Windows 2019 Archives | FolderSecurityViewer Blog

How to Install Docker and Run Docker Containers on Windows Server 2019

February 20, 2020/0 Comments/in Windows 2019 /by Carsten

Initially, the inception of Docker containerization started out with Linux as its base platform. However, over the years, Docker and Microsoft have continuously grown their partnership, creating a conveniently consistent interface for building, shipping, and running applications without the usual dependence hurdles associated with virtual machines.

Though a huge number of enterprises are already using Docker on Windows platforms, there has been a number of subtle functionality disparities between Windows and Linux containers. However, Windows Server 2019 (1809 build) has successfully addressed most of the inconsistencies between Docker containers in Linux and Windows environments.

Requirements for Installation of Docker on Windows

Docker containers are powered by a Docker engine. Though initially designed for Linux, extensive work has been done to allow Docker containers to run on Windows and macOS environments.

To run Docker containers on a Windows platform, one prerequisite is the installation of a Windows server. You can do this in a physical server machine, on a cloud environment running in Azure, or an on-premise virtual machine.

Install the Hyper-V feature on your Windows server 2019

There are two distinct modes to run Decker containers on Windows platforms: Process isolation and Hyper-V isolation. With the Process isolation mode, the Docker containers share the OS kernel with the host platform, hence they are lightweight and identical to Linux system Docker containers.

On the other hand, the running of Docker containers in the Hyper-V mode is confined to a special nominal virtual machine. This enables improved compatibility and secure kernel-level. To run Docker containers in this mode, you must first enable Hyper-V in the host operating system.

The default operation mode for Docker installation on a Windows server is the operation mode (enabling Hyper-V is optional). However, it’s a prerequisite to enable the Hyper-V isolation mode if you need to run Linux containers on a Windows Server interface.

The OS build is another crucial determinant on the need for Hyper-V mode as Windows containers should be of the same build version as the container host OS’s version. Still, Windows container images with a lower build version than the container host OS can run with Hyper-V isolation.

To install Hyper-V on Windows Server 2019, run the PowerShell as Administrator and run the commands below:

Enable-WindowsOptionalFeature –Online -FeatureName Microsoft-Hyper-V –All -NoRestart

Install-WindowsFeature RSAT-Hyper-V-Tools -IncludeAllSubFeature

Next, restart your Windows Server VM.

Prerequisites for the container host

You must enable virtualization in the hosting Windows server platform to utilize Hyper-V isolation in your containers: enable hardware virtualization for a container host running on hardware and nested virtualization in the base interface for a container host running on a cloud space or Hyper-V.

Running Docker Containers on Windows Server 2019

Before running multiple isolated applications using Windows Containers, you need to activate (enable) the containers feature and install Docker on your Windows Server 2019. Here’s the process:

Enable the containers feature in Windows Server 2019.

Run PowerShell as an Administrator and run this command:

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force

This command will install the Docker-Microsoft Package Management Provider from the PowerShell Gallery.

When prompted to install and import NuGet provider, type Y and hit ENTER

Install Docker on your Windows Server 2019

After installing the Containers feature on Windows Server 2019, it’s time to install the latest versions of Docker Engine and Docker Client. Run this command in your PowerShell session:

Install-Package -Name docker -ProviderName DockerMsftProvider

Accept the installation by selecting “Yes”, “Y” or “A” to Agree to all the installation requests.

After the completion of this installation, reboot your computer.

Restart-Computer –Force

You can check your installed Docker version via the PowerShell command:

Get-Package -Name Docker -ProviderName DockerMsftProvider

You can also confirm the installed Docker version using the docker –version command:

docker –version

You can opt to upgrade anytime by running the commands below on PowerShell:

Install-Package -Name Docker -ProviderName DockerMsftProvider -Update -Force

Then start the docker service.

Start-Service Docker

Launch (Run) Docker Containers on Windows Server 2019

Run the following commands on PowerShell:

Start-Service Docker

After starting the Docker Engine service, proceed to download the pre-created .NET sample image on the Docker Hub registry:

docker pull microsoft/dotnet-samples:dotnetapp-nanoserver-1809

After the download, you can deploy a simple Docker container that runs the .Net ‘Hello World’ application:

docker run microsoft/dotnet-samples:dotnetapp-nanoserver-1809

After running the command, an ASCII image will be printed to the shell accompanied by the “Hello” message.

Running Linux Containers on your Window Server 2019

By default, Docker on Windows only runs Windows containers. To launch Linux containers on Windows Server, use the Docker Enterprise Edition Preview that comes with a full LinuxKit system to run Docker Linux containers.

First, uninstall the already installed Docker CE.

Uninstall-Package -Name docker -ProviderName DockerMSFTProvider

Enable Nested Virtualization in case you’re running Docker Containers on a Linux Virtual Machine running on Hyper-V.

Get-VM WinContainerHost | Set-VMProcessor -ExposeVirtualizationExtensions $true

NOTE: WinContainerHost is the name of your virtual machine

Install the Module Docker Provider

Install-Module DockerProvider

Install-Package Docker -ProviderName DockerProvider -RequiredVersion preview

A restart will be required after this operation

Enable LinuxKit system to run Linux containers

[Environment]::SetEnvironmentVariable(“LCOW_SUPPORTED”, “1”, “Machine”)

Restart the Docker Service after the change above and restart the Service Docker

Restart-Service docker

To switch back to running Windows containers, execute the following command in PowerShell:

[Environment]::SetEnvironmentVariable(“LCOW_SUPPORTED”, “$null”, “Machine”)

You have finally installed and configured Docker your Windows Server machine to run both Linux and Windows containers. We hope this guide was insightful.

How to install and Configure OpenSSH Server on Windows Server 2019

February 3, 2020/0 Comments/in Windows 2019 /by Carsten

OpenSSH is a secure protocol that allows remote login to servers and network devices in an encrypted tunnel. OpenSSH came to replace insecure protocols such as telnet and rlogin.

In this guide, we will demonstrate how you can install OpenSSH on Windows Server 2019.

You can install OpenSSH using the standard Windows interface. Alternatively, if you love running commands, Windows PowerShell will also come in handy.

How to install OpenSSH using the visual interface

To start off, press CTRL + I on your keyboard to launch Windows settings.

Next click on the “Apps” option as shown:

In the “Apps and Features” window, click on “Manage optional features”

This brings you to the “Manage Optional Features” window, as shown:

Click on the “Add a feature” button.

Scroll and locate the “OpenSSH Server” feature and click the “Install button” as shown below:

It will take only a short while for the OpenSSH service to be installed on your Windows Server 2019 system.

Once installed, you need to start the service. To do this, press

Windows Key + R to launch the “Run” window. Type ‘services.msc’ and hit ENTER.

On the “Services” window, scroll and locate the OpenSSH service option in the list of services.

Right-click and click on “Start”,

With the SSH service now running, you need to open Port 22, which is the default port associated with SSH, on the Windows Defender firewall.

The significance of opening port 22 is so that you can log in remotely to the server using the SSH protocol. If the port is blocked, you will definitely not have access to the server.

After opening port 22 on the firewall, now try to connect SSH to the server.

