Let me guess… is it increasing productivity, while at the same time saving your company some time and money?

Well, you’re not alone. These days, the main goal for many businesses is increasing productivity and having a mobile workforce that can access information instantly, saving valuable resources. Internal employees and external clients need accurate up-to-date information, even when they are on the go.

If your network is running Windows Server 2008 R2 and your clients are using Windows 7 you can take advantage of Direct Access to connect your mobile workforce.

Why Use Direct Access?

Direct Access has many advantages over Virtual Private Networks (VPNs) and is meant to be a VPN replacement. With Direct Access the connection between the client computer and the company Intranet is as seamless as using the Internet, while at the same time being more secure than a VPN. P

lus your clients won’t have to worry about authentication and the several steps involved with establishing a VPN connection or dealing with the hassles of re-establishing a connection if the VPN is lost. Going through a VPN can also slow down Internet connections, so that is another advantage of using Direct Access instead of a VPN.

In spite of Direct Access creating a seamless connection on the client side, you as the administrator will have some work to do, to get Direct Access installed and configured correctly. But it is well worth the effort because not only is client productivity increased, network security is increased as well.

Direct Access creates a bi-directional connection which allows you to update client computers behind the scenes, whenever they are connected to the Internet. This means that you can install software updates and other security patches without the client actually being connected to the company Intranet.

If you truly want to understand how Direct Access works Microsoft suggests you familiarize yourself and understand:

• TCP/IP architecture,
• IPv6 addressing,
• IPv6 forwarding and routing,
• IPv6 transition technologies,
• how Internet Protocol security (IPsec) protocols work to protect network traffic,
• and how to create a public key infrastructure (PKI) with Active Directory Certificate Service (AD CS).

In this article I will touch on all these subjects but I won’t go in depth; consider this your introduction to Direct Access.

Network Requirements For Using Direct Access

If you would like to use Direct Access on your network you will need a minimum of a direct access server running Windows Server 2008 R2 with two network adapters, one for the Internet and one for the Intranet. This server needs to be a member of an Active Directory Domain Services domain.

The Direct Access server also needs at least two IPv4 addresses assigned to the network adapter. Client computers need to be running Windows 7 Enterprise or Ultimate and be members of the AD DS domain. There needs to be at least one domain controller and one DNS server. You will also need a public key infrastructure (PKI) to issue certificates.

According to Microsoft the steps below can be used to create a Direct Access compatible network.

Steps For Setting Up A Direct Access Network

1. Windows Server 2008 R2 needs to be installed on a server with two network adapters.
2. Join the server to the AD DS server.
3. Install a computer certificate for IPsec authentication.
4. Configure the direct access server so one adapter is connected to the Internet and one adapter is connected to the Intranet. If your network does not have IPv6 connectivity enable both adapters and make sure their IPv4 Addresses are configured. This is necessary so that the Direct Access server can use automatic configuration.
5. Verify open ports and protocols in firewall exceptions.
6. The Direct Access server will need at least two consecutive, public static IPv4 addresses that are externally resolvable through DNS.
7. Enable IPv6.
8. Create a group security policy in Active Directory and add the client computer accounts.
9. If the Direct Access server is also the network location server, install the IIS server role on the Direct Access server.
10. Designate one of the server network adapters as the Internet-facing interface. That interface will require two consecutive, public IPv4 addresses. Both IPv4 addresses must be assigned to the same interface.
11. On the Direct Access server, ensure the Internet-facing interface is configured to be either a “Public” or a “Private” interface (depending on your network design) and the intranet interfaces are configured to be “Domain” interfaces.

 Installing the Direct Access Management Console

Once you have your network setup, you will need to install the Direct Access Management Console Feature. 

In order to install the Direct Access Management Console use the Add Feature Wizard in Server Manager. Once the snap-in is installed you can run it by going to Administrative Tools and clicking on Direct Access Management.

The management console simplifies configuration of Direct Access with a four step wizard. In order to configure Direct Access click on setup and run the wizard. When you are finished going through the wizard you can save the settings as a script file or apply it to the Direct Access Server.

The Wizard will guide you through each step in configuring Direct Access. You will not be able to move on to another step until the previous step is configured. In the first step you will identify the client computers by selecting their security groups. Which you should already have created.

During the next step you enter information about which server connects to the Internet and which one connects to the Intranet. There is also information about whether you are using native IPv6 or tunneling with IPv4. You also have the option of using smart cards for added remote client security.

The second part of Step 2 is selecting which certificates you will be using. Direct Access requires PKI so you will need to set up a root certificate which will be used by clients during IPsec authentication and certificate for HTTPS connectivity.

Step 3 is configuring the infrastructure servers. A network location needs to be configured so the clients will know if they are inside or outside the Intranet. A certificate also has to be associated with that server.

Another part of step 3 is configuring name resolution policy tables these are used to tell the client  how to access certain infrastructure servers of the network according to the DNS of the servers.

An optional setting in step 3 is setting up remote client management but you will probably want to set it up because managing remote clients is one of the advantages of Direct Access.

Step 4 can add or limit connectivity to certain machines using authentication with IPsec.

Once you are done with your configuration you can save it and work on it later or save the settings in a script file. You will also get a report of your configuration settings that you can double check before you apply them. Once you hit Apply the wizard configures Direct Access and builds group policy objects.

Advantages of Using Direct Access

The advantages of using Direct Access are many. From improved management of remote users to IT simplification and cost reduction. This flexibility in remote user management enables you to keep security and health policies up to date.

Using IPv6 and IPsec makes authentication and encryption easier and faster. Access Control is also simplified because you can configure which Intranet resources users have access to. Also, control of whether Internet traffic goes through the Intranet or not, keeping the two separate can save on resources and increase speed.

