Mastering Windows Server 2019: The complete guide for IT professionals to install and manage Windows Server 2019 and deploy new capabilities
()
About this ebook
Mastering Windows Server 2019 – Second Edition covers all of the essential information needed to implement and utilize this latest-and-greatest platform as the core of your data center computing needs. You will begin by installing and managing Windows Server 2019, and by clearing up common points of confusion surrounding the versions and licensing of this new product. Centralized management, monitoring, and configuration of servers is key to an efficient IT department, and you will discover multiple methods for quickly managing all of your servers from a single pane of glass. To this end, you will spend time inside Server Manager, PowerShell, and even the new Windows Admin Center, formerly known as Project Honolulu. Even though this book is focused on Windows Server 2019 LTSC, we will still discuss containers and Nano Server, which are more commonly related to the SAC channel of the server platform, for a well-rounded exposition of all aspects of using Windows Server in your environment. We also discuss the various remote access technologies available in this operating system, as well as guidelines for virtualizing your data center with Hyper-V. By the end of this book, you will have all the ammunition required to start planning for, implementing, and managing Windows.
Read more from Jordan Krause
Windows Server 2016 Cookbook Rating: 0 out of 5 stars0 ratingsWindows Server 2012 R2 Administrator Cookbook Rating: 5 out of 5 stars5/5Microsoft DirectAccess Best Practices and Troubleshooting Rating: 5 out of 5 stars5/5Mastering Windows Server 2016 Rating: 5 out of 5 stars5/5Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment Rating: 0 out of 5 stars0 ratingsMastering Windows Group Policy: Control and secure your Active Directory environment with Group Policy Rating: 0 out of 5 stars0 ratingsWindows Server 2016 Administration Cookbook: Core infrastructure, IIS, Remote Desktop Services, Monitoring, and Group Policy Rating: 0 out of 5 stars0 ratings
Related to Mastering Windows Server 2019
Related ebooks
MCSA Windows Server 2016 Certification Guide: Exam 70-741: The ultimate guide to becoming MCSA certified Rating: 0 out of 5 stars0 ratingsWindows Server 2016 Administration Cookbook: Core infrastructure, IIS, Remote Desktop Services, Monitoring, and Group Policy Rating: 0 out of 5 stars0 ratingsMastering Windows Group Policy: Control and secure your Active Directory environment with Group Policy Rating: 0 out of 5 stars0 ratingsMastering VMware Horizon 7.8: Master desktop virtualization to optimize your end user experience, 3rd Edition Rating: 0 out of 5 stars0 ratingsMastering Windows Presentation Foundation: Build responsive UIs for desktop applications with WPF, 2nd Edition Rating: 0 out of 5 stars0 ratingsHands-On Networking with Azure: Build large-scale, real-world apps using Azure networking solutions Rating: 0 out of 5 stars0 ratingsWindows Server 2022 Administration Fundamentals: A beginner's guide to managing and administering Windows Server environments Rating: 0 out of 5 stars0 ratingsC# 7 and .NET Core 2.0 Blueprints: Build effective applications that meet modern software requirements Rating: 0 out of 5 stars0 ratingsHands-On Network Programming with C: Learn socket programming in C and write secure and optimized network code Rating: 0 out of 5 stars0 ratingsHands-On Azure for Developers: Implement rich Azure PaaS ecosystems using containers, serverless services, and storage solutions Rating: 0 out of 5 stars0 ratingsMicrosoft System Center 2016 Orchestrator Cookbook: Simplify the automation of your administrative tasks Rating: 0 out of 5 stars0 ratingsBuilding Serverless Web Applications Rating: 0 out of 5 stars0 ratingsLinux Administration Cookbook: Insightful recipes to work with system administration tasks on Linux Rating: 0 out of 5 stars0 ratings
System Administration For You
Practical Data Analysis Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS Rating: 5 out of 5 stars5/5Bash Command Line Pro Tips Rating: 5 out of 5 stars5/5The Complete Powershell Training for Beginners Rating: 0 out of 5 stars0 ratingsLinux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Learn SQL Server Administration in a Month of Lunches Rating: 3 out of 5 stars3/5CompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102 Rating: 5 out of 5 stars5/5Learning ServiceNow Rating: 5 out of 5 stars5/5Linux Command-Line Tips & Tricks Rating: 0 out of 5 stars0 ratingsLinux Bible Rating: 0 out of 5 stars0 ratingsNmap: Network Exploration and Security Auditing Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsPowerShell: A Beginner's Guide to Windows PowerShell Rating: 4 out of 5 stars4/5PowerShell: A Comprehensive Guide to Windows PowerShell Rating: 4 out of 5 stars4/5Networking for System Administrators: IT Mastery, #5 Rating: 5 out of 5 stars5/5Wordpress 2023 A Beginners Guide : Design Your Own Website With WordPress 2023 Rating: 0 out of 5 stars0 ratingsMastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5Learn Windows PowerShell in a Month of Lunches Rating: 0 out of 5 stars0 ratingsEthical Hacking Rating: 4 out of 5 stars4/5ServiceNow IT Operations Management Rating: 5 out of 5 stars5/5Mastering Microsoft Endpoint Manager Rating: 0 out of 5 stars0 ratingsMastering Linux Network Administration Rating: 4 out of 5 stars4/5Mastering Salesforce CRM Administration Rating: 5 out of 5 stars5/5Learn PowerShell Scripting in a Month of Lunches Rating: 0 out of 5 stars0 ratingsLearning Microsoft Endpoint Manager: Unified Endpoint Management with Intune and the Enterprise Mobility + Security Suite Rating: 0 out of 5 stars0 ratingsData Acquisition from HD Vehicles Using J1939 CAN Bus Rating: 0 out of 5 stars0 ratings