C:\Users:user>ssh Administrator@server-IP address

If you are connecting for the first time, you will get the prompt below. Type yes. You will next be asked for a password. Type the Administrator’s password and you will thereafter be logged in to the server.

How to install OpenSSH using Windows PowerShell

The shortest and easiest way to install and configure OpenSSH on a Windows server machine is by running commands on Windows Powershell.

First, run PowerShell as the Administrator on the Windows Server machine.

Once you’ve launched PowerShell, run the following commands in succession:

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

The command installs OpenSSH server.

Next run:

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

This command runs the OpenSSH client.

Next run:

Set-Service -Name sshd -StartupType ‘Automatic’

This configures SSH service to start automatically upon a reboot.

Finally, start the SSH server service:

Start-Service sshd

Below is a screenshot of the commands on a PowerShell terminal:

As before, now try to SSH to the server from either command prompt or a PowerShell Window. And this brings us to the end of this topic. Just like Linux, you can easily configure an SSH service on your machine and provide a secure channel for connecting to your server.

How to install and configure FTP server on Windows 2019

January 22, 2020/0 Comments/in Windows 2019 /by Carsten

FTP (File Transfer Protocol) is a service that allows the transfer of files between a server and a client system over a TCP/IP network. The FTP protocol, usually running on port 21, allows a user to either upload or download files from an FTP server.

In this guide, you will learn how to install and configure an FTP server on Windows 2019.

Installing FTP server using Server Manager

Step 1: Click on ‘Add Roles and Features’

As with any Windows server system from 2012 and onwards, to add any feature using the GUI, you need to begin from the server manager. So, on the ‘Server Manager’ window, click on ‘Add roles and Features’.

Step 2: Click on the ‘Next’ tab

The next pre-flight check window reminds you to first set a strong Administrator account password and set a static IP, so click on the ‘Next’ button below to proceed with the installation process.

Step 3: Select the mode of installation

In the next window, you will be prompted to select the installation type.

Click on the ‘Role-based or feature-based’ option and click ‘Next’

Step 4: Select the Destination Server

In the next window, click on the server that you are installing the FTP on. Usually, this is the server that you currently working on. Enter the NetBIOS name, the IP address and the operating system type.

Select the server and click ‘Next’.

Step 5: Select the roles to be installed

Next, check off the ‘Web Server (IIS)’ option. When expanded, check off the ‘FTP Server’ option, which constitutes the FTP service and FTP extensibility. Then click ‘Next’.

Step 7: Select the roles to be installed

On the next Window, your selections will be confirmed. Click on ‘Install’ to start the installation.

The installation will then begin and after completion, click on the ‘Close’ button.

Installing an FTP server using Windows PowerShell

If you are a fan of running commands and prefer it to using the GUI wizard, Windows PowerShell can equally come in handy.

So, launch Windows PowerShell as an Administrator and execute the command below:

Install-WindowsFeature Web-FTP-Server -IncludeManagementTools

The output below will be displayed:

Success Restart Needed Exit Code Feature Result

——- ————– ——— ————–

True No Success {FTP Server, FTP Service, IIS Management

Configuring your FTP server

At this point, you have successfully installed your FTP server. The next step is to configure your server for the transmission of files.

On the ‘Server Manager’, click on ‘Internet Information Services (IIS) Manager’

On the next Window, click on your server system on the left sidebar. This reveals a pane at the center. Under ‘FTP’, click on ‘FTP firewall Support’.

Next, define a range of ports and click ‘Apply’.

Now go back and right-click on your Windows server and click on ‘Add FTP Site’. Then click ‘Next’.

Provide your preferred site name and specify the path to the FTP directory.

Next, define the bind-address settings. Type your server’s IP or Public IP address. For a start, you can select No SSL, but for future purposes, ensure to use SSL by clicking on ‘Allow SSL’.

Finally, select the authentication type as ‘Basic’ and also select ‘All users’ and assign read and write permissions.

The FTP site is now ready.

On the firewall settings, allow port 21, which by default is used by FTP.

And that’s how you install and configure an FTP server on a Windows 2019 Server!

How to Configure NTP Server on Windows Server 2019

January 9, 2020/0 Comments/in Windows 2019 /by Carsten

Network Time Protocol (NTP) runs on the Transport Layer port 123 UDP and enables accurate time synchronization for network computers. This irons out time inconsistencies on servers and clients during file logging or replication of server databases among other resources.

In this article, we’ll outline the process of installing, configuring, and querying an NTP server on Windows Server 2019.

NTP Server

NTP servers utilize the Network Time Protocol to send time signals to servers across the globe upon request. NTP servers use the Universal Time Coordinated (UTC) time source for time signal synchronization.

The main purpose of NTP servers is to provide time synchronization for servers and computer networks with other major network servers and clients across the globe. In turn, this streamlines communications and transactions all over the world.

Installing and Configuring an NTP Server on Windows Server 2019

The process of installing, configuring, and querying an NTP Server on Windows Server 2019 is quite straightforward.

Set the NTP service to Automatic option

To start off, Hit Windows Key + R to launch the Run dialogue. Next, type services.msc and hit ENTER.

In the ‘Services’ window, locate the service ‘Windows Time’. Right-click and select the ‘Properties’ option as shown:

On the pop-up window, select the Startup type as ‘Automatic’.

Finally, click on ‘OK’ and then ‘Apply’.

Configuring NTP Server using Registry Editor

As before, launch the run dialogue by pressing Windows Key + R. Then type ‘regedit’ and hit ENTER.

The Registry editor will be launched as shown:

Navigate to the path shown below:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

On the right pane, locate and double-click the ‘Enabled’ file as shown:

Set the Value data to 1 and click OK.

Next, follow this path.

Computer>HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services>W32Time>Config

At the right pane locate the ‘Announce Flags’ file.

Double click on the file and set its value to 5 in the ‘Value Data’ section.

Finally, reboot the NTP server for the changes to take place. Head back to the services Window, right-click on ‘Windows Time’ and select ‘Restart’

Configuring NTP Server on Windows 2019 using Windows PowerShell

If you love working in Powershell, launch Powershell as Administrator and enable NTP server using the command:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer” -Name “Enabled” -Value 1

Next, configure Announce Flags value as shown:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\services\W32Time\Config” -Name “AnnounceFlags” -Value 5

Finally, restart the NTP server using the command:

Restart-Service w32Time

Important Note: UDP port 123 must be open for the NTP server traffic to reach your Windows Server 2019. If the NTP servers are unreachable, you can check your firewall settings to fix this.

Other useful commands

w32tm /query /configuration to check and shows the NTP server configuration.
w32tm /query /peers for checking the list of NTP servers configured alongside their configuration status
w32tm /resync /nowait to force-synchronize time with your NTP server.
w32tm /query /source to show the source of the time.
w32tm /query /status to reveal NTP time service status.

Final take

Now your Windows Server 2019 clock is synchronized with time the NTP server’s pool.ntp.org and works as NTP client. You can achieve full network and accompanying infrastructure time synchronization by synchronizing all network workstations, servers, routers, hubs, and switches.