If your network has the capability to run Direct Access, the effort of setting it up will save you valuable time in the long run.

Related posts:

• How To Install, Configure & Use SNMP on Sever 2008
• Configure DHCP on Windows Server 2008
• Migrating to IPv6 with Windows Server 2008

Server 2008 is easier to deploy and has added reliability. Security has increased enabling you to create a policy driven network that will keep your servers, data, and business safe.

Improvements in virtualization help to consolidate servers and make more efficient use of hardware.

There are also many enhancements to terminal services. Web administration is much easier from diagnostics and development to applications. Plus there are enhancements with the latest version of Internet Information Services.

Those who are creating a new Server 2008 R2 network from the ground up, can take advantage of all of these enhancements and more.

7 Server Management Improvements in Server 2008 R2

Today we’ll focus on seven improvements in managing your network, which is one of the most time consuming tasks for any network admin. Fortunately, Server 2008 R2 has several improvements in server management that will make your job much easier.

Here are the 7 server management improvements we’ll cover today:

1. Server Manager — the first one is the improved server manager itself, which makes administration of a single server a snap using the integrated Microsoft Management Console (MMC).
2. Windows PowerShell — management of multiple servers can be automated using the Windows Power Shell command line scripting language.
3. Windows Deployment Services — is an updated version of the Remote Installation Services which is used to set up new workstations and servers.
4. Windows Reliability and Performance Monitor — makes it easy to monitor system performance.
5. Data Center Power Consumption Management — improvements in the methods of reducing power consumption.
6. Remote Administration — enhancements for remote management through graphical management consoles that integrate with Server Manager.
7. Identity Management — which helps keep your network as secure as possible.

1. Server Manager

Server Manager is installed by default as part of Server 2008 and it is available to you as long as you are logged on to the computer as a member of the Administrators group. Using the new Server Manager streamlines the process of installing and configuring servers in an enterprise environment. When you first begin server installation, the Initial Configuration Tasks (ICT) will guide you through the initial process of setup.

In the past when installing and configuring a new server you would have to use different components such as Configure Your Server, Manage Your Server, or Add or Remove Windows Components to add or remove server roles or other software. Configuring new servers also took a lot longer because dependency components needed to be installed manually and server roles could only be installed one at a time. Also each installation had to be completed before the next one could start.

Using the Server Manager console in Server 2008 you can view all of the information about your servers, server configurations, and installed roles and features. You can also install new servers, add roles, and change configuration settings in one place at one time. Not only that but the Add Roles Wizard will automatically check for dependencies and install required services.

If the installed server role requires additional configuration then the Add Roles Wizard will provide configuration pages that allow you to correctly configure the role as part of the installation process. This is especially useful when installing Terminal Services or Active Directory Certificate Services.

Recommended security settings are also configured by default allowing you to have your server completely ready for deployment in one session. These improvements in Server 2008 make server installation and configuration easier and faster.

2. Windows PowerShell

Windows PowerShell is a scripting environment that uses Cmdlets. Having the power to run scripts can increase automation and make large scale configuration fast and easy.

Because PowerShell has standard Cmdlets that can be combined to create powerful functions, you can run scripts without having to know how to program. To find out more about Windows PowerShell you can always visit the Windows PowerShell Script Center where you will be able to find Cmdlets for common administration tasks as well as information on how to create your own Cmdlets.

To use PowerShell you need to install it and then run PowerShell.exe after which you will get a command screen that looks a lot like a DOS window and all you’ll have to do is type in the Cmdlets you want to run. If you would like a list of Cmdlets you can always type in Get-Command and you will get a list of all of the Cmdlets.

PowerShell is especially useful for remote desktop management and configuring Internet Information Services 7.5.

3. Windows Deployment Services

Windows Deployment Services, the updated and redesigned version of Remote Installation Services (RIS), is a suite of components that work together on Server 2008 R2 to enable the deployment of Windows operating systems.

WDS can be used to set up new computers using a network-based installation, which means that you don’t have to be physically present at each new computer and you don’t need to use a CD or DVD. The new service also has imaging capabilities which means you don’t have to use a third party software such as Symantec Ghost to copy your configured OS onto each new machine.

4. Windows Reliability and Performance Monitor

In order to maintain a network you need to know how well it is functioning, this is where the new Windows Reliability and Performance Monitor really shines. Instead of having to scour over several different tools such as System Monitor, Performance Logs and Alerts, and Server Performance Advisor, you can now collect all of your data from one single tool using a graphical interface.

Other enhancements include Data Collector Sets which are reusable and make scheduling and collecting data, fast and easy. There are also easy to use wizards and templates for creating logs, a resource view, and a reliability monitor with user-friendly diagnostic reports.

5. Improved Data Center Power Consumption Management

Power consumption in data centers is increasingly becoming an issue, not only because of cost considerations, but because there is only a limited amount of power for all of the computers in the larger data centers.

Windows Server 2008 R2 has three main methods of reducing power consumption. The first method is Core Parking which tries to reduce the number of processing cores used with multicore processors. Power consumption is also reduced by adjusting processor speed to reduce consumption while still maintaining maximum effectiveness. The final method used to reduce power usage is centralizing storage though the use of a Storage Area Network (SAN).

6. Improved Remote Administration

Server computers are rarely administered locally, that is why improvements in remote administration are so important. Server 2008 offers several enhancements for remote management through graphical management consoles that integrate with Server Manager.

And the improvements in PowerShell make remote administration using scripts much more efficient and easy to implement.

