Microsoft Windows Server 2003 Deployment Kit [Electronic resources] : Planning Server Deployments نسخه متنی

Planning for Remote Management Deployment

After you create your remote management strategy and determine your tools and configurations, the remaining step is to plan for deployment, as illustrated in Figure 5.12.

Figure 5.12: Planning for Remote Management Deployment

If you decide to use Emergency Management Services for out-of-band management, evaluate your existing server hardware to determine whether it supports the out-of-band functionality you need. After you decide whether to use your existing hardware or to purchase new servers or components, you can decide how you want to install the Windows Server 2003 operating system on your remote servers. Then you need to test your plan in a lab environment and identify the tasks that you need to perform to implement your plan.

Choosing New or Existing Hardware

If you have older server hardware, it might not support some of the enhanced remote management capabilities provided by newer hardware. For many computers, however, you can purchase hardware components that provide enhanced out-of-band features. If you plan to purchase new servers, you can purchase ones that have been designed for compatibility with Emergency Management Services.

As you compare your existing server hardware with your remote management needs, choose one of the following approaches:

Use existing servers only

Use existing servers and purchase new peripherals

Purchase new servers

These three choices are not mutually exclusive; you can decide the most cost-effective solution for each situation on a case-by-case basis. If you want to eventually replace existing servers with new ones but do not want to incur the entire cost at once, you can also plan to prestage new servers, and gradually deploy them over time.

Using Existing Servers

You might be able to use your existing servers, even if they include legacy hardware, but they might provide more limited out-of-band options. If you use existing servers, out-of-band management functionality is limited to Emergency Management Services functionality, which means that you can perform out-of-band management tasks remotely only when the operating system is functioning. You might decide on this option if your servers can be easily and quickly accessed for local management when the operating system is not responding.

If your server was recently manufactured, you might be able to upgrade the system firmware. Firmware that supports console redirection lets you manage remotely before the operating system starts. Upgraded firmware can also make it possible to configure your servers for headless operation. Without firmware that supports console redirection, it is not possible to start your server without a keyboard controller and video adapter. Check with your original equipment manufacturer (OEM) to see if upgraded firmware is available.

If you decide to use existing servers, advantages include the following:

You save on the cost of purchasing new servers.

You can gain experience with the technology before investing in new hardware.

You might be able to upgrade the operating system instead of performing a new installation, and you might not need to reinstall all the applications.

For more information about considerations for upgrading computers, see "Choosing an Automated Installation Method" in Automating and Customizing Installations in this kit.

Disadvantages of this approach include the following:

You have only limited out-of-band functionality: with only Emergency Management Services, you can manage remotely only when the loader or kernel is at least partially running.

You might experience compatibility issues with older hardware. Check the Windows Server Catalog to verify that all installed devices are listed. To find the Windows Server Catalog, see the Windows Server Catalog link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Using Existing Servers with New Peripherals

You might decide to use your existing servers but purchase out-of-band peripherals to provide enhanced out-of-band functionality. For example, you can purchase an intelligent UPS to provide remote power options or a terminal concentrator to provide access to multiple servers from a network connection. Devices such as a PCI adapter with a service processor are also available.

Advantages of this approach include the following:

You save on the cost of new hardware because new peripherals cost less than new servers.

You might be able to upgrade to Windows Server 2003 instead of performing a new installation.

You can gain experience with the new technology as you phase in new servers and components.

You can obtain increased out-of-band functionality.

Disadvantages of this approach include the following:

You incur the cost of new hardware components.

If your OEM does not provide out-of-band support, your out-of-band functionality is limited.

If your OEM does not provide out-of-band-related hardware upgrades, or does not support use of such devices, then your options are limited to using existing servers or purchasing new ones. If you need out-of-band management support when the operating system is not functioning, you need to purchase new hardware. Newer systems that are compliant with Emergency Management Services typically have some or all of the out-of-band management features described in this chapter.

Using New Servers

If you plan to purchase new servers as part of an organization-wide Windows Server 2003 deployment and you plan to implement remote out-of-band management, look for features that enhance Emergency Management Services when you purchase the new computers. Newer computers that are compliant with Emergency Management Services typically include firmware that provides console redirection and might include service processors.

Advantages of purchasing new servers include the following:

You can simplify the hardware configuration if the servers have components such as service processors or intelligent power switches built in.

You are much less likely to encounter component incompatibilities because the Emergency Management Systems-compliant computers packaged by OEMs are sold as a single entity and tested together for compatibility.

Servers that are compliant with Emergency Management Services might have features such as console redirection, a service processor, and an intelligent power switch built in, providing immediate access to enhanced out-of-band features.

Servers that are compliant with Emergency Management Services typically are compatible with in-band Windows Server 2003 remote management technologies, including RIS.

Headless server configurations are an option.

The primary disadvantage of purchasing new servers is the cost of the new hardware.

