Planning the Windows Server 2016 Installation

Before you install Windows Server 2016, you must first ask yourself these important questions:
What type of server do I need? Will the server be a domain controller? What roles do I need to
install on this server?
Once you have figured out what you need the server to do, you can make a game plan for the
installation. So, let’s start by looking at some of the server roles and technologies that can be
installed on a Windows Server 2016 computer.
Server Roles in Windows Server 2016
When you install Windows Server 2016, you have to decide which roles and features are going
to be installed onto that server. This is an important decision in the computer world. Many
administrators not only overuse a server but also underutilize servers in their organization.
For example, many administrators refuse to put any other roles or features on a domain
controller. This may not be a good use of a server. Domain controllers help authenticate users
onto the network, but after that the domain controllers are really not very busy all day long.
Domain controllers have tasks that they must perform all day, but the server on which they
reside is not heavily used when compared to a SQL Server machine or an Exchange mail
server. This is where monitoring your server can be useful.
If your domain controller is a virtual machine or if you have more than enough servers, then
having a domain controller with no other applications on it (except DNS) may be fine. But if
servers are limited, then think about putting other services or applications on your server if the
server can handle them. Just remember, some applications work better on member servers than
on domain controllers. So before just adding any application to a domain controller, make sure
you research the application and find out best practices.
Now let’s take a look at some of the roles and features you can install onto a Windows Server
2016 machine. Knowing the different roles and features you can install will help you to design,
deploy, manage, and troubleshoot technologies in Windows Server 2016.
Figure 1.1
shows the
Add Roles and Features Wizard in Server Manager. It shows you just some of the roles that can
be installed on a Windows Server 2016 machine.
FIGURE 1.1
Available roles in Windows Server 2016
Roles and Features
Many of these roles were discussed in the section “Features and Advantages of Windows
Server 2016.” I include them here again because they are also
roles
that can also be
installed on Windows Server 2016.
The following roles are available in Windows Server 2016:
Active Directory Certificate Services
The AD CS server role in Windows Server 2016
allows you to build a PKI and provide public key cryptography, digital certificates, and digital
signature capabilities for your organization.
Feature
AD CS provides a customizable set of services that allows you to issue and
manage PKI certificates. These certificates can be used in software security systems that
employ public key technologies.
Role
AD CS in Windows Server 2016 is the server role that allows you to build a PKI and
provide public key cryptography, digital certificates, and digital signature capabilities for
your organization.
Active Directory Domain Services
The AD DS server role allows you to create a scalable,
secure, and manageable infrastructure for user and resource management and to provide
support for directory-enabled applications, such as Microsoft Exchange Server.
Active Directory Federation Services
Active Directory Federation Services (AD FS)
provides Internet-based clients with a secure identity access solution that works on both
Windows and non-Windows operating systems. AD FS gives users the ability to do a
single
sign-on (SSO)
and access applications on other networks without needing a secondary
password.
Active Directory Lightweight Directory Services
Active Directory Lightweight Directory
Services (AD LDS)
is a
Lightweight Directory Access Protocol (LDAP)
directory service that
provides flexible support for directory-enabled applications, without the dependencies and
domain-related restrictions of AD DS.
Active Directory Rights Management Services
Active Directory Rights Management
Services (AD RMS) in Windows Server 2016 is the server role that provides you with
management and development tools that work with industry security technologies including
encryption, certificates, and authentication to help organizations create reliable information
protection solutions.
Device Health Attestation
The Device Health Attestation helps protect your corporate
network by verifying that client systems meet corporate policy. For example, you can make
sure that all computers that connect to your network have their proper updates, antivirus, and
proper configuration policies before connecting to the network.
DHCP
Dynamic Host Configuration Protocol (DHCP)
is an Internet standard that allows
organizations to reduce the administrative overhead of configuring hosts on a TCP/IP-based
network. Some of the features are DHCP failover, policy-based assignment, and the ability to
use Windows PowerShell for DHCP Server.
DNS
Domain Name System (DNS)
services are used in TCP/IP networks. DNS will convert a
computer name or fully qualified domain name (FQDN) to an IP address. DNS also has the
ability to do a reverse lookup and convert an IP address to a computer name. DNS allows you
to locate computers and services through user-friendly names.