Reviews for Mastering Windows Server 2019
0 ratings0 reviews
Book preview
Mastering Windows Server 2019 - Jordan Krause
Mastering Windows
Server 2019
Second Edition
The complete guide for IT professionals to install and manage Windows Server 2019 and deploy new capabilities
Jordan Krause
BIRMINGHAM - MUMBAI
Mastering Windows Server 2019 Second Edition
Copyright © 2019 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Commissioning Editor: Vijin Boricha
Acquisition Editor: Meeta Rajani
Content Development Editor: Abhijit Sreedharan
Technical Editor: Aditya Khadye
Copy Editor: Safis Editing
Project Coordinator: Jagdish Prabhu
Proofreader: Safis Editing
Indexer: Pratik Shirodkar
Graphics: Tom Scaria
Production Coordinator: Jayalaxmi Raja
First published: October 2016
Second edition: March 2019
Production reference: 1150319
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78980-453-9
www.packtpub.com
mapt.io
Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.
Why subscribe?
Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
Improve your learning with Skill Plans built especially for you
Get a free eBook or video every month
Mapt is fully searchable
Copy and paste, print, and bookmark content
Packt.com
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.
At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
Contributors
About the author
Jordan Krause is a six-time Microsoft MVP, currently awarded in the Cloud and Datacenter Management category. He has the unique opportunity of working daily with Microsoft networking and remote access technologies. Jordan specializes in Microsoft DirectAccess and Always On VPN. Committed to continuous learning, Jordan holds Microsoft certifications as an MCP, MCTS, MCSA, and MCITP Enterprise Administrator, and regularly writes articles reflecting his experiences with these technologies. Jordan lives in beautiful West Michigan (USA), but works daily with companies around the world.
About the reviewers
Anderson Patricio is a Canadian Microsoft MVP and an IT consultant based in Toronto. His areas of expertise are Microsoft Exchange, Skype for Business, Azure, System Center, and Active Directory. Anderson is an active member of the Exchange Community and he contributes in forums, blogs, articles, and videos. In Portuguese, his website contains thousands of Microsoft tutorials to help the local community, as well as his speaking engagements at TechED in South America and MVA Academy training courses.
Premnath Sambasivam is a Technical Analyst with 6 years of experience in Windows, VMWare, and SCCM administration. He is a MCSE Cloud Platform and Infrastructure certified professional. He has developed and deployed the Microsoft System Center Configuration Manager solution to manage more than 6,000 assets in his client's environment. He loves learning more about and exploring Azure. He is a Microsoft enthusiast.
It was a very pleasant experience overall. Thank you, Sunanda, for choosing me for this project.
Packt is searching for authors like you
If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.
Table of Contents
Title Page
Copyright and Credits
Mastering Windows Server 2019 Second Edition
About Packt
Why subscribe?
Packt.com
Contributors
About the author
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Reviews
Getting Started with Windows Server 2019
The purpose of Windows Server
It's getting cloudy out there
Public cloud
Private cloud
Windows Server versions and licensing
Standard versus Datacenter
Desktop Experience/Server Core/Nano Server
Desktop Experience
Server Core
Nano Server
Licensing models - SAC and LTSC
Semi-Annual Channel (SAC)
Long-Term Servicing Channel (LTSC)
Overview of new and updated features
The Windows 10 experience continued
Hyper-Converged Infrastructure
Windows Admin Center
Windows Defender Advanced Threat Protection
Banned Passwords
Soft restart
Integration with Linux
Enhanced Shielded Virtual Machines
Azure Network Adapter
Always On VPN
Navigating the interface
The updated Start menu
The Quick Admin Tasks menu
Using the Search function
Pinning programs to the taskbar
The power of right-clicking
Using the newer Settings screen
Two ways to do the same thing
Creating a new user through Control Panel
Creating a new user through the Settings menu
Task Manager
Task View
Summary
Questions
Installing and Managing Windows Server 2019
Technical requirements
Installing Windows Server 2019
Burning that ISO
Creating a bootable USB stick
Running the installer
Installing roles and features
Installing a role using the wizard
Installing a feature using PowerShell
Centralized management and monitoring
Server Manager
Remote Server Administration Tools (RSAT)
Does this mean RDP is dead?
