Windows Server 2008 Inside Out- P20

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

0
42
lượt xem
7
download

Windows Server 2008 Inside Out- P20

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'windows server 2008 inside out- p20', công nghệ thông tin, quản trị mạng phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Windows Server 2008 Inside Out- P20

  1. Printer Maintenance and Troubleshooting 917 Some people, meaning only some users can’t print and some can. If some people can’t print, the problem likely has to do with the permissions, application soft- ware, or the network. Perform the following actions: Check the network using a computer in the same subnet as the people having the problem. See if you can ping the printer’s IP address. At the command line, type ping PrinterIP, where PrinterIP is the IP address of the printer. If you can’t ping the printer’s IP address from any system on the subnet, a switch or routing between the user’s computer and the printer might be bad or disconnected. This happens a lot if local switches/hubs are under people’s desks. Check the printer permissions and the permissions on the spool folder to see if the groups of which the users are members have appropriate access. If the permissions are set incorrectly, the spooling won’t work. See “Configur- ing Print Spool, Logging, and Notification Settings” on page 889 and the Troubleshooting sidebar “Check permissions on the spool folder” on page 881. Check the print processor. Windows 95, Windows 98, and Windows Me Chapter 27 clients can print only if the print processor uses the RAW data type. See “Viewing the Print Processor and Default Data Type” on page 901. Check the application being used for printing. The application might be incorrectly configured or the default printer might not be what users think it is. Check the error message generated when printing. If the client gets an error stating it must install a print driver when connecting to a printer, this means the correct drivers are installed on the server but aren’t avail- able to the client. Additionally, Windows 95, Windows 98, and Windows Me clients do not automatically check for updated drivers and must be updated manually. See “Installing and Updating Print Drivers on Clients” on page 894. One person, meaning only one user can’t print. If only one person can’t print, the problem likely has to do with application software, the user’s computer, or per- missions. Start with the user’s computer and perform the following actions: Check the application being used for printing. The application might be incorrectly configured, or the default printer might not be what the user thinks it is. Check the user’s computer. The Print Spooler service must be running for the user to print. The computer must have sufficient temporary space to generate the initial spool file. The computer must have other essential services configured. The list goes on. Essentially, it is better if you restart the computer if you suspect the problem has to do with that computer specifically. Check to make sure the user’s computer can connect over the network to other resources. Try pinging the router or the printer in question.
  2. 918 Chapter 27 Managing and Maintaining Print Services Check the error message generated when printing. If the client gets an error stating it must install a print driver when connecting to a printer, this means the correct drivers are installed on the server but aren’t available to the client. See “Installing and Updating Print Drivers on Clients” on page 894. If the client gets an “Access Denied” error, this is a permissions issue. Check the printer permissions and the permissions on the spool folder to see if the user or groups of which the user is a member have appropriate access. If the permissions are set incorrectly, the spooling won’t work. See “Configuring Print Spool, Logging, and Notification Settings” on page 889 and the Troubleshooting sidebar “Check permissions on the spool folder” on page 881. Resolving Garbled or Incorrect Printing If the printer prints garbled or incorrect pages, this can be a sign that the printer is incorrectly configured. You should check the print driver and the print processor set- tings. You might want to reinstall the print driver as discussed in “Viewing and Con- figuring Print Drivers” on page 887. You might want to change the print processor data Chapter 27 type to RAW or EMF to see if this clears up the problem. See “Viewing the Print Proces- sor and Default Data Type” on page 901. To resolve this problem, check the following: Ensure that the complete document is transferred to the printer before printing starts by selecting the Start Printing After Last Page Is Spooled option. See “Con- figuring Print Spooling” on page 900. Try using the RAW data type or the EMF data type to see if this clears up the problem. See “Viewing the Print Processor and Default Data Type” on page 901. Try removing any separator page that is used, because this might be setting the printer page description language incorrectly. See “Configuring Separator Pages” on page 902. Try clearing the Enable Advanced Printing Features check box on the Advanced tab. This disables metafile spooling. Windows 95, Windows 98, and Windows Me clients use SMB connections and spool RAW-formatted files to the print server. See “Configuring Print Spooling” on page 900.
