Microsoft Windows Server 2003 Unleashed (R2 Edition)

Windows Server 2003 provides several new benefits that help organizations better administer their networking environment. These new features provide better data and printer management, improvements in the ability to recover data for accidentally deleted files, the ability to create domain controllers from disc media, and better security support to mobile communications for mobile users.

File Server Resource Manager (FSRM)

In the Windows 2003 R2 update, Microsoft added a new component called File Server Resource Manager, or FSRM. FSRM provides an improved method of managing files stored on servers through the implementation of quota management and automatic data management. FSRM not only allows an organization to set quotas on the amount of disk space a user can use to store files, but it also enables the administrators of the network to specifically allow or limit the storage of certain file types on a server.

As an example, an organization can elect to provide all users the ability to save up to 100 megabytes of files on the main fileserver. In addition, the organization can set a policy that prevents users from storing MP3 audio files or MPG movie files on the network. FSRM can be extended even further by allowing some users more storage privileges and some users fewer storage privileges. This granular approach to storage and data management allows the administrators of the organization to better define acceptable storage and use rights to shared network resources, as well as log, track, and manage the storage of information on servers throughout the environment.

FSRM is covered in Chapter 19.

Print Management Console (PMC)

Another addition to Windows 2003 added with the Windows 2003 R2 update is the Print Management Console component, or PMC. PMC enables the administrators of the network to track, manage, and administer printers throughout the forest from a single view interface. Before PMC, the administrators had to manage printers by print queue servers. By querying a specific print queue server, the administrator was able to see all the printers connected to that print queue server. If the organization had dozens of print queue servers, the administrator would literally have to connect individually to each print queue server to query the server about the printers it was managing. This made the scalability of managing printers very difficult.

PMC combines all the printers and print queues in the forest into a single interface. From a single view, the administrators can view printers throughout the enterprise, determine which printers are not working, and address enterprisewide the management and maintenance of the printers.

PMC is covered in Chapter 19.

Volume Shadow Copy

A significant addition to Windows Server 2003 is the Volume Shadow Copy function. Volume Shadow Copy takes a snapshot of a network volume and places the copy onto a different volume on the network. After a mirrored snapshot is taken, at any time, files from the read-only shadow can be accessed without complications typical of network volumes that are in use. Volume Shadow Copy will no doubt have a variety of third-party add-ins that support access to the read-only shadow copy of information. Two of the major initial capabilities include online backup of open files and user-level retrieval of file copies. Both of these capabilities are covered in more detail in Chapter 30.

Online Backup of Open Files

The ability to back up open files has always been a challenge for organizations. Old tape backup software skipped files in use because there was no easy way to back up the files being used by network users. Improvements in tape backup software now allow an organization to enable an open file's agent on a server so that files in use can be backed up. However, the process of backing up open files either significantly slows down the normal access to files, or the files are backed up out of sequence, making restoration of the files a challenge.

Windows Server 2003 Volume Shadow Copy allows the primary network volume to be locked and a snapshot created to another volume. With the read-only shadow volume available, tape backup software can launch a backup of the files without having to contend with file access of other applications or devices. Furthermore, because the files are not in use, the backup system does not have to stop, unlock a file, back up the file, and then relock the file for user access. And because the volume shadow can reside on a different server volume or even on a different server, the information can be backed up with no impact on users.

User-Level Retrieval of Archived File Copies

Another popular use of Volume Shadow Copy is the ability for users to easily restore files they might have accidentally deleted. With Windows NT4 or Windows 2000, when a user accidentally deleted a file, if the file did not end up in the user's personal Recycle Bin, the file was effectively lost. The best the organization could typically do was recover the file from tape.

With Windows Server 2003's Volume Shadow Copy, a shadow of files can be taken periodically. Now when users want to recover an accidentally deleted file, all they have to do is access the volume shadow to select an archived file for retrieval. This Volume Shadow Copy retrieval process is also preferred over backup systems because most data file loss is caused by accidental overwriting of files or file corruption. Volume Shadow Copy can provide the online restoration of files from the last series of Windows Server 2003 snapshots.

Global Catalog Build from Media

Organizations that built global catalog servers across a fairly distributed WAN infrastructure with Windows 2000 found it very challenging because of the time required to replicate an initial global catalog over a WAN. Windows Server 2003 enables the organization to export the global catalog to a file that can be burned to CD-ROM and later used to build a global catalog server remotely.

When a remote administrator needs to build a global catalog server and runs the DCPromo utility, the administrator is given the option of building the initial global catalog from media. At that time, the CD with the global catalog file can be inserted and the initial catalog information installed. Replication to the network will occur, but only for changes made to the global catalog since the CD was created.

This process is covered in detail in Chapter 3, and is commonly used as a method of creating global catalog servers when a global catalog needs to be created across a WAN.

IPSec NAT Traversal

Windows Server 2003 provides better remote user security with IPSec NAT Traversal (NAT-T). Internet Protocol Security provides an end-to-end encryption of information for server-to-server or for client-to-server secured communications. Unfortunately, with IPSec, the source and destination servers must have public Internet addresses where Network Address Translation (NAT) is not used. For site-to-site communications, an organization typically can create public IP addresses to servers on each end of the site-to-site connection. However, mobile users who may connect at hotels, airports, or other temporary locations are rarely assigned public IP addresses; thus, IPSec has not been very functional for mobile users wanting to securely access their networks running Windows 2000.

Windows Server 2003 provides IPSec NAT Traversal that enables IPSec servers and clients to traverse Network Address Translation network segments. With IPSec NAT Traversal, an organization can increase the remote-to-server security and provide secured mobile communications much better than it has ever been able to do before.

IPSec NAT Traversal is covered in Chapter 26, "Server-to-Client Remote and Mobile Access."

Категории