A DHCP server is a computer on the network that keeps track of which TCP/IP addresses are available, and parcels them out to computers and other devices that boot up and request a TCP/IP
Trang 1Chapter 19
Understanding Other
Windows Server
2008 Services
Trang 2One of the strengths of Windows Server 2008 is that it can perform many
functions and fill many roles Not only is Windows Server 2008 a powerful and effective file server and print server, but it’s also extremely capable of performing many other tasks right out of the box
Chapters 16 and 17 explained how to set up Windows Server 2008 as a basic file server and print server, and how to administer Windows Server 2008 on a daily basis
To get the most out of Windows Server 2008, you need to know what additional services are available, how they work, and what they do This chapter introduces some of the other services that come with Windows Server 2008 You can find detailed instructions for implementing these services in a book devoted to Windows Server 2008
Exploring DHCP
If you’ve been involved with computers for long, you probably remember what it was like to manage TCP/IP addresses manually (and you might still do this now!) You needed to visit every computer on the network to set its TCP/IP address manually You also had to keep track of which computers used which addresses, because you had a limited number of addresses with which to work Plus, as you probably know, when two computers on a network try to use the same TCP/IP address, trouble quickly follows, and you must spend time sorting out these problems
As discussed in Chapter 8, the Dynamic Host Configuration Protocol (DHCP) saves the day in such situations A DHCP server is a computer on the network that keeps track of which TCP/IP addresses are available, and parcels them out to computers and other devices that boot up and request a TCP/IP address from the server With a DHCP server, you don’t need to worry about address conflicts or renumbering the addresses used on computers if your TCP/IP address range ever changes
NOTE Because TCP/IP is the default protocol for Windows Server 2008-based networks and because Windows Server 2008 is designed to operate correctly over a TCP/IP-only network, DHCP services are installed with Windows Server 2008 by default However, the DHCP services are not enabled by default, because you should not set up conflicting DHCP servers on a network
To use DHCP, you must define a scope and other associated TCP/IP settings that
the servers give to client computers A scope is simply the range (or ranges) of TCP/IP
addresses that the server is allowed to parcel out
Among the associated TCP/IP settings that the server distributes are the addresses for Domain Name System (DNS) or Windows Internet Naming Service (WINS) servers also on the network When a DHCP server assigns a TCP/IP address to a client computer,
the address is said to be leased, and it remains assigned to that client computer for a set
period of time Leases are usually configured to last for two to seven days (The default setting in Windows Server 2008 is eight days.) During this period, the assigned TCP/IP address is not given out to a different computer
Trang 3When a client computer boots up and joins the network, if it is configured to seek a
DHCP server, the client computer does so while initializing its TCP/IP protocol stack
Any available DHCP servers respond to the client’s request for an address with an
available address from the DHCP server’s address database The client computer then
uses this address for the duration of its lease
The administrator can cancel and reassign TCP/IP information as necessary
(usually, this is done after business hours, when the client computers are turned off)
The administrator can then make changes to the DHCP scope information, which is
then communicated to the clients when they reconnect to the network In this way, you
can easily make changes to information such as DNS server addresses or even TCP/IP
address ranges without needing to visit all the computers
Although DHCP is a great tool for managing TCP/IP addresses, you should use
it only for client computers that do not host any TCP/IP services provided to other
computers For example, you would not want to set up a web server to use DHCP to
get a dynamic TCP/IP address, because client computers wishing to connect to the
web server would not be able to find the address when it changed Instead, you should
assign fixed addresses to computers that offer TCP/IP-enabled services either to the
local network or through the Internet You can assign these addresses in one of two
ways:
N You can simply assign those computers fixed TCP/IP addresses locally and
then set up exclusion ranges to the scope that the DHCP server manages, which
prevents the DHCP server from using or offering those addresses to other
computers
N You can set up a reservation on the DHCP server, which forces the server always
to assign the reserved address to a specific computer
TIP It’s a good idea to use static IP addresses for your network printers Doing so makes
troubleshooting printer connectivity problems easier
Investigating DNS
As discussed in Chapter 8, DNS is a technology that allows easily remembered names
to be mapped to TCP/IP addresses and ports For instance, when you use a web
browser and enter the address http://www.yahoo.com, you are using a DNS server
to resolve the domain name www.yahoo.com to a particular TCP/IP address Your
web browser transparently uses the TCP/IP address to communicate with the server
in question The DNS system makes the Internet much easier to use than it otherwise
would be (Imagine how excited advertisers would be to say, “Visit our web site at
http://65.193.55.38!”)
