297 Chapter 19 Understanding Other Windows Server 2008 Services 298 Networking: A Beginner’s Guide O ne of the strengths of Windows Server 2008 is that it can perform many functions and fill many roles. Not only is Windows Server 2008 a powerful and effective file server and print server, but it’s also extremely capable of performing many other tasks right out of the box. Chapters 16 and 17 explained how to set up Windows Server 2008 as a basic file server and print server, and how to administer Windows Server 2008 on a daily basis. To get the most out of Windows Server 2008, you need to know what additional services are available, how they work, and what they do. This chapter introduces some of the other services that come with Windows Server 2008. You can find detailed instructions for implementing these services in a book devoted to Windows Server 2008. Exploring DHCP If you’ve been involved with computers for long, you probably remember what it was like to manage TCP/IP addresses manually (and you might still do this now!). You needed to visit every computer on the network to set its TCP/IP address manually. You also had to keep track of which computers used which addresses, because you had a limited number of addresses with which to work. Plus, as you probably know, when two computers on a network try to use the same TCP/IP address, trouble quickly follows, and you must spend time sorting out these problems. As discussed in Chapter 8, the Dynamic Host Configuration Protocol (DHCP) saves the day in such situations. A DHCP server is a computer on the network that keeps track of which TCP/IP addresses are available, and parcels them out to computers and other devices that boot up and request a TCP/IP address from the server. With a DHCP server, you don’t need to worry about address conflicts or renumbering the addresses used on computers if your TCP/IP address range ever changes. NOTE Because TCP/IP is the default protocol for Windows Server 2008-based networks and because Windows Server 2008 is designed to operate correctly over a TCP/IP-only network, DHCP services are installed with Windows Server 2008 by default. However, the DHCP services are not enabled by default, because you should not set up conflicting DHCP servers on a network. To use DHCP, you must define a scope and other associated TCP/IP settings that the servers give to client computers. A scope is simply the range (or ranges) of TCP/IP addresses that the server is allowed to parcel out. Among the associated TCP/IP settings that the server distributes are the addresses for Domain Name System (DNS) or Windows Internet Naming Service (WINS) servers also on the network. When a DHCP server assigns a TCP/IP address to a client computer, the address is said to be leased, and it remains assigned to that client computer for a set period of time. Leases are usually configured to last for two to seven days. (The default setting in Windows Server 2008 is eight days.) During this period, the assigned TCP/IP address is not given out to a different computer. 299 Chapter 19: Understanding Other Windows Server 2008 Services When a client computer boots up and joins the network, if it is configured to seek a DHCP server, the client computer does so while initializing its TCP/IP protocol stack. Any available DHCP servers respond to the client’s request for an address with an available address from the DHCP server’s address database. The client computer then uses this address for the duration of its lease. The administrator can cancel and reassign TCP/IP information as necessary (usually, this is done after business hours, when the client computers are turned off). The administrator can then make changes to the DHCP scope information, which is then communicated to the clients when they reconnect to the network. In this way, you can easily make changes to information such as DNS server addresses or even TCP/IP address ranges without needing to visit all the computers. Although DHCP is a great tool for managing TCP/IP addresses, you should use it only for client computers that do not host any TCP/IP services provided to other computers. For example, you would not want to set up a web server to use DHCP to get a dynamic TCP/IP address, because client computers wishing to connect to the web server would not be able to find the address when it changed. Instead, you should assign fixed addresses to computers that offer TCP/IP-enabled services either to the local network or through the Internet. You can assign these addresses in one of two ways: N You can simply assign those computers fixed TCP/IP addresses locally and then set up exclusion ranges to the scope that the DHCP server manages, which prevents the DHCP server from using or offering those addresses to other computers. N You can set up a reservation on the DHCP server, which forces the server always to assign the reserved address to a specific computer. TIP It’s a good idea to use static IP addresses for your network printers. Doing so makes troubleshooting printer connectivity problems easier. Investigating DNS As discussed in Chapter 8, DNS is a technology that allows easily remembered names to be mapped to TCP/IP addresses and ports. For instance, when you use a web browser and enter the address http://www.yahoo.com, you are using a DNS server to resolve the domain name www.yahoo.com to a particular TCP/IP address. Your web browser transparently uses the TCP/IP address to communicate with the server in question. The DNS system makes the Internet much easier to use than it otherwise would be. (Imagine how excited advertisers would be to say, “Visit our web site at http://65.193.55.38!”) 