Remote Desktop Connection Manager
Windows Admin Center (WAC)
Installing Windows Admin Center
Launching Windows Admin Center
Adding more servers to Windows Admin Center
Managing a server with Windows Admin Center
Enabling quick server rollouts with Sysprep
Installing Windows Server 2019 onto a new server
Configuring customizations and updates onto your new server
Running Sysprep to prepare and shut down your master server
Creating your master image of the drive
Building new servers using copies of the master image
Summary
Questions
Core Infrastructure Services
What is a Domain Controller?
Active Directory Domain Services
Using AD DS to organize your network
Active Directory Users and Computers
User accounts
Security Groups
Prestaging computer accounts
Active Directory Domains and Trusts
Active Directory Sites and Services
Active Directory Administrative Center
Dynamic Access Control
Read-Only Domain Controllers (RODC)
The power of Group Policy
The Default Domain Policy
Creating and linking a new GPO
Filtering GPOs to particular devices
Domain Name System (DNS)
Different kinds of DNS records
Host record (A or AAAA)
ALIAS record - CNAME
Mail Exchanger record (MX)
Name Server (NS) record
ipconfig /flushdns
DHCP versus static addressing
The DHCP scope
DHCP reservations
Back up and restore
Schedule regular backups
Restoring from Windows
Restoring from the installer disc
MMC and MSC shortcuts
Summary
Questions
Certificates in Windows Server 2019
Common certificate types
User certificates
Computer certificates
SSL certificates
Single-name certificates
Subject Alternative Name certificates
Wildcard certificates
Planning your PKI
Role services
Enterprise versus Standalone
Root versus Subordinate (issuing)
Naming your CA server
Can I install the CA role onto a domain controller?
Creating a new certificate template
Issuing your new certificates
Publishing the template
Requesting a cert from MMC
Requesting a cert from the Web interface
Creating an auto-enrollment policy
Obtaining a public-authority SSL certificate
Public/private key pair
Creating a Certificate Signing Request
Submitting the certificate request
Downloading and installing your certificate
Exporting and importing certificates
Exporting from MMC
Exporting from IIS
Importing into a second server
Summary
Questions
Networking with Windows Server 2019
Introduction to IPv6
Understanding IPv6 IP addresses
Your networking toolbox
ping
tracert
pathping
Test-Connection
telnet
Test-NetConnection
Packet tracing with Wireshark or Message Analyzer
TCPView
Building a routing table
Multi-homed servers
Only one default gateway
Building a route
Adding a route with the Command Prompt
Deleting a route
Adding a route with PowerShell
NIC Teaming
Software-defined networking
Hyper-V Network Virtualization
Private clouds
Hybrid clouds
How does it work?
System Center Virtual Machine Manager
Network controller
Generic Routing Encapsulation
Microsoft Azure Virtual Network
Windows Server Gateway/SDN Gateway
Virtual network encryption
Bridging the gap to Azure
Azure Network Adapter
Summary
Questions
Enabling Your Mobile Workforce
Always On VPN
Types of AOVPN tunnel
User Tunnels
Device Tunnels
Device Tunnel requirements
AOVPN client requirements
Domain-joined
Rolling out the settings
AOVPN server components
Remote Access Server
IKEv2
SSTP
L2TP
PPTP
Certification Authority (CA)
Network Policy Server (NPS)
DirectAccess
The truth about DirectAccess and IPv6
Prerequisites for DirectAccess
Domain-joined
Supported client operating systems
DirectAccess servers get one or two NICs
Single NIC Mode
Dual NICs
More than two NICs
To NAT or not to NAT?
6to4
Teredo
IP-HTTPS
Installing on the true edge – on the internet
Installing behind a NAT
Network Location Server
Certificates used with DirectAccess
SSL certificate on the NLS web server
SSL certificate on the DirectAccess server
Machine certificates on the DA server and all DA clients
Do not use the Getting Started Wizard (GSW)!
Remote Access Management Console
Configuration
Dashboard
Operations Status
Remote Client Status
Reporting
Tasks
DA, VPN, or AOVPN? Which is best?
Domain-joined or not?
Auto or manual launch
Software versus built-in
Password and login issues with traditional VPNs
Port-restricted firewalls
Manual disconnect
Native load-balancing capabilities
Distribution of client configurations
Web Application Proxy
WAP as AD FS Proxy
Requirements for WAP
Latest improvements to WAP
Preauthentication for HTTP Basic
HTTP to HTTPS redirection
Client IP addresses forwarded to applications
Publishing Remote Desktop Gateway
Improved administrative console
Summary
Questions
Hardening and Security
Windows Defender Advanced Threat Protection
Installing Windows Defender AV
Exploring the user interface
Disabling Windows Defender
What is ATP, anyway?
