Beruflich Dokumente
Kultur Dokumente
Feedback Information:
As you read this Book and you think that this has helped you in any way then it would be great
if you give me your feedback and even if you think that it has been poorly conceived and
written I would like to hear your Feedback and your comments. Feel free to comment of post
my official page the name is Make It Easier link is https://www.facebook.com/MIEasier go
my page and type a post If you think this book help you in any way &Thank You so much for
reading this and also prays for my bright Future stay connected. Fayyaz Ahmed.
Window 7 Configurations.
WINDOW OS:
Operating Systems:
There are two type of Operating Systems.
1) Client OS
2)
Server OS.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
System Restarts.
17.
18.
Enter the User Name and verify the Computer Name, click Next.
19.
20.
21.
22.
23.
24.
Finally Operating System is installed and the User has logged in.
NTFS TECHNOLOGY:
What is File System?
File System eak essa Structure hy jis ki help sy Computer ya
Operating system hard drive per data Allocate or Manage karty hy.
Jab hum apni hard drive my partitions ko create karty hy or ussy
format karty hy us time py hammy FAT32 or NTFS options ko select
karna hota hy. FAT32 eak simple file system hy or NTFS eak advance
or features file system hy.
FAT32:
File Allocation Table ko Bill Gates or Mark MacDonald ny 1977 my banaya tha but tb sy ab tk is my bhut si
changes aaye hy phly jb 4 GB ki har drive thi jbtk FAT16 Popular raha or pher jab hard drive k space ko barhaya
gaya So then FAT32 ko introduce kia gaya.
NTFS:
New Technology File System ko Microsoft or IBM ny 1993 my mil kar banaya tha or ye Window NT platform
my introduce kia gaya tha or us k bad sy Window based Server Operating System my. ya Window XP ya us k
bad k sary hi versions my commonly use hota hy.
NTFS
FAT32 my koi bhi compression nahi hoti yani k is my Jbky NTFS compression k features provide karta hy
hum data ko compress kar k space ko save nahi kar to ye bhi eak difference hy FAT32 or NTFS my is k
sakty.
elawa hum kabhi bhi apny system ko FAT32 sy NTFS
my convert kar sakty hy jab k NTFS ko ap FAT 32 my
kabhi bhi convert nahi kar sakty
Create a Partition
Format a Drive
Change Drive Latters
Shrink a Partition
Extend a Partition
Delete a Partition
Change a drive file system
APP-LOCKER
App-Locker:
App-locker eak essi application window 7 mai jis ko use kar k ap apny computer per kessi bhi user ko restricted
kar sakty hy K wo koi application ko run na kar saky ya koi program installed na kar saky ya koi script run na
kar saky to app-locker ko use kar k hum apny computer per kessi bhi user ko ye task perform karny sy restrict
kara sakty hy k user computer per ye task perform na kar saky.
Role in App-locker:
App-locker my 3 tarha k role configure hoty hy.
1) Executable Role
Ye rule window ki .exe file per lagaya jata hy is role ko configure kar k hum kessi bhi user k ley koi bhi
application disable kar sakty hy. Or us application ka path define kar k bhi hum us application ko restricted
kara sakty hy k us user per ye ETC applications ya games run na hu to App-locker ussy us user k ley block
kar dyta hy.
2) Window installer Role
Ye role tamam software installation ki files ko restricted karny k ley configure kia jata taky koi bhi user
computer per khud sy koi software installed na kar saky.
3) Script Role
Ye role tamam .batch file ko block karny k ley configure kia jata hy taky koi user computer per koi script
run na kar saky
Using AppLocker
To access Group Policy Editor and create rules in AppLocker youll need to be logged in as Administrator.
Click on Start and type gpedit.msc into the search box and hit Enter.
Under Local Computer Policy go to Computer Configuration \ Windows Settings \ Security Settings \
Application Control Policies \ AppLocker.
Now you will see the overall controls for the applications.
Under Configure Rule Enforcement click on the Configure rule enforcement link.
Now under AppLocker Properties check the boxes next to Configured under Executable rules then click Ok.
Since this is your first time accessing AppLocker, there will be no rules listed. Right-click and select Create
New Rule
This opens up the Create Executable Rules wizard and you can select not to show the introduction screen at
start up for the next time you access it.
Add the user you want to block, in this case its Jack.
After youve selected the deny action and selected the user continue to the next step.
In Conditions you can select from Publisher, Path or File hash. We dont want Jack to have access to any of
the games. so we will select Path.
In the next screen you could add Exceptions like allowing certain files, but because we are blocking the entire
games directory well skip to the next screen.
Here you can add a description to the rule so you can keep track of them is there are several rules configured.
When everything looks right click on Create.
A message pops up saying default rules havent been created yet. It is important to make sure they are created
so click Yes to this message.
Now you will see the default rules and the new one you created showing Jack is denied access to the
Microsoft Games directory.
After creating the rule make sure and go into services and make Application Identification is started and that
its set to automatically start as well otherwise the rules wont work. By default this service is not started so
you will need to enable it.
Now, when Jack logs into his user account and tries to access the games he will only see the following
message. Only an Administrator can go in and change the rule.
What is Bit-locker?
BIT-LOCKER
Bit locker window 7 my introduced howa tha is feature k throw hum apni hard drive k kessi bhi partition per
password laga kar ussy secure kar sakty hy in the form of hash value
Disable Bit-locker:
Or agar bit-locker ko disable karna ho tu matlab essy hatana ho tu window ka button press kary or search my
type kary bitlocker and then click it & turn it off.
Once it is enabled, it's time to get going with encrypting your drive. First, find Bitlocker on your PC Windows
7 system drive. Right click on the drive and select Turn on BitLocker.
BitLocker will scan your system to make sure the setup process can proceed. It might inform you that a new
system drive will be created from free space on drive C. This is where BitLocker stores its boot-time
components. After this is done, reboot.
Next, configure the decryption key. Just plug in a USB drive with the decryption key on it at boot time. Or
supply a PIN at startup for additional security.
When you select require a Startup Key, the system will prompt you to insert a USB flash drive. This will store
the decryption key. It'll also prompt you to save a separate copy of the recovery key, which you should save to
decrypt the drive in the event the Startup key ever gets damaged or goes missing.
TIP: Don't save the recovery key to the same place as your Startup key. It's like putting your house and car keys
on same ring. Not smart.
Before starting the encryption process, BitLocker will offer to run a system check. This ensures the Startup key
is readable at boot time and that decryption works. The whole process shouldnt take more than a couple of
minutes, and I strongly recommend you take it up on its offer.
Note: When your system boots with the Startup key plugged in, a message that says Remove disks or other
media could pop up. If it does, press any key to restart.
CAUTION: Do not remove the startup key when you see this message. If you take the key out at this time, the
startup check will fail and youll have to begin again from a much earlier step. So just press a key and continue
the boot process.
Once the startup check succeeds, BitLocker will begin encrypting the system drive in the background. The
encryption process could take several hours. During this time the computer will still be usable -- and in fact
even be suspended, shut down or restarted.
That said, the system will be slower respond while it encrypts the system drive. Dont expect to get a great deal
done at this time.
If you double-click on the tray icon for BitLocker, you can see a progress window for the encryption process.
Drives encrypted by BitLocker will have a lock icon. Note that only the system drive has been protected. Notice
the other drives in this system, which are for such auxiliary user data as downloads, are not encrypted. You'll
have to encrypt them manually.
Remember, BitLocker is included in most versions of Windows, but not in home versions. You'll have to seek
another solution, like True Crypt.
Enjoy your newly secure boot drive.
As promised at the beginning, your system administrator will have enable BitLocker in Windows. Here's a guide
you can show them to help them figure that out.
FOR ADMINISTRATORS: If you've got BitLocker up and visible on your system drive, just jump ahead to the
configure process. Launch gpedit.msc by typing that command in the Start Menus Search box and pressing
Enter.
Navigate to Local Computer Policy >> Computer Configuration >> Administrative Templates >> Windows
Components >> BitLocker Drive Encryption >> Operating System. Here is what you'll see.
Double-click on Require additional authentication at startup and select Enabled. Then check this: Allow
BitLocker without a compatible TPM. The other options should each be set to Allow. Click OK and close the
Group Policy Editor. Thats it.
FIREWALLS
Firewall:
Firewall eak essi wall hy jo traffic ko filter karti hy wo chaye incoming traffic ho ye outgoing traffic. Firewall
company k edge per lagai jati hy jaha sy company k pory network ki entrance ho rahi hoti hy. Firewall ka apna
operating system hota hy or ussy manually configure kia jata hy taky wo network ko secure kar saky bahar k
network sy.
Filter?
Jitney bhi unwanted objects hoty hy jessy Viruses, Spam, Trojans unhy block kar dyti hy filtering k doran
network ko secure rakhti hy essu objects jo network k ley harmful hoty hy unhy network mai IN nahi hony dyti.
Types of Firewall:
1) Hardware base firewall
Hardware base firewall switch ki tarha hoti hy or ye available hy Cisco, juniper, or kuch 3rd party companies
example china ki but zada trustable Cisco firewalls hoti hy jo k worldwide use ki jati hy or hardware base
firewall bhut costly hoti hy.
2) Software base firewall
Jo companies hardware base firewalls nahi purchase kar sakti hy to wo software base firewalls ko purchase
karti hy or ye available hy KS per sky, Avira, Norton, NOD32, AVG & so on. But in sub firewalls my sy sub
sy zada trustable firewalls hy Microsoft ki jesy ISA or TMG ye firewalls operating system per installed hoti
hy or in my In Bound or Out Bound Roles create kiyee jaty hy. but hardware base firewalls kaffi strong hoti
hy as compare to software base firewalls.
NETWORK INFRASTRUCTURE
Network Infrastructure:
A network infrastructure is an interconnected group of computer systems. Network structure include this type
of devices like computers, Routers, cables, wireless access point, switches, backbone network protocol,
Network structure ye define karta hy k network kis structure py design hoga is my lagny wali devices kia hogi
un ki configuration kia hogi or wo sub connect ho k work kessy kary gi.
2.
3.
4.
5.
6.
7.
8.
9.
Leave the Product Key blank, and click Next. (Product key can be entered later.)
10.
Click NO.
11.
Select
the
edition
of
Windows-Windows
Server
2008
Enterprise(Full
Installation)and check the box I have selected the edition of windows that I
purchased.
12.
13.
14.
15.
16.
17.
18.
19.
System Restarts.
20.
21.
Click OK, (Users password must be changed before logging on the first time.)
22.
Enter the New Password and Confirm the password and Press Enter.
23.
24.
25.
Server Environment:
Server base environment eak essa environment hota hy jaha sary clients computer eak server k sath
connected hoty hy or sary user accounts us server sy hi managed hoty hy or sary hi client restricted hoty
hy.
In a workgroup:
Sary Computers peers my connected hoty hy or her computer pory network my independent hota hy.