7. Improved Identity Management

Identity management is always a huge security concern. Server 2008 R2 includes identity management improvements in the Active Directory Domain Services and Active Directory Federated Services roles. The purpose of these enhancements is to keep the network secure on-premises and off-premises, keeping all access points secure from all users while extending security across the entire network, while at the same time simplifying user account management.

Managing a network is still a lot of work and a big responsibility but with the new improvements in Server 2008 R2 that responsibility is beginning to get a little easier. Having a single console for server administration along with an easier to use scripting tool and easier remote deployment will make the daily admin tasks easier.

Combine that with improved performance monitoring, power management, and increased security and remote administration and the upgrade to Server 2008 R2 will begin to make sense.

Related posts:

• Active Directory Improvements in Windows Server 2008
• Take Command of Server 2008 with Windows PowerShell – Part 1
• Take Command of Server 2008 with Windows PowerShell – Part 2

Threats from malware and viruses are not only increasing they are also becoming more sophisticated.

Enterprise networks also have a larger mix of global users accessing the companies’ intranet, Internet and databases; these global users include customers, contractors, consultants, suppliers, partners, and internal employees.

More users are also connecting using Wireless LAN, Wi-Fi, and 3G which creates the need for ever increasing enforcement of security policies.

Windows Server 2008 has a built in core security feature called Network Access Protection. NAP requires a client computer to be compliant with system health policies before it can connect to other computers within the network.

Once NAP is set up properly the system administrator should be able to rest easier.

In this article I’ll give you an overview of how NAP can protect your network from malware and other threats and talk about the required services and configurations you’ll need to run and setup NAP.

Monitoring Client Computers

When a client computer attempts to connect with a computer within the network, NAP monitors and accesses the health of the client computer. If a client computer meets all of the required software and configuration settings it is considered to be healthy and the client is granted access to the network.

If client computers are non-compliant with NAP policies they can be automatically updated to meet current security policies. They may need the latest operating system updates or an anti-virus signature. Clients that don’t meet certain health policy standards may be granted restricted access or connected to various remediation resources, where health status can be updated.

Required NAP Components

NAP is a core windows component with Windows Server 2008 and can run with clients using Windows XP with Service Pack 3, Windows Vista, and Windows 7. The server components include a Network Policy Server (NPS) which provides centralized health policy configuration. NPS is a replacement for Internet Authentication Service (IAS) in Server 2003.

A System Health Validator (SHV) must be configured to define computer requirements for connecting to the network. It is possible to have a multi-configuration SHV and some or all of the following may be required on a client computer:

• Firewall Configuration
• Virus Protection
• Spyware Protection
• Security Update Protection

A Health Registration Authority (HRA) is used to validate client credentials by checking with NPS to make sure that the credentials are compliant with the networks health requirements. A Remediation Server is used to provide updates when the client does not pass the health requirements to access the network.

In order for NAP to work on the client computer the NAP Agent and System Health Agent (SHA) must be installed.

NAP Enforcement

Once the client and server requirements for NAP are met the mode of enforcement must be configured. There are four different enforcement configurations for NAP:

• IPSec
• 802.1X
• VPN
• DHCP

These can be configured alone or combined for even more protection. Let’s go into a little detail about each one.

Dynamic Host Configuration Protocol (DHCP) is one of the easiest NAP enforcements to deploy because all DHCP client computers must lease an IP address. Therefore if the client computer does not meet the health policy requirements the DHCP server will either assign an invalid IP address, such as 0.0.0.0., to the client or route the client to the remediation server for updates. This way the client can only access the IP address of the network if all health requirements are met.

IPSec enforcement is a stronger more robust system that works at the Internet layer of the TCP/IP protocol. With IPSec policy settings the administrator can limit access on a per-server and per-application basis. The way IPSec works is that it divides the network into three logical networks consisting of a secure network, a boundary network, and a restricted network.

802.1X enforcement is port based enforcement that requires 802.1X compliant switches and wireless access points. This enforcement provides more security than DHCP enforcement because connections are only allowed after the client health is validated and the identity is authenticated.

VPN enforcement is used by creating a VPN server at the perimeter of the network. There are many different configurations that can be used in this set up, but the basic process is a NAP client computer will request network access through a VPN connection. If the client is compliant it will be granted access otherwise access will be denied or the client will be routed to a remediation server.
Windows 7 And Server 2008 R2

Implementing NAP security in a network takes careful planning and usually should be rolled out in stages ensuring that clients that need access to the network will continue to have access until all health policy updates have been applied. Once the policies have been implemented securing and managing the network should be easier.

With the advent of Windows 7 and Server 2008 R2 more improvements have been made to NAP including NPS templates and template management, RADIUS account improvements, support for non-English character sets, multi-configuration SHV, and multiple NAP client user interface improvements.

With continued efforts to streamline the network security process with NAP and other Server 2008 enhancements the days of network vulnerabilities could be coming to an end. Network administrators won’t have to worry about internal employees showing up after a long weekend and infecting the entire network by plugging in their laptop.

Related posts:

• Active Directory Improvements in Windows Server 2008
• Install DHCP Role on Windows Server 2008
• Windows Server 2008: Auditing Active Directory

However, Windows Server 2008 R2 provides many new features and upgrades, including several that go hand in hand with new features found in Windows 7.

That means there are more new reasons to upgrade both the desktop operating system and the server operating system at many companies.

If that doesn’t sound like major undertaking, I don’t know what is.

What is an R2 Release Anyway?

Many businesses have been plugging along comfortably with older combinations of Windows XP and either Server 2003 or Windows Server 2000, and installing only those service packs and features designed to keep those systems running securely and stably.

Therefore, the question that has to be asked is what is an R2 release and exactly what does the R2 version of Sever 2008 have to offer?

