Tải bản đầy đủ - 0 (trang)
Chapter 22. Windows Server 2003 Management and Maintenance Practices

Chapter 22. Windows Server 2003 Management and Maintenance Practices

Tải bản đầy đủ - 0trang

butarenotlimitedto,administeringandsupervisingservers

basedonfunctionalroles,proactivelymonitoringthenetwork

environment,keepingtrackofactivity,andimplementingsolid

changecontrolpractices.Thesemanagementfunctionsfor

WindowsServer2003canbeperformedbothlocallyand

remotely.

Assystems'workloads,capacities,andusagechangeinthe

environment,thesystemsneedtobemaintainedsothatthey

operateasefficientlyaspossible.Withoutsuchmaintenance,

systemsbecomemoresusceptibletocausingslowerresponse

timesanddecreasedreliability.Effortstomaintainthose

systemsshouldbemadeperiodicallytoavoidanyinefficiency.

Thischaptercoversbestpracticesonwaysanorganizationcan

maintainandmanageitsWindowsServer2003environment.







ManagingWindowsServer2003

ManyaspectsofanITinfrastructureneedtobemanaged.They

canincludemanagingserversbasedontheirfunctionalrolesin

thenetworkenvironment,auditingnetworkactivityandusage,

andmonitoringtheenvironment.

Microsofthascomealongwaywithhowserverscanbe

managed.WindowsServer2003managementcanbehandled

locallyorremotely.Althoughlocalandremotemanagementwas

possibleinpreviousWindowsversions,WindowsServer2003

supersedesthatfunctionalitywithnewandimprovedprocesses

andtoolsthatassistadministratorsintheirmanagement.



ManagingBasedonServerRoles

WindowsServer2003systemscanparticipateinvarious

responsibilitiesinagivennetworkenvironment.Someofthese

responsibilitiesmaybeintertwinedduetobudgetconstraints,

businessrequirements,ortechnicaljustifications.Nomatter

howtherolesandresponsibilitiesplayoutintheenvironment,

it'simportanttomanagethemappropriatelybasedontheroles

oftheserver.Themanagementaspectsforsomeoftheroles

thatWindowsServer2003canundertakeareexaminedinthe

followingsections.



FileServers

Fileserversareprimarilyresponsibleforkeepingdata.Thisdata

mustbeavailableandquicklyaccessed.Assuch,management

oftheseserverscanentailusingtheDiskDefragmenterutility,

showninFigure22.1,tokeepfileaccessoptimized.Thishelps

keepreadingandwritingtodiskmoreefficientthaniffilesand



thediskwerefragmented.



Figure22.1.TheDiskDefragmenterutility.



[Viewfullsizeimage]



Diskcapacitymustalsobemanagedsothatthereisalways

amplespaceavailableforadditionaldata.Quotamanagement

canalsobeanintegralpartoffileservermanagement.Disk

quotasareusedtocontroltheamountofdiskspacethatis

availabletotheendusers.Whenadiskquotaisset,aspecified

amountofspaceonavolumecanbesetasideforauser.

Warningmessagescanbesenttotheuserasthequota

approachesthelimit.ThisisillustratedinFigure22.2.Ifan

attempttosavedataexceedsthelimit,theusercanbe

preventedfromsavingthefile.



Figure22.2.Assigningdiskquotas.



PrintServers

Managingprintserversisanimportantbutoftenoverlooked

aspectofmanagingWindowsServer2003.Thisistruemostly

becauseprintersonWindowsServer2003aresimpleto

manage.Althoughthereislessmanagementrequiredfora

printserver,printingshouldstillbeauditedandmonitored.

Auditingandmonitoringprintingensuresthatuserscanprint

successfullyandthattheserverandprintersarefully

operational.Printjobsontheservercanbemanagedand



viewedthrougheithertheprinterqueueorpropertieswindow.

IftheprintserveralsohasInternetprintingenabled,printjob

informationcanbeviewedusingtheprintserver'sWebpages.