Her Computer ka account khud sy ja k ussi computer per configure karna parta hy or wo account sirf ussi
computer tk limited rehta hy.
No restriction no policies.
No Security on network.
Workgroup Network mai user ko full rights hoty hy or kessi tarha ki koi bhi restriction nahi hoti.
In a domain:
Domain Environment mai Servers hoty hy jo k pory network my apni services provide kar rhay hoty hy.
Network Administrator us Server ko manage karty hy or pory network ko us server k through control
karty hy security and permission ko network my implement karty hy or network ko secure karty hy.
Domain environment may user account hammy kessi computer per configure nahi karny party hum sary
account eak hi jagga bhet k sirf apny Server per create karty hy or users wo account network may rehty
howy kessi bhi computer per login kar k apna kaam kar sakty hy.
Domain base network my network administrator network mai bhut sari policies ko implement karty hy
apny servers py or pher wo sari polices pory network my update hojati hy jis sy network secure or user
restricted hoty hy.
Server base network may user ko rights or permission ki base my access milta hy.
2.
3.
4.
Enter User Name (User1) and set Password, Confirm Password and click
Create.
5.
Verification:
1.
2.
3.
In the console tree, expand your domain MICROSOFT.COM, and then Right Click
4.
Specify the First name, and User Logon name and then click Next.
5.
Enter the Password and Confirm Password for the User account, click Next.
6.
Review the configuration settings for the User Account and then click Finish.
Verification:
1.
3.
Right click Computer Icon and click Properties and click Change settings.
4.
5.
Enter the user name Administrator and his Password, click OK.
6.
Welcome Message appears indicating that the computer was successful in joining the Domain.
7.
Click OK and click Close to close the System Properties dialog box. It will ask for restart, click
Yes.
8.
Verification:
1.
2.
WDS SERVER
Window Deployment Services is a Microsoft server technology jo use hoti hy network-based Window OS
installation k ley. Ye eak tarha ki remote installation services hi hy jis sy pory network my eak hi time per sary
computers per window ki installation ki ja sakti hy without any USB or CD/DVD Room. Is k ley hum network
my bs eak WDS Server create karty hy jis my hum window ki image file ko copy karty hy WDS .WIM file ko use
karta hy window installation k time WDS my hammy just window ki do files ko add karwana parta hy un k
folders ny 1) boot.wim 2) source.wim ye files add karny k bad WDS pory network my sary computers per eak
hi time window installation k ready ho jata hy. WDS is intended to be used for remotely deploying Windows
Vista, Windows 7, Windows 8, Windows Server 2008, and Windows Server 2012,
Active Directory
DHCP
DNS
NTFS partition for storing images
Client computers with PXE boot support or a Windows Server 2008 or later version of the Windows
Reinstallation Environment (Windows PE/WinPE)
Lets begin:
1. Open Server Manager and expand the Roles tree as illustrated below. In the right pane, click on Add
Roles.
2. In the Add Roles Wizard that appears, place a check in the checkbox for Windows Deployment Services and
click Next.
3. The next page of the wizard displays introductory information and notes regarding installing and
configuring Windows Deployment Services. Once you have read through the information, click Next to
continue.
4. The next page of the wizard displays the services that will be installed. Since this is your first Windows
Deployment Server, both the Deployment Server and Transport Server roles must be included (the Deployment
Server requires the Transport Server). Click Next.
5. The wizard displays a summary page requesting your confirmation. Click Install to confirm or < Previous to
go back and make any necessary changes.
6. The Installation Progress page does not display much useful information as Windows installs Windows
Deployment Services. In creating this documentation, I found the progress bar at about 15% for a minute or
two, jumped to where you see it in the graphic below for about a minute or two, and then moved on the
Installation Results page.
7. After the installation completed, the wizard displayed the Installation Results page. In total, the installation
my system took approximately 2-3 minutes. Your results may vary depending on server load and capability.
Click Close to close the wizard.
8. Return to Server Manager you should now see Windows Deployment Services listed under the installed
Roles.
9. As you can see, the Windows Deployment Services role provides a view of service status and events
related Windows Deployment Services, a link to the command line utility, WDSUtil.exe. You can use WDSUtil
to configure WDS, and links to resources and support for using WDS.
10. Click on your Start Menu and navigate to Administrative Tools and then select Windows Deployment
Services from the list. If prompted by User Account Control (UAC), click Continue. The Windows Deployment
Services Administrative Tool should appear similar to the graphic below.
11. Right click the server name and select Configure Server (as indicated in the graphic above). A wizard appears
and begins the process of walking you through the basic WDS configuration. The first page of the wizard is
below. Click Next to begin the Wizard.
12. The second page of the Wizard requests a location to store your images. I strongly recommend you DO
NOT accept the default C:\RemoteInstall path. Depending on your environment,
13. On the Wizard's third page, set the PXE Server Initial Settings to either Respond only to known client
computers or Respond to all (known and unknown) client computers.
14. The next page of the Wizard is a progress screen that show Windows Deployment Services Starting. While
the hardware you are using can impact the time it takes for this to complete, typically, it shouldn't be more
than 60 seconds.
15. The final page of the Wizard provides a checkbox to Add images to the Windows Deployment Server now.
If you have existing .WIM images you would like to load, or a boot image, you can do so by leaving the box
checked and clicking Finish.
16. Once the service is running and configured you should be able to access the Server components and
configure the Windows Deployment Service to deploy your images.
17. Define a boot image. The default Windows Server 7 or Windows 2008 R2 boot image boot.wim can be
used here. You can add the image from the Windows 7 DVD or the Windows Server 2008 DVD, found in
the sources folder on the DVD. (You can also use the one provided on the Vista or 2008 DVD.
18. The next page of the wizard asks for a name for the image and the image description. If you use the Windows
7 x64 boot.wim, the values default to Microsoft Windows Setup (x64) in both text boxes. You can change these
to whatever you prefer. For this example, we are leaving them as is. Click Next to continue.
20. As the wizard runs, you should see the progress bar move. Depending on the size of the boot.wim and
where you are loading it from, it should take anywhere from a few seconds to a few minutes to complete.
21. Upon completion, the wizard should indicate success and the Finish button should be
enabled. Click Finish to close the wizard.
22. Return to Server Manager and the Windows Deployment Services role. You should be able to click on
the Boot Images item under your server and see the image listed in the middle pane.
23. Once
has been
click on
name in
we right
the server
in
red
select Properties.
28. Click on the DHCP tab. Read this CAREFULLY. If you are using a NON-Microsoft DHCP server, you must
check the second option, Configure DHCP option 60 to PXEClient. If Microsoft DHCP is used AND it is
running from the WDS server, you must check both boxes for Do not listen on port 67 and Configure DHCP
option 60 to PXEClient. Otherwise, leave these settings unchecked.
Web Server:
WEB SERVER
Web Server eak server hy jo mostly use hota hy data centers k andar jaha multiples companies ki web sites un
web servers per store hoti hy hy taky hum un ki sites ko throw internet world wide access kar saky. Web sites
k pages stored hoty hy web server per jo access kiyee jaty hy multiple browser py throw HTTP. Browser
communicate karta hy webserver sy jo un websites k pages ko hammy show krta hy throw internet.
Web server at a time multiples browser or multiple user ko un sites sy connect kar sakta hy. Web server client
ki request per work karta hy or at a time web sites k same or different pages ko multiples users k screen per
view kara sakta hy. in cases my web server k hardware bhut hi important role play karta hy qk jitna strong web
server ka hardware hoga us ki processing or client ki request ka response utna hi fast hoga.
Web servers my do tarha k operating system installed hoty hy.
1) Microsoft Server OS
2) Linux Server OS
Most server todays operate linux server & most website are hosted on linux server because linux server is fast.
Common Software run all web Server
HTTP Server
: Send website pages
FTP Server
: Allow for Uploading files/Pages
Email Server
: Gather and direct send Emails on site domain
HTML
: Hyper Text Markup Language ye web site k pages create karny k default extension hy.
jo web pages ya content HTML py design kiyee jaty hy unhy access karny k ley web browser ka use kia jata hy.
Database Software
: Store information define in fields. Essential to the operation of the website itself. For
Example Ecommerce sites need to keep track of names, address, product information etc.
IIS Versions:
IIS 6.0
IIS 7.0
IIS 7.5
IIS 8.0
4. From the Select Server Roles Wizard step check the box labeled Web Server (IIS) and click Next to
continue.
5. After reviewing the Web Server Installation introduction, click the Next button to begin selecting the role
services to install.
6. The role services selected in the left column are the default for a new Server 2008 installation. In order to
install a web server with the functionality outlined in this exercise, check the boxes for the role services
selected in the right column.
Note: The role services selected in this exercise may differ from your requirements. Feel free to explore the
descriptions of the role services and select or deselect the features you see fit.
7. After checking the box labeled Application Development, you may be prompted to add the .NET
Environment, if it is not already installed. Click the Add Required Features button to continue selecting role
services.
8. Once you've completed selecting the role services to install for your web server, click the Next, button to
proceed.
9. Review the installation selections and confirm them by clicking the Install button. The Add Roles Wizard
will then perform the installation of the selected role services.
10. When the wizard is finished installing the roles, review the installation results and click the Close button
to complete the installation.
Right click on Site on IIS Server and click Add web site.
Type your site description Name, IP address & default IIS Root Folder which contain your site and press OK.
Now goto Default documents and add the page of your Site.
NOTE:
First you goto the default IIS root Folder which is (%systemDrive%\inetpub\wwwroot) & create notepad file
enter the some text save file and change the extension .HTML so that your web site open or browser. And same
name file you Add in your IIS Server Default Document location type the same name & .HTML format click
add now you can check your site throw IP address. Open browser type your server IP address and your site will
appear in your browser.
Forward lookup zone > click on domain name and right click on side panel and click new host (A or AAA) and
is ko fill kary gy oper www or nechy domain ka IP address and click add host.
TERMINAL SERVICES
Terminal Services:
Remote desktop services known ad terminal service in window server environment. Terminal services like eak
server py application installed hoti hy or pher clients us server per rakhi application ko apny computer sy
remote ly k use karty hy. Terminal means eak pipeline jis k throw clients us server per rakhi application ko
worldwide use kar satky hy. Is my server eak centralized location per hota hy or sari processing bhi server py
hoti hy sara data bhi server per hota hy or sary clients us application ko terminal services k throw apny
computer per access karty hy.
Remote desktop bhi same essi tarha work karta hy per remote desktop or terminal services my difference ye hy
k remote desktop ko use karty howy hum eak computer ka hi access ly sakty hy per terminal services my bhut
sary log eak sath us server per login kar sakty hy or us application ko use kar sakty hy.
Terminal service
: ye role installed karny sy haamary server my terminal server installed hojata
hy.
TS Remote App
: ye eak essa role hy jis k throw hum apny terminal server py application ko
manage and share karty hy taky clients un application ko access kar saky.