Over the past several years, Microsoft has received a lot of feedback from users in the business community who wanted a more predictable release cycle for critical business platforms such as Microsoft’s server operating systems. For businesses that had driven the planning uncertainty out of other areas of operations, the seemingly random release schedule of Server upgrades and service pack releases prevented IT from adequately planning everything from hardware acquisition, to lease schedules, to software budgeting.

In addition, companies wanted to keep the critical security and performance updates to the operating systems separate from updates that added new features. Companies where extensive testing and planning make virtually any downtime unacceptable, didn’t like that in order to keep their systems secure and optimized they had to introduce new, untested, features and services into their environment, or deal with kludgey, file deleting, registry editing, hacks to remove those features from otherwise necessary Service Pack updates.

On the other hand, in the technology industry, five years is a lifetime and Microsoft worried that products would quickly become out of date, with its offerings lacking the latest features and innovations if new feature sets were released only twice a decade. If there was one thing Microsoft did not need, it was to bolster the view of the company as a slow moving dinosaur out of touch with the fast moving pace of business.

The compromise the company struck was that the company would focus on releasing new versions of core business software products approximately every five years. Like with Windows Server 2003 and then Windows Server 2008. Service packs would continue to be released whenever necessary in order to update critical security, stability, and performance issues.

However, Service Packs would not contain new features within them. Instead, Microsoft would update feature sets with an R2 release every 2 to 3 years.

This way, businesses that wanted to keep up to date with the latest security, stability, and performance enhancements, but did not want to introduce new features (and their potential stability and security problems) into the production environment could install Service Packs. And, those companies looking to incorporate the latest technologies and feature set could take advantage of the R2 releases.

Thus, Server 2008 R2 offers much more than just a Service Pack, but not quite as much a new full-scale release.

So, what exactly is in the latest release of Windows Server 2008 R2?

Server 2008 R2 Upgrade Costs

Many of the features and functionalities in Server 2008 were introduced in the original, or “R1″ release of Server 2008. However, for environments currently running Windows Server 2003, these features should also figure heavily in any decision whether to upgrade to Server 2008 R2 or not.

Obviously, migrating from Server 2003 to Server 2008 R2 is not a free update, unless the company is enrolled in certain licensing subscriptions.

For IT groups already running the original Server 2008 system, the question gets a little murkier. For businesses with Software Assurance, the question is merely one of value versus the time and effort to upgrade the server operating system.

For those without Software Assurance, or other business licensing that includes free upgrades, Windows Server 2008 R2 is not a free upgrade. In other words, for those running Server 2008 already, the evaluation involves not only the time and effort, but additional cost as well.

New Features in Server 2008 R2

As before, there are several Editions of Windows Server 2008 R2 available depending upon the needs of an organization. Some features are optional on certain editions or only available on specific editions. Thus, a straight list of all new features is a relatively complicated undertaking.

However, there are certain features that are the “deal-makers” in Server 2008 R2.

  •   Hyper-V and Virtualization

The centerpiece of Server 2008 was the addition of virtualization as a built-in function of the operating system. As is often the case, the company’s first effort was successful and usable if not as scalable or feature filled as competing offerings. However, for companies looking to start down the path toward virtualization or to roll out the new technology on a limited basis, Microsoft’s Hyper-V offered a great entry point without any additional cost.

One area that has received substantial attention for the R2 release of Windows Server is virtualization and Hyper-V.

Features like Live Migration, Hot Add/Remove Virtual Machine Storage, integration with desktop virtualization (VDI), and also presentation or application virtualization (formerly provided in some fashion by Terminal Services) have all been added.

In addition, services like clustering and failover have been improved and expanded. Also, included is the long awaited ability to boot from storage networks.

  •   64-bit Architecture and More

Of course, the R2 release contains upgraded support for more powerful hardware. Server 2008 R2 becomes the first version to be released only in 64-bit architecture, marking the official end of 32-bit computing for Server products.

R2 supports up to 256 logical processor cores and up to 64 logical cores for each host. New power management features allow processor cores to be parked when load is low and then automatically re-enabled when demand increases. In a large data center, the amount of savings just from lowered cooling requirements alone could make an upgrade to R2 worth it.

Other new features receiving a lot of attention are improvements in Remote Administration, as well as secure connections for remote employees without the need for third-party VPN software, updates to Active Directory management, including a recycle bin for AD objects, streamlined performance, improved storage management, and an update to PowerShell.

Add to all of this the fact that many of the high-end features of Windows 7 will only work with Server 2008 R2, or will work much better with it, and it starts to add up to a must upgrade scenario.

The only real question in these trying economic times is when and where the will and funds will meet the need for a much improved server operating system environment.

Related posts:

• Overview of Server 2008 R2 — The Half Version Upgrade
• Windows 7 Features That Require Server 2008 R2
• 5 Great Things About Server 2008 — Is an Upgrade Worth It?

Most reviewers claim to see not only improvements in speed and functionality, but better usability as well.

Some reviewers are going so far as to proclaim that Windows 7 is as user friendly as the latest Mac OS Snow Leopard.

Even more important for business users and Information Technology Professionals is the list of impressive new features that come with Windows 7. Many of these new Windows 7 technologies allow for IT Departments to better manage, support, and configure Windows 7 machines throughout the enterprise.

It is not surprising then that these Windows 7 features are at the top of the list of reasons IT groups are ready to initiate the massive undertaking of upgrading desktop computers throughout the company.

Server 2008 R2 Required for Windows 7 Functions

But, did you know that some of the best new Windows 7 features only work with Windows Server 2008? In fact, some features actually require the latest Windows Server release, Server 2008 R2.

And, a handful of functions not only require Windows Server 2008 R2, but they require that all domain controllers be Windows Server 2008!

