2. Performing an OEM Windows SBS 2011 Installation
If you purchase a server
with the OEM version of Windows SBS 2011 preinstalled, the software is
already on the computer’s hard disk, but you must perform an abbreviated
version of the setup procedure. The OEM setup procedure omits the
generic operating system installation tasks, which the computer
manufacturer has already performed at the factory, leaving only the
tasks that require company-specific input to proceed.
When you turn on the computer
for the first time, the Install Windows Wizard displays the same first
three pages as a DVD installation (shown in steps 1 to 5 of the
procedure in the previous section). These pages enable you to change the
language, time, and currency format, and keyboard settings (if
necessary); start the installation; and accept the license terms. In an
OEM package, the manufacturer usually supplies the Windows SBS 2011
product keys on a Certificate of Authenticity sticker attached to the
computer. You might also find that you do not have to enter the product
key yourself because the manufacturer has entered it as part of the
factory setup.
Note:
If you purchase an OEM version
of Windows SBS 2011, the Certificate of Authenticity sticker on your
server should contain both the physical and virtual product keys.
After you have completed the initial pages, the setup procedure skips to the Continue
Installation page and resumes from there (starting at step 12). The
installation is identical to the DVD-based procedure from this point.
Tip:
REAL WORLD One additional thing to remember is that when you purchase Windows SBS 2011 in a bundle with a computer, you might not receive installation
DVDs. If this is the case, the media are on the computer’s hard disk.
One of the first things you should do after completing the setup
procedure is to create a set of installation DVDs in case you ever have
to reinstall the computer.
3. Understanding the Installation Process
When you install the standalone
Windows Server 2008 R2 product, you are left with what is essentially a
clean slate. The operating system includes a large collection of
services, packaged in groups called roles,
but the setup program does not install any of them by default. You must
add and configure them yourself. With Windows SBS 2011, the situation
is extremely different. The setup program not only installs the
operating system; it also adds and configures many of the supplied roles
to create a default server environment that requires relatively little
additional configuration.
Most of the configuration
tasks that the setup program performs are invisible to the user during
the installation process. However, it is a good idea for administrators
to know what the setup program has done so that they can work with the
various server components later. The following sections list the various
roles the setup program installs and describe how the program
configures them.
3.1. Active Directory Certificate Services
A digital certificate is an electronic document, issued by a trusted source called a certification authority (CA),
that verifies the identity of a user or computer. When you connect to a
secured website on the Internet, for example, your browser downloads a
certificate from a third-party CA that verifies that you really are
connecting to the correct site. The setup program for Windows SBS 2011
installs the Active Directory Certificate Services role, which enables
your server to function as a CA for your internal network.
In addition to installing the role, the setup program uses the new CA to issue two certificates to your server: a Domain Controller certificate and a Web
Server certificate. These two certificates, self-signed by your server,
enable clients on the network to establish secured connections to the
websites hosted by your server and to the authentication services provided by the AD DS role.
3.2. Active Directory Domain Services
One of the most important roles of your server running Windows SBS 2011 is that of an AD
DS domain controller. Among many other functions, the domain controller
maintains a central database of your user and computer accounts, which
is accessible to all the computers on the network. Without an AD DS
domain, you would have to create and maintain separate user accounts on
each of the network’s computers. With AD DS, your users log on to the
domain, not individual computers. The domain controller is responsible
for authenticating the users and granting them access to network
resources.
During the Windows SBS 2011 installation process,
the setup program adds the Active Directory Domain Services role on
your server and, using the internal domain name you specified on the
Personalize Your Server And Your Network page, promotes the server into a
domain controller. On a standalone computer running Windows Server 2008
R2, these are both tasks that you must perform manually. When the
installation is finished, you can begin creating AD DS user and computer
accounts immediately.
3.3. Application Server
The Application
Server role provides an integrated environment for deploying and
running server-based business applications developed by or for the
organization, including those requiring the services provided by
Internet Information Services (IIS), Microsoft .NET Framework 3.5.1, TCP
Port Sharing, and Windows Process Activation Service.