TS Licensing
: ye role help karta hy licensing ko manage karny k ley but terminal services 120
days k free licensing k sath aata hy hum ussy phly use kar check kar sakty hy.
TS Session Broker : ye role jab kaam karta hy jab hum load balancing ya fault tolerance provide
karna chty hu. Is ka benefit ye hy k jab hamary do ya do sy zada terminal server run hu tu un my sy
koi eak down hojaye to dosra server us ki services provide karna start hojaye. Or agar session kessi
dosray server k sath banny to wo session wohi sy start ho jaha wo session break howa tha to TS
Session Broker is tarha k cases my help karta hy.
TS Web Access
: is role k throw hum apni application ko web browser k throw bhi access kar
sakty hy.
TS Gateway
: Help karta hy jo log remotely bahar sy access karty hy hamary private network
ko us k sath connect hony my.
The first step is to install Terminal Services on the Terminal Services computer.
Perform the following steps to install Terminal Services and Terminal Services Licensing:
1.
On the Terminal Server computer, open the Server Manager. In the Server Manager, click on the Roles node
in the left pane of the console.
2. Click the Add Roles link in the right pane of the console.
Figure 2
Figure 3
Figure 4
7. Click Next on the Uninstall and Reinstall Application for Compatibility page.
8. On the Specify Authentication Method for Terminal Server page, select the Require Network Level
Authentication. We can select this option in our current scenario because we are using only Vista SP1 clients
to connect to the Terminal Server through the TS Gateway. We would not be able to use this option if we
needed to support Windows XP SP2 clients. However, you should be able to support Network Level
Authentication with Windows XP SP3. However, I have not yet confirmed this, so make sure to check the
release notes on Windows XP SP3 when it is released later this year. Click Next.
Figure 5
9. On the Specify Licensing Mode page, select the Configure later option. We could select an option now, but I
decided that we should select Configure later so that I can show you where in the Terminal Services console
you configure the licensing mode. Click Next.
Figure 6
10. On the Select Use Groups Allowed Access To This Terminal Server page, use the default options. You can add
or remove groups if you want finer tuned access control over the Terminal Server. However, if all of your users
will be going through the Terminal Services Gateway, then you can control who can connect to the Terminal
Server using the TS Gateway policy settings. Leave the default settings as they are and click Next.
Figure 7
11. On the Configure Discovery Scope for TS Licensing page, select the This domain option. We select this option
in this scenario because we only have a single domain. If you have a multi-domain forest, you might consider
selecting the The forest option. Click Next.
Figure 8
12. On the Confirm Installation Selections page, check the warning information indicating that you might have to
reinstall applications that were already installed on this machine if you want them to work properly in a
Terminal Services session environment. Also note that IE Enhanced Security Configuration will be turned off.
Click Install.
Figure 9
13. On the Installation Results page, you will see a warning that you must restart the server to complete the
installation. Click Close.
Figure 10
14. Click Yes in the Add Roles Wizard dialog box that asks if you want to restart the server.
15. Log on as Administrator. The installation will continue for a few minutes as the Installation Progress page
appears after the Server Manager comes up.
16. Click Close on the Installation Results page after you see the Installation succeeded message.
Figure 11
17. You may see a balloon telling you that Terminal Services licensing mode is not configured. You can dismiss
that warning, as we will next configure Terminal Services Licensing and then configure the licensing mode on
the Terminal Server.
Figure 12
Goto start then administrative tool > Terminal services > Terminal Services configuration
Click RDP-TCP and goto property.
In general tab just uncheck the network level authentication.
Remote desktop:
Remote desktop k throw my multiples computers ka desktop lo remote ly k ussy as a list wise manage kar sakta
hu. Is my hammy un sary computers k connections khud sy first time configure karny party hy un computers
ki IP address dy k.
From the Administrative Tools menu, click the Terminal Services menu and then click on TS Licensing
Manager.
2. In the TS Licensing Manager console, right click the server name in the left pane of the console. Click on
Activate Server.
Figure 13
Figure 14
5. On the Company Information page, enter your company information and click Next.
Figure 15
6. Enter optional information if you like on the Company Information page. Click Next.
Figure 16
7. On the Completing the Activate Server Wizard page, make sure that the Start Install Licenses Wizard now
option is checked. Click Next.
Figure 17
8. Click Next on the Welcome to the Install Licenses Wizard page.
9. On the License Program page, click the down arrow on the License program list and pick the license program
that you participate in. In this example I will select Other agreement since this lab is not participating in any
license program. Click Next.
Figure 18
10. On the License Program page, enter your Agreement number. In this example well just enter 1234567. Click
Next.
Figure 19
11. On the Product Version and License Type page, select the Product version, License type and Quantity that fits
the needs of your environment. In this lab setup, we are using Windows Server 2008 Terminal Servers, so we
will select Windows Server 2008. We will use per user CALs in this example network, so we will select Windows
Server 2008 TS Per User CAL. And we will enter 50 in the Quantity text box. Click Next.
Figure 20
12. Click Finish on the Completing the Install Licenses Wizard page.
On the Select Features page, put a checkmark in the Desktop Experience checkbox. Click Next.
Figure 21
2. Click Install on the Confirm Installation Selections page.
3. On the Installation Results page, read the warning information that you must restart the computer to finish
the installation process. Click Close.
4. Click Yes in the dialog box asking if you want to restart now.
5. Log on as administrator. Installation will resume and take a few minutes, so be patient.
6. Click Close on the Installation Results page, which shows that the installation was successful.
From the Administrative Tools menu, click the Terminal Services entry and then click Terminal Services
Configuration.
2. In the middle pane of the Terminal Services Configuration console, double click Terminal Services Licensing
mode.
Figure 22
3. In the Properties dialog box, select the Per User option for the Specify the Terminal Services licensing
mode option. Select Automatically discover license server for the Specify the license server discovery
mode option. Click OK.
Figure 23
4. Click the Licensing Diagnosis node in the left pane of the console. In the middle pane you will see details for
the licensing configuration for this Terminal Server.
Figure 24
ACTIVE DIRECTORY
Active Directory:
AD hamary groups ka users ka resources or (Share folder) ka services ka 1 data base hy or in sub chezo ko AD
my hum objects k naam sy janty hy. Yani k users services ye sub chezzy object kehlati hy or inhi sub ka
collection ko hum Active Directory kehty hy.
Multimaster authentication
User kahi sy bhi khud ko network my login kar sakta hy
Signal point of access
Ability to create trust relationship in UNIX type of operating system
2) Server Core
Server Core eak lightweight version hy jo k command base hy GUI nahi hyor is ki security bhut storng hy.
Domain:
Domain eak essa computer hota hy jo k network mai apni services provide karta hy domain mai active
directory install hoti hy jis my users or is authentication ka sara database hota hy.
Tree:
Tree mai network hierarchal way may hota hy or ye eak essa object hy jo khud mai or bhi objects ko contain
kar sakta hy. Tree eak ya eak sy zada domains ka collection hota hy jin k bech may relation or trust hota hy
jessy k parent child relationship. Or tree may hamara eak headquarter or baki sub us ki branches tree ki
shapes mai hoti hy. Essy tarha jo hamar phla domain banta hy wo parent domain kehlata jessy hum forest
Root bhi kehty hy qk waha sy forest ki shorwat hy or us k bad baki k domain child domain kehlaty hy or in
shbhi ka same NAME SPACE my honaa lazmi hy. Same namespace matlab jessy k hamara parent domain
ka naam hy Microsoft.com to baki k child domain k name bhi is sy related hona chyee jessy k
Sales.Microsoft.com or Accounts.Microsoft.com.
Forest:
Active Directory Forest hamary network mai sub sy bara object hota hy jis may bhut sary Trees hoty hy. Or
Trees ka collection hi hamara forest kehlata hy.
2) Leaf Object
Leaf object wo hoty hy jo khud mai koi or object contain nahi kr sakty. Jessy k User, Computer, Printer etc.
attributes allag hongy user k alag alag hongy computer k aalag hongy suppose printer mai us printer my us
printer ki information, user my us ka naam, or Comptuer mai us computer ka name password and anything.
In attributes mai bhi kuch attributes required hoty hy or kuch nahi jessy user ka first name required hy or
last name ap blank bhi rakh sakty hu wo required nahi hy.
Active Directory Schema is a combination of object classes and object attributes.
Types of Trust:
Parent Child Trust relationship:
Parent domain or child domain k bech Parent child trust relationship hoti hy or ye (Two way transitive
Trust hota hy) matlab k agar server A, server B my trust karta hy to serve B, bhi server A py trust kary ga ye
trust donu taraf k relations ko developed karta hy.
Shortcut Trust:
Jessy k hamary different trees k bech mai relationship hota hy to un k child domain agar communicate
karna chayee tu unhy pory Forest ko domain sy ho k query agye forward karni parti hy jis mai delay time
zada aata hy to is tarha jim child domain k bech my query time zada aye waha hum Shortcut trust un k
bech mai banna sakty hy is sy un ki query pory forest may nahi ghomy gi sir ussy domain direct forward
hojaye gi jaha ye shortcut trust network administrator ny create kia hoga. Or ye (Two way nahi hota- one
way transitive hota hy) matlab k agar server A server B py trust karta hy to ye lazmi nahi hy k server B bhi
server A per trust kary.
External Trust:
Essy domain jinhy Microsoft ny ab apni services dyna band kar do hy jessy k Windows NT, yaw o window
2000 bhi ho sakta hy essy domains k bech my jo trust banta hy ussy hum External Trsu kehty hy. Or ye
(Two way nahi hota- one way transitive hota hy)
Realam Trust:
Ye trust hamy help karta hy UNIX or LINUX type k operating system k bech trsut relationship developed
karny may. Or ye (Two way nahi hota- one way transitive hota hy)
Domain Controller:
Domain Controller network ko centralized manage karny k ley create kia jata hy jis computer mai window
server os Active Directory install ho us computer ko hum Domain Controller kehty h or us computer sy hi
hamara network or users ka sara database manage ho raha hota hy.
FSMO Roles:
Flexible Single Master Operations (FSMO) ya essy kuch documents my operational Master bhi kaha jata
hy. FSMO roles ko five categories may divide kiya gaya hy.
1) Schema Master
2) Domain Naming Master
Ye do (2) Role Forest wide hoty hy.
3) Relative Identifier (RID Master)
4) Primary Domain Controller PDC Emulator
5) Infrastructure Master
Ye Teen (3) Role Domain wise hoty hy.
FSMO Role mai do category hoti hy (1) Forest wide Role (2) Domain wide Role. By default ye pancho Role
hamary first domain controller my create hoty hy jab bhi hum apny network mai first domain controller
banaty hy to us py ye pancho Role AD k sath installed hoty hy or agar us k bad hum koi or domain create
karty hy apny network mai jessy Additional Domain Controller (ADC) ya child domain create hota hy to bs
baki k 3 Role jo domain wise hy wo us domain my shift ho jaty hy.