This isn’t a trivial point when evaluating upgrading to Windows 7 in a large environment. Let’s take a look at some of the features of Windows 7 that require Server 2008 R2.

  •   DirectAccess

DirectAccess is one of the much-anticipated features in Windows 7. For the home user, DriectAccess provides little benefit, but in the business environment, it will be invaluable.

Whether they were employees traveling on business trying to connect from hotel rooms or other locations, or whether they were employees working from home, or IT administrators trying to remotely diagnose or fix a systems issue at 3:00 A.M. — the value of remote connectivity could not be denied.

Unfortunately, until the release of Windows 7, businesses had only a few unappetizing choices for providing remote access to workers.

They could open up a giant security hole by allowing full connectivity over unencrypted connections (like the hotel wireless network) and just hope that no one intercepted sensitive data, or worse piggybacked on the connection into the servers themselves. Obviously, this option was not popular.

They could create a DMZ area of sorts allowing connectivity only to specific resources that were sealed off from the “real” corporate network. However, this inevitably meant that whatever access the employee needed was behind the firewall and not available, and it did nothing to solve the problem of unencrypted data transfers.

Finally, companies could install a Virtual Private Network or VPN which would encrypt communications between the remote user and the company network as well as provide a means to authenticate remote users before they connected to the network.

Unfortunately, this required a whole other layer of client software, server setup, firewall configuration, and cost to make it work. Too often, the overall expense and effort of installation, support, and use of the VPN was such a burden that companies strictly limited who was permitted to use the service. Even for those with VPN installed, it was a clunky solution.

With Windows 7, Microsoft implemented DirectAccess. While DirectAccess offers many of the features found in VPN, it is not the same thing.

DirectAccess offers secure connections, like VPN, using IPSec in order to encrypt data passing between the client and network as it travels through the Internet. However, unlike VPN, DirectAccess provides an extra layer of “bi-directional” communications in which the remote computer can be connected and managed, without the user logging in. This is accomplished by authenticating the machine before the user ever attempts to connect.

This provides two huge benefits. First, because the machine must authenticate to the network first, a stolen username and password are worthless without an authorized computer. Thus, not only must a password be compromised, but a machine must be taken as well, which offers a much more obvious flag of a possible security breach.

Secondly, with the machine connected and authenticated over an Internet connection, the system can be remotely administered including installing patches, running scripts, or setting policies or profiles. With DirectAccess, users no longer have to worry that when the connect in a mad rush to download a critical presentation that their connection will be slowed to a crawl while a login script runs and updates are installed. Instead, these things can happen while the employee is asleep or watching T.V. in their hotel room.

DirectAccess is a native part of Windows 7 and integrates seamlessly with Windows Server 2008 R2 eliminating the need for managing an extra layer of security or tying Active Directory entries to VPN users.

Instead, all of the same profiles, policies, and object security features run with full affect ensuring that no one gets access to something they aren’t supposed to, while everyone gets access to everything they do need, all without any frantic 6:30 P.M. phone calls on Friday afternoon.

  •   BranchCache

While network connectivity has become widespread and WAN connections have dropped in price and increased in speed in larger cities, there are still tons of places where connectivity is expensive and slow. For companies with nationwide operations there are unpleasant choices to be made. Spend huge amounts of money on faster connections, or force employees in branch offices to suffer through slow authentication and slower data access.

With BranchCache you can have files stored on-site, either on a server, Windows 2008 Server, of course, or if there is no onsite server, files can be cached on the hard drives of other workstations. This way, if one person pulls down a file at 8:30 am and another person needs the same file at 9:15 am, the second user doesn’t need to download it across the WAN.

  •   BitLocker-to-Go

Windows 7 extends the drive encryption to USB keys and other removable drives. While BitLocker works without Server 2008, if you want to FORCE it to be used on USB key drives, you’ll need the Group Policy updates in Server 2008 R2. (Technically, you can’t force the drive to be encrypted, but you can disallow access to a non-encrypted drive.) Most importantly, the recovery password can be stored in Active Directory.

  •   RemoteApp

If you want to use Presentation Virtualization (making the application appear as if it installed locally) you’ll need Server 2008 (R1 or R2) and Windows 7. While you can technically get away with using Vista, advanced visuals like Aero won’t behave and will eliminate that “local install” feel.

  •   Sever 2008 Without Windows 7 and Vice Versa

In the real world, no upgrade to either the desktop OS nor the server OS will happen overnight. The question then becomes whether or not to upgrade to Windows Server 2008 R2 first or upgrade to Windows 7 first, or go the hybrid route and upgrade some of the server OS while also upgrading some of the desktop OS.

While at first glance, this sounds like the less desirable option, the reality is that this paradigm may actually serve many companies very well. The hybrid upgrade approach allows IT to upgrade by site or location, generally starting with the office with the highest concentration of the right IT personnel. By the time the IT guys are all running Windows 7 and at least a handful of the servers in the datacenter are running Windows Server 2008 R2, much of the infrastructure will not only be in place, but been tested as IT goes about its daily duties.

Working the bugs from a major upgrade out is a lot easier and less politically volatile when the ones dealing with the issues are both the people most capable of figuring out what the problem is, and the ones least likely to complain about the way things are being handled.

In the end, much of the handwringing going on about whether to put the chicken or the egg first may be moot. The only question is, which is the chicken, Windows Server 2008 or Windows 7?

Related posts:

• Active Directory Rights Management Services: Features & Operational Considerations
• Server 2008 R2 Update Review
• Direct Access: How It Works And How To Configure It

Ready to advantage of all the new features and tools that Server 2008 R2 has to offer?

 
Here’s a list of some free Server 2008 R2 resources to help you get started.