Since NTP servers operate over the UDP protocol using TCP/IP, these network infrastructures must be working efficiently for effective NTP server operation. In case you want to make time servers on windows server 2019 hosted on a virtual machine, you should disable the virtual machine time synchronization settings and sync their time with the domain Windows Server 2019.

Windows Server 2019 Failover Clustering Types

December 19, 2019/0 Comments/in Windows 2019 /by Carsten

The Microsoft Windows Server 2019 Failover Cluster is a new resource management technique that allows Virtual Machines to migrate when operational without interference with systems operations.

The cluster system can create a failover system by pooling hardware resources in a virtual system that allows for the hosting of resources, enabling availability and system resilience.

Windows Server Systems is evolving, judging by the previous releases. The Windows Server 2019 Failover Clustering system is the most powerful to date and can host highly available resources suitable for vital business operations.

The Types of Windows Server 2019 Failover Clusters

The powerful nature of the Windows Server 2019 failover ensures that it supports multiple types of vital business operations. Cluster functions are defined by what they do. Each of these clusters can ensure that the production environment is resilient and always available.

Here are the six types of Windows Server 2019 clusters.

1. Hyper-V Clustering

The Hyper-V cluster configurations run on top of Windows Failover Clusters. When working in a production environment, you need an effective and resilient system that is always available. One such feature is Hyper-V Clustering.

How Do You Create a Hyper-V Cluster?

By default, all Hyper-V clusters connect to a shared storage that allows the Virtual Machines to be on the same location that all hosts can access.

This way, sharing ownership of the various virtual machines is possible. Consequently, when one host fails, healthy hosts will assume the responsibility of the failing host.

The Hyper-V Clusters monitor all hosts, and checks when one goes down, ensuring the movement of the Virtual Machines takes place quickly to a healthy host.

You can achieve this by testing rating the Virtual Machines attached to the working hosts within a cluster. The movement of machines from a failing host to a healthy one is a key characteristic of Windows Failover Clustering.

Apart from being beneficial to various unforeseen issues, clustering also benefits maintenance of the Hyper-V host. Its configuration allows the movement of machines when running the Hyper-V Live Migration. Such safe movement enables the evacuation of workloads from a host, which enhances system maintenance.

Hyper-V Clusters allow for healthy load balancing for Virtual Machines that run on top of Hyper-V hosts, constituting the entire Hyper-V Windows Failover Cluster.

In a similar fashion, in the VMware vSphere DRM mechanism, the Hyper-V evaluates its host’s present load and decides if the workload needs to move to increase efficiency within the Hyper-V cluster configuration.

2. Scale-Out File Server

The default clustering systems for File Services technology does not have enough capacity to handle the demands of a typical enterprise.

Most companies usually demand big storage capacities that can support virtual machines in a Hyper-V Cluster configuration.

Clusters in a File Services technology may be a passive configuration without enough or reliable bandwidth, redundancy, and resiliency on the virtual hard drive files. It is at this point that you need to think of Scale-Out File Server (SOFS) configuration.

The SOFS is for hosting high-performance environments such as the Hyper-V storage. Scale-out File Server supports the needs of a Hyper-V Storage using an active-active configuration of several file servers with persistent connection between them.

If a SOFS is down, another one will pick up the workload without any form of migration or a failover mechanism. Hyper-V virtual machines will remain online even during a crisis when one of the SOFS backup file servers is down.

3. Clustering for File Services

File clusters used in Files Services Clustering technology have been in use for a long time. The original idea of clusters technology emerged from here. The idea, then, was to make resources available when a single server fails.

Clustering for File Services technology is configured to work in an active-passive configuration. Only a single server allows active user connections, such that when the active server is down, the passive server in the cluster takes over as the file server accepting end-user connections.

4. Tiered Clustering

In production environments, what matters to the users of the system and stakeholders in the business is the application.

However, to make sure there is resiliency and redundancy, system administrators use a Tiered clustering configuration that combines the Host Layer Clustering and Application Layer Clustering.

The two techniques work together to give resiliency and redundancy to Virtual Machines. Tiered Clustering allows for the creation of a robust and resilient configuration that ensures optimal uptime and availability for vital business operations.

5. Application Layer Clustering

Application Layer Clustering is utilized in an environment that requires the most uptime irrespective of any impending hardware failures.

It is known that a Hyper-V cluster in a Windows Failover configuration can restart a Virtual Machine in case one host fails. Then, it means that such services will be unavailable when the system restarts.

If the time needed for such an interruption is unacceptable, Application Layer Clustering is a good option. This form of Clustering acts as a “nested” cluster.

Such cluster configurations work by creating a Windows Failover Cluster using Virtual Machines running on hosts that operate on Physical Windows Failover Cluster hosts.

This makes the application to be available, in addition to the backing of the Hyper-V Cluster Virtual Machines provided by the Physical Hyper-V hosts.

6. Host Layer Clustering

The Host Layer Clustering describes the technology used in Hyper-V Clustering.

This cluster involves the physical Windows Server Failover hosts, which allows the cluster of two or more physical servers through the Windows Failover Clustering technology to create and avail different roles.

The most notable role in production data centers is the Hyper-V role.

Final Thoughts

From the days of the legacy Windows Server versions, clustering technology has evolved. The current Windows Server 2019 Failover Clustering types are expanding the use of applications while broadening the scope of enterprises.

Organizations’ functions should be resilient and redundant so that they can fit in today’s fast and web-centric business environment.

Windows Server 2019 Failover Clustering supports a wide range of different cluster types that can ensure businesses stay competitive and take their operations to the next level.

Windows Server 2019 Advanced Networking Features

December 12, 2019/0 Comments/in Windows 2019 /by Carsten

Connecting on-premise and off-premise facilities via networks allows for the creation of an efficient ‘intelligent cloud’.

Windows Server 2019 is built with a comprehensive list of powerful networking capabilities designed to optimize performance in the intelligent cloud and edge environments.

This article discusses four of the advanced networking features in the Windows Server 2019 release.

1. Network Performance Optimization for Virtual Workloads

Previously, to prevent network processing from causing CPU overhead, high-speed network throughput incurred extra costs in baselining, complex planning, tuning, and monitoring.

Windows Server 2019 is built to allow virtual workloads to reach (and maintain) 40 Gbps peaks, lower CPU utilization, and skip redundant tuning and configuration expenses.

This is achieved by including two features that optimize the network throughput of virtual machines by lowering the operations and maintenance costs and elevating hosts’ available density without constantly tuning the host.

Here is a description of the two features:

a) Receive Segment Coalescing (RSC) min in the vSwitch

The Receive Segment Coalescing (RSC) feature integrated in Windows Server 2019 improves throughput gains and host processing of virtual workloads.

This affects all traffic running via the virtual switch counting Hyper-V compute workloads, Software Defined Networking, and some Storage Spaces Direct patterns.

Windows Server 2019 not only supports RSC in the vSwitch, it’s enabled by default!

RSC in the vSwitch unifies TCP segments from the same TCP-stream into larger, fewer packets headed for a Hyper-V Guest. Processing these fewer (coalesced) packets is easier and more efficient than in segmented packets.