:
:
4) PDC Emulator:
Primary Domain Controller per jab bhi password change kia jata hy to wo sub sy phly PDC Emulator k pass jata
hy is ki changes hammy foren hi pata laga jati hy qk jab kabhi hum domain mai login karty hy or authentication
fail ho jati hy tu sub sy phly concern kia jata hy PDC Emulator server ko jo password ko manage karta hy or
authentication provide karta hy.
Suppose k hamary environment mai bhut sary domain controller hy or sub appas my replication method ko
follow karty hy to agar essy may kessi user nai apny computer ka password change kia to ye changing us waqt
tk sirf kessi eak hi domain controller per hi hoi hogi jis domain mai wo user exits karta hy or is changes ko
hamary pory Active Directory environment mai replicate hony mai kuch time lagye to us time agar hum waha
sy logout ho k kahi or login hongy tu ye jo changes hy aagar pory environment my replicate nahi hoi hogi kessi
bhi wajja sy to authentication failure ka Error dyny sy phly hamary environment k sary domain sub sy phly
concern karty us domain controller sy jis py PDC Emulator hold hota hy pher waha sy baki k domains us user
ki query k according us ke ki hoi changes ko update karty hy or pher us user ko login karty hy. Or PDC Emulator
Rule hamary network mai bhut hi Important Task perform karta hy.
Us k elawa ye eak task or perform karta hy k network mai jitney bhi domain controller hy wo sub apny time
ko set karny k ley PDC Emulator waly domain controller sy concern karty hy or us Domain controller k time
ko synchronize karty hy taky network py sary domains per eak jessa hi time rahy.
In short:
User jab bhi apna password change karta hy ya domain my login hota hy to sary doman PDC Emulator waly
domain controller sy concern karty hy or ye inform karty hy k kahi is user ka password tu change nahi howa ya
koi or changes tu nahi hoi agar hoi hoti hy to wo us changes ko apny domain mai update karty hy or us k bad
user ko login karty hy. Is k elawa PDC Emulator hamry network mai sary domains per same time rakhny ka bhi
responsible hota hy.
5) Infrastructure Master:
Suppose k hum ny eak group banaya hyor us group mai hum ny aalag aalag domain k users ko ya groups ko
rakha hy or kessi tesray yani kessi or domain mai rakhy resource ko access karna chaty hy to in sub chezu ki
referencing jo karta hy in chezu ko jo manage karta hy wo hy hamara infrastructure master. Jab hamary users
ya group kessi eak domain sy kessi dosray domain mai move karty hy tab ye rule us ki referencing karta hy us
k SID number sy. Agar hamara wo domain down hojaye jis py ye rule installed hy tu hamary eak domain k users
kessi dosray domain k resources ko access nahi kar saky gy.
In Short:
Group sy user or User sy Group ki jo mapping ka kaam hy wo kaam infrastructure master perform karta hy in
multiple domain environment.
Note:
Infrastructure master rule essy domain py installed nahi hona chayee jis py Global Catalog installed hu.
2.
3.
Figure 1
So much for introductions! The installer gives you the option to Install now. Lets do it.
Figure 2
The .iso file actually has all the versions of Windows Server 2008 R2 on it and we can choose the option we want
to install here. Note that you can even install the Server Core versions from here. I would rather pull a bobcats tail
while in a phone booth with that cat, so we would not be doing a core installation. Let us choose the Windows
Server 2008 R2 Enterprise (Full Installation) option and click Next.
Figure 3
Put a checkmark in the I accept the license terms checkbox on the license terms page and click Next.
Figure 4
Which type of installation do you want? Honestly, I want one that works and does what I tell it to do, but that is
not a choice here. This is a clean install, so the upgrade option does not make sense. Click the Custom
(advanced) option. Notice that there is no Next option on this page, just to throw you off a little bit.
Figure 5
Here you decide where you want to install the system files (which used to be called boot files in the past, but the
new crew of Microsoft engineers did not take the Windows NT 4 MCSE training, so they do not know that with
Windows NT based system and above, you boot the system files and you system the boot files). I created a 24 GB
dynamic virtual disk file for the OS which will be more than enough room. Remember, with dynamic disk files
they only use the space they need they do not fully allocate all the space until it is needed.
Click Next.
Figure 6
Yay! Installation is starting and it is going to take a very long time. Give it an hour or two and come back and see
what happened on your own installation.
Figure 7
During first log on the installer will ask you to create a password. Click OK when you see the display as it appears
below.
Figure 8
Enter a password and confirm the password and do not click OK (because there is no OK to click). Instead, click
that arrow thing that does not have a name, which sits to the right of the confirm password text box.
Figure 9
Very good! The password has been changed. Click OK.
Figure 10
You might remember the Initial Configuration Tasks windows if you used Windows Server 2008. If you have not
used Windows Server 2008 and are moving up from Windows Server 2003, the Initial Configuration Tasks window
provides you access to many of the things you need to do once the operating system software is installed. After
looking at some of the options in this window, you might notice that many of the options that you configured
during installation for earlier versions of Windows are now configured here. The goal
was to make for fewer inputs during installation and leaving them for the end. Very nice!
Figure 11
From the Initial Configuration Tasks window, I will set the following:
Set time zone
Configure networking
Provide computer name and domain
I will take care of the other stuff once I get this machine an IP address on the network. I will rename this
computerFFWIN2008R2DC, since this is going to be a domain controller in my FFLAB domain. FF is short for
Forefront as well be doing a lot of Forefront testing on this lab network. The IP addressing information is:
IP address 10.0.0.2
Default Gateway 10.0.0.1
DNS 10.0.0.2
WINS 10.0.0.2
Sure, we probably will not need WINS much, but you never know, and it is not like it is going to suck up a lot of
memory or processor cycles in the lab environment. The default gateway will be a TMG 2010 firewall which we
will install in a later article.
Now go to the Start menu and type dcpromo in the search box. You will find it in the list as shown in the figure
below. Click dcpromo.
Figure 18
This starts the Welcome to the Active Directory Domain Service Installation Wizard. We do not need advanced
options in this scenario, so just click Next.
Figure 19
On the Operating System Compatibility page, you are warned that your NT and non-Microsoft SMB clients are
going to have problems with some cryptographic algorithms used by Windows Server 2008 R2. We dont have
this problem on our lab network so just click Next.
Figure 20
On the Choose a Deployment Configuration page, select the Create a new domain in a new forest option. We do
this because, of all reasons, this is a new domain in a new forest :)
Figure 21
On the Name the Forest Root Domain page, enter the name of the domain in the FQDN of the forest root
domaintext box. In this example we are going to name the domain fflab.net. That is short for Forefront Lab. You
can name it whatever you like, but if you use a name that is already in use on the Internet (that is to say, a name
that has already been registered, then be aware of potential split naming issues). Click Next.
Figure 22
On the Set Forest Functional Level page, select the Windows Server 2008 R2 option (not the Windows Server 2003
option you see in the figure below). We want to select the Windows Server 2008 R2 option so that we can take
advantage of all the cool new features included in Windows Server 2008 R2. Click Next.
Figure 23
On the Additional Domain Controller Options page, we have only a single choice: DNS server. The Global catalog
option is checked and not an option because this is the only DC so far in this domain, so it has to be a Global
Catalog server. The Read-only domain controller (RODC) option is deselected because you have to have another
non-RODC on the network to enable this option. Select the DNS server option and click Next.
Figure 24
A dialog box will appear that says that a delegation for this DNS server cannot be created because the authoritative
parent zone cannot be found or it does not run Windows DNS server. The reason for this is that this is the first DC
on the network. Dont worry about this and click Yes to continue.
Figure 25
Leave the Database, Log Files and SYSVOL folder in their default locations and click Next.
Figure 26
On the Directory Service Restore Mode
the Password andConfirm password text boxes.
Administrator
Figure 27
Confirm the information on the Summary page and click Next.
Password,
enter
strong
password
in
Figure 28
Active Directory will install. The first DC installs pretty quickly. Put a checkmark in the Reboot on
completion checkbox so that the machine automatically reboots when DC installation is complete.
Figure 29
The machine will automatically restart since we selected that option. The installation will be complete when you
log on. If I recall correctly, with Windows Server 2008, there was some configuration that took place after you
logged on, but that is not happening with Windows Server 2008 R2.
The DNS service was installed during Active Directory installation, so we do not need to worry about that. There
are several other services we want to install on this domain controller. These include:
DHCP
WINS
Enterprise Certificate Services
Unfortunately, only DHCP and Certificate Services are considered roles. The WINS service is considered a
feature. I suppose they had a reason for this, but I was not at that meeting and did not get the memo.
You must have administrative credentials on the existing Active Directory domain to add an additional
domain controller. You can configure the server as a member of a workgroup or as a member server
within the existing domain. Here, I configure as a member server within the existing domain
2. Click Start and then click Run. In the Run dialog box type dcpromo and then click OK.
3. The dcpromo command will automatically install the relevant files on the computer prior to beginning the
domain controller promotion process. This dialog box will start checking if Active Directory Domain Services
binaries are installed, then will start installing them.
4. On the Welcome To The Active Directory Domain Services Installation Wizard page, click Next.
5.
6. On the Choose a Deployment Configuration page, select Existing Forest and then select Add A Domain
Controller To An Existing Domain, and then click Next.
8. On the Select a Domain page, Select a domain for this additional domain controller page, and then click Next
9. On the Select A Site page, select the site in which you want to locate the domain controller and then click
Next
10. On the Additional Domain Controller Options page, select additional installation options for the domain
controller and then click Next
11. On the Active Directory Domain Services Installation Wizard page, you can ignore this warning and click Yes
to continue.
12. On the Location for Database, Log Files, and SYSVOL page, accept the default settings and then click Next
13. On the Directory Services Restore Mode Administrator Password page, type and confirm the password, which
can be different from the domain Administrator account password.
14. On the Summary page, review the selections and then click Next to begin the installation.
15. On the Completing the Active Directory Domain Services Installation Wizard page, click Finish
16. You are then prompted to restart the computer, click Restart Now to reboot.
17. After Restart the server verify an Additional Domain Controller Installation:
Open Active Directory Users and Computers
Open DNS Manager
Open Active Directory Sites and Services
Summary:
For load balancing and fault tolerance purposes, its often a good idea to install Active Directory on more than
one sever in a Windows Server 2008. When you install Active Directory on an additional server in a Windows
Server 2008 domain, you create an additional domain controller for that domain.
CHLID DOMAIN:
Concept of child
Jab hammy apny network ko hierarchy way my desing karna hota hy tu waha hum child domain ko create karty
hy kahi jaga per child domain ko sub domain bhi kaha jata hy bur Microsoft recommend karta hy is term ko k ap
essy child domain hi kahye.