Fax Server
The fax server allows you to send and receive faxes, and it also allows you to
manage fax resources such as jobs, settings, reports, and fax devices on a specific computer or
on the network.
File and Storage Services
File and Storage Services
allows an administrator to set up and
manage one or more file servers. These servers can provide a central location on your network
where you can store files and then share those files with network users. If users require access
to the same files and applications or if centralized backup and file management are important
issues for your organization, administrators should set up network servers as a file server.
Host Guardian Service
The Host Guardian Service (HGS) allows you to have a more secure
environment for your network’s virtual machines. The HGS role provides the Attestation &
Key Protection services that enable Guarded Hosts to run Shielded virtual machines.
Hyper-V
The Hyper-V role allows administrators to create and manage a virtualized
environment by taking advantage of the technology built into the Windows Server 2016
operating system. When an administrator installs the Hyper-V role, all required virtualization
components are installed.
Some of the required components include the Windows hypervisor, Virtual Machine
Management Service, the virtualization WMI provider, the virtual machine bus (VMbus), the
virtualization service provider (VSP), and the virtual infrastructure driver (VID).
MultiPoint Services
MultiPoint Services allows multiple users, each with their own
independent and familiar Windows experience, to simultaneously share one computer.
Network Controller
The Network Controller provides the point of automation needed for
continual configuration, monitoring, and diagnostics of virtual networks, physical networks,
network services, network topology, address management, and so on within a datacenter.
Network Policy and Access Services
Use the
Network Policy and Access Services
server
role to install and configure
Network Policy Server (NPS)
, which helps safeguard the security
of your network.
Print and Document Services
Print and Document Services
allows an administrator to
centralize print server and network printer tasks. This role also allows you to receive scanned
documents from network scanners and route the documents to a shared network resource,
Windows SharePoint Services site, or email addresses. Print and Document Services also
provides fax servers with the ability to send and receive faxes while also giving the
administrator the ability to manage fax resources such as jobs, settings, reports, and fax
devices on the fax server.
Remote Access
Remote Access provides connectivity through DirectAccess, VPN, and Web
Application Proxies. DirectAccess provides an Always On and Always Managed experience.
Remote Access provides VPN access including site-to-site connectivity. Web Application
Proxies enable web-based applications from your corporate network to client devices outside
of the corporate network. Remote Access also includes routing capabilities, including Network
Address Translation (NAT).
Remote Desktop Services
Remote Desktop Services allows for faster desktop and
application deployments to any device, improving remote user effectiveness while helping to
keep critical data secure. Remote Desktop Services allows for both a
virtual desktop
infrastructure (VDI)
and session-based desktops, allowing users to connect from anywhere.
Volume Activation Services
Windows Server 2016
Volume Activation Services
will help
your organization benefit from using this service to deploy and manage volume licenses for a
medium to large number of computers.
Web Server (IIS)
The
Web Server (IIS)
role in Windows Server 2016 allows an administrator
to set up a secure, easy-to-manage, modular, and extensible platform for reliably hosting
websites, services, and applications.
Windows Deployment Services
Windows Deployment Services allows an administrator to
install a Windows operating system over the network. Administrators do not have to install
each operating system directly from a CD or DVD.
Windows Server Essentials Experience
Windows Server Essentials Experience allows an
administrator to set up the IT infrastructure, and it also provides powerful functions such as PC
backups to help protect your corporate data and Remote Web Access that allows access to
business information from anywhere in the world. Windows Server Essentials Experience also
allows you to easily connect to cloud-based applications and services.
Windows Server Update Services
Windows Server Update Services (WSUS)
allows
administrators to deploy application and operating system updates. By deploying WSUS,
administrators have the ability to manage updates that are released through Microsoft Update to
computers in their network. This feature is integrated with the operating system as a server role
on a Windows Server 2016 system.
Migrating Roles and Features to Windows Server 2016
Once you decide on which roles and features you are going to install onto your Windows
Server 2016 system, then you either have to install those roles and features from scratch or
migrate them from a previous version of Windows server.
Windows Server 2016 includes a set of migration tools that administrators can use to help ease
the process of migrating server roles, features, operating system settings, and data.