Windows Defender ATP Exploit Guard
Windows Defender Firewall – no laughing matter
Three Windows Firewall administrative consoles
Windows Defender Firewall (Control Panel)
Firewall & network protection (Windows Security Settings)
Windows Defender Firewall with Advanced Security (WFAS)
Three different firewall profiles
Building a new inbound firewall rule
Creating a rule to allow pings (ICMP)
Managing WFAS with Group Policy
Encryption technologies
BitLocker and the virtual TPM
Shielded VMs
Encrypted virtual networks
Encrypting File System
IPsec
Configuring IPsec
Server policy
Secure Server policy
Client policy
IPsec Security Policy snap-in
Using WFAS instead
Banned passwords
Advanced Threat Analytics
General security best practices
Getting rid of perpetual administrators
Using distinct accounts for administrative access
Using a different computer to accomplish administrative tasks
Never browse the internet from servers
Role-Based Access Control (RBAC)
Just Enough Administration (JEA)
Summary
Questions
Server Core
Why use Server Core?
No more switching back and forth
Interfacing with Server Core
PowerShell
Using cmdlets to manage IP addresses
Setting the server hostname
Joining your domain
Remote PowerShell
Server Manager
Remote Server Administration Tools
Accidentally closing Command Prompt
Windows Admin Center for managing Server Core
The Sconfig utility
Roles available in Server Core
What happened to Nano Server?
Summary
Questions
Redundancy in Windows Server 2019
Network Load Balancing (NLB)
Not the same as round-robin DNS
What roles can use NLB?
Virtual and dedicated IP addresses
NLB modes
Unicast
Multicast
Multicast IGMP
Configuring a load-balanced website
Enabling NLB
Enabling MAC address spoofing on VMs
Configuring NLB
Configuring IIS and DNS
Testing it out
Flushing the ARP cache
Failover clustering
Clustering Hyper-V hosts
Virtual machine load balancing
Clustering for file services
Scale-out file server
Clustering tiers
Application-layer clustering
Host-layer clustering
A combination of both
How does failover work?
Setting up a failover cluster
Building the servers
Installing the feature
Running the failover cluster manager
Running cluster validation
Running the Create Cluster wizard
Recent clustering improvements in Windows Server
True two-node clusters with USB witnesses
Higher security for clusters
Multi-site clustering
Cross-domain or workgroup clustering
Migrating cross-domain clusters
Cluster operating-system rolling upgrades
Virtual machine resiliency
Storage Replica (SR)
Storage Spaces Direct (S2D)
New in Server 2019
Summary
Questions
PowerShell
Why move to PowerShell?
Cmdlets
PowerShell is the backbone
Scripting
Server Core
Working within PowerShell
Launching PowerShell
Default Execution Policy
Restricted
AllSigned
RemoteSigned
Unrestricted
The Bypass mode
Using the Tab key
Useful cmdlets for daily tasks
Using Get-Help
Formatting the output
Format-Table
Format-List
PowerShell Integrated Scripting Environment
PS1 files
PowerShell Integrated Scripting Environment
Remotely managing a server
Preparing the remote server
The WinRM service
Enable-PSRemoting
Allowing machines from other domains or workgroups
Connecting to the remote server
Using -ComputerName
Using Enter-PSSession
Desired State Configuration
Summary
Questions
Containers and Nano Server
Understanding application containers
Sharing resources
Isolation
Scalability
Containers and Nano Server
Windows Server containers versus Hyper-V containers
Windows Server Containers
Hyper-V Containers
Docker and Kubernetes
Linux containers
Docker Hub
Docker Trusted Registry
Kubernetes
Working with containers
Installing the role and feature
Installing Docker for Windows
Docker commands
docker --help
docker images
docker search
docker pull
docker run
docker ps -a
docker info
Downloading a container image
Running a container
Summary
Questions
Virtualizing Your Data Center with Hyper-V
Designing and implementing your Hyper-V Server
Installing the Hyper-V role
Using virtual switches
The external virtual switch
The internal virtual switch
The private virtual switch
Creating a new virtual switch
Implementing a new virtual server
Starting and connecting to the VM
Installing the operating system
Managing a virtual server
Hyper-V Manager
The Settings menu
Checkpoints
Hyper-V Console, Remote Desktop Protocol (RDP), or PowerShell
Windows Admin Center (WAC)
Shielded VMs
Encrypting VHDs
Infrastructure requirements for shielded VMs
Guarded hosts
Host Guardian Service (HGS)
Host attestations
TPM-trusted attestations
Host key attestations
Admin-trusted attestation – deprecated in 2019
Integrating with Linux
ReFS deduplication
ReFS
Data deduplication
Why is this important to Hyper-V?