Domain environment my child domain use ho sakta hy jaha per different braches hu ya different departments hu
jaha domain us particular depart ko dedicate kar diya jayee but wo hamary parent domain ka hi part hu jessy
networks.com ye eak parent domain hy so agar hamy is ka child domain create ho tu us ka naam kuch tarha hoga
like sales.networks.com ya mail.networks.com same ussi tarha jessy Google apny child domain ko use karta hy like
google.com or mailing k ley mail.google.com ye network ki situation per k waha child domain kaha or kis purpose
k implement karna hy.
Once all above are done start the dcpromo wizard by Start > Run > dcpromo. Then click on next to
continue.
Then it will give message about the OS and compatibility. Click on next to continue.
The next step is important. In here it will give opportunity to select what kind of setup we need with AD. So
as per requirement we will need to use existing forest but create new domain controller in existing forest.
After selecting those options click next to continue.
In next window we can input the details about the existing forest. As per setup its sprint.local and specify
In next wizard it asks for the sub domain name. here the parent domain will be sprint.local and subdomain
In next window it will ask to select the site. As I explain here I will not be go for different sites setup. I will be
using one site setup. Select the default and click on next to continue.
In next window we need to select to make it as global catalog server and dns server. It will give
opportunity to each department to handle the login requests as well as dns queries.
Next window is to define recovery password, once create a password click on next to continue.
In Primary domain controller under Active Directory Sites and Services we can see the newly added Test2
DC.
IP ADDRESSING
IPv4 Addressing:
IP address means k Ager hum apny kessi computers ko Network k sath connect karna chty hy or chty hy k wo
computers appas my data bhi share kary eak dosry k sath to waha hammy hamary computers ki identity chyee
hogi us ki source location or destination location ka computer ko pata hona chyee taky then wo destination
computer sy communicate kar saky. Example Jessy k hummary mobiles phones agar hummay kessi sy bat karni
hoti hy to hammy us person ka number chayee hota hy jis sy hammy bat karni hu Right. To same essi tarha hamary
computer ko bhi numbers chaye hoty hy taky computers appas my communicate kar saky so yaha hum computers
k number k ley IP address ka use karty hy jo un computers k ley un ka number ka kam karti hy or computers ko
network sy connect kar k data shearing or communication provide karti hy.
IP Version 4
2)
IP Version 6
Range of IP address:
IP Address
Network portion
Host portion
Class A
1 to 126
Class B
Class C
N.N.N.H/8 28
Class D
224 to 239
Class E
240 to 255
255.0.0.0/8
= 256
bit ka hota hy to agar hum Class A ki IP ko Use kary or is k sary octet k bits ko open kar dy to IP hammy kuch is
tarha dekhy gi 11111111.00000000.00000000.00000000 jis my network ka portion 1 hoga or host k portion 0 hongy to
ab agar my 1 ki powers nikalo in numbers ko calculate karny k ley like kuch is tarha sy
2P7P.2P6P.2P5P.2P4P.2P3P.2P2P.2P1P.2P0P to in ki powers calculate karny k bad final result kuch Is tarha aaye ga
128.64.32.16.8.4.2.1 so ab agar my in sub ko plus karo to mery pass in ki total value 255 aye gi jabhi ye IPv4 ka
Maximum Number hy is k bad koi bhi IP use nahi karty or essi ley jo network portion hota hy ussy hum 255 sy
represent karty hy or hamara subnet mask bhi essy sy represent hota hy.
Subnet Mask:
Subnet Mask represent hota hy hamary networks k ley k hum kon sy Network ki IP ko Use kar rahy hy agar Class
A ki IP hy us my sirf 1 Network Portion hy to uska Subnet Mask hota hy 255.0.0.0 or Class B my 2 Network Portion
hoty hy to us ka Subnet Mask hota hy 255.255.0.0 or Class C my 3 Network portion hoty hy to Class C ka Subnet
Mask hota hy 255.255.255.0 to subnet hammary Network ko represent karta hy k hum kon sy network ko use kar
rahy hy. Or essi tarha ye Router ko bhi help karta hy Broadcasting rokny k ley jessy hi kessi 1 network ki Broadcast
Router k pass jati hy to Router sub sy phly us IP ka Subnet Mask check karta hy agar wo Subnet Mask us k dosray
interface sy connect Network sy match hota hy to Router ussy agye Forward kar dyta hy Or agar Subnet Mask same
nahi hota to wo Broadcasting ko wahi rok dyta hy. Qk us ka Subnet Mask kessi or network ka hota hy.
Essi ley Class A ki jo IPs hoti hy us my Network portion 1 hota hy or baki k portion Host portions hoty hy jo k
computers k ley use hoty hy to network portion 1 matlab 8 bit full hy essi ley hum Class A ki Ip ko /8 ka Subnet
Mask bhi khty hy or Class B ki IP my 2 Portion full to hum ussy /16 ka Subnet Mask khty hy or or Class C k Subnet
Mask ko hum /24 ka network khty hy qk us my 3 Network portion use hoty hy so 8 multiply by 3 its equals to 24.
WildCast Mask:
Wildcast mask opposite hota hy subnet mask ky jaisy k hum subnet mask my 1 bit ko count karty hy or 0 bit ko
ignore karty hy essi tarha hum wildcast mask my 0 bit ko count karty hy or 1 bit ko ignore karty hy. Wildcast mask
my 0 bits check hoty hy or 1 bit ignores hoty hy.
Class A ka Subnet Mask 255.0.0.0 hota hy so is Wildcast Mask mai 255 1 portion hy matlab ye 1 hy jo subnet mask
my count hota hy to wild cast k ley my 255 ki jaga 1 sy ussy 0 kar dy ga or bakki ki 0 bits ko 1 kar dy ga qk wildcast
mask opposite hota hy subnet mask k. So Class A ka Wildcast Mask banny ga 0.255.255.255 opposite of subnet.
Class B Subnet Mask 255.255.0.0 Wildcast Mask 0.0.255.255
But kabhi kabhi hummay is tarha ka bhi subnet dekhny ko milta hy like 255.192.0.0 to is condition my hum is mask
ka wiladcast mask nikalny k ley is mask ko minus karaty hy Globally subnet mask sy jo hy 255.255.255.255 so
255.192.0.0 minus 255.255.255.255 so wildcast mask aye ga 0.0.63.255 essi tarha 1 or example like mask hy
255.255.128.0 so again minus this mask into globally mask like 255.255.255.255 minus 255.255.128.0 so wildcast mask
is 0.0.127.255 as simple.
Subnet CIDR:
Hum jo subnet mask is tarha leakhty hy like /8 ya /16 to is tarha k mask ko CIDR matlab (Classless Inter Domain
Routing) khty hy.
Network hy to waha my Class B ki IP ko use kar loga or agar Large Network hy to waha my Class A ki IP ko use
karu ga. Wo kessy? dekhy Class A ki my Network portion hoty hy 1 so us ka network portion howa hy /8 baki k jo
3 portion bachy us ka host portion howa /24 ye howa Class A ka Host portion so agar ap 2 ki power logy 24 so result
aaye ga (16,277,216) to hum Class A ki IP ko use karty howy itny computers ko IP assign kar sakty hy After
subnetting to essi ley Class A use hoti hy Large network k ley. Or Class B my 2 Network Portion hoty hy /16 so pher
hammy 2 Host portion milty hy /16 so 2 ki power 16 so result aaye ga (65,536) to Class B ki IP ko use karty howy
hum itny Computers ko IPs assign kar sakty hy or Class C my hoty hy 3 Network Portion /24 so host portion k ley
bachty hy just /8 so 2 ki power 8 so result aaye ga (256) to Class C ki IP ko use karty howy ap itny Computers ko
IPs dy skaty hy. Essi ley Class C Small network k ley use kia jata hy qk us my computers ki Range bhut kam milti
hy to IANA ny ye Classes is ley bannai taky hum apny Network k mutabik Ussi Class ki IP ko use kar sakky.
Class A
10.0.0.1
to
10.254.254.254
(1
Network)
2)
Class B
172.16.0.0
to
172.31.254.254
(15
Network)
3)
Class C
192.168.0.0
to
192.168.254.254
(254
Network)
So IANA na unhi IPs my sy kuch IPs ko Private k ley reserve kar diya or kuch IPs ko Public k ley reserve kar diya.
To Jab tak ap apny local network k indar hi communication kar rahy to tab to ap private Ip ko hi use kar sakty hu
qk wo internally communication k ley use ho rahi hy per jab hum internally communication sy nikal kar Externally
communication matlab out of the office kessi or branch sy ya kessi or Network ya internet ko access karna chahu
gy to waha hammy public IP ki required hogi jo hammy online connectivity provide kary gi.
DNS CONCEPT
Domain Naming Services (DNS):
It resolve the Name into actual Computer or Domain IP Address. DNS Name to IP or IP to Name ki resolving
karta hy.
Technical Detail:
Suppose hamary mobile mai bhut sary Contact number hoty hy tu hum unhy easily find karny k ley k ye number
kis ka hy hum us number k sath us person ka Name lekh dyty hy jis ka wo number hota hy tu is sy hammy us ka
pora number yaad karny ki zarorat nahi hy hum just hum us k name ko yaad rakhty hy jo k hamary ley easy hy
back py us ka number kia hy hammy ye yaad nahi rakhna parta to is k back py koi tu essy technology hy jo Name
ko us person k number k sath map kar rahi hy. Tu same essi tarha aaj bhut sari websites available hy tu or hammy
bs us k name pata hoty hy like Google, Yahoo, Twitter or bhi laakho website hy. As we know that internet per eak
protocol run hota hy jessy hum kehty hy TCP/IP to her web site py I mean her domain ko eak IP assign hoti hy jis
sy hum us website ko internet py access kar patty hy so Domain Naming services ya Server eak essi services hy jis
sy hammy us website ya us server ki IP address yaad nahi rakhni parti hum just us website ya domain ka name
yaad rakhty hy or name sy us domain ya website ko call karty hy like www.google.com is k back py kia IP address
work kar rahi hy ye yee hammy janny k zarorat nahi hy. Aagar DNS na hota tu hammy www.google.com ki jagha
us ka ip address like 10.10.10.127 lekhna parta or jitni bhi websites internet per hoti hammy un sub sites ki IP address
ko yaad rakhna parta or un ki IP address sy hi un sites ko access karna parta jinhy my use karna chata hu. To DNS
hamari aasani k ley kehta hy k aap mujhy IP na dy ap mujhy sirf name bata dy IP address my khud resolve karloga
so simple DNS Name to IP address or IP Address to name ki resolution k ley responsible hota hy.
Key Notes:
1)
2)
3)
4)
DNS Structure:
DNS ka Structure Hierarchal or Distributed hota hy or ye Root Domain sy work karna start karta hy. Jab bhi hum
koi web site open karty hy to us ki request/query jati jy Root Server ya top level server k pass jo k responsible hy
like .com .pk .org .in is tarha k top level domain apny apny zone k ley responsible hoty hy.