Administrators can migrate this data from an existing server that are running Windows Server
2008 R2, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 to a
computer that is running Windows Server 2016.
Using Windows Server Migration Tools to migrate roles, role services, and features can
simplify the deployment of new servers. You can migrate roles and features on any server,
including Server Core, installation option of Windows Server 2016, and virtual servers. By
using Windows Server Migration Tools, an administrator can reduce migration downtime,
increase the accuracy of the migration process, and help eliminate conflicts that could
otherwise occur during the migration process.
One advantage of using the migration tools is that most of them support cross-architecture
migrations (x86-based to x64-based computing platforms), migrations between physical and
virtual environments, and migrations between both the full and Server Core installation options
of the Windows Server operating system. In Windows Server 2016, Windows Server
Migration Tools also supports cross-subnet migrations.
To use Windows Server Migration Tools, the feature must be installed on both the source and
destination computers. Windows Server Migration Tools installation and preparation can be
divided into the following stages:
1
.
Installing Windows Server Migration Tools on destination servers that run Windows
Server 2016
2
.
Creating deployment folders on destination servers that run Windows Server 2016 for
copying to source servers
3
.
Copying deployment folders from destination servers to source servers
4
.
Registering Windows Server Migration Tools on source servers
If you plan to use Windows Server Migration Tools, you must be a member of the
Administrators group on both the source and destination servers to install, remove, or set up
the tools.
Administrators can install Windows Server Migration Tools 2016 by using either the Add
Roles Or Features Wizard in Server Manager or Windows PowerShell deployment cmdlets for
Server Manager.
To install Windows Server Migration Tools on a Server Core installation of Windows Server
2016, you would complete the following steps:
1
.
Open a Windows PowerShell session by typing
powershell.exe
in the current command
prompt session and then pressing Enter.
2
.
In the Windows PowerShell session, install Windows Server Migration Tools by using the
Windows PowerShell
Install-WindowsFeature
cmdlet for Server Manager. In the
Windows PowerShell session, type the following, and then press Enter. (Omit the
ComputerName
parameter if you are installing the Windows Server Migration Tools on the
local server.)
Install-WindowsFeature Migration –ComputerName computer_name
Deciding Which Windows Server 2016 Versions to Use
You may be wondering which version of Windows Server 2016 is best for your organization.
After all, Microsoft offers the following six versions of Windows Server 2016.
At the time this book was written, there were six versions of Windows Server
2016. But Microsoft is always improving and creating new versions of their products. Be
sure to check out Microsoft’s website for any other versions or changes.
Windows Server 2016 Datacenter
This version is designed for organizations that are looking
to migrate to a highly virtualized, private cloud environment. Windows Server 2016
Datacenter has full Windows Server functionality with unlimited virtual instances.
Windows Server 2016 Standard
This version is designed for organizations with physical or
minimally virtualized environments. Windows Server 2016 Standard has full Windows Server
functionality with two virtual instances.
Windows Server 2016 Essentials
This version is ideal for small businesses that have as many
as 25 users and 50 devices. Windows Server 2016 Essentials has a simpler interface and
preconfigured connectivity to cloud-based services but no virtualization rights.
Windows Hyper-V Server 2016
Microsoft Hyper-V Server 2016 has the exact same Hyper-V
role components as Windows Server 2016. Hyper-V 2016 Server is a stand-alone version that
has the Windows hypervisor, the Windows Server driver model, and the other virtualization
components only. Windows Hyper-V Server 2016 allows you to have a simple virtualization
solution which allows you to reduce costs.
Windows Storage Server 2016
Windows Storage Server 2016 is not openly available for
sale to the general public. Windows Storage Server 2016 is only available as an integrated
hardware offering or as an available field upgrade from your hardware manufacturer.
Windows Storage Server 2016 fully supports upgrades from previous versions.
Windows MultiPoint Premium 2016 Server
Windows MultiPoint Premium Server 2016 is a
Stand-Alone Windows product designed for environments that have multiple users
simultaneously sharing one computer. Windows MultiPoint Premium 2016 Server is the same
as a Windows Server 2016 with Multipoint Services Installed. MultiPoint Services allows
multiple users, each with their own independent and familiar Windows experience to
simultaneously share one computer.