Hence, RSC in the vSwitch leads to major performance leaps in Hyper-V virtual machines.

b) Dynamic Virtual Machine Multi-Queue (d.VMMQ)

Virtual Machine Queue and Virtual Machine Multi-Queue features enable the processing of traffic destined for a vmNIC by one or multiple processor cores.

Windows Server 2019 dynamically tunes hosts for optimal CPU efficiency and consistent virtual machine throughput.

D.VMMQ reduces the OPEX costs in previous Windows OS versions, as it doesn’t require any setup once a supporting driver is installed.

D.VMMQ auto-tunes current workloads, thereby maximizing throughput for all virtual machines.

2. Automatic Connection of On-premise Servers to Azure

Connecting on-premise servers and workloads to Azure resources in previous Windows versions requires Site-to-Site VPN, an Express Route, or Point-to-Site VPN connection. These options include numerous steps and expertise in network and certificate management, as well as infrastructure setup, upgrade, and maintenance.

The Windows Admin Center in Windows Server 2019 enables one-click configuration for a point-to-site VPN connection between on-premise Windows Servers and Azure Virtual Networks. This automates the configuration for both on-premise VPN client and the Azure Virtual Network gateway.

Here are some of the improvements:

Windows Admin Center: The Windows Admin Center is an ‘all-under-one-roof’ evolution of the Windows Server in-box management tools that consolidates all local and remote server management aspects. It’s a free locally deployed (default) Windows Server 2019 browser-based app for managing servers, Windows 10 PCs, clusters, and hyper-converged infrastructures.
Azure Network Adapter: The Azure Network Adapter allows you to set up Point-to-Site VPN connections between your Windows server and Azure. It’s a new Network extension aspect of the Windows Admin Center that enables Point-to-Site connections without a public-facing IP address or a VPN device.

3. Software-Defined Networking (SDN)

Software-Defined Networking offers great performance efficiency, but it is difficult to deploy in previous Windows versions.

Windows Server 2019 provides easy SDN deployment and management via a Windows Admin Center extension and a new user interface.

Windows Server 2019 integrates key features in the Software-Defined Data Center (SDDC) to support software-based networking functions.

This leads to the virtualization and optimization of various networking aspects like switching, load balancing, firewalling with micro-segmentation, and routing to offer better availability and performance.

Here are some improved capabilities:

Using Windows Admin Center for SDN management: With Windows Server 2019 Windows Admin Center, SDN has been integrated with the Hyper-Converged Cluster experience. You can easily manage SDN infrastructure and resources via a single application by adding a Network Controller to your Hyper-Converged cluster.
Virtual network management: After adding an SDN to your hyper-converged environment, you can then create, configure, and modify virtual networks and consecutive subnets. You can also view the VMs connected to the virtual network subnets. Later versions of the Windows Server 2019 are also set to include complete end-to-end virtual network management for the SDN extension in the Windows Admin Center.
SDN infrastructure management: Proper SDN management is crucial for a healthy SDN infrastructure. Individual component failures hardly affect Windows Server SDN workloads. Thus, Windows Server 2019 integrates an easy way to monitor SDN performance. The SDN Monitoring extension enables real-time monitoring of SDN services’ state and infrastructure. For instance, you can monitor the health and performance of your Virtual Gateways, Network Controller, Software Load Balancers, and hosts. Further, the extension allows for monitoring of Virtual Gateway Pools’ consumption, Private IP Pools, and Public IP Pools.

4. Network Security Integrations

Windows Server 2019 brings a full house of network security improvements.

Here is a description of some of them:

a) Windows Defender Advanced Threat Protection (ATP)

ATP is designed with deep sensors and response mechanisms to swiftly expose memory and kernel-level attacks, then respond by terminating suspect processes and repressing malicious files.

Windows Defender ATP Exploit Guard is built with multiple powerful host-intrusion prevention components with capabilities to fend off malicious attack vectors and malware.

b) Enhancements in Software Defined Networking (SDN) security

Windows Server 2019 comes with a more robust SDN security package than Windows Server 2016. The most visible aspects are:

Encrypted networks
Egress metering
Virtual network peering
Firewall auditing

c) Shielded Virtual Machines support improvements

Windows Server 2019 provides shielded support for mixed OS environments. This not only boosts performance efficiency in the virtual machines but also keeps the physical server safe.

Linux support: For mixed-OS environments, Windows Server 2019 supports running of Red Hat Enterprise Linux, Ubuntu, and SUSE Linux Enterprise Server in shielded virtual machines
Troubleshooting virtual machine improvement: PowerShell Direct and VMConnect Enhanced Session Mode have made troubleshooting of shielded virtual machines convenient. They don’t require configuration but are automatically available when a shielded VM is linked with a Hyper-V host running Windows 2019 Server version 1803 or later.

d) HTTP/2 integration

Windows 2019 integrates with HTTP/2, which improves coalescing of connections, thereby delivering an encrypted and uninterrupted browsing experience.

The upgraded HTTP/2’s server-side cipher suite negotiation is not only easy to deploy but also provides automatic connection failure mitigation.

Summary

Advancements in automatic connection to Azure, network performance optimization for virtual workloads, Software Defined Networking (SDN), and network security optimization are only the icing on the cake.

Microsoft is determined to continue improving cloud-based connectivity to optimize performance and save on-site storage costs.

We are set to see even more releases to augment Windows 2019 advanced networking functions.

Installing and Configuring WSUS on Windows Server 2019

December 4, 2019/0 Comments/in Windows 2019 /by Carsten

Learn the best practices that help System Administrators avoid settings that lead to poor performance when designing the configurations for Windows Server Update Services.

Windows Server Update Services (WSUS) supports up to 100,000 clients for every server, and the number increases to 150,000 when you use System Center Configuration Manager.

The best way to implement this feature is by using multiple servers that share the same database. The more the sharing of the servers, the safer you are; if one server goes down, your work is still safe.

The safety in numbers prevents what Admins call a “scan storm” that occurs when several clients change the WSUS servers in a scenario where the servers do not share a database.

The Service tracks server activity and alerts the other clients of the last thing that changed, and sends information on updates only.

This article covers the installation and configuration of the Windows Server Update Services on Windows Server 2019.

Different Approaches to Installing WSUS

The Service can download and store the Windows update files locally. Using servers in the network will get the updates from the WSUS servers and not from the Internet. The use of servers to manage the update process saves on bandwidth and Internet speed.

System Administrators can use the servers that update automatically as long as security files are installing from a central location. The configuration gives easy reports on the servers that need patching for a particular update.

Here are the different approaches to installing WSUS:

a) Installing Using the PowerShell

You can experience a fast and an easy way to install WSUS by running this command:

Install-WindowsFeature -Name UpdateServices, UpdateServices-WidDB, UpdateServices-Services, UpdateServices-RSAT, UpdateServices-API, UpdateServices-UI

Using the above command is the same as using Windows Internal Database (WID). With the SQL database, you must include the UpdateServices-DB option and not UpdateServices-WidDB.

b) Installing Using the GUI

WSUS is installable through the Server Manager. If you use this process, you’ll notice that it goes beyond running the PowerShell instruction above.

