Microsoft is the clear leader of server racks in enterprise data centers across the globe. Walk into any backroom or data center of any company and you are almost guaranteed to find the infrastructure of that organization being supported by the Windows Server operating system. We have been relying on Windows Server for more than 20 years, and rightfully so-–nowhere else can you find such an enormous mix of capabilities all provided inside one installer disc. Windows Server 2016 continues to provide the core functionality that we have come to rely upon from all previous versions of Windows Server, but in better and more efficient ways. On top of that, we have some brand new capabilities in Server 2016 that are particularly mind-bending, new ways to accomplish more efficient and secure handling of our network traffic and data.
There is a relevant question mixed into all this server talk, "We hear so much about the cloud. Isn't everyone moving to the cloud? If so, why would we even need Windows Server 2016 in our company?" There are two different ways to answer this question, and both result in having huge benefits to knowing and understanding this newest version of Windows Server. First, there really aren't that many companies moving all of their equipment into the cloud. In fact, I have yet to meet any business with more than 10 employees who has gone all-in for the cloud. In almost all cases, it still makes sense that you would use at least one on premise server to manage local user account authentication, or DHCP, or print services, or for a local file server—the list goes on and on. Another reason companies aren't moving to the cloud like you might think they are is security. Sure, we might throw some data and some user accounts to the cloud to enable things like federation and ease of accessing that data, but what about sensitive or classified company data? You don't own your data if it resides in the cloud—you don't even have the capability to manage the backend servers that are actually storing that data alongside data from other companies. How can you be guaranteed of your data's security and survival? The ultimate answer is that you cannot, though there are steps being made in this direction. This alone keeps many folks that I have talked to away from moving some of their information to a cloud service provider.
The second reason it is still important to build knowledge on the Windows Server platform is that even if you have made the decision to move everything to the cloud, what server platform will you be running in the cloud that you now have to log into and administer? If you are using Azure for cloud services, there is a very good chance that you will be logging into Windows Server 2016 instances in order to administer your environment, even if those Server 2016 boxes are sitting in the cloud. So whether you have on premise servers, or you are managing servers sitting in the cloud somewhere, learning all you can about the new Windows Server 2016 operating system will be beneficial to your day job in IT.
When I first learned of the opportunity to put together this book, it was a difficult task to assemble an outline of possible recipes. Where to begin? There are so many different roles that can be run in Windows Server 2016, and so many tasks within each role that could be displayed. It was a natural reaction to start looking for all of the things that are brand new in Server 2016, and to want to talk only about recipes that display the latest and greatest features. But then I realized that those recipes on their own won't accomplish anything helpful for someone who is trying to learn about Windows Server administration for the first time. It is critical that we provide a base understanding of the important infrastructural roles that are commonly provided by Windows Server, because without that baseline the newest features won't amount to a hill of beans.
The recipes within this shortened volume are all accomplished using Windows Server 2016, but most companies still have a mix of 2016/2012R2/2012, and even 2008R2. Many of the recipes contained within can be beneficial to all of those server operating systems, helping you to strengthen security for all of your equipment and data. I hope that this book can also be a quick-reference guide that you keep near your desk into the future until you are fully versed and comfortable navigating around the new interface. Some recipes are clearly for the beginner, while others get deeper into the details so that someone already experienced with working inside Windows Server will gain some new knowledge out of reading this book. We will discuss some networking functions, and detail some security tasks that you can utilize to lock down your servers. Next covered is the very important topic of PKI and certificate distribution. Certificates are an extremely powerful tool for securing traffic and data on a network, it is vital that any server administrator understand how to utilize the Certification Authority role inside Windows Server. We will also walk through recipes regarding Microsoft's offerings in the Remote Access space, namely DirectAccess and VPN as you can use both of these roles to strengthen the security footprint of your enterprise.
A primary goal of this cookbook is to be a reference guide that you can come back to time and again when you need to accomplish common tasks in your environment, but want to ensure that you are performing them the right way. I hope that through these chapters you are able to become comfortable enough with Windows Server 2016 that you will go out and install it today!
This book is for system administrators and IT professionals that may or may not have previous experience with Windows Server 2012 R2 or its predecessors. Since the start of this book, I have been contacted and asked many times whether the core, baseline information to beginning to work with Windows Server will be included. These requests have come from current desktop administrators wanting to get into the server world, and even from developers hoping to better understand the infrastructure upon which their applications run. Both will benefit from the information provided here. Anyone hoping to acquire the skills and knowledge necessary to manage and maintain the core infrastructure required for a Windows Server 2016 environment should find something interesting on the pages contained within.
Chapter 1, Security and Networking, teaches us some methods for locking down access on our servers. We will also cover commands which can be very useful tools as you start monitoring network traffic.
Chapter 2, Working with Certificates, will start to get us comfortable with the creation and distribution of certificates within our network. PKI is an area that is becoming more and more prevalent, but the majority of server administrators have not yet had an opportunity to work hands-on with them.
Chapter 3, Remote Access, digs into using your Server 2016 as the connectivity platform which brings your remote computers into the corporate network. We discuss DirectAccess and VPN in this chapter.
All the technologies and features that are discussed in the recipes of this book are included with Windows Server 2016. As long as you have access to the operating system installer disc and either a piece of hardware or a virtualization environment where you can spin up a new virtual machine, you will be able to install the operating system and follow along with our lessons.
Many of the tasks that we are going to accomplish together require a certain amount of base networking and infrastructure to be configured, in order to fully test the technologies that we are working with. The easiest method to working through all of these recipes will be to have access to a Hyper-V server upon which you can build multiple virtual machines that run Windows Server 2016. With this available, you will be able to build recipe upon recipe as we move through setting up the core infrastructural tasks, and then utilize those same servers to build upon in the later recipes. Building a baseline lab network running Server 2016 for the Microsoft infrastructure roles like Active Directory, DNS, and DHCP will help you tremendously as you move throughout this book and your job in IT.
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/WindowsServer2016SecurityCertificatesandRemoteAccessCookbook_ColorImages.pdf.
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system."
A block of code is set as follows:
html, body, #map {
height: 100%;
margin: 0;
padding: 0
}When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
[default]
exten => s,1,Dial(Zap/1|30)
exten => s,2,Voicemail(u100)
exten => s,102,Voicemail(b100)
exten => i,1,Voicemail(s0)Any command-line input or output is written as follows:
$ mkdir css $ cd css
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the Administration panel."
Feedback from our readers is always welcome.
General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packtpub.com.