Shulou(Shulou.com)06/03 Report--

In recent years, I have been working on system integration, virtualization, and so on. When communicating with users, when the director or technical staff of the information center said, "We need XX functionality," I said, just use Windows Server 2008 R2 (later replaced with Windows Server 2012, Windows Server 2016 and today's Windows Server 2019)! Users "urgently needed" or very "headache" features, Windows Server may have long been integrated! Although most units have installed Windows Server, only the most basic functions are used, and many functions of Windows are not used. Let's introduce it through several specific cases.

Case 1: OA access of a government agency

Customer status: due to the merger of departments, the staff of a government agency has expanded from more than 500 to more than 800. Now I feel slow when I visit the internal office system OA. How to solve the slow speed of so many users accessing OA at the same time.

Network architecture: the unit has the server of Active Directory, and OA is the architecture of Bamp S, the server side is the IIS website of Windows Server 2008 R2, and the background is the SQL Server database. IIS and SQL Server are two separate servers. There is currently only one OA server. The mail system of this unit is Exchange Server 2010, and the DNS addresses of clients are all IP addresses of Active Directory servers, two Active Directory servers and three Exchange 2010 servers.

The unit originally used http://oa.heuet.com to access the OA system, where the A record of oa points to 192.168.1.100, which is the IP address of OA's server.

Solution: add 1 OA server and use 2 servers to provide access to 800 people. The problems that need to be solved at this time are as follows.

(1) the problem of OA access point. Originally, you used the IP address of 192.168.1.100 or the oa.heuet.com domain name to access. After adding one server, you will also use these two IP addresses and the oa.heuet.com domain name to access.

(2) the problem of OA data synchronization between two servers. The current OA system data is mainly composed of two parts, one is that the data is saved in the back-end SQL Server database, and the other part (uploaded attachments, pictures) is saved in the website directory of IIS. We should also consider the problem of data synchronization between servers when the number of staff increases and the number of servers expands in the future.

After communicating with users, this problem is solved by using "Network load balancing" and "distributed File system" of Windows Server 2008 R2. The modification topology is shown in figure 1-1.

Figure 1-1 Topology Diagram of Network Transformation

The main ways to solve the problem are as follows.

(1) add a new server named Web2, set the IP address to 192.168.1.102, and change the IP address of the original OA server web1 to 192.168.1.101. Configure network load balancing for these two servers and set the IP address of the cluster to 192.168.1.100. Later, when the user visits 192.168.1.100, the network load balancing mechanism will redirect the user's access to one of the two servers.

(2) data synchronization problem: set the folder where the OA website is located to "shared", enable the distributed file system, and synchronize the contents of shared folders among multiple servers by configuring DFS replication. For example:

When user 1 visits 192.168.1.100, NLB redirects access to 192.168.1.101, the user uploads files in the directory of 192.168.1.101, and DFS replication synchronizes the new or changed files to the folder corresponding to 192.168.1.102.

When user 2 accesses 192.168.1.100, NLB redirects access to 192.168.1.102, and if user 2 uses the file uploaded by user 1, it is accessed in the same directory of the current 192.168.1.102 (DFS replication is synchronized from 192.168.1.101 to 192.168.1.102).

Case 2: data erroneous deletion, recovery and backup

In a manufacturing enterprise, the data of technical department, production department and after-sales department (mainly Word, Excel files) are saved to the file server through a shared folder. A computer installed with Windows Server 2008 R2 Enterprise Edition operating system is used as a file server, and a shared folder is created for each department. Employees of each department have read and delete permissions for shared folders in their own departments and read-only permissions for folders in other departments.

Although it is simple and convenient to use shared folders, there will be problems precisely because it is simple and convenient. Accidents happen all the time, when browsing and viewing files, there is always a mistake by individual employees to delete one or more of the files or folders. It's okay to just delete the newly uploaded files on the same day (employees modify them on the local computer first, and then upload them to the server after the modifications are completed), but sometimes delete previous files (when employees browse to find previous files, they originally want to copy but choose "move" or "delete"), and the employee didn't notice it at that time, but it took a while to find out. At some point, the files are gone. At this time, there is no way for the administrator to restore, so he can only contact one by one to see which employee has the backed-up files and then copy them back. It is a great headache to encounter such a situation.

This problem can be easily solved by using the "shadow copy" that comes with Windows Server. As shown in figure 2, this is the copy that is automatically created at 12:00 and 19:00 every day after the shadow copy is enabled.

Figure 1-2 after enabling shadow copy

Shadow copies can hold the last 62 copies similar to "snapshots". If the file is deleted, you can find the folder where the file is located or a higher-level folder, find the most recent copy in the "previous version", click the "Open" button to view the previous file in the open folder, and restore the deleted file by copying or restoring it, as shown in figure 1-3.

Figure 1-3 Open Shadow copy File

Coexistence of multiple versions of case 3:IE

There are many applications of Bhand S architecture in a certain unit, but the requirements for client browsers are different because of the different development time and company of these applications. Some can only be used on low-version IE browsers (such as IE8), while others require higher versions (such as IE11), which gives users a big headache when using these applications. And when configuring the client application environment, we also need to install some plug-ins and configure the browser, which is more cumbersome. This function can be well solved by using RemoteApp of Windows Server 2008 R2, as shown in figure 1-4, which is a screenshot of using RemoteApp to run IE8 and IE11 at the same time on a Windows 10 computer.

Figure 1-4 coexistence of IE8 and IE11

[note] although IE8 and IE11 are shown on a desktop in the screenshot, IE8 and IE11 are applications that run on different servers (or virtual machines) and are published to the client using RemoteApp applications. If the RemoteApp application is published to Internet through the firewall, users who travel or work from home can save using × × but directly log in to the intranet and access the intranet applications (such as OA, internal applications) through the published application (such as IE). Using RemoteApp is also relatively more secure than using × × to access the private network of your unit.