DNS Working:
Jab hum internet per koi site access karty hy to backhand py DNS work karta hy jo k us server ki IP address jaha
hamari sites hosts hoti hy us server ki IP Address ko resolve kar dyta us site k name k sath. Jab hum internet py
type karty hy google.com so us ki query phly root domain ko send hoti hy waha DNS hamary top level domain ko
search karta hy k wo .com hy ya .net then hum ny .com search kia tha tu .com hamari DNS query ka rply karta hy
then again direct ye query send hoti hy .com server k pass k google k domain ki IP address kia hy then .com server
us query ka rply karty howy hamary computer ko us google.com server ka IP Address provide karta hy. then again
eak query send hoti hy .com server k hammy www.google.com server ka IP address provide kary then .com server
apny record my www.google.com server ki entry ko check karta hy or hamary computer ko us query k rply
google.com server ki pori IP Address provide karta hy or google.com is site k name ko wo us server ki IP address k
sath resolve kar dyta hy jis sy hum sites k name sy google.com ko access kar paty hy or process bhut hi fast hota
hy jis sy kuch hi seconds my site k name type karny k bad hamari site web browser per open hojati hy.
DNS Query:
Jab bhi koi computer kessi site ki IP Address janny k ley query send karty hy tu ussy hum DNS query kehty hy.
DNS ki query ko hum 3 types my divide kar sakty hy.
1) Reverse Lookup
jab ap k pass IP Address hu or ye pata lagana hu k wo IP Address kis host ki hy tu waha Reverse Loop Query
use hoti hy. or baki ki do queries name sy IP Address ko resolve karny k ley use hoti hy.
2) Recursive Query
Is Query my DNS Server ny client ko ye batana hota hy k us k pass uski request query ka record hy ya nahi or
agar hy tu us ka IP Address kia hy. or is type ki query my DNS server is query ko kessi or DNS Server per forward
nahi kar sakta. Recursive Query zada tar personal computers ya laptop essi tarha k devices DNS Server ko send
karty hy.
3) Iterative Query
Is Query my DNS Client chata hy k ussy best possible answer provide kiya jaye is os query my DNS Server kessi
dosray DNS Server ko ye query send kar sakty hy or ye process jab tk chalta rehta hy jab tk timeout condition
na aajayee. Is tarha ki query ko Walking the tree bhi kaha jata hy.
DNS Zone:
DNS Server ki database aasani sy manage hu saky essi ley essy kuch partitions my divide kar diya jata hy jinhy hum
DNS Zone kehty hy. eak zone jis my sirf top levels domains ki entry hu dosra zone jis my other domains ki entry
ho is tarha different zones different types k database ko manage karty hy jin ka record aalag aalag hota hy.
Inhy zones ko use karty howy hum different zones ko bhi create kar sakty hy jessy.
1) primary zone
DNS database ki read & write copy hota hy yani essa database jin my new records edit bhi ho sakty hy or remove
bhi ho sakty hy. primary zone eak server per install hota hy jissy primary server kaha jata hy. or is environment bhi
sirf eak hi primary server ho sakta hy.
2) secondary zone
DNS database ki read only copy hoti hy yani essa record jis my hum koi new record edit nahi kar sakty or na hi
kessi entry ko remove kar sakty hy is my hum just DNS k database ki information ko read kar sakty hy. secondary
zone network mai redundancy provide karta hy.
4) stub zone
stub zone bhi secondary zone ki tarha hota hy. stub zone kessi or DNS Server ki taraf eak pointer hota hy or is
server mai just name servers k record update hoty hy or baki host sy related koi bhi records update nahi hota query
process ko fast banany k ley stub zone ko use kia jata hy
DNS Records:
Jinhy Resource records, Database records, Basic data elements ya saved in zone files my save kia jata hy. DNS ki
information Domain Server per save hoti hy or in domains k oper DNS Zones create kiye jaty hy or in DNS Zones
my DNS records ki information saved hoti hy. or ye information kahi types ki ho sakti hy.
1) SOA Records:
Start of Authority record bhi kaha jata hy ye kessi bhi zone my phla record hota hy jab bhi phla zone create hota
hy tu sub sy phly yehi record create hota hy. jessy k zone kis server per hosted hy, contacts number, serial number
ya pher refresh retry, Expire time & minimum TTL is tarha ki information SOA Record my save hoti hy
2) NS Records:
Jessy name server record bhi kaha jata hy kessi bhi DNS Zone ya DNS Authoritative ki taraf throw karta hy. is ka
use domains ko sub domains my divide karny k ley bhi kiya ja sakta hy.
3) A or AAA Records:
Is record ko host record bhi kaha jata hy yani k ye kessi bhi host k domain name ko IP Address sy link karty hy. A
record ka use IPv4 k ley hota hy or AAAA ka use IPv6 k ley hota hy.
4) CNAME Records:
Canonical name record jessy Alias name record bhi kaha jata hy DNS Server my eak hi record k do name ho sakty
hy jo DNS Server k Nick name ko represent kary is ka use kessi custom site k URL ko configure karny k ley hota
hy. like networks.com or MIE.networks.com eak hi record k du name client networks.com ko type kary k bhi
MIE.networks.com tk pouch sakta hy. hum jitney bhi site internet per use karty hy wo zada tar is tarha k DNS
record ko use karti hy
5) MX Records:
Jo k Mail Exchange record bhi kehlata hy MX Record ka use kessi domain per email send karny k ley kia jata hy.
6) PTR Records:
Jinhy reverse DNS Record bhi kaha jata hy ye A record ya host Record ka reverse hota hy or IP Address to host
name mapping k ley use hota hy yani reverse lookup k ley in records ka use troubleshooting ya kessi server ko
search karny k ley kia jata hy jis sy hum uski IP address sy us server k name ko trace karty hy.
Go to Start > Control Panel > Administrative Tools > Server Manager.
Step 2 : The new window will open with the list of roles available to install. Select DNS server and Click Next.
Step 3: Click Next on the introduction windows. In the last window click on install. It will start installation, the
following window shows the progress of installation.
Configuring DNS:
After installing DNS, you have to go Start > All Programs > Administrative Tools > DNS for
managing DNS server.
Whenever configuring your DNS server, you must be know about following concepts:
Zone types
Step 1: Right Click on the name of the server in the DNS management console, Select on the Configure DNS
server.
Step 2: Click on Create forward and reverse lookup zone, then click next.
Step 3: Click on the Yes,create the forward lookup zone now on the forward lookup zone window.
Step 4: Click on the desired zone that you want to create, in this case Primary Zone.
Step 13: Click Next on the Reverse lookup Zone file name window.
Step 14: Select the Allow both nonsecure and Secure dynamic updates and click Next to Continue.
Step 15: Select No, i should not forward queries, then click Next.
Name Servers
Host (A)
Pointer (PTR)
File Server:
FILE SERVER
File server network mai Drive shearing k ley use hota hy hum drive per multiple folders ko department wise share
karty hy or pher unhi department k users ko rights dyty hy k wo us folder ko across the network use kar saky or
appas my data share kar saky or apna important data us file server py save kar saky. Clients run per ka file server
ki IP k throw file server ko access kar sakty hy or apny rights k according file server py kam kar sakty hy file server
ko hum data server bhi kehty hy.
In Short:
DFS same file server ki tarha hi hy but ye different file server ko jin ki different IPs hoti hy unhy appas my connect
kar k eak single IP py show karta hy jis sy clients ko multiple IPs yaad nahi rakhni parti wo just us single DFS server
ki IP ko yad rkhta hy or apny data ko access kar lyta hy.
Disk Quota:
Disk Quota eak essa feature hy jis my hum apny user ko restrict karty hy jo quota wo use kar rahy hy. Users ko jab
hum MAP drive configure hoti hy tu us ka Quota matlab us ki disk space ko limit kia jata hy k 50 GB sy zada data
save na kar saky limited data use kar saky to ussy disk quota kehty hy.
File Services
Close
On the next screen you are given a set of additional options to install. Choose Distributed File System, DFS
Namespaces and DFS Replication.
On the next page choose a name for your Namespace and then click next.
You will now be asked what type of namespace you want to configure. For the purpose of this tutorial I will
choose a Domain-based namespace.
You now need to specify a user account that is a member of the domain admins group as shown below.
You are now given the option of adding any folders you require into your namespace before it is created.
On the summary page review your options and then click install. Repeat the steps on 2008Test2 but do not
create a namespace when asked to do so.
We now have to specify a location for the shared folder. Enter C:\Files in the location and click next.
We now need to set the NTFS permissions for the folder. Click on Yes, change NTFS permissionsand then Edit
Permissions. Give Users Modify permissions and then apply.
On the next page you will be asked for a share name for the folder. Call the folder Files.
On the SMB Settings page leave the defaults and click next.
On the SMB permissions page, select Administrators Have Full Control; all other users and groups have only
Read access and Write access.
On the DFS Publishing Page browse to the location of the DFS Namespace you created earlier and type Files in
the Folder name.
On the Summary page review your settings and click create.
You will now have a folder named Files hosted on both 2008Test1 and 2008Test2 and published to a DFS
Namespace for redundancy.
Check the File Server Resource Manager box and click Next. You will then select the NTFS volumes you want
to monitor:
The screen above shows the standard configuration for a volume, along with the reports that are generated when
that threshold is reached.
Select the reports you want, click OK to close that window, then click Next to continue. This last window
before the confirmation lets you specify the folder where the reports are saved and also the e-mail reporting
details:
Click "Next", review the confirmation and click Install to finish the wizard.
Keep in mind that you can decide not to add any volumes during this install phase and add them later, after
FSRM is already installed.
Quota Management:
Quotas help you restrict and/or monitor how much space a folder can use.
FSRM can implement both hard Quotas (that actually prevent the users from adding more files, as if the disk
were full) and soft Quotas (which only generate events and warnings).
You can see the Quotas in the screen below (Quotas node under Quota Management):
Note that this is soft Quota we created during the FSRM installation.
To add more Quota restrictions, click on the Create Quota action (on the Actions pane on the right):
Quotas are always placed on a folder. You have the choice of basing your Quota on a template or defining a
custom one. FSRM ships with a series of sample Quota templates that you can adapt to your needs.
If you click on Custom Properties, you can provide many details, as shown below:
In addition to specifying the space limit (hard or soft), you can also create different thresholds, with different
actions. The sample above sends e-mail alerts at 85%/95%/100% and logs events at 95%/100%. If you click on the
Add button, you can see the configuration options for each threshold.
You can even choose to execute a command when a threshold is reached, which is shown on the screen below. If
you are skilled with scripting, you can use this ability to perform a number of sophisticated tasks.
Instead of specifying custom Quotas folder by folder, you can use standard FSRM Quota templates or define your
own templates.
The screen below shows the default templates and also shows the Create Quota Template action on the right:
The power of Quota Templates becomes much more obvious when you use the option to Auto apply template
while creating a Quota:
This option requires that you select a template (not a custom Quota). A Quota is created based on that template
for all folders under the specified path.