Trang 4Windows Server 2008 includes a full DNS server In fact, a DNS server is required for Active Directory to function If you install the first Active Directory server into a Windows Server 2008 domain, DNS services are automatically installed at the same time; otherwise, you must select them manually to add them
A Windows Server 2008 running DNS services can manage your own domains and subdomains, and you can also set up multiple DNS servers that each manage a portion
of the domain namespace Of course, on small networks, it is possible—and probably desirable because of cost issues—to use only a single DNS server
You manage the DNS services with the DNS Microsoft Management Console (MMC) plug-in, which you access by opening the Start menu and choosing Programs, Administrative Tools, then DNS Figure 19-1 shows the DNS Manager window
When you set up DNS for an organization, you first establish a root namespace (a virtual location in which domain names are stored), usually using the domain name you have registered for the Internet, such as omh.com You can then create your own subdomains by prepending organizational or geographic units, such as italy.omh.com
or accounting.omh.com
Each DNS server is responsible for storing all the DNS names used for its managed namespace and for communicating any changes to other DNS servers When you use multiple DNS servers to manage separate portions of your DNS namespace, each
Figure 19-1. Use the DNS Manager to manage DNS services
Trang 5DNS server manages a zone Updates between different zones are called zone transfers.
Windows Server 2008 DNS services support both full and incremental zone transfers
(Incremental zone transfers exchange only updated information, which cuts down on
network traffic considerably on networks with large DNS namespaces.)
Because DNS is integral to Active Directory, it’s important for you to establish
redundancy for your DNS servers Microsoft recommends that each domain controller
also act as a DNS server, and you must have at least one primary and secondary DNS
server for each managed zone
Understanding RRAS
Routing and Remote Access Service (RRAS, pronounced “ar-razz”) is a remote access
technology It includes routing capabilities that enable connections to the network over
a public network, such as the Internet, using virtual private network (VPN) technology
(discussed in Chapter 10) A VPN works by setting up a secure “tunnel” between a
client and the RRAS server through which encrypted packets pass The client computer
dials up its normal Internet service provider (ISP), and then forms a secure VPN
connection to the RRAS server over the Internet
Remote access services under Windows Server 2008 are secure and offer considerable
flexibility, so you can set them up to meet the requirements of your organization
To administer RRAS, open the Start menu and choose Programs, Administrative
Tools, then Routing and Remote Access to access the MMC plug-in After the plug-in
starts, right-click the server on which you want to enable remote access, and then choose
Configure and Enable Routing and Remote Access A wizard guides you through the
process and enables you to choose whether to enable only remote access, only routing/
remote access, or both Figure 19-2 shows the Routing and Remote Access MMC plug-in
once RRAS has been enabled
First, you must enable a user to access the network remotely, which you can do by
editing the user’s Properties dialog box (setting user properties is discussed in Chapter 17)
Then you can configure RRAS to use a number of control features that enable you to keep
remote access secure, including the following:
N Set times and days when remote access is operational
N Set times and days when specific users or groups can use remote access
N Limit access to only the RRAS server or to specific services on the network
N Use callback features, where a remote client dials into the network and logs
in The network then disconnects the connection and dials the user back at a
predefined phone number
N Set access policies based on a remote client computer name or TCP/IP address
Through the use of RRAS, you can easily set up Windows Server 2008 to provide
important secure access services to remote users, both over dial-up connections and
through the Internet