Hyper-V Server 2019
Summary
Questions
Assessments
Chapter 1: Getting Started with Windows Server 2019
Chapter 2: Installing and Managing Windows Server 2019
Chapter 3: Core Infrastructure Services
Chapter 4: Certificates in Windows Server 2019
Chapter 5: Networking with Windows Server 2019
Chapter 6: Enabling Your Mobile Workforce
Chapter 7: Hardening and Security
Chapter 8: Server Core
Chapter 9: Redundancy in Windows Server 2019
Chapter 10: PowerShell
Chapter 11: Containers and Nano Server
Chapter 12: Virtualizing Your Data Center with Hyper-V
Another Book You May Enjoy
Leave a review - let other readers know what you think
Preface
I'm really not sure how or when it happened, but we are almost at the year 2020! In fact, part of me really wishes that Microsoft had held out on releasing this new version of Windows Server, just so that we could call it Server 2020. Alas, we will have to make do with the far less exotic sounding Server 2019. How amazing to look back and reflect on all of the big changes that have happened in terms of technology over the past 20 years. In some ways, it seems that Y2K has just happened and everyone has been scrambling to make sure their DOS-based and green screen applications are prepared to handle four-digit date ranges. It seems unthinkable to us now that these systems could have been created in a way that was so short-sighted. Did we not think the world would make it to the year 2000? Today, we build technology with such a different perspective and focus. Everything is centralized, redundant, global, and cloud-driven. Users expect 100% uptime, from wherever they are, on whatever device that happens to be sitting in front of them. The world has truly changed.
And, as the world has changed, so has the world of technology infrastructure. This year, we are being introduced to Microsoft's Windows Server 2019. Before we know it, we will be sitting in the year 2020. We are now living in and beyond Doc and Marty's future. My kids have actually ridden around on something called a hoverboard, for crying out loud!
From a user's perspective, as a consumer of data, backend computing requirements are becoming almost irrelevant. Things such as maintenance windows, scheduled downtime, system upgrades, slowness due to weak infrastructure—these items have to become invisible to the workforce. We are building our networks in ways that allow knowledge workers and developers to do their jobs without consideration for what is supporting their job functions. What do we use to support that level of reliability and resiliency? Our data centers haven't disappeared. Just because we use the words cloud
and private cloud
so often doesn't make them magic. What makes all of this centralized, spin up what you need
mentality a reality is still physical servers running inside physical data centers.
And what is it that drives the processing power of these data centers for the majority of companies in the world? Windows Server. In fact, even if you have gone all-in for cloud adoption and host 100% of your serving resources in the Azure Cloud, you are still making use of Windows Server 2019. It is the operating system that underpins all of Azure! Server 2019 is truly ready to service even the heaviest workloads, in the newest cloud-centric ways.
Over the last few years, we have all become familiar with Software-Defined Computing, using virtualization technology to turn our server workloads into a software layer. Now, Microsoft is expanding on this idea with new terms such as Software-Defined Networking, and even an entire Software-Defined Data Center. The technologies that make these happen allow us to virtualize and share resources on a grand scale.
In order to make our workloads more flexible and cloud-ready, Microsoft is taking major steps in shrinking the server compute platform and creating new ways of interfacing with those servers. There is an underlying preference for new Windows Servers to be running the smaller, efficient, and more secure Server Core interface. Additionally, application containers have made huge advancements over the past year, and Server 2019 now allows us to transition our applications into containers in order to run them in isolation from each other and on a mass scale. We also have new centralized management tools for administering our servers and networks, namely, the brand new Windows Admin Center that we will be discussing in the forthcoming pages.
Let's take some time together to explore the inner workings of the newest version of this server operating system, which will drive and support so many of our business infrastructures over the coming years. Windows servers have dominated our data centers' rackspaces for more than two decades. Will this newest iteration in the form of Windows Server 2019 continue that trend?
Who this book is for
Anyone interested in Windows Server 2019 or in learning more in general about a Microsoft-centric data center will benefit from this book. An important deciding factor when choosing which content was appropriate for such a volume was making sure that anyone who had a baseline in working with computers could pick this up and start making use of it within their own networks. If you are already proficient in Microsoft infrastructure technologies and have worked with prior versions of Windows Server, then there are some focused topics on the aspects and parts that are brand new and only available in Server 2019. On the other hand, if you are currently in a desktop support role, or if you are coming fresh into the IT workforce, care was taken in the pages of this book to ensure that you will receive a rounded understanding, not only of what is brand new in Server 2019, but also what core capabilities it includes as carryovers from previous versions of the operating system, and that are still crucial to be aware of when working in a Microsoft-driven data center.
What this book covers
Chapter 1, Getting Started with Windows Server 2019, gives us an introduction to the new operating system and an overview of the new technologies and capabilities that it can provide. We will also spend a little bit of time exploring the updated interface for those who may not be comfortable with it yet.
Chapter 2, Installing and Managing Windows Server 2019, dives right into the very first thing we will have to do when working with Server 2019; installing it! While this seems like a simple task, there are a number of versioning and licensing variables that need to be understood before you proceed with your own install. From there, we will start to expand upon Microsoft's centralized management mentality, exploring the ways in which we can now manage and interact with our servers without ever having to log into them.
Chapter 3, Core Infrastructure Services, gives us a solid baseline on the technologies that make up the infrastructure of any Microsoft-centric network. We will discuss the big three—Active Directory (AD), Domain Name System (DNS), and Dynamic Host Configuration Protocol (DHCP)—and also address some server backup capabilities, as well as a cheat-sheet list of Microsoft Management Console (MMC) and Microsoft Configuration (MSC) shortcuts to make your day job easier.
