... lire la suite
Lien du post: http://www.asp-magazine.com/zactus/z/p21865.html
Cette session presente les nouveautes de Windows Server 2008 en mode Terminal Server et dans la virtualisation. Terminal Server dans Windows Server 2008 TS 2008 necessite la derniere version 6.1 de MSTSC (Remote Desktop) qui sera en Download pour XP ou dans le Service Pack 3. Distribution d'application a travers Terminal Server avec validation (utilisation des droits de l'utilisateur), Gestion de la securite des applications distribuees (validation des certificats, ...) Demonstration de la mise en place d'une distribution d'application depuis le serveur Windows 2008 : Problematique de la gestion des impressions avec Terminal Services, Windows Server 2008 permet d'envoyer en XPS qui est utilise par les nouvelles imprimantes ou peut etre transforme en format de l'imprimante : · Composant d'impression : Terminal Server Easy Print Mise a disposition des applications disponibles par Terminal Server via Terminal Server Web Access : · TS Web Access Exige Windows 2008 et IIS7 Encapsulation de RDP dans RPC/HTTPS pour acceder au TS depuis une simple connexion (hotel, maison, bureau distant, lieu public, ...). Definition de groupes de server, de politiques et des groupes d'utilisateurs pour ces ressources. Utilisation avec la notion de "Connect from Anyware" de RDP. Le TS peut se placer derriere un ISA Server. Redirection possible vers un portail Web avec l'ensemble des applications disponibles pour l'utilisateur. Gestion de la charge reseau pour le Load Balancing avec Terminal Services Session Broker qui repartit les utilisateurs sur le serveur TS le plus adapte (charge memoire, nombre de sessions, ...). Interfacage de Terminal Server avec Windows System Resource Manager (WSRM) pour l'allocation des ressources a chaque session. La virtualisation de Windows Server 2008 · Consolidation de server peu utilises · Virtual Server 2005 (gratuit) necessite l'OS · Windows HyperV (Hyperviseur) se place sous la couche OS · Supporte toutes les versions de Windows Server 2008 Disponibilite 180 Jours apres la publication de Windows Server 2008. Technorati Tags: Windows 2008,Terminal server,TechDays,2008,Event
I was recently asked how a Terminal Server holds the license on the client side. In doing the research into this question i came across some really good information about how terminal services works and also the licensing models available. · Terminal Server Configured for Device based TS CALS · The Seven types of Windows 2003 client licenses · How to get reports from the licensing server Terminal Servers Configured for Device-Based TS CALs When a Terminal Server is configured to use TS Device CALs (Start | Administrative Tools | Terminal Services Configuration | Server Settings | Licensing), each client device needs to have its own license. · Terminal Server CALs are purchased and installed into the license database on the (previously activated) TS Licensing Server. · The TS CALs are activated via the Microsoft License clearinghouse. The activated licenses remain on the license server, waiting for assignment to client devices. · A user makes an RDP connection to the Terminal Server. · Since the Terminal Server is in per device licensing mode, the Terminal Server checks for the device’s TS CAL (in the form of a digital certificate). · If the client device does not present a valid TS CAL, the Terminal Server connects to the license server to obtain one. · If the license server does not have any more TS CALs, it will route the Terminal Server to another license server that does have available TS CALs (if known). · The license server sends the Terminal Server a digital certificate for a temporary 90-day TS CAL. · The Terminal Server passes this certificate down to the client. · The user’s credentials are validated. If the user successfully authenticates, the Terminal Server contacts the license server a second time. This time around, the Terminal Server informs the license server that the TS CAL that was sent to the client should be marked as “valid.” If the user did not successfully authenticate, (i.e. the connection was from an inappropriate user), the Terminal Server will not contact the license server, and the license that was sent out will not be marked “valid.” · The next time that client device connects, it presents its 90-day temporary TS CAL to the Terminal Server. · The Terminal Server contacts the license server. Since the licensing server marked the CAL as valid the first time the user authenticated, the client device’s temporary CAL is up-graded to a full CAL. If, for some reason, all of the license servers have depleted their inventories of TS CALs, the client device keeps its temporary 90-day TS CAL certificate As mentioned earlier, when a client device receives a TS Device CAL from a Terminal Server, it receives it in the form of a digital certificate from a license server. For this reason you must activate the license server with the Microsoft clearinghouse (which is just a certificate authority). The digital certificate is an