Thetypeofinformationthatcanbeviewedandmanaged

includes

Printjobname

Printjobstatus

Printjobowner

Numberofpagestoprint

Printjobsize

Submissiontime

Inadditiontotheprecedinginformation,theSystemMonitor

canbeusedtoprovideaplethoraofinformationaboutprint

usageonthesystem,suchas

Bytesprinted/sec

Joberrors

Jobs

Jobspooling

Maximumjobsspooling

Maximumreferences



Not-readyerrors

Out-of-papererrors

References

Totaljobsprinted

Totalpagesprinted

Theinformationobtainedfromtheprintserverlistingcanassist

anadministratorinproactivelymanagingtheprintersandprint

devices.Forinstance,ifitisdeterminedthatlargeprintjobs

performedatcertaintimesofthedayaffectotherprintjobs,a

printqueueforlargeprintjobscanbecreatedtooffloadthose

jobstoafter-hoursprintingonly.



WebServers

WindowsServer2003Webserversofferanassortmentof

Internet-relatedfunctionalities,suchasHTTP,FTP,SMTP,and

more.Eachoftheservicesemployedontheservermustbe

managedtokeepcontentandservicesuptodate.Thefollowing

aresomeareastoconsidermanaging:

IISmetabaseTheIISmetabaseholdsIIS-related

configurationinformation.AschangesoccurtoanIIS

system,youcanverifythattheIISmetabasehasbeen

backedup(seeFigure22.3).Youcandosobyselecting

Action,AllTasks,Backup/RestoreConfigurationwithinthe

IISManager.

WebapplicationsandcontentTheinstalledWeb-based

applicationsmostlikelyrequireadditionalmanagementthat



isseparatefromIIS.Thecontentthatistobedisplayed

suchasASP,static,anddynamiccontentshouldbe

periodicallymanagedaswell.

IISloggingIISloggingallowsadministratorstomonitor

activityontheWebserver.Italsoallowstheadministrator

tomanagetheWebserver'ssecurity.



Figure22.3.VerifyingIISmetabasebackups.



MessagingServers

Messagingserversrequirespecialattentionsothatservicesrun

efficientlyandeffectively.Inparticular,Exchangeservers

requireattentiontothemessagingdatabases,auditing,

security,andusermanagement.Exchangesystemscanbe

monitoredusingtheSystemMonitor.SpecificExchange-related

objectsareinstalledsothatadministratorscaneasilypinpoint



Exchangeperformanceindicators.

ExchangeservicesaremanagedbytheExchangemanagement

snap-inaswellastheActiveDirectoryUsersandComputers

MMCsnap-in.Forinstance,useraccountsaremail-enabledin

theActiveDirectoryUsersandComputerssnap-in,whileother

configurationsaremanagedthroughtheExchangemanagement

snap-in.



TerminalServers

WindowsServer2003TerminalServersprovideathin-client

approachtocomputinginwhichalltheprocessingisdoneat

theserver.Onlyscreenimages,keystrokes,andmouse

movementsaresenttotheclient.ManagingTerminalServers

caninvolvemanyaspects,includingthefollowing:

ApplicationsApplicationsmustbeinstalledthroughthe

AddorRemoveProgramsappletsothatmultipleuserscan

runthem.Theseapplicationsshouldalsobemonitoredto

ensurethattheyareadequatelyservicingtheendusers.

UsersessionsUsersessions,includingremotecontrolof

thosesessions,shouldbemanagedtoproperly

accommodatetheusers.Forexample,enablingtheuseof

roamingprofilesgivestheuserstheirdesktopsettingseven

thoughthey'reloggingontoanothersystem.Equally

importantismonitoringthoseusersessions.Thiswillgive

administratorsinformationontheresourcerequirements

peruser.Thisinformationcanbeusedtomore

appropriatelysizethesystemtoaccommodatevarious

usagescenarios.



DomainControllers



Domaincontrollers(DCs)hostActiveDirectory(AD),which

containsmost,ifnotall,objectsintheWindowsServer2003

environment.ADhasmanyfunctionalrolesinaWindowsServer

2003environment,includingobjectmanagement(additions,

modifications,ordeletions),authentication,replication,security,

andmore.