Chapter 4, Certificates in Windows Server 2019, jumps into one of the pieces of Windows Server that has existed for many years and yet, the majority of server administrators that I meet are unfamiliar with it. Let's take a closer look at certificates as they become more and more commonly required for the new technologies that we roll out. By the end of this chapter, you should be able to spin up your own PKI and start issuing certificates for free!
Chapter 5, Networking with Windows Server 2019, begins with an introduction to that big, scary IPv6, and continues from there into building a toolbox of items that are baked into Windows Server 2019 and can be used in your daily networking tasks. We will also discuss Software-Defined Networking.
Chapter 6, Enabling Your Mobile Workforce, takes a look at the different remote access technologies that are built into Windows Server 2019. Follow along as we explore the capabilities provided by VPN, DirectAccess, Web Application Proxy, and the brand new Always On VPN.
Chapter 7, Hardening and Security, gives some insight into security and encryption functions that are built into Windows Server 2019. Security is the priority focus of CIOs everywhere this year, so let's explore what protection mechanisms are available to us out of the box.
Chapter 8, Server Core, throws us into the shrinking world of headless servers. Server Core has flown under the radar for a number of years, but is critical to understand as we bring our infrastructures into a more security-conscious mindset. Let's make sure you have the information necessary to make your environment more secure and more efficient, all while lowering the amount of space and resources that are consumed by those servers.
Chapter 9, Redundancy in Windows Server 2019, takes a look at some platforms in Server 2019 that provide powerful data and computing redundancy. Follow along as we discuss Network Load Balancing, Failover Clustering, and information on the updated Storage Spaces Direct.
Chapter 10, PowerShell, gets us into the new, blue command-line interface so that we can become comfortable using it, and also learn why it is so much more powerful than Command Prompt. PowerShell is quickly becoming an indispensable tool for administering servers, especially in cases where you are adopting a centralized management and administration mindset.
Chapter 11, Containers and Nano Server, incorporates the terms open source and Linux in a Microsoft book! Application containers are quickly becoming the new standard for hosting modern, scalable applications. Learn how to start enhancing your DevOps story through the use of tools such as Windows Server Containers, Hyper-V Containers, Docker, and Kubernetes.
Chapter 12, Virtualizing Your Data Center with Hyper-V, covers a topic that every server administrator should be very familiar with. Organizations have been moving their servers over to virtual machines in mass quantities for many years. Let's use this chapter to make sure you understand how that hypervisor works, and give you the resources required to build and manage one if and when you have the need.
To get the most out of this book
Each technology that we discuss within the pages of this book is included in, or relates directly to, Windows Server 2019. If you can get your hands on a piece of server hardware and the Server 2019 installer files, you will be equipped to follow along and try these things out for yourself. We will talk about and reference some enterprise-class technologies that come with stiffer infrastructure requirements in order to make them work fully, and so you may have to put the actual testing of those items on hold until you are working in a more comprehensive test lab or environment, but the concepts are all still included in this book.
We will also discuss some items that are not included in Server 2019 itself, but that are used to extend the capabilities and features of it. Some of these items help tie us into an Azure Cloud environment, and some are provided by third parties, such as using Docker and Kubernetes on your Server 2019 in order to interact with application containers. Ultimately, you do not need to use these tools in order to manage your new Windows Server 2019 environment, but they do facilitate some pretty cool things that I think you will want to look into.
Conventions used
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: Inside DNS, I am going to create an alias record that redirects intranet to web1.
Any command-line input or output is written as follows:
Uninstall-WindowsFeature -Name Windows-Defender
Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Simply find the appropriate OU for his account to reside within, right-click on the OU, and navigate to New | User."
Warnings or important notes appear like this.
Tips and tricks appear like this.
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at customercare@packtpub.com.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packt.com with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in, and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Reviews
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packt.com.
Getting Started with Windows Server 2019
About 10 years ago, Microsoft adjusted its operating system release ideology so that the latest Windows Server operating system is always structured very similarly to the latest Windows client operating system. This has been the trend for some time now, with Server 2008 R2 closely reflecting Windows 7, Server 2012 feeling a lot like Windows 8, and many of the same usability features that came with the Windows 8.1 update are also included with Server 2012 R2. This, of course, carried over to Server 2016 as well—giving it the same look and feel as if you were logged into a Windows 10 workstation.
Now that we are all familiar and comfortable with the Windows 10 interface, we typically have no problems jumping right into the Server 2016 interface and giving it a test drive. Windows Server 2019 is once again no exception to this rule, except that the release of client-side operating systems has shifted a little bit. Now, instead of releasing new versions of Windows (11, 12, 13, and so on), we are, for the time being, simply sticking with Windows 10 and giving it sub-version numbers, indicative of the dates when that operating system was released. For example, Windows 10 version 1703 released around March of 2017. Windows 10 version 1709 was released in September of 2017. Then, we have had 1803 and 1809 as well—although 1809 was delayed a little and didn't release until somewhere closer to November, but that wasn't the original plan. The current plan is Windows OS releases every six months or so, but expecting IT departments to lift and shift all of their servers just for the purposes of moving to an OS that is six months newer is crazy; sometimes it takes longer than that just to plan a migration.