3.4. DHCP Server
The DHCP Server role enables your server to issue IP addresses and
other TCP/IP configuration settings to other computers on your network
automatically. The Windows SBS 2011 setup program always installs the
DHCP Server role, but it configures and activates the DHCP server only
if it can obtain the information that it needs from a router on the
network.
If the server does not detect a
router during the installation, it leaves the DHCP server unconfigured
and does not start the DHCP Server service. You must then start the
service manually and configure it using the DHCP Console.
3.5. DNS Server
The Domain Name System (DNS) stores information about domains and
computers, most particularly their names and IP addresses. The computers
on your network use the DNS server to resolve domain and host names
into the IP addresses they need to initiate TCP/IP communications with
other computers, locally and on the Internet.
In addition to this
basic connectivity function, DNS also plays a vital role in AD DS. As
the setup program promotes the server into a domain controller, it
installs the DNS Server role and creates a zone representing your
internal domain. In this zone, the program creates a variety of resource
records that enable clients on the network to locate not only the
server but also specific websites and AD DS services on that computer,
as shown in Figure 1.
For example, the zone for your domain contains a Host (A) resource record for the server name you specified during the installation,
with the IP address that the program configured the server to use. The
program also created an Alias (CNAME) record for the name Companyweb,
which points to the server’s Host (A) record. When a client uses a Web
browser to connect to the http://companyweb.yourdomain.local
address, the client uses the DNS server to resolve the Companyweb alias
and receives the server name in return. The client then resolves the
server name and receives the server’s IP address in return. The client
can now send a message to the specific website on the server.
3.6. File Services
The Windows SBS 2011 setup program installs the File
Services role, but does not add all the available role services. In
addition to the File Services role, which enables the computer to share
its files, and which all computers running Windows Server 2008 R2 run by
default, the program installs the File Server Resource Manager role
service. This role service, using the File Server Resource Manager
Console shown in Figure 2,
enables you to establish storage quotas for your users, which limit how
much server disk space they can consume; define file-screening
policies, which limit the types of files that users can store on the
server; and generate reports on storage consumption.
3.7. Network Policy and Access Services
When the setup program installs the Network Policy and Access Services role, it selects only the Network Policy Server and Routing and Remote Access Services (RRAS)
role services. Network Policy Server enables you to specify conditions
that clients must satisfy before the server allows them to establish a
connection.
Windows
SBS 2011 uses network policies to control server access through VPN
connections and the Remote Desktop Gateway. For the server to grant them
access, users must be members of the correct security groups and
connect with a specific authentication protocol.
The setup program installs the Routing and Remote Access role service, but only with its Remote
Access Service capabilities. The Routing option, which the program does
not install, is intended to enable a computer running Windows Server
2008 R2 to function as a router, connecting two networks and forwarding
traffic between them. Windows SBS 2011 is designed to support only one
network interface on its primary server, so the server configuration
omits the Router module.
The Remote Access Service
option enables you to configure your server to host incoming VPN
connections, which enables users at remote locations to connect to the
server through the Internet. Although the setup program installs the
role service required for this function, it does not configure it. You
must do this manually using the Routing and Remote Access Console, shown
in Figure 3.
3.8. Web Server (IIS)
Windows SBS 2011 uses web interfaces for a variety of its applications and services, so the Web
Server (IIS) role is a critical part of the product installation. The
setup program installs the role with many of its dozens of role
services, and also creates a large number of websites and applications,
as shown in Figure 4.
These websites include the default SharePoint Foundation site, the
SharePoint Central Administration site, the WSUS administration site,
and the Outlook Web Access site for Exchange Server.
3.9. Windows Server Update Services
The Windows Server Update
Services role enables the Windows SBS server to store operating system
and Microsoft application updates for approval by administrators and
deployment to client computers on the network. Using Group Policy
settings that the Windows SBS setup program creates, Windows SBS
configures all the computers on the network to obtain their updates from
WSUS, rather than from the Microsoft Update servers on the Internet.
Using the Update Services Console, shown in Figure 5, administrators can review the latest updates received from Microsoft, evaluate them, and approve them for release to clients.