Free Server 2008 R2 Learning Resources

• Windows Server 2008 R2 at Microsoft

Microsoft’s Windows Server 2008 R2 site is always a good place to start –it’s packed with free information and resources.

Some of the pages worth checking out include:

• What’s New in Windows Server 2008 R2 — a quick overview of the new features and options that you might be interested in implementing
• Frequently Asked Questions — find answers to some of the basic questions regarding R2
• Articles and White Papers on Server 2008 R2 — covering some general issues as well as more in depth areas that pertain to R2, like Hyper-V, Remote Desktop Services, High Availability, etc.
• Evaluate Windows Server 2008 R2 — a link to the free 180 day trial, virtual labs and more

• Windows Server 2008 R2 Blogs

There are a number of great blogs that will teach you a lot about R2 and the best part is — they’re all free! Here are a few worth checking out:

• Windows Server Division WebLog — the official Windows Server blog is updated on a regular basis and has a ton of info on Server 2008 R2
• 4sysops for Windows Administrators — great resource for any Windows SysAdmin
• Windows IT Pro — if you’re not familiar with this site already, make sure to check it out, any Windows admin will love it

• Windows Server 2008 R2 Forums

There are a couple of forums dedicated specifically to Server 2008 R2 that you might want to bookmark for future reference:

• Server 2008 R2 General Forum on Microsoft’s TechNet — for general questions and more specific topics including Server Core, deployment, migration, etc.
• Petri IT Knowledgebase — a very active forum that covers much more than Server 2008 R2

• Microsoft TechNet

And last but not least, don’t forget about the wealth of information you can find on TechNet. Here are two good links:

• The Windows Server TechCenter and
• Server 2008 R2 Information Center — were both recommended by Coach our Server 2008 R2 training instructor and Windows Server expert

Related posts:

• Video: Coach Culbertson on Server 2008 R2 Training — Free for a Limited Time
• Vote for Your Favorite Server 2008 R2 Haiku + Score Free Server 2008 R2 Resources
• Coach’s Critical Career Tips: The Ability to Research

Back then, I got an unsolicited phone call from a major computer company that was adding a new arm to its consulting division. They found my resume on the Internet, doubled my salary, sent me on consulting gigs across the country, and bought my first house with the discounted stock I bought out of every paycheck.

By the time I left the computer industry (before it became the “technology” industry) there wasn’t a job I couldn’t get an interview for just because I had an MCSE.

(By the way, if you’re wondering, I’m not old. I graduated from college in 1995. I got my certs pretty much right away.)

The Value of MCSE Certifications Today

Of course, things are not the same today as they were then. That is the function of time, to change what was into what is. Nevertheless, the MCSE certification continues to be both a badge of honor among IT professionals, and a powerful card to play when seeking a new job or a promotion.

However, the MCSE gravy train may finally be coming to an end.

When Microsoft first announced its new certification paradigm, there was much hand wringing and more than a few pronouncements that the IT world was doomed. It turns out that those sentiments were premature. The MCSE on Windows Server 2003 stepped in unnoticed as the “next” MCSE certification and IT professionals have been content to pursue, hold, and display the MCSE ever since.

So, what has changed?

Impact of Windows 7

Microsoft released Windows Server 2008 with exactly five years spacing between the last major server OS release (at least based on version number). True to form, corporate IT managers and directors remembered the advice they got somewhere along their career path: “When it comes to Microsoft always wait for SP1.”

That coupled with the diminished economy, budget cuts, and the fact that plenty of companies hated Windows Vista, all add up to Windows Server 2003 remaining the “standard” Microsoft server platform in most enterprises. But, with the release of Windows 7, change is on the horizon.

It has been a decade or more since most corporations last upgraded their operating system. There is no rush to upgrade now, but everyone knows that while Windows XP has become a solid, reliable, work horse, the future is Windows 7.

While there will be no stampede to upgrade to Windows 7 right away (after all, many companies will be waiting for SP1) the fact that an OS upgrade is coming raises some issues.

Perhaps the first question on the minds of IT executives is the order of the upgrades. With most enterprises still running Windows XP and Windows Server 2003, there are two major upgrades in the works. Upgrading to Windows Server 2008 first allows a company to take advantage of the newer, better, faster, easier to use tools to create and distribute an OS upgrade across a large environment.

Windows Server 2008 was released into a world where Microsoft was fully aware that the main upgrade in the enterprise would be from XP to Windows 7, there promises to be less integration issues between Windows 7 and Server 2008; in contrast to Microsoft’s focus the past few years on Server 2003 being used to upgrade XP to Vista.

Even more importantly, Windows Server 2008 not only already has SP1, it also already has R2, which means that more of those real world glitches that are so stubborn to find have been stomped out. Windows 7, in contrast, still hasn’t has a way to go.

MCSE 2008: How I learned to stop worrying and love the MCITP

The new world order that is emerging will soon be looking for system administrators, architects, consultants, engineers, and other IT pros that are certified in Windows Server 2008. They’ll be surprised to find that their former go-to certification, the MCSE is no longer around.

Those keeping an eye on the job boards, especially the more mainstream ones, can expect to see more than a couple postings looking for MCSE 2008 certifications while the world at large slowly comes to terms with Microsoft’s bizarre decision to sacrifice the virtually household name of MCSE for a confusing collection of who-outranks-who certifications.

MCITP is the new MCSE

Microsoft’s PR machine is big, if not effective, and eventually the world will come to at least a basic understanding of the new certification paradigm.

Until then, companies big and small will be looking to map what they already know on top of the new system. When they do, they’ll notice that MCTS can be had with just one exam for one product. That makes it the MCP, or the certification that people use because they can’t get an MCSE, or haven’t gotten there yet.