  3. CHAPTER 28 Deploying Terminal Services Using Terminal Services . . . . . . . . . . . . . . . . . . . . . . . . . 919 Using Terminal Services Manager . . . . . . . . . . . . . . . . . 975 Designing the Terminal Services Infrastructure . . . . . . 927 Managing Terminal Services from the Command Line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 978 Setting Up Terminal Services . . . . . . . . . . . . . . . . . . . . . 936 Other Useful Terminal Services Commands . . . . . . . . . 980 Using the Terminal Services Configuration Tool . . . . . . 957 Configuring Terminal Services Per-User Settings . . . . . 981 Configuring RemoteApps . . . . . . . . . . . . . . . . . . . . . . . . 966 T erminal Services lets users run Microsoft Windows–based applications on a remote server. When users run an application on a terminal server, the execution and pro- cessing take place on the server, and only the data from devices such as the display, keyboard, and mouse are transmitted over the network. A client logged on to a terminal server and running applications remotely is said to be using a virtual session. Although there may be dozens or hundreds of users simultaneously logged on to a terminal server, users see only their own virtual sessions. Using Terminal Services You can use Terminal Services to rapidly deploy and centrally manage Windows-based applications. One advantage of this method is that you can be sure that all users are running the same version of an application and that they can do so from any computer. Another advantage is that organizations with older computers running earlier ver- sions of Windows can get more mileage out of their computers by having users run applications on terminal servers instead of locally on their desktops. Terminal Services involves these key elements: Terminal Services clients Terminal Services servers Terminal Services licensing Terminal Services Clients Within the organization, the primary client used to establish connections to a terminal server is the Remote Desktop Connection (RDC) client. This client comes installed on the Microsoft Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008 operating systems and is available for installation on other versions of Windows as well. For details on the use and features of this client, see “Supporting Remote Desktop Connection Clients” on page 613. 919
  4. 920 Chapter 28 Deploying Terminal Services By sending only the data required for I/O devices to and from the server, Terminal Ser- vices significantly reduces the amount of data transferred between a client and a server. This reduces the amount of network bandwidth used, allowing Terminal Services to operate in low-bandwidth environments. In addition, users are able to optimize per- formance based on the speed of their connection. On a 28.8 Kbps modem, a user has only the essential features to ensure the best overall performance possible. As a user goes from a 28.8 Kbps modem connection to a LAN connection at 10 Mbps or higher, Windows features are automatically added to enhance the user experience. Admin- istrators can also configure Terminal Services to restrict the additional features. For example, if hundreds of users are using a terminal server, you might need to restrict enhancements to ensure the overall performance of the server. If you don’t do this and the terminal server is overworked, it might fail. For access to remote applications from the Internet or the enterprise intranet, Microsoft provides several new options for Windows Server 2008: Terminal Services Remote Application (RemoteApp) is a program that a user accesses remotely through Terminal Services and appears as if it is running on the user’s local computer. Thus, instead of being presented to the user on the desktop of the remote terminal server, a RemoteApp runs in its own resiz- able window and has its own entry o n the taskbar. Although each RemoteApp appears to be separate on the desktop, multiple RemoteApps running on the same desktop share the same Terminal Services session. Terminal Services Gateway (TS Gateway) enables authorized users to connect to network resources from any Internet-connected device that can run the Remote Desktop Connection client. TS Gateway uses the Remote Desktop Protocol (RDP) Chapter 28 over HTTPS to establish secure, encrypted connections between remote users and network resources. Network resources available through TS gateways include terminal servers as well as computers with Remote Desktop enabled. Because TS gateways operate over HTTPS, they can be used to easily traverse fi rewalls and NATs. TS Web Access, which provides access to terminal servers through a Web browser. The default TS Web Access Web page includes a customizable frame and Web part. This page provides clickable links to the available programs des- ignated as Remote Applications (RemoteApps). When you install TS Web Access, Windows installs Internet Information Services (IIS) 7.0 as well and uses IIS 7.0 to provide access to your RemoteApps. These options allow you to deploy Terminal Services in many additional ways and to improve the overall experience for end users. However, TS Gateway and TS Web Access can greatly increase the overall complexity of a Terminal Services implementation. Because of these additional complexities, you might want to consider having separate Terminal Services installations, as follows: One or more installations that’ll be used internally only with standard options, such as the RDC client and RemoteApps. For ease of reference throughout this