Every time you add another subfolder to that folder, the template is automatically used to create another Quota
for it. This allows you much simpler configuration for certain folder structures like web sites, project folders, etc.
You can see the existing File Screens in the File Screens node under File Screening Management. None are
defined by default.
To add a File Screen, click on the Create File Screen action (on the Actions pane on the right):
As with Quotas, FSRM supplies some predefined File Screen Templates. You can also opt to define your own File
Screening properties, as shown below:
Once you click on Custom Properties, you will see the window below:
The basic properties include the path to monitor, the type of monitoring (active or passive), the file groups to
block/monitor and the specific actions to take (e-mail, event log, command or report).
You will probably want to use a template to define your File Screening. Below is the list of pre-defined templates
included with FSRM:
You can also create your own File Screening Templates, just like with Quota Templates.
FSRM includes a list of pre-defined File Groups, as shown below:
You can use those, modify them or create your own File Groups.
Below you see a number of those manually generated reports using the HTML format:
Please check the sample below, in HTML format, showing the Files by Owner report:
Thats It
DHCP SERVER
Concept of DHCP Server:
Overview:
Network mai jitney bhi client computer hoty hy un sub ko network mai communicate krny k ley IP Address
required hoti hy or hammy un sub clients py IP Address configure karni hoti hy to jaha small network hy matlab
10 sy 20 PCs hy waha tu khud hi manually her computer per bhet k us client computer ko IP Assign kar dyty hy
but essa large network jaha 100 to 500 client computer hu tu waha hum khud sy manually IP Address ko assign
nahi kar sakty qk pher hammy her eak eak single computer per bhet k us ki IP address, Gateway or DNS ko
manually configure karna pary ga jo k bhut lengthy or thakka dyna wala kaam hy so essy Microsoft ny eak server
introduce kiaa jessy hum DHCP (Dynamic Host Configuration Protocol) kehty hy is server k throw hum apny pory
network may dynamically IP Address ko assign kar sakty hy binna kahi jaye. DHCP Server network mai auto IP
Configuration k ley use hota hy. DHCP Network Administrator k work load ko km karta hy qk network
Administrator ko khud sy sary computers per IP assign nahi karni parti.
DHCP Scope:
Scope network or IP Address ki eak rage ko kehty hy jaha network Administrator DHCP Server ko ye batata hy k
network ko IP Dyna start kaha sy karna hy or End kaha karna hy is my hum apny network ki range ko define karty
hy like 192.168.0.100 sy lykar 192.168.0.200 tk network my IPs ko assing karna hy ye scope hammy clients computer
k according assign karna hota hy jitney hamary network my clients computers hoty hy us sy zadda hi IPs ki range
ko hammy apny DHCP Scope my configure karna hota hy taky agar in future agar hammy apny clients computer
network my barhany per jaye tu hamara DHCP Server unhy bhi IP Assign kar saky.
DHCP Reservation:
Reservation DHCP Server ko ye batata hy k kon c IPs tmhy network my assign nahi karni suppose my ny scope
configure kiya 192.168.0.100 sy ly kar 192.168.0.200 tu yaha my ny 192.168.0.100 sy ly kar 192.168.0.110 tk ki IPs apny
personal Computers ko assign ki v hy tu my ye IPs apny DHCP Server my reserve kara duga to DHCP Server IPs
network my flood nahi kary ga wo essy reserve kar dyga 04 192.168.0.111 sy network mai IP dyna start kary ga. So
reservation eak essa process hy jis sy hum DHCP Server k scope my sy hi kuch IPs ko apny personal use k ley
reserve kar dyty hy taky wo IPs DHCP Server network my kessi or clients ko assign na kar saky.
Select check box next to Network Policy and Access Services and click Next.
Click Next on Introduction Network Policy and Access Services.
Select checkbox next to Routing and Remote Access Services. It will automatically select necessary
services. Click Next.
Right click on your server and select Configure and Enable Routing and Remote Access.
Your Routing and Remote Access Server is ready. Your Private Networks should communicate now.
Now goto DHCP Relay Agent Service and reight click on it and click new interface.
Now here you can define the interface which hold different network of IPs which you want tu communicate.
Now goto DHCP Relay Agent right click on it and goto properties.
And now here you assign and IP Address of your Network which you want tu add in your DHCP server to provide
the different IP on your network and thats it now you goto the client computer and renew the IP address and
you will be successful to contact the DHCP Server and get the IP address of the different network.
Fiber-Optic Switch
HBA Card
SAN Advantage:
1) Storage Virtualization.
a. SAN k through jo pool servers ko available hota hy wo essa hota hy jessy ye hard drive essi server ki
actual hard drive hy.
b. Or agar server ki hard drive full hony wali hu tu hummy server ki hard drive change karny ki zarorat
nahi pari hum SAN sy us server k pool ko or space allocate kar dyty hy.
c. SAN hammy high speed disk technology provide karta hy I.E fiber-Channel gives 5MB Speed per
Second.
2) Centralized Backup.
a. SAN hammy centralized backup ki facility bhi provide karta hy.
b. Servers storage ko appny sath directly connect mannty hy is ley system administrator (Rock Level
ya incremental backup) ko use kar k in servers k storage pool ka backup ly sakty hy jo k system
administrator k ley kaffi helpful hota hy.
3) Failover Protection.
a. SAN hammy dynamically failover protection bhi provide karta hy jessy k agar koi eak server fail
hojaye ya kessi wajja sy wo node offline hojaye jessi maintenance k case my so SAN apni built-in
redundancy ko enable kar dyta hy or automatic hi traffic ki routing kessi or server sy kar dyta hy.
Jis sy k network binna kessi downtime k 24 hours chalty rehty hy
The snapshot above shows the virtual machine configuration. The machine is configured with hard disk 2 and 3
each with 500 GB for iSCSI SAN configuration. I have already installed Server 2012 R2 in this machine with following
configuration.
Now, follow these steps to install iSCSI target component in the server.
Step 1. From the Server Manager, click Manage and click Add Roles and Features.
Step 3. On select installation type page, select Role-based or feature-based installation and click Next button.
Step 4. On select destination server option, choose select a server from the server pool option and select the server. Click Next.
Step 5. On the select server roles page, expand File and Storage Services role, and again expand File and iSCSI Services feature,
now select iSCSI Target Server feature. Then click Next.
We have successfully installed iSCSI target service in this server. Now before creating any virtual disks or LUNs we need to bring the
disks online and create a NTFS partition on these disks. To bring the disks online, go to Server Manager, click File and Storage
services tab, select Disks tab again, here you will see the lists of disks. Now right-click the disk and click Bring Online. Repeat this
step for each disks. You will get a little warning after you click Bring Online, read it and click Yes.
Now create volumes in these disks. From the same window, right-click the disk and click New Volume.
New volume wizard will pop up. Click Next on before you begin page. Choose the server and disk and click Next.
Repeat the same step for other disk to create another volume. To view the volumes, click volumes tab.
Now the volumes are ready to be configured as LUNs or virtual disks. Now the last step is to create LUNs or virtual disks. In the Server
Manager, select File and Storage services tab and then click iSCSI tab. Click Tasks and select New iSCSI Virtual Disk.
New iSCSI virtual disk wizard will open. Here, select the server and select volume and click Next.
Type name of the virtual disk. Here, I will give LUN-1 and click Next. As you can see below its a VHDX file, the same file format that
Hyper V uses for virtual disks of Hyper V virtual machines.
Specify the virtual disks size. Choose the disk type, here I have chosen Dynamically expanding so that that the disk space wont be
over utilized. Click Next.
In the Assign iSCSI target page, choose new iSCSI target option and click Next.
In access servers tab, click Add button. Add initiator id dialog box will open. There are three ways you can identify the initiator (device
that will use this virtual disk). Here I will choose IP and type the initiator IP of 192.168.80.80. Then click OK.
Here you can see the lists of iSCSI initiators. To add other iSCSI initiators click Add and repeat the steps above. Then click Next.
In the Enable Authentication page, you have option to use CHAP or reverse CHAP for authenticating iSCSI initiators and iSCSI target.
Here, I will leave it empty and click Next.
Now review the configuration and click Create to create a new virtual disk or LUN.
After the installation you can view the virtual disks in iSCSI tab.
Now you can use these virtual disk in Hyper V or vSphere for various high availability purposes.
NLB Terminology:
Multiple servers eak sath work kar rhy hoty hy or network my load balancing provide kar rahy hoty hy. Or ye sary
hi server cluster my nodes ya host kehlaty hy.
Network Load Balancing Stateless Application k ley hy jaha replication ka koi concept nahi hu just ready
servers hu jo k network load balancing provide kary jessy.
o Front-end Web Servers
o VPN Server
o FTP Server
o Firewall or proxy Server
Network Load Balancing Statefull Application k ley nahi hy matlab jaha per data update ho raha hu ya data
my koi changing ho rahi hu qk NLB independently work karta hy agar kessi eak server per koi update hoi
hy to wo ussy kessi or server k sath share nahi kary ga thats way you should avoid that particular Server in
NLB Cluster.
o File Server
o Print Server
o Database Server
o Messaging Server
If I had to give a simple answer; I'd say; Windows Clustering is a method of using 2 or more Servers to
provide a higher level of availability, reliability, and scalability.
Where in NLB (Network Load Balancing) is another clustering technology that combines the multiple
clustered Servers (called hosts) to get a high availability for web-based services like FTP Servers, Proxy
Servers, Terminal Services, virtual private networking, and streaming media servers.
Gathering Information
Log onto both of the servers and run IPCONFIG /ALL from the command prompt. We need the name, domain
and IP address of each server that will be in the NLB Cluster. We will also need to make up an additional name for
the cluster in this example we will use SERVER-LB for the virtual cluster name.
The 2 servers we will be Load Balancing are PL2008-01 and PL2008-02. The virtual cluster name will be PL2008-V.
So if this was a web server users would go to http://PL2008-V, depending how we configure NLB either PL200801, PL2008-02 or both servers will service the web request.
SERVER NAME
PL200801.pintolake.net
PL200802.pintolake.net
PL2008V.pintolake.net
IP
ADDRESS
192.168.1.180
TYPE
192.168.1.181
Server 2
192.168.1.182
Server 1
In this example both servers only have one network card. If you have multiple network cards you will still be able
to load balance the 2 servers. You need to configure one NIC per server for NLB, both NICs should be on the same
VLAN and be they should able to contact each other.
PL2008-01
PL2008-02
This should be done on ALL NODES in the NLB Cluster. In this case we are performing this installation on PL200801 and PL2008-02.
Open Server Manager, you can open this several different ways in Windows Server 2008. Probably the quickest
way to open Server Manager is to right click "My Computer" and choose "Manage", another way is open "Control
Panel" go to "Program and Features" and select "Turn Windows features on or off". A third way to open it is "Server
Manager" option under Administrative Tools.