actual certificate copied to the client device (even with Windows CE). Once a client device connects to a Terminal Server, a TS CAL digital certificate is transferred from the license server to the client device. The license server loses one of its licenses from its inventory, and the client device has the digital certificate that it can present to any Terminal Server on future connections. The digital certificate is stored in different locations depending on the operating system. On 32-bit Windows platforms, the TS CAL digital certificate is stored in the registry at HKLM\Software\Microsoft\MSLicensing\Store\License00x. 1. Anyone who has been in the computer industry for more than five minutes can probably spot a potential flaw in this plan. Client devices tend to break. Windows-based terminals have their ROMs re-flashed. Operating systems are reinstalled on workstations. PCs are reimaged. Whenever this happens, the TS CAL digital certificate stored on the client device is lost forever. The TS CAL doesn’t exist on the license server after it’s transferred to a client device. When that client connects back to a Terminal Server, it has no digital certificate to present. The server thinks that it has no license, and instructs the license server to issue a new TS CAL in the form of a new digital certificate. In effect, that one client device ends up consuming two TS CALs—the old one that was lost and the new one that was just issued. If the client device were reset again, a third TS CAL would be used. 2. In Windows 2003 (and Windows 2000 SP3), when a Terminal Server requests a TS CAL from the license server for a client device, a full TS CAL certificate is granted with an expiration date randomly selected between 52 and 89 days from the current date. The license server keeps track of the expiration date and it is also embedded into the digital certificate that represents the actual license passed down to the client device. 3. Every time the client device connects to a Terminal Server, it presents its TS CAL certificate to the server. The server checks not only whether the client device has a valid certificate, but also the expiration date of that certificate. If the expiration date of the certificate is within 7 days of the current date, the Terminal Server connects to the license server to renew the license for another random period of 52 to 89 days. 4. The license server also tracks the expiration date of TS CALs. If for some reason the client’s CAL is never renewed and expires, the license server returns that TS CAL to the inventory of available unused licenses. If a client device with a TS CAL were to blow up or be rebuilt, the license server would automatically add the TS CAL back into its available license pool after it expired (a maxi-mum of 89 days). 5. If the Terminal Server is not able to obtain a TS CAL renewal when the client device’s TS CAL certificate expires after the 52 to 89 days, the client is denied access. A temporary 90-day certificate cannot replace a full certificate that has expired, but this shouldn’t ever be a problem for you (unless you don’t have enough TS CALs). 7. Assume that a client device successfully authenticates to a Terminal Server and is granted a full TS CAL certificate that was (worst case) randomly selected to expire at the 89 day maximum. When it passes down the certificate, the license server decrements its total TS CAL license count by one, also noting that particular certificate’s expiration date. Now, assume that a catastrophic event occurs at the client, causing its local operating system to be reinstalled and its local TS CAL certificate to be lost. When that client authenticates to a Terminal Server, the Terminal Server will request a new TS CAL certificate from the license server and the license server (again) decrements its TS CAL inventory by one. At this point there have been two TS CAL licenses given out to that one client, but the first one will never be renewed because the certificate was lost when the client was rebuilt. After 89 days (the randomly selected duration of the first certificate), the first TS CAL is returned to the pool by the license server. 8. The administrator in this situation probably bought just enough TS CALs to cover the exact number of client devices. He did not buy extras to cover the 52 - 89 day period during which one client device had two CALs assigned. By purchasing the exact amount of TS CALs, the license server would not have any more TS CALs to give out when the client device asked for the new TS CAL certificate after the first was lost. In this case, the license server would grant a temporary 90-day TS CAL certificate to the client device because the client device appears to the server as a brand new machine. Because the temporary TS CAL certificate is always valid at least one day longer then the full CAL certificate (90 days versus a maximum of 89 days), the old, lost full TS CAL will always be returned to the inventory on the license server at least one day before the temporary TS CAL certificate would expire. For