To start the installation using this method, you can open Server Manager and select Add roles and features.

Once the Add Roles and Feature Wizard shows, click Next.

On the Select installation type window, make sure that the Role-based or feature-based installation type is selected. Then, click Next.

On the Select destination server window, let all default settings remain as is, since the installation takes place on the server. Click Next.

On the next window for Select Server roles, scroll down and select Windows Server Update Services.

Click on the Add Features button to install new features alongside the IIS. Click Next.

The next window will show the automatically selected features from the previous step. Click Next.

On the Windows Server Update Services window, read the given advice indicating that at least one of your servers needs an Internet connection. Click Next.

If the main server can get updates from the Internet, then it is possible for the downstream servers on the Internet to get updates.

On the Role Services window that appears, click Next because you will use the Windows Internet Database (WID). If the intention is to use an SQL database, tick the SQL Server Connectivity option.

The next window is a Content local selection that gives an option of choosing where the WSUS updates will be installed.

It would make more sense if you had a secondary hard disk to keep the updates. The extra disk will save system Admins the headache of filling up the system disk with updates.

The capacity of the hard disk depends on the files chosen for the updates. You can ignore the store updates option to avoid file storage on the local drive.

This is not the recommended choice of action, unless you do not have enough storage space.

Bear in mind that no update will download unless their approval is manual or automatic.

On the Web Server Role (IIS) window, you will see a notification for using IIS 10.0. Click Next.

Select any additional roles that you want for the ISS. In this case, leave the defaults for WSUS and click Next.

On the final screen, confirm the installations by reviewing your choices and clicking the install button.

Configuration of the WSUS

Once the installation is complete, it is time to configure the updates. You need to start by opening the WSUS console from the Tools Menu in the Server Manager.

On the Complete WSUS Installation screen, select the location of the folder where you want to install the updates.

Click on the Run button and let the WSUS configuration Wizard run.

Read the information on the Windows Server Update Services Configuration Wizard and confirm if other windows machines can connect to the server (WSUS). The server can connect to the Internet for updates.

You have a choice of choosing whether you want to be part of the Microsoft Update Improvement Program.

Next, is the selection of the upstream server. If this is your first WSUS server, leave the defaults to synchronize from the updates.

If you have a separate server for updating the files, specify the location to synchronize with it as a downstream server.

You need to specify if the WSUS server should connect to the Internet through a proxy.

The next question is all about connecting to the upstream server directly from the Internet or within the network. The configuration takes some time to complete, so you have to be patient.

Choose the language that the system supports. Any additional languages mean you need more update files. You should only be worried if you are running low on disk space requirements.

On the Choose product screen, select the Microsoft Products within the network that needs WSUS update. Any updates for your selected products are stored on the WSUS server. File selection translates to more disk space.

Choose the types of updates to download. For instance, choose security and critical updates instead of all available updates.

Finally, set the synchronization schedule that will specify when WSUS checks for new updates. The system has a default setting for synchronization. System Administrators can change it to suit their preferences.

On the last screen, you have another option of checking the first synchronization that should start immediately you click the Finish button.

After the first synchronization, you can configure approvals, groups, reporting, and computers.

Conclusion

The installation and configuration of the WSUS server role in the Windows Server 2016 operating system are well covered in this article.

The installation takes place through PowerShell or Graphical User Interface (GUI). If happy with the installation, you can open the WSUS console and finish the configuration.

All the best!

Installation and Configuration of an iSCSI Target on Windows Server 2019

November 26, 2019/0 Comments/in Windows 2019 /by Carsten

Internet Small Computer Systems Interface (iSCSI) is a storage networking resource that employs Internet Protocol connectivity to link up data storage facilities.

It provides block-level access to storage locations via TCP/IP network-carried SCSI commands. The iSCSI target is the network location (storage) and it appears as a local hard drive to the iSCSI initiator.

Basically, an iSCSI initiator is a client that connects to an iSCSI target.

When enabled and configured, an iSCSI Target Server turns a Windows Server OS computer into a network storage device.

Network-accessible storage is important in testing applications before installing them on a Storage Area Network (SAN).

How to install iSCSI target on Windows Server 2019

To perform this installation, you’ll need to have unrestricted administrative privileges to a computer running Windows 2019 server OS.

Step 1: Run the Server Manager on your Windows 2019 server OS

$C:\Users\user\Desktop\iSCSI Target\1.jpg$

Step 2: Select the ‘Add Roles and Features’ tab

You can choose to skip the ‘Before you begin’ step by checking the small square selection box at the bottom of the page.

Click ‘Next’ to continue the installation wizard.

$C:\Users\user\Desktop\iSCSI Target\2.jpg$

Step 3: Define the type of iSCSI target installation you want

Here, check the ‘Role-based or Feature-based installation’ button and click ‘Next’ to continue.

$C:\Users\user\Desktop\iSCSI Target\3.jpg$

Step 4: Select a Host for your iSCSI target’s roles and services

This may be your local server or a virtual hard drive on your server. In our case, we’ll use the local server.

Hit ‘Next’ to continue.

$C:\Users\user\Desktop\iSCSI Target\4.jpg$

Step 5: Select the iSCSI Server Roles

In this step, we’ll define a list of server roles to install for the iSCSI target.

Click on the “Files and Storage Services” tab to expand it.

Select “File and iSCSI Services” then check the box against “iSCSI Target Server”.

$C:\Users\user\Desktop\iSCSI Target\5.jpg$

Step 6: Add features for your iSCSI target

When you select “iSCSI Target Server” in the previous step, a pop-up window titled “Add features that are required for iSCSI Target Server?” will open.

Here, click on the “Add Features” tab then hit “Next”.

$C:\Users\user\Desktop\iSCSI Target\6.jpg$

Step 7: Select features

Check all additional features required to install the iSCSI target server and click ‘Next’.

$C:\Users\user\Desktop\iSCSI Target\7.jpg$

Step 8: Confirm your installation selections

Confirm that iSCSI Target Server and the other selections you have made in the steps above are listed, then select “Install”.

$C:\Users\user\Desktop\iSCSI Target\8.jpg$

Step 9: Complete the iSCSI target server installation

When the installation of selected roles, features, and services is complete, click “Close” to complete your installation of iSCSI Target Server.

$C:\Users\user\Desktop\iSCSI Target\9.jpg$

How to configure iSCSI target on Windows Server 2019

To configure our iSCSI target on Windows Server 2019, we first need to create a folder that initiators will connect to.

You may create a folder or directory in any of your preferred disk partitions.

Step 1: Run your Windows 2019 server manager and select “File and Storage Services”

$C:\Users\user\Desktop\iSCSI Target\New folder\10.png$

Step 2: Choose “iSCSI” from the expanded menu on the left of the pane

Click on the “To create an iSCSI virtual disk, start the New iSCSI Virtual Disk Wizard” link on the right of the window and a configuration wizard will pop up.

$C:\Users\user\Desktop\iSCSI Target\New folder\11.png$

Step 3: Specify the server and disk volume to set the iSCSI disk

In our case, we selected “Type a custom path” then browsed to the folder we created before starting the iSCSI target configuration process.