300 Networking: A Beginner’s Guide Windows Server 2008 includes a full DNS server. In fact, a DNS server is required for Active Directory to function. If you install the first Active Directory server into a Windows Server 2008 domain, DNS services are automatically installed at the same time; otherwise, you must select them manually to add them. A Windows Server 2008 running DNS services can manage your own domains and subdomains, and you can also set up multiple DNS servers that each manage a portion of the domain namespace. Of course, on small networks, it is possible—and probably desirable because of cost issues—to use only a single DNS server. You manage the DNS services with the DNS Microsoft Management Console (MMC) plug-in, which you access by opening the Start menu and choosing Programs, Administrative Tools, then DNS. Figure 19-1 shows the DNS Manager window. When you set up DNS for an organization, you first establish a root namespace (a virtual location in which domain names are stored), usually using the domain name you have registered for the Internet, such as omh.com. You can then create your own subdomains by prepending organizational or geographic units, such as italy.omh.com or accounting.omh.com. Each DNS server is responsible for storing all the DNS names used for its managed namespace and for communicating any changes to other DNS servers. When you use multiple DNS servers to manage separate portions of your DNS namespace, each Figure 19-1. Use the DNS Manager to manage DNS services. 301 Chapter 19: Understanding Other Windows Server 2008 Services DNS server manages a zone. Updates between different zones are called zone transfers. Windows Server 2008 DNS services support both full and incremental zone transfers. (Incremental zone transfers exchange only updated information, which cuts down on network traffic considerably on networks with large DNS namespaces.) Because DNS is integral to Active Directory, it’s important for you to establish redundancy for your DNS servers. Microsoft recommends that each domain controller also act as a DNS server, and you must have at least one primary and secondary DNS server for each managed zone. Understanding RRAS Routing and Remote Access Service (RRAS, pronounced “ar-razz”) is a remote access technology. It includes routing capabilities that enable connections to the network over a public network, such as the Internet, using virtual private network (VPN) technology (discussed in Chapter 10). A VPN works by setting up a secure “tunnel” between a client and the RRAS server through which encrypted packets pass. The client computer dials up its normal Internet service provider (ISP), and then forms a secure VPN connection to the RRAS server over the Internet. Remote access services under Windows Server 2008 are secure and offer considerable flexibility, so you can set them up to meet the requirements of your organization. To administer RRAS, open the Start menu and choose Programs, Administrative Tools, then Routing and Remote Access to access the MMC plug-in. After the plug-in starts, right-click the server on which you want to enable remote access, and then choose Configure and Enable Routing and Remote Access. A wizard guides you through the process and enables you to choose whether to enable only remote access, only routing/ remote access, or both. Figure 19-2 shows the Routing and Remote Access MMC plug-in once RRAS has been enabled. First, you must enable a user to access the network remotely, which you can do by editing the user’s Properties dialog box (setting user properties is discussed in Chapter 17). Then you can configure RRAS to use a number of control features that enable you to keep remote access secure, including the following: N Set times and days when remote access is operational. N Set times and days when specific users or groups can use remote access. N Limit access to only the RRAS server or to specific services on the network. N Use callback features, where a remote client dials into the network and logs in. The network then disconnects the connection and dials the user back at a predefined phone number. N Set access policies based on a remote client computer name or TCP/IP address. Through the use of RRAS, you can easily set up Windows Server 2008 to provide important secure access services to remote users, both over dial-up connections and through the Internet. . recommends that each domain controller also act as a DNS server, and you must have at least one primary and secondary DNS server for each managed zone. Understanding RRAS Routing and Remote Access. DNS Manager window. When you set up DNS for an organization, you first establish a root namespace (a virtual location in which domain names are stored), usually using the domain name you have. protocol stack. Any available DHCP servers respond to the client’s request for an address with an available address from the DHCP server’s address database. The client computer then uses this address