Microsoft Windows Server 2003 Deployment Kit [Electronic resources] : Planning Server Deployments نسخه متنی

Evaluating Remote Management Needs

To implement an efficient, cost effective, secure remote management plan, you need to determine which servers to manage remotely by considering the tradeoffs — including cost, convenience, and system availability — for various ways of managing the servers in your environment. Before you decide whether or what to manage remotely, you need to evaluate remote and local management, and in-band and out-of-band management.

With Windows Server 2003, you can choose to remotely perform server management tasks that previously could be done only locally. By using Emergency Management Services with the appropriate hardware and software tools, you can remotely perform almost everything except hardware installation. When considering this type of solution, you need to weigh the level of support provided by the solution against the possible need to use legacy hardware. You might need to make a compromise between the level of support you want and the cost of additional hardware. You might also want to evaluate the savings you can obtain by configuring some of your servers for headless operation.

The first step in developing a remote management plan is to determine which servers in your environment need to be managed remotely. Figure 5.2 illustrates the place of this step in the planning process.

Figure 5.2: Evaluating Your Remote Management Needs

Assessing Your Server Environment

Assessing your server environment includes determining how many and what kind of servers you have, where they are located, and who administers them. The goal is to decide which servers should be managed remotely and which should be managed locally. For servers you want to manage remotely, you need to decide whether you want to perform only in-band tasks — those performed when the operating system is up and running — or both in-band and out-of-band tasks — those performed when the operating system is not running or is not responding appropriately. For example, you might want to configure some servers so that you can remotely install the operating system and perform all management tasks remotely, regardless of the state of the system, while for other servers you might only want to perform routine maintenance tasks remotely.

Identifying Computers for Remote Management

When determining which servers to manage remotely and which locally, consider the following issues:

Number of servers. Does your organization have many servers or just a few? How manageable are they in relation to the number of technicians available for local support? If your organization has few servers and technicians are readily available, you might not need to manage remotely. On the other hand, if you have many servers and limited support resources, you probably want to manage at least some of them remotely.

Location of servers. Are the servers in your organization consolidated in a single or a few locations where they are easily accessed by technicians, or are they widely dispersed? If the computers are distributed throughout your organization, what distances are involved? For example, are they located internationally, in different buildings in the same city, or down the hall? The more servers you have and the farther apart their locations, the greater the savings you are likely to achieve by remote management.

Server roles supported. Do you have different management requirements for different types of servers, such as domain controllers, print servers, file servers, Web servers, application servers, and database servers? You might decide to manage different types of servers differently for reasons such as security or criticality to your business. For example, you might want to manage application servers remotely for mission-critical applications, but domain controllers locally for security reasons.

Availability requirements. What percentage of the time must a server be up and running? For example, if you have servers with an availability rating of 99.99 percent, you can't afford a downtime of anything more than minutes. How many users typically access a server? For example, if a domain controller has a problem, many users might be affected, while if a print server in a small department fails, only a few users are affected. What is the impact to your business if a server is not available for a period of time? Remotely managing servers that have high availability requirements can significantly save downtime while waiting for someone to perform local management.

Reliability history. How reliable is the server? How frequently does it typically encounter problems? The lower the reliability, the more benefit you can derive from managing it remotely.

Number and expertise of on-site technicians. How many technicians do you have for local management and where are they based? For example, are there administrators on-site in branch offices? How experienced are they? If you have few technicians in certain areas, or they are inexperienced, you can probably benefit from remote management.

Security issues. Do you have servers you prefer to manage locally for security reasons? For example, do you have public servers that you prefer to manage locally rather than by establishing a VPN connection? Or do have specific tasks that you prefer to perform locally and others you prefer to perform remotely?

Identifying Tasks for Remote Management

After you know which servers you want to manage remotely, the next step is to assess which kinds of management tasks to perform remotely and which to perform locally. For example, do you want to perform tasks remotely only when a server can be accessed across the network, or also when it cannot be accessed across the network?

If you have enough experienced technicians available or have highly reliable servers, in-band remote management support might be sufficient. On the other hand, if some of your servers have high availability requirements or a history of poor reliability, or if you have insufficient on-site technical support, you might need out-of-band remote management support.

If you have many servers mounted in racks and tethered to KVM switches, you might decide to configure them for headless operation and then perform all administrative tasks remotely. Because headless servers do not have monitors, keyboards, or mouse devices and might not require video adapters, they can present significant savings in space, energy consumption, and hardware costs.