You can select the folder and hit ‘Next’.

$C:\Users\user\Desktop\iSCSI Target\New folder\12.png$

Step 4: Specify your virtual disc

Name and describe your virtual disk then click ‘Next’ to proceed.

$C:\Users\user\Desktop\iSCSI Target\New folder\13.png$

Step 5: Set the iSCSI virtual disk size

Besides determining the size of the virtual disk, choose the most suitable disc mode depending on your iSCSI targets’ needs.

Check one option from the three options and click ‘Next’ to continue.

$C:\Users\user\Desktop\iSCSI Target\New folder\14.png$

Step 6: Choose the iSCSI target for your virtual disc

Specify the iSCSI target you want to assign your virtual disc.

Since we’re configuring a new iSCSI target, proceed as shown below:

$C:\Users\user\Desktop\iSCSI Target\New folder\15.png$

Stage 7: Specify the iSCSI target name

Simply name and describe the iSCSI target and proceed with the configuration.

$C:\Users\user\Desktop\iSCSI Target\New folder\16.png$

Step 8: Specify access servers for this iSCSI target

To control access and maximize security, you should allow iSCSI target access to only known initiators.

Then, select the ‘Add’ tab to continue.

$C:\Users\user\Desktop\iSCSI Target\New folder\17.png$

Step 9: Choose a verification method for the initiators

Under ‘Type’, choose ‘IP Address’ from the drop-down menu and key in the initiator’s IP address under the ‘Value’ field, then hit ‘OK’.

$C:\Users\user\Desktop\iSCSI Target\New folder\18.png$

Step 10: Configure an authentication method between the initiator and your iSCSI target

Choose the ‘CHAP’ option, then set a username and password to control the initiator’s connection to the target.

Click ‘Next’ to proceed.

$C:\Users\user\Desktop\iSCSI Target\New folder\19.png$

Step 11: Confirm selections to finish the iSCSI target configuration

Check that all selections are as you desire, then click ‘Create’.

$C:\Users\user\Desktop\iSCSI Target\New folder\20.png$

Step 12: Complete the iSCSI target configuration

When all progress bars indicate ‘completed’, click ‘Close’ to wind up the configuration and exit the wizard.

$C:\Users\user\Desktop\iSCSI Target\New folder\21.png$

Step 13: View the new virtual disc in the Server Manager as shown below

You have successfully installed an iSCSI target Server and created a target virtual disk on Windows Server 2019.

You may now proceed to configure an iSCSI initiator on your Windows 2019 Server.

$C:\Users\user\Desktop\iSCSI Target\New folder\22.png$

Final Takeaway

The use of iSCSI Target on Windows 2019 Server is a welcome revolution to Storage Area Networks (SAN).

It not only amplifies the efficiency of Network-based and diskless boot performance but also accelerates the process. You can even leverage software loaders or boot-capable network adapters to deploy and use numerous diskless servers.

Opting for differentiating virtual hard disks saves around 90% of storage space consumed by OS images. Further, iSCSI target servers provide constantly available block storage for server applications.

And, if you are looking to optimize sharable server storage, Heterogeneous storage iSCSI target server is your ideal choice, as it allows interaction with even non-Microsoft iSCSI initiators.

Managing Disk Quotas on Windows Server 2019

October 10, 2019/0 Comments/in Storage, Windows 2019 /by Carsten

Disk quota management provides a way of controlling the disk space available to users accessing the server and storing files.

When a user exceeds their quota, then they can no longer add additional data.

The File Server Resource Manager (FSRM) feature in Windows Server 2019 gives system administrators the ability to set the storage quota as well as determine the type of files that can be saved on the file server.

What is FSRM in Windows Server?

FSRM is a Windows Server feature which allows you to classify and save data in file servers. FSRM gives you extra control of the data on your computer.

The history of FSRM dates back to 2005 when Microsoft launched the product. It was initially used in the Windows 2003 server R3 edition. The feature provides a one-in-all solution, especially for volumes that keep increasing.

Disk quotas have been there for a long time. Without them, people could upload large volumes of data (mostly pirated videos, movies or MP3 songs) into your servers.

The large volume uploads can slow down your server and increase your operating costs. It also presents a challenge with copyright content.

Some tools, like Windows Explorer, allow you to assign quotas to volumes, but with some limitations.

Administrators can easily switch to Windows Server 2019 via the Storage Migration Service. With a myriad of useful features, Windows Server 2019 is the ultimate server for modern businesses.

You can integrate your server with existing applications and utilize every storage feature of FSRM.

The Storage Migration service identifies your old server’s data and moves it to your new server.

Whether you want to move into the cloud or latest Azure’s servers, this migration service is your best tool.

The migration server works with all servers from Windows Server 2003 to Server 2019.

It has no limitations, and will only require you to domain-link your old and new server. However, it only supports file transfers and not applications; you’ll have to manually reinstall your applications later.

FSRM Features

FSRM has the following five main features that help in accomplishing its tasks:

i. File classification structure

This disk quota feature automates all the data arranging processes. It helps administrators to access and use meaningful data.

In Windows Server 2019, the file classification structure comes with additional features for organizing server data more logically.

Examples of classification structures in Windows Servers include dynamic access control, file expiration, and file encryption. The dynamic access control policy limits users from accessing some files. Windows Server 2019 has complex file encryption techniques that protect your data from unauthorized users.

ii. File management tasks

This feature is available in most Windows Server versions. It assists the admin to apply policies or conditions on the data depending on how they are classified.

Such conditions include file properties, such as the date it was modified, file location, and last access date. The files classification can be done automatically by following the stipulated classification rules.

Alternatively, you can manually classify them by altering the file properties.

iii. Quota management

This feature enables an administrator to limit the size of folders or volumes. It is a useful feature, especially for new volumes and folders.

Besides, you can use this feature to create quota templates, which you can apply later to new folders and volumes.

iv. Storage reports

This component of FSRM is useful in identifying disk usage trends. It also helps administrators to understand how FSRM carries out data classification.

You can use the feature to monitor whether users are uploading unauthorized files.

v. File screening management

End-users may upload large gigabytes of data into your servers, resulting into a slow server with high manageability costs. You may also encounter challenges with compliance due to pirated movies and other content.

The file screening management feature helps you to tackle this problem by allowing you to regulate what end users can upload to your server.

File screening also lets you limit the extensions one can store in your shared files. For instance, you can create a file that prevents users from adding m4a. files on personal folders in the shared server system.

NB: FSRM only supports volumes with NTFS formats. It doesn’t support resilient volume types.

As we’ll demonstrate later, you can configure and manage these features that come with the File Server Resource Manager by using the FSRM app or the Windows PowerShell utility.

What you can do with FSRM

Create a policy that allows access to folders and files depending on their organization in the file server
Expire a file that has not been modified for a certain period of time
Create up to 200 Megabyte (MB) quota for each user and notify them when their storage usage exceeds 180MB
Schedule a day for reporting, such as Sundays. From the report, you can gauge the most accessed files in the previous two days before the report.
Prevent users from adding music to personal shared folders
Generate a file classification rule that categorizes files with more than ten types of information as having identifiable information.