example, after day 88, the client device’s temporary TS CAL certificate will expire in 2 days, but the license server is tracking the expiration of the full TS CAL that was originally granted for 89 days. That full TS CAL only has 1 day left before it expires. The following day, when the client device’s temporary TS CAL certificate has only 1 day remaining, the license server will add the original TS CAL back in its inventory pool, making it available to grant to the client as a permanent license for another random period of 52 - 89 days. A challenge to using per-user and per-device CALs is the fact that they have to be assigned to a specific user account or a specific client device. While adequate for employees of the company that bought the license, what happens if a company wants to extend its Terminal Server environment to business partners where the names of users and client devices wouldn’t be known? What happens if a company wants to extend an application via a Terminal Server to the Internet? Technically following the Microsoft terms, you would need to buy a license for each unique user or computer that connected to your server. ECLs are available for all new Microsoft products (except products that are licensed on a per-processor basis since per-processor licenses already account for unlimited users and client devices). In Terminal Server 2003 environments, ECLs provide a simple way to buy “concurrent” user licenses for those who need to connect to your server. If you wanted to open up a server to trading partners, you would buy a Terminal Server ECL. The Seven types of Windows 2003 client licenses The license service that runs on a Windows 2003 server keeps track of seven different types of licenses. These include four types of licenses for Windows 2003 Terminal Servers and three types (for backward compatibility) for Windows 2000 Terminal Servers. The seven types of Windows 2003 client licenses include: · Windows Server 2003 TS Device CALs. This license is the per-device CAL that is issued to unique client hardware devices. It allows the client device to access Windows 2000 and 2003 Terminal Servers. · Windows Server 2003 TS User CALs. This is the per user CAL that’s assigned to unique user accounts. This license allows a user to access Windows 2000 and 2003 Terminal Servers. If the client device has a valid TS Device CAL, then this TS User CAL is not needed, and vice versa. · Windows Server 2003 TS External Connector Licenses. When assigned to a Terminal Server, this ECL license allows unlimited non-employee connections. When this ECL is used, TS Device CALs and TS User CALs are not needed. · Windows 2000 TS CALs. These are per-device licenses for devices connecting to Terminal Servers running Windows 2000. · Windows 2000 TS Internet Connector Licenses. These licenses are essentially the Windows 2000 version of the Windows 2003 TS ECL. When assigned to a Windows 2000 Terminal Server, this license allows 200 simultaneous connections. These connections must be made by non-employees, across the Internet, via anonymous user accounts. · Windows 2000 Built-in Licenses. These built-in licenses are used for Windows 2000 and Windows XP workstations that are connecting to Windows 2000-based Terminal Servers. Remember from the previous section that Windows 2003 Terminal Servers do not support the use of built-in licenses. (Which is why even if your Windows XP workstations qualify for “free” Windows 2003 TS CALs, you have to obtain TS Devices CALs from Microsoft—they’re not automatically built in.) · Temporary Licenses. If a licensing server ever runs out of activated licenses, it will issue temporary licenses to any client devices requesting per-device TS CALs (applicable to Windows 2000 or 2003-based Terminal Servers). The number of temporary TS CALs a licensing server can grant is unlimited, although the temporary CALs themselves expire after 90 days and cannot extended. The Terminal Server License Reporting tool, lsreport.exe, from the Windows Server 2003 Resource Kit can be used to view and analyze the data contained within the licensing server database. This tool outputs the information in the database into a tab-delimited format that allows you to create reports of who is using your licenses. Run “lsreport /?” from a command prompt for a list of options. The Terminal Server Client License Test tool, TSCTST.EXE, is a command-line client-side tool that displays information about a client device’s local TS CAL. Also included in the Windows Server 2003 Resource Kit, it provides the following information about a license: · Server certificate version
· Introducing Windows Server 2008 by Mitch Tulloch with the Microsoft Windows Server Team (ISBN: 9780735624214) This e-book covers Windows Server virtualization, managing Windows Server 2008, Active Directory, Terminal Services, and failover clustering. · Microsoft Windows PowerShell Step by Step by Ed Wilson (ISBN: 9780735623958) This e-book includes an overview of Windows PowerShell, using Windows PowerShell cmdlets, and leveraging PowerShell providers.