  5. Using Terminal Services 921 chapter, I will refer to servers with this type of installation as standard terminal servers when I need to differentiate between the two types of installations. One or more installations that’ll be used for Internet-based or intranet-based access with TS Gateway and TS Web Access. For ease of reference throughout this chapter, I will refer to servers with this type of installation as Web access or gateway terminal servers when I need to differentiate between the two types of installations. In this way, you ensure that there are separate environments with separate require- ments and separate procedures. Terminal Services Servers It’s very easy to set up a standard terminal server. What isn’t so easy is getting the infrastructure right before you do so and maintaining the installation after it’s in place. Before you install Terminal Services, it is essential to plan the environment and to deploy Terminal Services before you install applications on the terminal server. After you deploy Terminal Services, you will configure the environment, install applications, and make those applications available to remote users. The features for the Remote Desktop Connection client were discussed in “Supporting Remote Desktop Connection Clients” on page 613. For Windows Server 2008, there are many standard features and enhancements as well. The administration tools for Termi- nal Services include the following: Terminal Services Manager Terminal Services Manager, shown in the following screen, is the primary tool for managing terminal servers and client connections. Chapter 28 Unlike previous versions, the current version doesn’t automatically enumerate all the terminal servers that are available. Instead, it gives direct access to a local server if it is running Terminal Services and allows you to selectively enumer- ate servers and add servers to a list of favorites for easier management. In a large installation with many terminal servers, this makes Terminal Services Manager more responsive. Note It is important to note that certain features of Terminal Services Manager work only when you run the tool from a client. For example, if you run Terminal Services Manager on a terminal server, you won’t be able to use the Remote Control and Connect features.
  6. 922 Chapter 28 Deploying Terminal Services TS Licensing Manager TS Licensing Manager, shown in the following screen, is used to install licenses and activate a Terminal Services license server. The enhanced interface makes it easier to install licenses and to activate or deactivate license servers. Terminal Services Configuration Terminal Services Configuration, shown in the following screen, is used to manage terminal server connections as well as global and default server settings. Terminal server connections and the Remote Desktop Chapter 28 Protocol (RDP) are what allow users to establish remote connections to a terminal server. Server settings also enable you to easily set terminal server policy. A key policy is the single session policy, which, when activated, limits a user to a single session, whether the session is active or not. TS RemoteApp Manager TS RemoteApp Manager, shown in the following screen, configures RemoteApps as well as deployment settings that apply to RemoteApps. After you’ve configure a terminal server, you can copy the list of RemoteApp
  7. Using Terminal Services 923 programs and deployment settings from that server to another using export and import tasks. TS Gateway Manager TS Gateway Manager, shown in the following screen, is used to configure authorization policies that control access to network resources according to group membership. You use Terminal Services connection authori- zation policies (TS CAPs) to specify who can connect to a TS Gateway server, and Terminal Services resource authorization policies (TS RAPs) to specify the inter- nal network resources to which users can connect through a TS Gateway server. Chapter 28 TS Web Access Administration TS Web Access Administration, shown in the following screen, provides access to the IIS server hosting the Web applications required for Web access to Terminal Services, including a primary TS application and two RPC proxy applications. Similar to what a user sees, you can view the list of available RemoteApp programs or connect to remote desktops to which you have access.