Benefits of FSRM

1. Supports advanced quota management capabilities

Some tools, like Windows Explorer, have lesser capabilities for arranging and managing quotas. FSRM not only brings you a centralized console for managing your quotas per volume, but also per folders and per files. It has on-top notifications that you can use to effectively manage your quotas.

With FSRM quota tools, you can apply quotas on different paths in the same volume. NTFS quotas allow you to apply quotas per volume only and are less useful.

To apply a quota to different paths, you’ll need to set a quota template. Therefore, you can simply modify these quotas by updating the template. You can also create both soft and hard quotas.

2. Regulates server content

Managing quotas is not enough. You may need to keep potentially sensitive data off your servers. Piracy concerns are a major issue and require compliance from all stakeholders. Keep off pirated movies, MP3s or MP4s off your server, as having them could infringe on copyright regulations.

Copyright infringement is a serious offense and could lead to consequences like server closure. So, you need to be on the safe side by enabling the file screening capability. You can introduce file screening on a volume, folder, or file. For instance, you can stop users from saving files with .mp3 extension into C:/Personal finance.

Since the folder belongs only to finance-related files, other items like mp3 songs shouldn’t be allowed in the folder. If a user tries to save the file into the folder, the system generates an error.

The pop-up error will affect all users who want to upload such content to the server. Such users will not upload unwanted content to the site, hence improving your data management strategy. More so, you can monitor users who violate your regulations by posting unauthorized content.

To implement file screening, you will have to use file groups. Besides, you can apply file exclusions when configuring the file groups.

For example, you may want to block video files except those with .mp4 patterns. This way, users will be unable to save files unless they meet your defined pattern requirements. File exclusion is also possible with certain naming formats.

As such, users will be unable to save files unless they match your stipulated naming format.

3. Generates storage utilization reports

FSRM is probably the first tool which provides the data and statistics of volume usage. Microsoft initially perceived the tool to be used as a departmental server.

You can use FSRM to generate the following data reports:

File location
Duplicate files
Last modified date
Last access date
File type
Files and folder by property
Folder by property
Least and most recently accessed files
Quota usage

These properties make FSRM an effective storage resource manager.

4. Locates files easily

FSRM allows you to locate files by sorting them. You can locate files easily by using file properties or performing tasks against these files.

Furthermore, you can search your files by sorting them using the last modified, name, or creation time property. Alternatively, you can use its location or file type property to locate a file easily among many other files.

How to install FSRM step-by-step

FSRM is the best tool for managing quotas and creating file screens. The techniques for installing the tool differ with every Windows Server edition. However, the basic rules apply to Windows Server 2019.

You’ll be required to download FSRM before starting the installation.

There are two main methods for installing FSRM in Windows Server 2019:

PowerShell installation
Graphical User Interface (GUI) installation

1. PowerShell installation

To install the FSRM role feature, you can follow the steps below:

Open the PowerShell utility by pressing Windows key+ R
Type PowerShell and press OK
In the next window that appears, type the command below and press Enter:

Install-WindowsFeature -Name FS-Resource-Manager, RSAT-FSRM-Mgmt

Entering the code will initiate the installation process for the FSRM role. You don’t have to restart your computer after the installation completes.

The FS-Resource-Manager will install FSRM while RSAT-FSRM-Mgmt will install the FSRM feature. This feature is important for accessing the GUI component, which manages FSRM. With the feature, you can easily run a server without the GUI. You’ll only be required to install the RSAT remotely; you can then access the FSRM system remotely.

2. GUI installation

In case you want to install FSRM using the GUI instead of PowerShell, you’ll use the Server Manager. With the GUI, you’ll have to perform many tasks than when using the PowerShell installation.

Here are the steps for installing FSRM using GUI.

Open Server Manager and click on ‘Add roles and Features’:

On the next Window, click ‘Next’:

On the next screen, choose the “role-based or feature-based” option:

Choose a virtual hard disk or server you want to add its roles and features. Then, click “Next”:

On the “Select server roles” page, expand the File and Storage services tab:

After checking the “File Server Resource Manager” box, click the “Next” button.

The next page will prompt you to install FSRM RSAT tools. Click “Add Features” and proceed:

Confirm the FSRM installation.

After waiting for the installation to complete, you can launch the FSRM from the server manager:

To access FSRM, Go to Tools > File Server Resource Manager:

The FSRM window will open:

Configuring quotas

As mentioned earlier, quotas put a limit on the disk space allowed on a drive or a folder. Importantly, quotas come in handy when sharing a personal drive among many users. For example, you can put a limit of 10 GB on a drive or a folder.

There are two types of quotas:

Quota on the path—this is a scenario where quota is applied on the main folder only
Auto apply template and create quota—this is where the main folder together with the sub folders are all under a defined quota. That is, if you apply a quota of 10 GB on the parent folder, each of the subfolders will have a quota of 10 GB

Creating quota templates

Before embarking on creating quotas, let’s talk about how to create quota templates or predefined templates. Here are the steps.

First, right click on Quota Templates and click on ‘Create Quota Template’ option:

Specify the quota name and the quota limit, as shown below. A hard quota implies that you cannot exceed the limit. For soft quota, you get notified when you exceed the limit.

When all is done, click ‘OK’:

If you wish to send notifications via email, click the ‘Add’ button:

Then, fill out all the necessary details, such as the threshold for getting notifications and the administrator’s email.

Then click “OK”:

How to configure FSRM

Configuring FSRM is a piece of cake that consists of three main areas:

Quota management
File screening
Storage reporting

1. How to create and manage quotas

In a shared server system, users can add their files to the server. To prevent overwhelming the server, the administrator can use quotas to allocate each user a storage portion.

There are two main types of quotas:

Soft quotas whereby users can exceed the set limit. The administrator assesses the users in a specific path and their current storage usage; and, once the soft limit is passed, the server sends a usage warning or generates event logs.
Hard quotas whereby a user cannot exceed the set limit. Once a user reaches the limits, they will be unable to store more data to the file path.

How to create a quota

First, go to the FSRM management interface and select “Quotas”. Then, Select the “Create Quota” option:

Next, you can create a new quota by specifying various options, such as:

The path for new quota—indicates the path for your new quota. Alternatively, you can apply it to existing folders and subfolders.
Custom quota properties—you can choose soft and hard quota limits. For a soft limit, you’ll need to enter a warning notification.

Lastly, click the Create button.

Finally, the quota will now be created, and you can see it from the console, as shown below:

2. Configuring file screening

File screening is restricting some file formats from being stored in a path. It is only possible with file names and not file contents.

FSRM comes with two categories of file screening:

Active screening—does not allow users to save restricted files
Passive screening—enables users to save restricted data but with monitoring

How to configure file screening template

If you want to create a file screening template, right click on the File Screen Template option:

In the pull-down menu, click on “Create File Screen Template”. Then, fill all the required details in the Template Window:

3. Generating reports

FSRM allows you to generate various reports that assist with your file server management tasks. You can schedule these reports over a certain period to monitor disk usage trends.