Prestaging Servers

When you prestage servers you gradually replace existing servers in your organization with new ones preconfigured and tested in your lab. With this approach, you can use existing servers for your initial Windows Server 2003 deployment. Then, as servers reach approximately 90 percent usage, a technician can go onsite to replace the existing servers with new ones that are built to support out-of-band management.

Advantages of this approach include the following:

You can spread out the cost of new hardware over time.

You can gain experience with the technology before investing in new hardware and refine your buying criteria as you phase out old equipment and replace it with new servers.

You gradually get increased out-of-band functionality as servers are replaced.

You might be able to upgrade to Windows Server 2003 during the initial deployment, instead of performing new installations and reinstalling applications.

The primary disadvantage of prestaging is that you have the possibility of interim compatibility issues.

Selecting the Installation Method

Your decision to use existing servers or to purchase new ones might influence the method you choose to install Windows Server 2003. If you decide to use existing servers, you might be able to upgrade the operating system.

There are many issues in addition to upgrade or new installation to consider when you choose an installation method. For a complete discussion of the considerations when deciding on a method, see "Choosing an Automated Installation Method" in Automating and Customizing Installations of this kit. This section covers only the installation issues involved with Emergency Management Services and headless servers.

Selecting RIS for Installation

On 32-bit and 64-bit systems, you can use Remote Installation Services (RIS) to start a network-based Windows Server 2003 installation on a computer without an operating system. To install the Windows Server 2003 operating system by using RIS, you must have a network adapter that is Pre-Boot eXecution Environment (PXE) capable. A PXE-capable network adapter lets you boot the server from the network.

Special versions of Startrom.com support Emergency Management Services console redirection and let you perform an unattended installation on a server from a remote management computer. These versions of Startrom.com let you perform a remote unattended installation even if the firmware on the server does not provide console redirection. Without the Emergency Management Services version of Startrom.com, you cannot respond to the Press F12 for network boot prompt unless the server has firmware that provides console redirection. If you have firmware console redirection, however, it is preferable to rely on it instead of Emergency Management Services console redirection and to use the standard Startrom.com file, because the standard version supports a wider variety of baud rates. The special versions of Startrom.com support only a baud rate of 9600.

For more information about using RIS with Emergency Management Services, see the Server Management Guide of the Windows Server 2003 Resource Kit (or see the Server Management Guide on the Web at http://www.microsoft.com/reskit). For more information about RIS in general, see "Designing RIS Installations" in Automating and Customizing Installations of this kit.

Selecting Network-Based Unattended Installations

If you want to fully automate Setup and enable Emergency Management Services, you can use a network-based unattended installation. If your firmware supports the Serial Port Console Redirection (SPCR) table, Setup automatically detects the out-of-band port parameters and enables Emergency Management Services. If your firmware does not support the SPCR table or you want to fully automate Setup, you can configure Setup by using the Unattend.txt file. You can also use the Unattend.txt file to disable Emergency Management Services if your firmware supports the SPCR table, but you do not want to enable Emergency Management Services.

When Emergency Management Services is enabled, you can use Emergency Management Services console redirection to remotely monitor text-mode setup. Although you cannot use either firmware or Emergency Management Services console redirection to redirect GUI-mode setup graphics such as windows and cursors, you can avoid pauses for user input by specifying parameters in your Unattend.txt file. For headless computers, you need to use an Unattend.txt file or run Setup by using a Remote Desktop for Administration connection.

If your Unattend.txt file does not contain the information necessary for GUI-mode setup to proceed — such as your accepting the the End User License Agreement (EULA), entering a 25-digit product key, and providing an administrator password — you will be prompted through the serial port to provide that input. If the server has a local monitor, a dialog will show that the system is waiting for input through the serial port. You can optionally use the local keyboard to cancel this. If more information is missing from your answer file, a default answer is created so that you are not prompted again. For example, if the computername parameter is missing, the random computer name, "computername=*" is automatically generated. You can then change this information after GUI-mode setup is complete.

A sample Unattend.txt file is on the Windows Server 2003 operating system CD. You can use default settings or create customized installations by modifying or adding parameters. For more details about Emergency Management Server parameters for the Unattend.txt file, see the Server Management Guide of the Windows Server 2003 Resource Kit (or see the Server Management Guide on the Web at http://www.microsoft.com/reskit). For more information about network-based unattended installations, see "Designing Unattended Installations" in the Automating and Customizing Installations book of this kit.

Selecting Unattended CD-Based Installations

If your system supports firmware console redirection, you can enable Emergency Management Services as part of a CD-based installation. If your firmware supports the SPCR table, Setup automatically detects the out-of-band port parameters and enables Emergency Management Services. You can then use Windows Emergency Management Services console redirection to remotely monitor text-mode setup, but you cannot use console redirection to monitor GUI-mode setup. To fully automate a CD-based installation that includes customized parameters, you need to configure an unattended setup by using the Winnt.sif file.