  8. 924 Chapter 28 Deploying Terminal Services You can access the Terminal Services administration tools on the Administrative Tools\ Terminal Services menu. To access a tool, click Start, All Programs, Administrative Tools, Terminal Services, and then select the desired tool, such as Terminal Services Manager. Terminal Services has important changes for security as well. For internal access, you have the option of adding users and groups to the Remote Desktop Users group. This is a standard group for which you can configure membership in Active Directory Users And Computers. By adding the Domain Users group to the Remote Desktop Users group, you allow all authenticated users to use Terminal Services. If instead you were to add the special group Everyone, anyone with access to the network could use Terminal Services. Chapter 28 For Internet-based or intranet-based access, you can specify TS Gateway user groups that can access Terminal Services using RDP over HTTPS. No standard groups are created for you, so you should consider what groups you might need as part of your deployment plans and then create these groups in Active Directory Users And Comput- ers. For example, you might want to create a group called External TS Users. To grant Internet-based or intranet-based access, you would then add specific groups or users as members of this group. To enhance security you typically would not want to make the Domain Users or Everyone groups members of your special external access group or groups. Terminal Services supports 128-bit encryption as well as encryption compliant with the Federal Information Processing Standard (FIPS). Using 128-bit encryption ensures a high level of encryption, which provides powerful protection of the data sent between a Terminal Services client and a server. FIPS encryption is added to provide compliance with FIPS 140-1 and FIPS 140-2, which are standards for Security Requirements for Cryptographic Modules, a necessity for some organizations. Terminal Services printing has been enhanced in Windows Server 2008 with the addi- tion of the Terminal Services Easy Print driver and a Group Policy setting that enables you to redirect only the default client printer. The Terminal Services Easy Print driver allows users to reliably print from a RemoteApp program or from a terminal server desktop session to the correct printer configured for use on their client computers. It
  9. Using Terminal Services 925 also enables users to have a much more consistent printing experience between local and remote sessions. The Redirect Only The Default Client Printer setting in Group Policy allows you to specify whether the default client printer is the only printer that is redirected in Termi- nal Services sessions, which helps to limit the number of printers that the spooler must enumerate, therefore improving terminal server scalability. Note To use the Terminal Services Easy Print driver, clients must be running Remote Desktop Connection (RDC) client version 6.1 or later and have Microsoft .NET Framework 3.0 Service Pack 1 (SP1) installed. Note also that the terminal server fallback printer driver is not included with Windows Server 2008. Although the Specify Terminal Server Fallback Printer Driver Behavior setting still exists in Group Policy, it cannot be used with terminal servers running Windows Server 2008. Terminal Services Licensing A Terminal Services license server is required to set up Terminal Services (see Figure 28-1). The license server, responsible for issuing licenses and tracking their usage, maintains a pool of all available licenses. The assigned licenses are also tracked so that they can be validated. Terminal Services requires that you get official licenses from Chapter 28 Microsoft and activate them through the Microsoft Clearinghouse. Microsoft Terminal Services Terminal server Clearinghouse license server License Terminal pool Services License Session License pack activation Client Figure 28-1 Terminal Services implementation with a license server.
  10. 926 Chapter 28 Deploying Terminal Services The fi rst time a client connects to a terminal server, the terminal server checks for a license. If the client has a license, the terminal server validates it and allows the cli- ent to connect. If the client doesn’t have a license, the terminal server locates a license server (using a network broadcast in workgroups or through Active Directory in domains) and requests a new license. If that license server doesn’t have a license to offer, the client is not allowed to connect. Note For the first 120 days after deployment, clients can be granted a temporary license if an activated license server is not available. After this grace period, Terminal Services will stop serving unlicensed clients. Provided that the server has a license, it will give the license to the terminal server, which in turn issues it to the client. Client access licenses provided by Terminal Ser- vices are issued per device or per user, so the way licensing works depends on the licensing configuration—which can be mixed and matched as necessary. With per- device licensing, the license is valid only for a particular computer and will be validated in the future to the globally unique identifier (GUID) of the machine on which the cli- ent is running. With per-user licensing, the license is valid only for that user and will be validated in the future to the GUID of the user’s account. Chapter 28 Note Terminal Services client access licenses are issued per device or per user only. They are not available in per-server mode because Windows sessions are not allowed in per-server mode. An issued license is valid for a period of 52 to 89 days; the interval is assigned ran- domly. When the client later disconnects or logs off the terminal server, the license is not returned to the pool. The expiration date serves to return unused licenses to the license pool. Each time a client connects to a terminal server, the expiration date of its license is checked. If the current date is within seven days of the expiration date, the license server renews the license for another 52 to 89 days. If a client doesn’t log back on to the terminal server before its license expires, the license is returned to the license pool, which makes it available to other clients. TS Licensing for Windows Server 2008 now includes the ability to track the issuance of TS Per User CALs in TS Licensing Manager. If the terminal server is in Per User licens- ing mode, the user connecting to it must have a TS Per User CAL. If the user does not have the required TS Per User CAL, the terminal server will contact the license server to get the CAL for the user. After the license server issues a TS Per User CAL to the user, you can track the issuance of the CAL in TS Licensing Manager.