Anyway, I'm getting ahead of myself a little, as we will be discussing versioning of Windows Server later in this chapter, during our Windows Server versions and licensing section. The point here is that Windows Server 2019 looks and feels like the latest version of the Windows client operating system that was released at about the same time—that OS being Windows 10 1809. Before we get started talking about the features of Windows Server, it is important to establish a baseline for usability and familiarity in the operating system itself before diving deeper into the technologies running under the hood.
Let's spend a few minutes exploring the new graphical interface and options that are available for finding your way around this latest release of Windows Server, with a view to covering the following topics in this chapter:
The purpose of Windows Server
It's getting cloudy out there
Windows Server versions and licensing
Overview of new and updated features
Navigating the interface
Using the newer Settings screen
Task Manager
Task View
The purpose of Windows Server
Is asking what the purpose of Windows Server a silly question? I don't think so. It's a good question to ponder, especially now that the definition for servers and server workloads is changing on a regular basis. The answer to this question for Windows clients is simpler. A Windows client machine is a requester, consumer, and contributor of data.
From where is this data being pushed and pulled? What enables the mechanisms and applications running on the client operating systems to interface with this data? What secures these users and their data? The answers to these questions reveal the purpose of servers in general. They house, protect, and serve up the data to be consumed by clients.
Everything revolves around data in business today. Our email, documents, databases, customer lists—everything that we need to do business well, is data. That data is critical to us. Servers are what we use to build the fabric upon which we trust our data to reside.
We traditionally think about servers using a client-server interface mentality. A user opens a program on their client computer, this program reaches out to a server in order to retrieve something, and the server responds as needed. This idea can be correctly applied to just about every transaction you may have with a server. When your domain-joined computer needs to authenticate you as a user, it reaches out to Active Directory on the server to validate your credentials and get an authentication token. When you need to contact a resource by name, your computer asks a DNS server how to get there. If you need to open a file, you ask the file server to send it your way.
Servers are designed to be the brains of our operation, and often by doing so transparently. In recent years, large strides have been taken to ensure resources are always available and accessible in ways that don't require training or a large effort on the part of our employees.
In most organizations, many different servers are needed in order to provide your workforce with the capabilities they require. Each service inside Windows Server is provided as, or as part of, a role. When you talk about needing new servers or configuring a new server for any particular task, what you are really referring to is the individual role or roles that are going to be configured on that server in order to get the work done. A server without any roles installed is useless, though depending on the chassis, can make an excellent paperweight. A 3U SAN device could weigh upwards of 100 pounds and keep your desk orderly even in the middle of a hurricane!
If you think of roles as the meat and potatoes of a server, then the next bit we will discuss is sort of like adding salt and pepper. Beyond the overhead roles you will install and configure on your servers, Windows also contains many features that can be installed, which sometimes stand alone, but more often complement specific roles in the operating system. Features may be something that complement and add functionality to the base operating system such as Telnet Client, or a feature may be added to a server in order to enhance an existing role, such as adding the Network Load Balancing feature to an already-equipped remote access or IIS server. The combination of roles and features inside Windows Server is what equips that piece of metal to do work.
This book will, quite obviously, focus on a Microsoft-centric infrastructure. In these environments, Windows Server operating system is king, and is prevalent across all facets of technology. There are alternatives to Windows Server, and different products which can provide some of the same functions to an organization, but it is quite rare to find a business environment anywhere that is running without some semblance of a Microsoft infrastructure.
Windows Server contains an incredible amount of technology, all wrapped up in one small installation disk. With Windows Server 2019, Microsoft has gotten us thinking out of the box about what it means to be a server in the first place, and comes with some exciting new capabilities that we will spend some time covering in these pages. Things such as PowerShell, Windows Admin Center, and Storage Spaces Direct are changing the way that we manage and size our computing environments; these are exciting times to be or to become a server administrator!
It's getting cloudy out there
There's this new term out there, you may have even heard of it...cloud. While the word cloud
has certainly turned into a buzzword that is often misused and spoken of inappropriately, the idea of cloud infrastructure is an incredibly powerful one. A cloud fabric is one that revolves around virtual resources—virtual machines, virtual disks, and even virtual networks. Being plugged into the cloud typically enables things like the ability to spin up new servers on a whim, or even the ability for particular services themselves to increase or decrease their needed resources automatically, based on utilization.
Think of a simple e-commerce website where a consumer can go to order goods. Perhaps 75% of the year, they can operate this website on a single web server with limited resources, resulting in a fairly low cost of service. But, the other 25% of the year, maybe around the holiday seasons, utilization ramps way up, requiring much more computing power. Prior to cloud mentality, this would mean that the company would need to size their environment to fit the maximum requirements all the time, in case it was ever needed. They would be paying for more servers and much more computing power than was needed for the majority of the year. With a cloud fabric, giving the website the ability to increase or decrease the number of servers it has at its disposal as needed, the total cost of such a website or service can be drastically decreased. This is a major driving factor of cloud in business today.