Case 4: server multiple network card problem

Most servers are equipped with at least 2 network cards. If you want to "divert" multiple network cards, the usual way is to set each network card to a different IP address (the same network segment), and then let different users access different addresses. For example, set the first network card to 192.168.1.1 and the second network card to 192.168.1.2. When the client and server are on the same network segment, there is no problem with the application: the data accessing 192.168.1.1 will be returned from the 192.168.1.1 network card, and the data accessing 192.168.1.2 will also be accessed from 192.168.1.2. However, for computers on other network segments, when you visit 192.168.1.1 or 192.168.1.2, you will find that there is no problem with the line from the source to the destination IP (192.168.1.1 or 192.168.1.2), but the packets returned from the server always return from one of them, either 192.168.1.1 or 192.168.1.2! In this way, you will find that the function you achieve is different from what you think. In addition, multiple network cards are bound to multiple addresses. In addition to being inconvenient to use, the client can only manually access the IP of another network card when the Down of one of the network cards falls off, for example, the network cable is broken, or the network card is broken (although it is rare, but it may also occur).

The "NIC combination (NIC Teaming)" of Windows Server 2012 (start) can solve this problem very well! The NIC combination can bind multiple physical network cards on the same server together to generate a logical network card that provides high availability and bandwidth aggregation. Before Windows Server did not support this function, manufacturers needed the support of manufacturers to use NIC Teaming, but manufacturers only supported their own network cards (for example, Intel only supported the combination of Intel network cards, HP only supported the components of HP network cards, if an Intel and a HP network card could not be combined), but from Windows Server 2012 (start) The NIC Teaming that comes with the operating system can combine network cards of any brand with the same speed.

Case 5:DHCP assigns IP address problem

Use DHCP to assign IP addresses in the network. For a certain network segment, if you want to assign contiguous IP addresses to some mac addresses, or assign different gateways or DNS to some mac addresses, most traditional DHCP do not have this function, but DHCP starting from Windows Server 2012 supports these functions. The following is a simulated scene.

Customer status: use DHCP server to assign IP address, subnet mask, gateway, DNS.

User requirements: now users test Horizon virtual desktops, Hyper-V virtual desktops, the number of each virtual desktop is only more than 30. Want to assign different contiguous addresses to the virtual desktops of Horizon and Hyper-V. For example, assign the IP address of 172.18.92.101' 172.18.92.149 to the virtual desktop of Horizon and the IP address of 172.18.92.151' 172.18.92.199 to the virtual desktop of Hyper-V.

This feature can be solved using "configuration filter" and "Policy" in DHCP of Windows Server 2012 (start).

(1) View the MAC address range of the Hyper-V virtual machine, as shown in figure 1-5.

Figure 1-5 View the MAC address range of the Hyper-V virtual machine

(2) check the MAC address of the Horizon virtual desktop, as shown in figure 1-6.

Figure 1-6 Horizon Virtual Desktop MAC address

Compare figure 1-5 with figure 1-6. The first three bits of the MAC address of the Magi Hypermurv virtual machine are 00-15-5D Horizon virtual machine. The first three bits are 00-50-56, which are distinguished according to the first three bits of the MAC address of the two virtual machines.

(3) in the DHCP server of Windows Server 2012 (or later), create a new policy in "IPv4 → scope → Policy". The policy condition is that when the MAC address is equal to 00155D* (as shown in figure 1-7), specify the IP address of 172.18.92.151172.18.92.199 for the policy, as shown in figure 1-8.

Figure 1-7 MAC address equals 00155D*

Figure 1-8 configures IP addresses for policies

(4) refer to the steps in (3) to assign the MAC address 005056* of the virtual desktop of Horizon to the IP address of 172.18.92.101172.18.92.149. When using this feature, computers with different MAC addresses (beginning) can also be assigned different gateways and different DNS, which will be described in more detail in later chapters.

Other cases and applications

Windows Server operating system has many functions, which can not be introduced in detail by a few articles alone. Therefore, I launched "the Application of Windows Server in small and medium-sized Enterprises" in the 51CTO subscription column, and each chapter of this column introduces a more meaningful application, which mainly includes the following.

PS: subscribe now, the top 200 enjoy the Morning Bird discount ¥39 + complimentary Microsoft Dreamspark account

(1) Windows network load balancing.

(2) distributed file system to realize data synchronization

(3) use volume shadow copy to realize data backup and snapshot function.

(4) backup the system and data using the backup function software that comes with the operating system.

(5) use NIC-Team function to realize network card redundancy.

(6) use the file server that comes with Windows to implement iSCSI server.

(7) Windows application virtualization solves the problem of remote access

(8) use folder redirection

(9) High availability of DHCP

(10) use RADIUS to achieve unified identity authentication

(11) using Windows failover clustering

(12) configure the file server for students to upload in the LAN exam

(13) create and manage virtual machines for Hyper-V in batch

(14) build certificate server, send signature and encrypt email

(15) Windows deployment service to implement bare metal installation system

There is a lot of content here, which will be introduced in many sections. For example, Chapter 2, "distributed File system data synchronization", will introduce file servers, folder quotas, file masking, distributed file systems, and DFS replication, which will be introduced in at least 3 sections.

In the column, except that some content uses a specific version (for example, the application of RemoteApp takes Windows Server 2008 R2 as an example), other content is mainly introduced in Windows Server 2016. Most applications are suitable for Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019, such as DHCP, Windows deployment services, failover clustering, folder redirection, and so on.

PS: subscribe now, the top 200 enjoy the Morning Bird discount ¥39 + complimentary Microsoft Dreamspark account

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.