Select "Features" from the Server Manager menu on the left
Press "Add Features"
Press "Install"
Installation has successes. It is highly recommended that you repeat this process on all nodes in the NLB cluster
at this point before continuing with configuration
Press "Close"
NOTE: Network Load Balancing may also be installed from a command prompt with
elevated privileges (right click on the command prompt in the Start menu and select Run
as administrator) by running the server manager cmd -install nlb command.
For example:
C:\Windows\system32>servermanagercmd -install nlb
......
Start Installation...
[Installation] Succeeded: [Network Load Balancing].
<100/100>
Success: Installation succeeded.
Network Load Balanced clusters are built using the Network Load Balancing Manager which you can start
from Start -> All Programs -> Administrative Tools menu or from a command prompt by executing dbmgr.
Under the Cluster Menu option select "New"
You will have the option to choose which network adapter you want to use, the NIC should be on the same subnet
as the other servers in the NLB cluster
Press "Next"
Enter the Priority ID as, 1 (each node in the NLB cluster should have a UNIQUE ID)
Make sure the correct adapter was selected under "Dedicated IP Address"
Select "Started" for the "Initial host state" (this tells NLB whether you want this node to participate in the cluster
at startup)
Press "Next"
Press "Add"
Enter the Cluster IP and Subnet mask
Press "OK"
You can add multiple IP Addresses for the cluster, enter as many as you want.
Make sure the "Cluster IP addresses" are correct
Press "Next"
Unicast vs Multicast
Unicast/Multicast is the way the MAC address for the Virtual IP is presented to the
routers. In my experience I have almost always used Multicast, which if you use you
should enter a persistent ARP entry on all upstream switches or you will not be able to
ping the servers remotely.
In the unicast method:
The cluster adapters for all cluster hosts are assigned the same unicast MAC
address.
The outgoing MAC address for each packet is modified, based on the cluster
hosts priority setting, to prevent upstream switches from discovering that all
cluster hosts have the same MAC address.
In the multicast method:
The cluster adapter for each cluster host retains the original hardware unicast
MAC address (as specified by the hardware manufacture of the network
adapter).
The cluster adapters for all cluster hosts are assigned a multicast MAC address.
The multicast MAC is derived from the clusters IP address.
Communication between cluster hosts is not affected, because each cluster host
retains a unique MAC address.
Selecting the Unicast or Multicast Method of Distributing Incoming
Requestshttp://technet.microsoft.com/en-us/library/cc782694.aspx
I am leaving all the default for the port rules; by default its set to all ports with Single affinity, which is sticky. For
more information on Port Rules, see my Note below.
Press "Finish"
None
You want to ensure even load balancing among cluster hosts
Client traffic is stateless (for example, HTTP traffic).
Single
You want to ensure that requests from a specific client (IP address) are sent to the same
cluster host.
Client state is maintained across TCP connections (for example, HTTPS traffic).
Class C
Client requests from a Class C IP address range (instead of a single IP address) are sent
to the same cluster host.
Clients use multiple proxy servers to access the cluster, and they appear to have multiple
IP addresses within the same Class C IP address range.
Client state is maintained across TCP connections (for example, HTTPS traffic).
For more information on this please see this TechNet article:
Specifying the Affinity and Load-Balancing Behavior of the Custom Port Rule
http://technet.microsoft.com/en-us/library/cc759039.aspx
You should see a couple of things in the NLB Manager, this will let us know that this node successfully converged
on our new PL2008-V.pintolake.net NLB Cluster
Make sure the nodes status changes to "Converged"
Make sure you see a "succeeded" message in the log window
We will configure PL2008-02 from PL2008-01. If we wanted to configure this from PL2008-02 then we would need
to connect to the PL2008-V cluster first then add the host to the cluster.
Right click the cluster name "PL2008-V.pintolake.net" and select "Add Host to Cluster"
This step is very important; each node in the NLB cluster should have a unique identifier. This identifier is used to
identify the node in the cluster.
Enter the Priority ID as, 2 (each node in the NLB cluster should have a UNIQUE ID)
Make sure the correct adapter was selected under "Dedicated IP Address"
Select "Started" for the "Initial host state" (this tells NLB whether you want this node to participate in the cluster
at startup)
Press "Next"
Press "Finish"
You should see a couple of things in the NLB Manager, this will let us know that both nodes successfully converged
on our new PL2008-V.pintolake.net NLB Cluster
Make sure that both nodes status changes to "Converged"
Make sure each node has a unique "host priority" ID
Make sure each node is "started" under "initial host state"
Make sure you see a "succeeded" message in the log window for the second node
Testing
Go to the command prompt and type "wlbs query", as you can see HOST 1 and HOST 2 converged successfully on
the cluster. This means things are working well.
Another Example:
Failover Cluster eak set hota hy independent computers ka jo eak sath work kar rhy hu ya network mai high
availability ko maintain kar rahy hoty hy kessi bhi application ya services k ley. Or agar is group my sy koi bhi
Cluster Server jo k Nodes k naam sy represent hoty hy so koi bhi nodes agar down ho jaye to cluster ussi group my
sy kessi bhi eak server ko us down server ka sara workload handover kar dyta without any downtime This is called
also Fail Over Cluster.
Window Server 2008 my ye Role Server cluster k naam sy represent hota hy and Jo Software use hota hy Failover
cluster k ley that is called cluster Manager Snap-In jo k eak feature hy window server 2008R2 (enterprise & Data
center) edition ka you can simply installed it in your window server 2008 R2.
Failover cluster implement karny k ley this is important you have at least two servers connected to a Shared
Storage.
Fiber-Optic Switch
HBA Card
SAN Advantage:
4) Storage Virtualization.
a. SAN k through jo pool servers ko available hota hy wo essa hota hy jessy ye hard drive essi server ki
actual hard drive hy.
b. Or agar server ki hard drive full hony wali hu tu hummy server ki hard drive change karny ki zarorat
nahi parti hum SAN sy us server k pool ko or space allocate kar dyty hy.
c. SAN hammy high speed disk technology provide karta hy I.E fiber-Channel gives 5MB Speed per
Second.
5) Centralized Backup.
a. SAN hammy centralized backup ki facility bhi provide karta hy.
b. Servers storage ko appny sath directly connect mannty hy is ley system administrator (Rock Level
ya incremental backup) ko use kar k in servers k storage pool ka backup ly sakty hy jo k system
administrator k ley kaffi helpful hota hy.
6) Failover Protection.
a. SAN hammy dynamically failover protection bhi provide karta hy jessy k agar koi eak server fail
hojaye ya kessi wajja sy wo node offline hojaye jessi maintenance k case my so SAN apni built-in
redundancy ko enable kar dyta hy or automatic hi traffic ki routing kessi or server sy kar dyta hy.
Jis sy k network binna kessi downtime k 24 hours chalty rehty hy
Before Implement Failover Clustering System Requirement:
Windows Server 2008/R2: Failover Cluster feature sirf Windows Server 2008/R2 Enterprise/Data Center
editions my hi ap ko millye ga ye standard edition ka part nahi hy.
Domain role: This is important k jitney bhi server cluster my add hongy un ka same Active Directory
Domain name my hona lazmi hy.
DNS: DNS my hona lazmi hy clustering k ley taky servers ki name resolution easily ho saky.
Account for administering the cluster : This is also important k jab ap cluster my servers ko add kar rahy
hu to ap domain k Administrator Account sy login hu taky apko all permission k sath proper admin rights
mil saky agar ap Admin k account k naam sy nahi login hongy tu wo Account computer my eak object
create kar dy ga jis my Domain k andar sirf Read property ki permission hongi.
Servers: Two Servers are same un ka brand un ki configuration sub same honi chayee clustering k ley.
Storage: You must use shared storage that is compatible with Windows Server 2008 R2.
Device Controllers ( HBA ): i/SCSI or Fiber job hi ap use kary shared media k ley un ka bhi donu taraf
same hona lazmi hy.
Now that you know the requirement for Failover Clustering, lets start:
Configuration on Server A
1. To install Failover feature, open Server Manager, click on Start > Administrative Tools > Server
Manager
The list of available features will be listed, select the Failover Clustering and click on Next.
Click Install
Configuration on Server B
1. Again on Server B, we will need to install Failover Clustering feature as well, so click on Start > All
Ab donu hi Servers py Fail0ver cluster installed ho chukka hy ab hum kessi eak server py cluster ko create kar
sakty hy or pher dosry server ko us cluster my join kar salty hy.
Ab hum cluster ka name configure kary gy or apny servers ko IP assign kary
To open Failover Clustering, click on Start > Administrative Tools > Failover Cluster Manager
>> This needs to be done on a single server only <<
1. The first step in creating a successful failover clustering, k apny existing system or shared storage ko
phly ap validate karlo. This is done by the option Validate a Configuration
2. Jab ap click kary gy Validate a Configuration, so ap ko browse karwana pary ga apny us server ko jess ap
Cluster my add karana chty hu ye wo server hongy jo is cluster ka part hongy, and then click next
3. Choose to Run all tests and click Next
The available tests will be displayed in the confirmation window, click Next to begin validating your
cluster
Review the validation report, as your configuration might have few issues with it and needs to be
addresses before setting up your cluster.
4. Now that the configuration is validated and you are ready to setup your cluster. Click on the second
option, Create a Cluster, the wizard will launch, read it and then click Next
5. You need to add the names of the servers jess ap cluster my add karna chty hy. You can start creating
your cluster with a single server and then add other nodes in the future.
6. Jab ap server ko browse kary gy to ap ko sary servers as list show hongy so select a server and click next.
7. Server Select karny k baad, you need to type a name and IP for your Cluster
8. Ab Confirmation window my apni sari settings ko carefully review kary jo window my dispalay hogi jessy:
Cluster Name, IP Address, Selected Server Names. If sari information proper hy so Next py click kary.
Or agar kuch problem hu settings my to previous button per click kar k ussy proper set kary.
9. The summary windows will be displayed after a successful setup of the cluster.
10. Open Failover Cluster Manager and you will see your nodes and setting inside the MMC. Yaha ap apny
cluster ko configure kar sakty hy is my new Nodes yani new Servers ko add kar sakty hy ussy remove kar
sakty hy or disk storage ki setting wagera bhi kar sakty hy.
Summary
In this STEPS, I have created a two node cluster using Failover Clustering feature which is available with
Windows Server 2008 R2 Enterprise and Data Center editions.
Feedback I nformation:
As you read this Book and you think that this has helped you in any way then it would be great
if you give me your feedback and even if you think that it has been poorly conceived and
written I would like to hear your Feedback and your comments. Feel free to contact me in my
Facebook ID
https://www.facebook.com/fayyaz.feizi.
Email ID
fayyazahmed007@outlook.com .
Thank You so much for reading this and also prays for my bright Future stay connected. Fayyaz
Ahmed Healty learning