Then, they will take a look at the MCITP, with it multiple exam requirements across different technologies and products and they will decide that the MCITP is the new MCSE. In other words, shortly after the job postings for MCSE 2008 start appearing, postings for MCITP 2008 will appear without regard to “in what”.

Some hiring managers will overshoot and find themselves woefully lacking in applicants for a position that requires a MCM Server 2008 or a MCA Server Administrator. Then again, perhaps they’ll be flooded with applications that state this, since there is no such thing, perhaps I would be a good match.

How-To Upgrade Your MCSE to MCITP

Microsoft is all too aware that while there are over 155,000 MCSE Server 2003 certifications, there are fewer than 10,000 MCITP Server Administrators. It doesn’t look good when there are not enough people who are “qualified” to handle your products.

Fortunately, for holders of MCSE in Windows Server 2003, there is a very attractive upgrade path to the MCITP certification.

For Server 2003 MCSEs, just one Microsoft certification upgrade exam is required to get three 2008 MCTS certifications — Active Directory, Network Infrastructure, and Applications Infrastructure Configuration.

If you are wondering how to list that kind of certification on your resume and business card — MCTS(3), perhaps? — then you have an idea of why the new certification paradigm is not as user friendly as its predecessor.

Professionals who take advantage of this route can spend the next four or five years as MCSE 2003, MCTS 2008 certified while both the number of companies using Windows Server 2008 and the number of professionals with 2008 certifications slowly starts to build.

For older MCSEs, upgrading to MCITP isn’t as easy. The upgrade exams for Windows Server 2000 MCSEs have already been retired. For MCSE NT4 (like yours truly) the upgrade path involves taking almost all the same exams as someone without a certification. However, many individual exams count toward some of the MCITP requirements, particularly those from the “Choose One” areas.

There will be considerable value in being both a MCSE 2003 and MCITP for the next several years. For that reason, professionals capable of completing the MCSE 2003 certification quickly, would be best off getting their MCSE 2003 and then upgrading it instead of going straight for the MCITP.

Related posts:

• MCSE vs MCITP: Is the MCSE Still Worth It?
• Why Getting Your MCSE Now Is Still A Good Idea
• What’s the difference between MCITP Certified Server Admin and Enterprise Admin?

Find out what the R2 training is all about from the man who created it, and learn a little bit about the new updated version of Server 2008 while you’re at it.

If you enjoy the video, check out Coach’s Server 2008 R2 training and see how you can get yours free.
But hurry — this is a limited time offer!

Related posts:

• Vote for Your Favorite Server 2008 R2 Haiku + Score Free Server 2008 R2 Resources
• Master Server 2008 R2 for Free
• Coming Soon: What’s New in Server 2008 R2 Training

Here are couple things to keep in mind.

First, the new Windows Server 2008 R2 can only be installed (or upgraded) on 64-bit servers.  If you have Server 2008 installed on a 32-bit server, you will first need to upgrade your hardware to 64-bit before upgrading to Server 2008 R2.

Another thing to think about is whether you want to install R2 from scratch or run an upgrade. Both options are available so it is up to you to decide.  When it comes to a clean install, it is quite easy and almost exactly the same as installing Server 2008.

Is the Upgrade Free?

Well, it depends. 

According to Microsoft, if you purchased Windows Server 2008 together with Software Assurance (SA), your upgrade to Server 2008 R2 is free.  If you did not purchase SA, then unfortunately you will need to purchase R2 before upgrading. 

How much will R2 cost without Software Assurance?  Microsoft did not publish the pricing just yet but you can contact your reseller and ask him/her what would be the cost for your upgrade.

To verify that the upgrade is in fact free for people who purchased SA, I contacted Microsoft via live chat.  Here is our quick conversation:

• Jodi: How may I assist you today?
• Gosia: Hi Jodi, I just have a quick question about Windows Server 2008 R2. If I already have Windows Server 2008 – will the upgrade be free or is there a price tag for upgrading?
• Jodi: Do you know if you purchased Software Assurance when you bought Windows Server 2008?
• Gosia: No… I did not purchase Software Assurance…
• Jodi: Ok, It is my understanding that you will have to purchase the Windows Server 2008 R2 if you did not purchase Software Assurance with the Windows Server 2008.  You will not have to re-purchase CALs, just the server software.
• Gosia: I see. But if I had purchased software assurance then it would have been a free upgrade, right?
• Jodi: Correct.  And, customers that had purchased Software Assurance are eligible for Windows Server 2008 R2 before new customers.
• Gosia: That will teach me a lesson for next time. Thank you for your time. That’s all I needed.
• Jodi: Sure.

So as you can see, purchasing SA is always a good idea and it saves you money in a long run.

Improvements in Server 2008 R2

Why should you upgrade to Server 2008 R2?  Are you going to benefit from the upgrade?

Lisa and I have mentioned a couple of our favorite new features in R2 like the Global Search bar in Active Directory Administrative Center or the Recycle Bin in Active Directory.

But besides the cool toys you’re going to get, here are few reasons for upgrading to R2:

• Better performance on more powerful hardware (Windows Server 2008 R2 can be only installed on 64-bit server)
• “Balanced” power policy for processors
• Enhanced Virtual Desktop Integration (VDI) technology
• Efficient Server Management
• Enhancements to Hyper-V
• File Classification Infrastructure (FCI) Feature for data management
• DirectAccess for remote users
• BranchCache for remote offices
• Improved and Simplified Management for SMBs
• Internet Information Services 7.5 (IIS 7.5)

To read more about these features check out the Top 10 Reasons to Upgrade to R2 from Microsoft.