  11. Designing the Terminal Services Infrastructure 927 You can reassign a client access license from one device to another device or from one user to another user. However, there are some limitations. The license must be either permanently reassigned away from its existing owner (device or user), or it must be temporarily reassigned to a loaner device while a permanent device is out of service, or to a temporary worker while a regular employee is absent. SIDE OUT Terminal Services licensing changes Anyone who wants to use Terminal Services must have a client access license. This remains true whether a user connects to the terminal server using Remote Desktop Protocol (RDP), RDP over HTTPS, or another vendor’s protocol. You can purchase client access licenses using the licensing programs discussed in “Selecting a Software Licensing Program” on page 63. This means that small companies can purchase licenses in packs of 5, 20, or more, while bigger companies can purchase licenses under programs such as the Microsoft Open License. When you purchase licenses in packs, you’ll receive a product activation code that can be used one time to activate the number of licenses purchased. When you use Open License or other programs, you purchase a set number of licenses. With Open License, you are then issued an Open License Authorization and a set of license numbers that you can use to activate licenses. Under Select and Enterprise licensing agreements, you provide your Enrollment Agreement Number to activate licenses. In the past, the requirement for a Terminal Services client access license was waived if the device accessing the terminal server was running the same or later version of an equiva- lent desktop operating system. For example, a client running Windows XP Professional Chapter 28 could access a Windows 2000 terminal server without needing a Terminal Services client access license. With the release of Windows Server 2003 and Windows Server 2008, all clients are required to have a Terminal Services client access license. Designing the Terminal Services Infrastructure Terminal Services can be deployed in single-server and multi-server environments. The first thing to plan is Terminal Services capacity. Capacity planning can help you deter- mine the actual number of users that a specific Terminal Services configuration can support. Capacity Planning for Terminal Services It is important to note that Windows Server 2008 has significant scalability advan- tages over its predecessors. Primarily this is because the Windows Server 2008 kernel provides better use of the 32-bit virtual address space. Because a terminal server must allocate virtual resources for all users who are logged on, whether they are active or in a disconnected state, the improved memory handling in Windows Server 2008 gives it significant advantages over Windows 2000 Server and some advantage over Windows
  12. 928 Chapter 28 Deploying Terminal Services Server 2003. In addition, Windows Server 2008 is more effective at using faster proces- sors and system buses. This again gives Windows Server 2008 significant advantages over Windows 2000 Server and some advantage over Windows Server 2003. Because remote serving of applications is both processor-intensive and memory- intensive, the most significant limits on the number of users a server can support are imposed by a server’s processing power and available RAM. Network bandwidth and disk performance can also be factors, but typically, a server’s capacity to handle requests will be exhausted well before the network bandwidth and disk drive subsys- tems have reached maximum utilization. Planning should start by looking at not only the number of users you need to support but also the following factors: The type of users you need to support The applications users will be running The way users work These latter characteristics play a significant role in the actual usage of a server. Users can be divided into three general types as follows: Data entry worker Data entry workers provide data input. They typically perform data entry, transcription, order entry, or clerical work. Data entry workers typi- cally have low impact on a server on a per-user basis. This means a server used primarily by data entry workers could scale to a larger number of users than a server used by other types of workers. Knowledge worker Knowledge workers perform day-to-day tasks using business Chapter 28 applications. Rather than providing strictly data input, knowledge workers create documents, spreadsheets, presentations, and reports. Knowledge workers typi- cally have moderate impact on a server on a per-user basis. This means a server being used primarily by knowledge workers would not scale as well as a server being used by data entry workers. Productivity worker Productivity workers are the high-performance workers in the business environment. Their daily tasks include specialized applications for graphic design, CAD, 3D animation, and applications that perform complex cal- culations or require a high amount of processing. Productivity workers typically have high impact on a server on a per-user basis. This means a server being used primarily by productivity workers would scale to a lower number of users than a server used by the other types of workers. The impact of these types of users can best be illustrated graphically. Consider the sce- nario in Figure 28-2. The chart shows the number of different types of users that can be supported on three different server configurations. Server A is a four-processor system with high-end processors and 4 GB RAM. Server B is a two-processor system with high-end processors and 4 GB RAM. Server C is a one-processor system with a high-end processor and 4 GB RAM.