ManagingtheseADrolescanbeintimidating,especiallyin

largerenvironments,butADhasmanyusefulutilitiestohelp

managethedirectory.Theyinclude,butarenotlimitedto,

ActiveDirectoryDomainsandTrusts,ActiveDirectorySitesand

Services,andActiveDirectoryUsersandComputers.Someof

theareasthatthesetoolscanmanageinclude

Users

Groups

Domains

Sites

Organizationalunits(OUs)

Computers

Therearemanyothertoolstomanagethatareincludedin

WindowsServer2003ascommand-linetools,WindowsServer

2003SupportTools,andtheWindowsServer2003Resource

Kit.Also,countlessthird-partymanagementutilitiesare

developedspecificallyforAD.







AuditingtheEnvironment

Auditingisawaytogatherandkeeptrackofactivityonthe

network,devices,andentiresystems.Bydefault,Windows

Server2003enablessomeauditing,whereasmanyother

auditingfunctionsmustbemanuallyturnedon.Thisallowsfor

easycustomizationofthefeaturesthesystemshouldhave

monitored.

Auditingistypicallyusedforidentifyingsecuritybreachesor

suspiciousactivity.However,auditingisalsoimportanttogain

insightintohowthenetwork,networkdevices,andsystemsare

accessed.AsitpertainstoWindowsServer2003,auditingcan

beusedtomonitorsuccessfulandunsuccessfuleventsonthe

system.WindowsServer2003'sauditingpoliciesmustfirstbe

enabledbeforeactivitycanbemonitored.



AuditingPolicies

AuditpoliciesarethebasisforauditingeventsonaWindows

Server2003system.Dependingonthepoliciesset,auditing

mayrequireasubstantialamountofserverresourcesin

additiontothoseresourcessupportingtheserver'sfunctionality.

Otherwise,itcouldpotentiallyslowserverperformance.Also,

collectinglotsofinformationisonlyasgoodastheevaluationof

theauditlogs.Inotherwords,ifalotofinformationiscaptured

andasignificantamountofeffortisrequiredtoevaluatethose

auditlogs,thewholepurposeofauditingisnotaseffective.As

aresult,it'simportanttotakethetimetoproperlyplanhowthe

systemwillbeaudited.Thisallowstheadministratorto

determinewhatneedstobeaudited,andwhy,withoutcreating

anabundanceofoverhead.

Auditpoliciescantracksuccessfulorunsuccessfuleventactivity



inaWindowsServer2003environment.Thesepoliciescan

auditthesuccessandfailureofevents.Thetypesofeventsthat

canbemonitoredinclude

AccountlogoneventsEachtimeauserattemptstolog

on,thesuccessfulorunsuccessfuleventcanberecorded.

Failedlogonattemptscanincludelogonfailuresfor

unknownuseraccounts,timerestrictionviolations,expired

useraccounts,insufficientrightsfortheusertologon

locally,expiredaccountpasswords,andlocked-out

accounts.

AccountmanagementWhenanaccountischanged,an

eventcanbeloggedandlaterexamined.

DirectoryserviceaccessAnytimeauserattemptsto

accessanActiveDirectoryobjectthathasitsownsystem

accesscontrollist(SACL),theeventislogged.

LogoneventsLogonsoverthenetworkorbyservicesare

logged.

ObjectaccessTheobjectaccesspolicylogsaneventwhen

auserattemptstoaccessaresource(forexample,aprinter

orsharedfolder).

PolicychangeEachtimeanattempttochangeapolicy

(userrights,accountauditpolicies,trustpolicies)ismade,

theeventisrecorded.

PrivilegedusePrivilegeduseisasecuritysettingandcan

includeauseremployingauserright,changingthesystem

time,andmore.Successfulorunsuccessfulattemptscanbe

logged.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 22. Windows Server 2003 Management and Maintenance Practices

Tải bản đầy đủ ngay(0 tr)

×