Another consideration is whether your current servers are designed for out-of-band management. If you plan to use the hardware you already own and it is not designed for out-of-band support, your options might be more limited. For more information about deciding whether to use existing or new hardware, see "Planning for Remote Management Deployment" later in this chapter.

If you decide you need out-of-band remote management support, the next step is to determine how much support you need. As you determine the degree of out-of-band support you want, you need to weigh the costs of any additional hardware components — and possibly the cost of upgrading existing computers — against the savings in system uptime and reduced on-site support.

By using Emergency Management Services with nothing but a serial port, you can access nearly all Windows Server 2003 operating system states. By combining Emergency Management Services with appropriate out-of-band hardware, however, you can perform nearly every administrative task remotely — even before the operating system is fully initialized or after it stops responding — and you can effectively manage many servers from a single management computer.

To help determine the degree of out-of-band remote support you need, decide which of the following tasks you need to perform remotely:

Start up a server

Change BIOS settings

View POST results

Select which operating system to start

View Stop error messages

Reset a server

Access the server when it is inaccessible through the network

Install the Windows Server 2003 operating system

Different out-of-band tasks might require different types of hardware components. For more information about which components are needed for which tasks, see "Choosing Out-of-Band Management Tools" later in this chapter.

Identifying Responsibilities for Remote Management

As you plan for remote server management, you also need to decide whether you want different administrators to be responsible for different groups of tasks or whether you want all administrators to be authorized to perform the entire range of tasks. Depending on the size of your organization, the number and skill level of available administrators, and security requirements, you might decide to make some administrators responsible for only certain administrative tasks. To decide how to assign remote management tasks, consider the following issues:

Security issues. Do you want to divide up tasks for security reasons? For example, you might decide that certain tools — based on the power of the tool or its level of built-in security — are to be used only by some administrators or that specific servers are to be accessible only to some administrators.

Skill level of administrators. Do you have highly skilled administrators in all locations or only in some locations? For locations with less skilled administrators, you might decide to use remote management rather than telephone support.

Examples: Determining Remote Management Requirements

As you evaluate your needs for remote management, you develop a list of requirements. These requirements determine which tools and out-of-band configurations are most appropriate for your environment. The following descriptions illustrate three different types of remote management requirements and the level of remote management support appropriate to each. The tools and configurations appropriate to these levels of remote management are described later in this chapter.

Minimal Remote Management

You need minimal support for remote management if you have requirements such as the following:

The site has few servers and those servers are located close together.

The servers have low availability requirements.

Experienced on-site technicians are typically available.

Some routine management tasks are performed centrally.

An example business situation with minimal requirements for remote management might be a branch office that has a single, or just a few, servers running Windows Server 2003. The servers are primarily file and print servers and have low availability requirements. The branch has some on-site support available.

In this situation, on-site technicians perform most administrative tasks locally, but centrally located administrators perform some routine in-band tasks remotely over the network, such as changing a static IP address or other configuration settings,

Moderate Remote Management

You need moderate support for remote management if you have requirements such as the following:

The site has many servers.

The servers have availability requirements that range from low to high.

Experienced on-site technicians are typically available to perform out-of-band tasks for servers with low to medium availability requirements.

Many routine management tasks can be performed efficiently by using in-band remote management tools.

A situation with moderate requirements for remote management might be a data center that has many computers, some of which are legacy systems that do not support Emergency Management Services.

In this situation, the organization plans to supplement existing systems with out-of-band hardware components in order to perform some out-of-band management tasks remotely, even though the computers are not built for Emergency Management Services.

Administrators use in-band remote management tools for the systems in the data center. They use out-of-band management for some systems that have high availability requirements, but not for others that do not have such requirements. For example, the print servers are very reliable, so the organization decided it was not cost effective to support out-of-band management for these servers.

Maximum Remote Management

You need maximum support for remote management if you have requirements such as the following:

The servers have high availability requirements.

You need to perform a number of out-of-band tasks remotely.

The servers are headless.

A situation with maximum requirements for remote management might exist when a group of computers has very high availability requirements. These computers support headless operation and have built-in service processors. They are mounted in racks in a highly secured room.

Administrators go into the highly secured room only when they add or replace hardware. All other administrative tasks are performed remotely, by using an in-band connection when possible and by using an out-of-band connection when a server cannot be accessed through the standard network. The Windows Server 2003 operating system is installed on these computers remotely by using RIS.