Once you choose what roles are going on your server, you must then decide how you’re going
to install Windows Server 2016. There are two ways to install Windows Server 2016. You can
upgrade a Windows Server 2012 or Windows Server 2012 R2 machine to Windows Server
2016, or you can do a clean install of Windows Server 2016. If you decide that you are going
to upgrade, there are specific upgrade paths you must follow.
Your choice of Windows Server 2016 version is dictated by how your current network is
designed. If you are building a network from scratch, then it’s pretty straightforward. Just
choose the Windows Server 2016 version based on your server’s tasks. However, if you
already have a version of Windows Server 2012 installed, you should follow the
recommendations in
Table 1.1
, which briefly summarize the supported upgrade paths to
Windows Server 2016.
TABLE 1.1
Supported Windows Server 2016 upgrade path recommendations
Current System
Upgraded System
Windows Server 2012 Standard
Windows Server 2016 Standard or Datacenter
Windows Server 2012 Datacenter
Windows Server 2016 Datacenter
Windows Server 2012 R2 Standard
Windows Server 2016 Standard or Datacenter
Windows Server 2012 R2 Datacenter
Windows Server 2016 Datacenter
Windows Server 2012 R2 Essentials
Windows Server 2016 Essentials
Hyper-V Server 2012 R2
Hyper-V Server 2016
Windows Storage Server 2012 Standard
Windows Storage Server 2016 Standard
Windows Storage Server 2012 Workgroup
Windows Storage Server 2016 Workgroup
Windows Storage Server 2012 R2 Workgroup
Windows Storage Server 2016 Workgroup
If your version of Microsoft Windows Server is not 64-bit, you can’t upgrade
to Windows Server 2016.
Deciding on the Type of Installation
One of the final choices you must make before installing Windows Server 2016 is what type of
installation you want. There are three ways to install Windows Server 2016.
Windows Server 2016 (Desktop Experience)
This is the version with which most
administrators are familiar. This is the version that uses
Microsoft Management Console
(MMC)
windows, and it is the version that allows the use of a mouse to navigate through the
installation.
Windows Server 2016 Server Core
This is a bare-bones installation of Windows Server
2016. You can think of it this way: If Windows Server 2016 (Desktop Experience) is a
top-of-
the-line luxury car, then Windows Server 2016 Server Core is the stripped-down model with
no air-conditioning, manual windows, and cloth seats. It might not be pretty to look at, but it
gets the job done.
Windows Server 2016 Nano Server
Windows Server 2016 has introduced a brand new type
of server installation called Nano Server. Nano Server allows an administrator to remotely
administer the server operating system. It was primarily designed and optimized for private
clouds and datacenters. Nano Server is very similar to Server Core, but the Nano Server
operating system uses significantly smaller hard drive space, has no local logon capability, and
only supports 64-bit applications and tools.
Server Core
Here is an explanation of Server Core that I have used ever since it was introduced in
Windows Server 2008.
I am a
huge
sports fan. I love watching sports on TV, and I enjoy going to games. If you
have ever been to a hockey game, you know what a hockey goal looks like. Between
hockey periods, the stadium workers often bring out a huge piece of Plexiglas onto the ice.
There is a tiny square cut out of the bottom of the glass. The square is just a bit
bigger than
a hockey puck itself.
Now they pick some lucky fan out of the stands, give them a puck at center ice, and then
ask them to shoot the puck into the net with the Plexiglas in front of it. If they get it through
that tiny little square at the bottom of the Plexiglas, they win a car or some such great
prize.
Well, Windows Server 2016 (Desktop Experience) is like regular hockey with a net, and
Windows Server 2016 Server Core is the Plexiglas version.
Server Core supports a limited number of roles:
Active Directory Certificate Services (AD CS)
Active Directory Domain Services (AD DS)
Active Directory Federation Services (AD FS)
Active Directory Lightweight Directory Services (AD LDS)
Active Directory Rights Management Services (AD RMS)
DHCP Server
DNS Server
Fax Server
File and Storage Services
BITS Server
BranchCache
Hyper-V
Network Policy and Access Services
Print and Document Services
Remote Access