The reports can help you to monitor a user or groups of users who may attempt to store unauthorized files on your server. The FSRM tool allows you to generate such reports instantly.

To access your reports, you can open the file report tasks. Click “generate report” and press “OK”. The system will generate a DHTML report and prompt you to open it.

Conclusion

Those are the everyday tasks you can perform with the File Server Resource Manager 2019. You can also perform complex tasks such as File Server Classification.

Do you have any comments or questions?

Please post them below.

Report the NTFS Permissions of Folders and Shares – fast and simple to use!

Protect yourself and your clients against security leaks and get your free trial of the easiest and fastest NTFS Permission Reporter now!

Windows Server Core vs. Graphical User Interface (GUI) Debate

September 19, 2019/0 Comments/in Windows 2016, Windows 2019 /by Carsten

Windows servers in most environments allow for two forms of installation: the Server Core and the Desktop Experience, also known as the Graphical User Interface (GUI).

The main difference between the two installation options is that the Server Core does not have the GUI shell packages; the Server Core is simply the Windows Server Shell Package.

The PowerShell approach implies that there may be a simple way of switching between the two forms of installation, if all are available in a single Server installation.

Some IT professionals argue that the introduction of the Windows Admin Centre is a move in the right direction and it is a step closer to boosting the mass adoption of the Server Core.

However, this does not free the IT administrators from encountering more challenges.

Are We Ready for the Server Core to Take centre stage?

Windows Server Admins who are not sure where to place their feet in the Server Core vs. GUI debate should consider new positions. Microsoft has come up with new ways of running Windows Server in lightweight mode.

Microsoft, in an attempt to move towards the Server Core, still leaves some Administrators comfortable with the use of the full Windows Server installation because it gives access to the easy-to-use point-and-click GUI menus and tools.

Theoretically, managing many servers with a single or few lines of PowerShell sounds impressive until there is a lot of workload and pressure pile up. Even experienced IT administrators will run to what they have been using ever since—the GUI.

It is this lack of configuration options and the less capability of the shell programs that keep Server Administrators away from installing or using Server Core as a preferred line of defense when working on network issues.

The release of Windows Admin Centre came in at the same time when Windows Server 2019 Long Term Servicing Channel release hit the market. The development of this new tool came from customer feedback: to lower the hindrances to Server Core deployment.

The Windows Server 2019 made a debut with the Server Core App Compatibility Feature on Demand to increase the functionalities that some apps need to run.

During this time, Microsoft added support for Server Core as a deployment option for Exchange Server 2019.

What are the Effects of These Changes on the Server Core vs. GUI Debate?

For administrators who are still in doubt, Server Core is capable of handling infrastructure roles such as Active Directory Domain Controllers and Domain Name System Servers.

In the next session, we’re going to feature a seasoned IT director at the Canadian Museum for Human Rights in an interview that highlights some Server Core advantages and disadvantages.

He is also going to talk about why he thinks containers might tip the balance towards the Server Core in some organisations.

What deployment method do you use?

The Server Core 2016 is the base system that we use to implement three clusters that run Windows Server 2019 right now. The 2019 version is still new in the market, and the department decided to use GUI as the last emergency option in a crisis. Within six months to a year, we will phase out nodes running 2019 with GUI to 2019 Server Core.

Why did your organisation decide to use Server Core?

The advantage is dealing with smaller footprints for patches and resources. Server Core does not demand as many resources to run, but you can get more by running it.

There are fewer incidences of security attacks on the Server Core, and that is something we needed to consider.

Why is Microsoft pushing Server Core when administrators prefer to use GUI, do you have any challenges using Server Core?

Server Core will make an Administrator’s life easier. Windows Admin Centre happens to be better than the Remote Server Administration Tools (RSAT). RSAT gave a single panel for server management.

However, we are still to get a complete toolset. As it is, we may get into GUI for one or two reasons. Microsoft needs to be creative on that aspect and make Server Core a reality for all Administrators.

We are using Server Core 2016 and using GUI as necessary, but with some management challenges, though we take it as a learning curve.

Windows Admin Centre is an excellent place to start but still far from being the perfect replacement Microsoft was hoping would happen. Some of the Admin tools are not coming up as fast as I would like, meaning we are still using GUI more than our liking.

When you are in a production server environment that needs quick troubleshooting, you will struggle with the PowerShell tools or remote management tools like the Windows Admin Centre, but your managers may not give you enough time to solve the problem, so you end up going back to the GUI approach. Using PowerShell in such an environment offers no comfort zone.

The IT community is trying to adapt to the methodology of not relying on GUI to manage the Server. You can either use the GUI tool like the Windows Admin Centre from a management machine or use a remote PowerShell session. Consequently, PowerShell is a steep learning curve.

Is Server Core easier to manage with patches and security?

Yes, with the new patches, you will see Windows Server with GUI ending up being like 15 patches and 2 for Server Core. It is easy to find patches on other applications than it is to find consistency in patch releases for the Server Core.

Which applications did you use with Server Core that never worked? What are the functions that require PowerShell skills, even when using the Windows Admin Centre?

When we sought proposals for the purchase of the ticketing system, our specification was Server Core; unfortunately, they could not support it.

The Windows Admin Centre still does not support many features, even though they have come a long way, and they add new features in every release.

For instance, there are some things in Failover Cluster Manager that you need to do on the console using GUI. Reason being the feature is absent. This has increasingly necessitated System Administrators to keep pushing Microsoft to develop all tools in Windows Admin Centre and then offer support for the GUI.

Do you think Server Core is ready for the market?

The answer differs from one organisation to another; our organisation is not so huge, but we made a lot of progress on the learning curve. We managed to install Server Core as production servers on the new 2019 clusters within a year. Whereas embracing Server Core could be more fulfilling in the long term, most organisations are slow in taking on the new technology.

The biggest challenge to Server Core mass adoption is due to the players in the industry fear of taking risks, or they are not as fast as Microsoft would want them to be. The majority of the workforce does not have the day-to-day experience needed to set up and run the Server Core.

Most IT practitioners who take on Server Core installation and Administration tasks are those working in smaller organisations. A large organisation will always look ready and aggressive to take on new technology, but making the first step is the biggest challenge.

That explains why it is important to encourage people to try out the beta program as much as possible. In our case, we have a corporate plan of testing production workloads in a beta environment. Very few places have a testing environment, which is everything needed for the Windows Server Core to be in the mainstream.

Do you think containers might tip the balance towards the Server Core in some organisations?

Another thing that will force people to embrace Server Core is the use of containerisation. A container does not give room for GUI. Therefore, Windows Server for containers seems to be the likely place where Server Core is expected to flourish.

Server Core is the middle step between full-blown physical servers and virtual server containers. The Server Core App Compatibility Feature on Demand is bringing in the ability to include features without the need of installing them.

For example, if you need a .NET framework for any application, you will not install the entire .NET framework, as it will bring up the server in a container only for the features you need.

Do you know who has access to your data on Windows Servers?
Are you able to easily analyze NTFS permissions of your data?

Protect yourself and your clients against security leaks and get your free trial of the easiest and fastest NTFS Permission Reporter now!