Upgrading to Server 2008 R2 in 8 Easy Steps

Once you’re ready to upgrade your Server 2008 to R2 follow these simple 8 steps.

 
1.  Start the installation by clicking Install Now.

 
2.  Select the option to get the latest updates for installation by click on the option.

 
3. Next, select the appropriate version — I have Server 2008 Enterprise installed on my system so that’s the one I’m choosing. Once you make your selection, click Next.

 
4.  Accept the License terms and click Next.

 
5.  Now we are ready to select the Upgrade option — go ahead and click on the selection.

 
6.  R2 is now going to run a compatibility checker.  If you get a report that some things need to be improved or corrected, you must do that before continuing with the upgrade.

 
7. My compatibility checker gave me a couple of warnings but nothing major, so I’m going to continue. Once you’re ready, click the Next button.

 
8. Now we wait for the Upgrade to complete.

As you can see it is a very easy upgrade and as long as your compatibility checker turns out ok, you are good to go with your new Windows Server 2008 R2 in no time!

Related posts:

• Upgrading to Server 2008 from Server 2003
• A Guide to Upgrading to SCCM 2007 R2
• Installing Hyper-V Server Role in 7 Easy Steps

Hyper-V is becoming more and more popular in the virtual world and so is the Hyper-V certification — MCTS: Windows Server Virtualization, Configuration.

I’m not sure if many of you were aware that this certification even exists, since it’s not as popular as the other Windows Server certifications. In fact, only a little bit over 2 thousand people hold the Hyper-V cert, compared to over 37, 35 and 28 thousand for Active Directory, Network Infrastructure, and Applications Infrastructure certifications, respectively.

Note: The above stats are from 9/9/09; to see more current stats go here.

Well, now that you’re aware of the Hyper-V cert let me give you all the info on what you need to do to get it.

Hyper-V Exam 70-652 Details

From what I heard, the number of exam questions is around 50 with approximately 90-120 minutes to complete them all. The passing score was reported to be the usual 700.

I hear that it has a lot more lab questions that any other MCTS exam.  Overall, however, this exam is not too difficult and with solid preparation and lots of practice you are guaranteed to ace it.

As always, I strongly suggest going through all the questions and answering the ones you know how to answer first.  While doing so, mark the ones that will take longer for you to answer as well as the ones you have no clue about. Once you go through all the questions and reach the final one on your first “round” go back and review the marked questions for the rest of the allotted time.

By using this method you will have a chance to answer all the questions you know and then spend the rest of your time on the ones that you might not be sure about. Be aware of changing your answers on the second run, though. Chances are your “gut feeling” was right and the answer you picked the first time is correct.

Trust me on this one, I learned the hard way

Hyper-V Exam 70-652 Topics

There are 4 main topics on the Windows Server Virtualization, Configuring exam:

• Installing Hyper-V (14%)
• Configuring and Optimizing Hyper-V (20%)
• Deploying Virtual Machines (30%)
• Managing and Monitoring Virtual Machines (36%)

Make sure you know how to deploy, configure and manage Hyper-V machines since it accounts for nearly 2/3 of the exam questions.

I also found out through lots of forums and the nice people who shared their exam experiences that you need to be familiar with SCVMM08 (Systems Center, Virtual Machine Manager), clustering/quick migration requirements, how to use snapshots withing Hyper-V, Authorization Manager, iSCSI configuration for failover clustering, and versioning information for both VMs and Host Servers.

More details about the topics covered are included on this Microsoft page.

Where to Start

You need to start with a good source of information for learning the theory behind virtualization. You can either buy a book or get a training video for this.

Next you need to get yourself a testing environment and put the theory into practice. This should be quite easy since all you need is one decent machine on which you can run multiple virtual machines, or should I say, Hyper-V machines.

As far as hardware is concerned, I would suggest getting at least 4GB of RAM and at least 200GB of hard disk space. You want to be able to run a couple VMs at the same time and still have decent speed.

If you decide to prepare with our Hyper-V training, Coach will show you step-by-step how to create multiple virtual machines to use for practice plus lots of other cool stuff.

Don’t I Need Experience?

Microsoft suggests that you have “at least one and a half years of experience working in Windows Server 2003 and/or Windows 2008 Server environments as system administrators.”  In addition it states that you should be familiar with virtualization products and technologies.”

This is a pretty typical suggestion from Microsoft, they want to make sure that you get enough experience with the technology before you start preparing for the exam.

I would like to add to that and say that if you don’t have the 1.5 years of experience you can make up some of the lost time by practicing.

Start by building your own virtual environment and practice, practice, practice. Break your virtual machines, fix them, and learn as much as you can. Remember that re-creating your VMs is a quick and easy fix, but that’s not the true fix; you should be able to fix them without re-creating them. Find out what went wrong so you can be a real professional in a production environment and on the job.

Practice is also the best way to learn the material for the exam, so make sure you’re getting enough of it.

Why Do I Want to Get Hyper-V Certified?

Virtualization is becoming more and more popular, which means Virtualization experts are becoming more and more in demand.

The Hyper-V certification will give you an edge over your competitors in job searching. As I mentioned in the beginning, there aren’t a lot of Hyper-V experts out there and this cert will give you a chance to become one.

By preparing for and passing the 70-652 exam you will be able to show prospective employers that you’re proficient in setting up, configuring and managing Hyper-V, which should also make you eligible for that promotion or raise you’ve been looking to score.

Related posts:

• MCTS Demystified: What you need to know about the Server 2008 Applications Infrastructure (exam 70-643) Certification
• MCTS Demystified: What you need to know about the Server 2008 Network Infrastructure (exam 70-642) Certification
• MCTS Demystified: What you need to know about the Server 2008 Active Directory (Exam 70-640) Certification