Public cloud
Most of the time, when your neighbor Suzzi Knowitall talks to you about the cloud, she is simply talking about the internet. Well, more accurately she is talking about some service that she uses, which she connects to by using the internet. For example, Office 365, Google Drive, OneDrive, Dropbox—these are all public cloud resources, as they are storing your data in the cloud. In reality, your data is just sitting on servers which you access via the internet, but you can't see those servers and you don't have to administer and maintain those servers, which is why it feels like magic and is then referred to as the cloud.
To IT departments, the term cloud
more often means one of the big three cloud hosting providers. Since this is a Microsoft-driven book, and since I truly feel this way anyway, Azure is top-notch in this category. Azure itself is another topic for another (or many other) book, but is a centralized cloud compute architecture that can host your data, your services, or even your entire network of servers.
Moving your datacenter to Azure enables you to stop worrying or caring about server hardware, replacing hard drives, and much more. Rather than purchasing servers, unboxing them, racking them, installing Windows on them, and then setting up the roles you want configured, you simply click a few buttons to spin up new virtual servers that can be resized at any time for growth. You then pay smaller op-ex costs for these servers—monthly or annual fees for running systems inside the cloud, rather than the big cap-ex costs for server hardware in the first place.
Other cloud providers with similar capabilities are numerous, but the big three are Azure, Amazon (AWS), and Google. As far as enterprise is concerned, Azure simply takes the cake and eats it too. I'm not sure that the others will ever be able to catch up with all of the changes and updates that Microsoft constantly makes to the Azure infrastructure.
Private cloud
While most people working in the IT sector these days have a pretty good understanding of what it means to be part of a cloud service, and many are indeed doing so today, a term which is being pushed into enterprises everywhere and is still many times misunderstood is private cloud. At first, I took this to be a silly marketing ploy, a gross misuse of the term cloud
to try and appeal to those hooked by buzzwords. Boy was I wrong. In the early days of private clouds, the technology wasn't quite ready to stand up to what was being advertised.
Today, however, that story has changed. It is now entirely possible to take the same fabric that is running up in the true, public cloud, and install that fabric right inside your data center. This enables you to provide your company with cloud benefits such as the ability to spin resources up and down, and to run everything virtualized, and to implement all of the neat tips and tricks of cloud environments, with all of the serving power and data storage remaining locally owned and secured by you. Trusting cloud storage companies to keep data safe and secure is absolutely one of the biggest blockers to implementation on the true public cloud, but, by installing your own private cloud, you get the best of both worlds, specifically stretchable compute environments with the security of knowing you still control and own all of your own data.
This is not a book about clouds, public or private. I mention this to give a baseline for some of the items we will discuss in later chapters, and also to get your mouth watering a little bit to dig in and do a little reading yourself on cloud technology. You will see Windows Server 2019 interface in many new ways with the cloud, and will notice that so many of the underlying systems available in Server 2019 are similar to, if not the same as, those becoming available inside Microsoft Azure.
In these pages, we will not focus on the capabilities of Azure, but rather a more traditional sense of Windows Server that would be utilized on-premise. With the big push toward cloud technologies, it's easy to get caught with blinders on and think that everything and everyone is quickly running to the cloud for all of their technology needs, but it simply isn't true. Most companies will have the need for many on-premise servers for many years to come; in fact, many may never put full trust in the cloud and will forever maintain their own data centers. These data centers will have local servers that will require server administrators to manage them. That is where you come in.
Windows Server versions and licensing
Anyone who has worked with the design or installation of a Windows Server in recent years is probably wondering which direction we are taking within this book. You see, there are different capability editions, different technical versions, plus different licensing models of Windows Server. Let's take a few minutes to cover those differences so that you can have a well-rounded knowledge of the different options, and so that we can define which portions we plan to discuss over the course of this book.
Standard versus Datacenter
When installing the Windows Server 2019 operating system onto a piece of hardware, as you will experience in Chapter 2, Installing and Managing Windows Server 2019, you will have two different choices on server capability. The first is Server 2019 Standard, which is the default option and one that includes most of your traditional Windows Server roles. While I cannot give you details on pricing because that could potentially be different for every company depending on your agreements with Microsoft, Standard is the cheaper option and is used most commonly for installations of Windows Server 2019.
Datacenter, on the other hand, is the luxury model. There are some roles and features within Windows Server 2019 that only work with the Datacenter version of the operating system, and they are not available inside Standard. If ever you are looking to a new piece of Microsoft technology to serve a purpose in your environment, make sure to check over the requirements to find out whether you will have to build a Datacenter server. Keep in mind that Datacenter can cost significantly more money than Standard, so you generally only use it in places where it is actually required. For example, if you are interested in hosting Shielded VMs or working with Storage Spaces Direct, you will be required to run the Server 2019 Datacenter edition on the servers related to those technologies.
One of the biggest functional differences between Standard and Datacenter is