, the application may need Active Directory Lightweight Directory Services (AD LDS). You may know AD LDS by a different name, Lightweight Directory Access Protocol (LDAP). LDAP is a standardized technology that you find on many platforms, not just on Windows (see the LDAP standards at and for further information). It provides a standardized method of accessing directory information using TCP. AD LDS is an LDAP implementation that doesn’t depend on AD DS. In other words, you can use this feature without promoting your server to a domain controller. You can find a listing of LDAP resources at

Working with the Active Directory Rights Management Services role
The whole purpose of Active Directory Rights Management Services (AD RMS) is Digital Rights Management (DRM). The features that this role provides help you protect your data by checking the credentials of each user requesting data access. It doesn’t matter where the access occurs — the user must have proper rights to work with it. Using this role implies that you want to protect access to your data when that access occurs outside your network. Consequently, you must install the Web Server (IIS) role to use this role. In addition, the software requires access to a DBMS. Microsoft naturally suggests that you use SQL Server to provide the DBMS services. These three pieces of the software combine to let a document “call home” and verify that someone opening it has the required permissions. When a user doesn’t have the required permissions, the document doesn’t let the user see anything. hack, only to have someone else come along and hack it again. Generally speaking, the best way to keep a secret is not to tell anyone. When you have data that you must share, placing it on your Web server probably isn’t the best idea. Restricting access — not telling the secret — is always the best first line of defense at your disposal.

Working with the Application Server role
An application server is a special way of providing services to a client machine. The application executes partially on the server and partially on the client. Precisely how the application works depends on where the developer determines the particular piece of code works best. The Application Server role provides this functionality to Windows Server 2008 users. The following list provides additional resources you can use for this topic:
• Discover the Enterprise Service Bus (ESB) at
• See the Microsoft Enterprise Services Overview at
• Discover .NET Framework 3.0 resources at
• Obtain an overview of the .NET Framework 3.0 at

Considering the DHCP Server role
The Dynamic Host Configuration Protocol (DHCP) is a standard means for client computers to request an Internet Protocol (IP) address from a server. You normally need just one such server for a small to medium-size network. You must have a DHCP server installed before you can promote your server to a domain controller.

Considering the DNS Server role
The Domain Name System (DNS) is a standard means of converting IP addresses into a human readable form. For example, when you want to access Microsoft’s main page, you type, not the IP address of the Microsoft Web site. The DNS server converts this human readable name into the IP address. You must have a DNS server installed before you can promote your server to a domain controller.

An overview of the Fax Server role
Installing the Fax Server role lets you use your server to send and receive faxes, if you have the required hardware and software installed. This role also requires that you install the Print Server role.

An overview of the File Services role
Installing the File Services role lets you share files on the network. This role is the one you always install on the server because a server isn’t much good if you can’t share files. Adding the File Services role provides basic file sharing only. File services haven’t changed much over the years. The first peer-to-peer network provided this basic functionality. However, file services have increased in functionality. You can install a number of role services to enhance the capability of this particular role. For example, Microsoft provides a role service that indexes content to make it easier and faster to find.

Considering the Network Policy and Access Services role
The name of this particular role is a bit misleading because it provides a lot more functionality than its name implies. In fact, installing this particular role provides the following services:
• Network Policy Server (NPS)
• Network Access Protection (NAP) Health Policy Server
• Secure Wireless Access (IEEE 802.11)
• Secure Wired Access (IEEE 802.3)
• Central Network Policy Management
• Remote Access Dial-In User Server (RADIUS) Server and Proxy
• Remote Access Service (RAS)
• Routing
• Health Registration Authority (HRA)
• Host Credential Authorization Protocol (HCAP)
• Tools Required to Manage All Access Services
The scope of this particular role is incredible. It provides many of the features that modern servers must provide for outside communication.

Considering the Print Services role
Providing print services is another common role for servers. At one time, printers were extremely expensive (and good printers still are), so issuing one to each user wasn’t cost effective. This role helps you manage all printers connected to the server and offers their use to any users with the required access.

Considering the Terminal Services role
Terminal Services offers remote connectivity to anyone who needs to work with the server directly. In many cases, this activity means using a light client or involves an administrator performing configuration tasks. The two most common ways to use Terminal Services is by using Remote Desktop or by using RemoteApp applications. Using Terminal Services offers many benefits, including reducing client costs and ensuring that applications remain updated. Of course, many issues arise from working with Terminal Services as well, such as increased server load.

Considering the UDDI Services role
The Universal Description, Discovery, and Integration (UDDI) service is the Microsoft method of making Web services and their associated applications easily accessible from the server. For the most part, you never install this role unless you have a custom application that relies on it.

Considering the Web Server (IIS) role
Web servers traditionally serve content over the Internet or an intranet. Users view the content by using a browser or a special application. Modern Web servers provide fully distributed application support in addition to dynamic and static content. IIS 7.0 is a completely new version of IIS with many changes that will surprise you if you haven’t worked with it yet. Book VII provides complete details on working with IIS 7.0.

Working with the Windows Deployment Services role
If you normally install Windows through your server, you need to install this role. The Windows Deployment Services lets a client log in to the server and install a complete copy of Windows without any interaction on the part of the user or administrator. Of course, you have to perform a number of configuration tasks to make this feature work. You can learn more about Windows Deployment Services at

Working with the Windows SharePoint Services role
The SharePoint Services technology lets application users share data through the server. The application must provide the functionality required to work with SharePoint Services. For example, advanced versions of Office 2007 provide the functionality required to use SharePoint Services. Of course, before you can use SharePoint Services, you must have a server with the SharePoint Services role installed in order to provide the required connectivity, which is the only reason that you would install this role. You can learn more about SharePoint Services at

Source of Information : For Dummies Windows Server 2008

No comments:

Cloud storage is for blocks too, not just files

One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...