If your firmware supports the SPCR table, console redirection is enabled, and you do not plan to use unattended files during setup, you can use Express Setup. When you boot a headless server from CD and do not use the Winnt.sif file, Setup automatically provides default parameters for the computer configuration so that the GUI-mode phase can complete without displaying any prompts. After Setup is complete, you can use SAC to set parameters such as IP address or view the computer name, if the IP address was assigned using DHCP. Then you can use a Remote Desktop for Administration connection to complete your custom configuration.

To begin a CD-based Windows Server 2003 setup, you must enable firmware console redirection to remotely view and respond to the Press any key to boot from CD-ROM prompt that appears when starting the computer by using the Windows Server 2003 operating system CD.

For more details about using CD-based setups and configuring the Winnt.sif file for Emergency Management Services, see the Server Management Guide of the Windows Server 2003 Resource Kit (or see the Server Management Guide on the Web at http://www.microsoft.com/reskit).

Selecting Unattended Image-Based Installations

You can also use an Unattend.txt file to fully automate Setup and enable Emergency Management Services as part of an image-based installation on headless servers. You can distribute the CD image you create to a remote server, power on that server, and proceed through an unattended GUI-mode setup just as you would proceed through an unattended, network-based installation. You can also use Express Setup if your firmware supports the SPCR table, console redirection is enabled, and you do not plan to use unattended files during setup.

Enabling Emergency Management Services

Emergency Management Services functionality is built into Windows Server 2003 and is installed, but not enabled, when the operating system is installed. You can enable Emergency Management Services at any of the following times:

During a new Windows Server 2003 installation, including RIS-based setups.

During a Windows Server 2003 upgrade (x86-based systems only).

After you complete a Windows Server 2003 installation.

For information about how to enable Emergency Management Services during or after installation, see the Server Management Guide of the Windows Server 2003 Resource Kit (or see the Server Management Guide on the Web at http://www.microsoft.com/reskit).

Preparing for Deployment

After you have followed the planning steps in this chapter to identify your organization's remote management requirements and to design a solution that meets those requirements, you need to test your solution in a lab environment that emulates your production environment as closely as possible. Because out-of-band management and support for headless servers is new to the Windows environment, it is particularly important to test your headless server and out-of-band configurations. Then develop a list of tasks you need to perform before you can implement your plan. Include tasks for preparing your network, hardware and software configurations, and security.

Network connectivity

Identify the steps you need to take to prepare your network infrastructure to ensure connectivity and stable access. Include tasks to accomplish the following:

Configure your network for increased bandwidth, or establish a secondary network for remote management, if necessary.

Configure Dial-up Networking settings, if you plan to support dial-up remote management.

Configure firewall settings, if you plan to remotely manage across a firewall.

Configure IP packet filter settings, if you plan to remotely manage across a router that filters packets.

Server resources

Identify the steps for assessing computer resources and for upgrading them, if necessary, such as:

Upgrade server and management computer memory and processor, if necessary, to support remote management tools.

Upgrade or purchase new computers that provide enhanced out-of-band support, if necessary.

Security

Identify the steps for ensuring both physical and logical security, for both in-band and out-of-band management, such as:

Provide secured access to servers.

Provide physical security for out-of-band serial connections.

Provide for authentication and encryption protocols.

Configure Group Policy settings to mitigate vulnerabilities of less secure authentication protocols.

Configure IPSec policies to provide security if you plan to use tools without encryption or dial-up connections through a VPN.

Establish a secondary management network or configure secured routers, if necessary.

Set up security groups and assign membership for administrators.

Set up shared folders as necessary, and assign permissions.

Configure Group Policy settings to restrict the types of administrative tasks remote users can perform.

Configure out-of-band settings

Identify the steps for configuring computers for out-of-band management:

Enable firmware console redirection.

Verify and, if necessary, configure hardware resource settings for serial ports.

Configure SPCR table settings.

Configure the service processor, if necessary.

Select consistent terminal definition settings for firmware, Emergency Management Services, and client terminal software.

For more information about specific settings for Emergency Management Services, see the Server Management Guide of the Windows Server 2003 Resource Kit (or see the Server Management Guide on the Web at http://www.microsoft.com/reskit).

Connect out-of-band hardware components

Identify the steps for configuring the out-of-band infrastructure:

Set up serial port null modem connections.

Connect terminal concentrators, modems, service processors, and intelligent UPSs.

For more information about setting up null modem connections in an Emergency Management Services installation, see the Server Management Guide of the Windows Server 2003 Resource Kit (or see the Server Management Guide on the Web at http://www.microsoft.com/reskit).

Install and enable Emergency Management Services

Identify the steps for installing Windows Server 2003 and enabling Emergency Management Services:

Build and test files and directories for unattended network, unattended CD, or RIS installations of Windows Server 2003.

Enable Emergency Management Services during or after Windows Server 2003 installation.

For more information about enabling Emergency Management Services, see the Server Management Guide of the Windows Server 2003 Resource Kit (or see the Server Management Guide on the Web at http://www.microsoft.com/reskit).