Windows Server 2008 RTM - Now ! Windows Server 2008 est disponible en telechargement pour les abonnees MSDN depuis quelques heures ! La version la plus testee de Windows ! Windows Server 2008 contient un ensemble de nouvelles fonctionnalites et technologies qui sont trop nombreuses pour les lister completement, mais en voici quelques unes notables : · Passerelle Terminal Services - accedez a vos applications sans client
The MAPI/CDO download package now works on Windows Server 2008 and Vista. The main blocker to getting this to work was the fact that in Windows Server 2008 and Vista, mapi32.dll was marked as a system file. Any attempt to replace it would be blocked or undone. Exchange's MAPI has always replaced mapi32.dll with it's own version, so it couldn't work on those operating systems. · The version number of the Windows Server 2008/Vista compatible download is 06.05.8022.0. · Session 0 Isolation causes problems with our fix to the deleted profile issue. With that fix in place, a normal user (who lacks SeCreateGlobalPrivilege) wouldn't be able to use MAPI at all. So we modified the fix to attempt the global namespace first (which will fail for a normal user), then fall back to a local namespace. This means it is possible for a normal user to log on to a server twice with Terminal Services and delete a profile from one session that is in use under another session. To help identify this scenario, there's a new error code which will be seen by MAPI applications if this happens: MAPI_E_PROFILE_DELETED (0x80040204).
This document describes new features and technologies, which were not available in Windows Server 2003 with Service Pack 1 (SP1), that will help to increase the security of computers running Windows Server 2008, increase productivity, and reduce administrative overhead. These topics apply to the next release of Windows Server 2008, based on the functionality expected to be included in the Beta releases in 2007. They do not describe all of the changes that are included in Windows Server 2008. Instead, they highlight changes that will potentially have the greatest impact on your use of Windows Server 2008 and provide references to additional information. · Server Manager · Server Core Installation Option · Application Server Role · DNS Server Role · Fax Server Role · File Server Resource Manager · Windows Server Backup · Network Policy Server · Terminal Services Role · Terminal Services Core Functionality · Terminal Services Printing · Terminal Services and Windows System Resource Manager · Web Server (IIS) Role · Windows Deployment Services Role · Windows Firewall with Advanced Security · Windows PowerShell · Windows Reliability and Performance Monitor · Windows Server Troubleshooting Documentation
Retrouvez les e-demos en francais sur Windows Server 2008 ! Comme discute avec beaucoup d'entre vous lors des petits dejeuners Windows 2008 Decouvrez cette serie de webcasts baptisee « Premiers pas avec Windows Server 2008 ». Avec les nombreuses demonstrations proposees, vous apprendrez rapidement a installer et configurer les differentes fonctionnalites de Windows Server 2008 : services de deploiement Windows (WDS), Active Directory, IIS7, Hyper-V, services de terminaux Windows (Terminal Services), services de mise en cluster (Failover Clustering), NAP... Published Thursday, December 04, 2008 4:45 PM by laureri
Installing Windows Server 2008 on the Hyper-V Beta So once you have the Hyper-V Beta installed and up and running you will probably want to start making virtual machines and playing with them. Of all the possible guest operating systems - Windows Server 2008 is the 'premier' one, in both performance and ease of installation. To install Windows Server 2008 on the Hyper-V Beta you will need to: · Open the Hyper-V Management MMC UI (either from the start menu - under Administrative Tools, or through the Server Manager UI), click on 'New' from the Action pane (on the right) and select 'Virtual Machine...' · If you choose to create a new virtual hard disk - you will then get to configure the installation options - where you can specify how you will be installing an operating system. You could use the ISO that you downloaded of Windows Server 2008 RC1 with Hyper-V Beta - or you could use the physical CD that you used to install the Windows Server 2008 on your physical computer (this is what I did). Attention! You should only use the same version of Windows Server 2008 in the virtual machine that you did on the physical computer. Using a different version can cause compatibility issues later on. · Either way you will soon get a Virtual Machine Connection window and see that Windows Server 2008 is booting off the CD. Proceed through the initial setup pages giving the answers that you would for a physical computer (I selected to do a full installation of Windows Server 2008 Enterprise in English (United States) and created a single partition that used all the space on the virtual hard disk. Once you have finished this you can go away for a while while the operating system installs. · When the installation is done Windows Server 2008 will prompt you to provide a password for the administrative account.