  13. Designing the Terminal Services Infrastructure 929 600 A 500 B 400 Number of Users 300 A C B 200 A C B 100 C 0 Data Entry Worker Knowledge Worker Productivity Worker Chapter 28 Figure 28-2 Terminal Services capacity example. As you can see from the example, each server can handle a large number of data entry workers relative to other types of workers. Because CPU power and RAM are so impor- tant, the servers are given fast processors and a lot of RAM. These results are based on using Intel Xeon processors operating at 3.2 gigahertz (GHz) and using a 2 megabyte (MB) L2 cache with an 800 megahertz (MHz) front side bus. Although the example takes into account the types of users and the types of applica- tions being used, it doesn’t take into account the way users work. The way users work can also have a significant impact on Terminal Services. You should also consider these factors: Users’ typing speed Users’ work habits Experience settings on the client Believe it or not, typing speed can affect performance. Many users who type very quickly will make more updates and require more processing than a group of users who type slowly. You don’t want to tell users to type more slowly, but you do want to take their typing skills into account.
  14. 930 Chapter 28 Deploying Terminal Services Users with poor work habits can have a significant impact on performance. Consider the case of a user who exits applications rather than switching among them: The user starts Microsoft Outlook to check his mail, exits Outlook, starts Microsoft Word to type a document, exits Word, starts Outlook again to check his e-mail, exits Outlook, and so on—and does this all day long. Starting and exiting applications requires more process- ing and resources than simply switching among applications as you use them. The experience settings on the client can have a significant impact on performance as well. If users have optimized their experience settings for LAN connections of 10 Mbps or higher, they will have desktop backgrounds, themes, menu and window animation, and other extras that require a lot more processing on the server. The only experience setting that actually improves performance is bitmap caching, which ensures that cach- ing is used as much as possible to reduce the amount of data that has to be passed to the client. Client display settings also affect server performance. The default display set- ting is for High Color (16 bit). An additional option is available for True Color (24 bit). As 24-bit color requires a lot more processing than 16-bit color, this setting should only be used only by those who need high-end color resolution, such as graphic designers. Having covered factors that can affect performance, let’s take a closer look at how to plan for capacity. Start by determining the average number of Terminal Services users. Remember that both active users and those with inactive or disconnected sessions use system resources. Then consider the types and average numbers of applications users will be running. Run those applications and use the techniques discussed in Chapter 11, “Performance Monitoring and Tuning,” and Chapter 12, “Comprehensive Perfor- mance Analysis and Logging,” to determine how much physical and virtual memory each application uses on average. This should give you a good baseline for capacity planning. Chapter 28 If a server will have 100 users, who each run four applications on average, and those applications collectively use 10 MB of physical memory and 24 MB of virtual memory on average, you know the system will need a minimum of 1 gigabyte (GB) of RAM for good performance. That’s the baseline. You typically want to have 50 percent capacity above the baseline usage to ensure that the server can handle peak usage loads and can support additional users if necessary. Therefore, in this scenario you’d want to have a minimum of 1.5 GB of RAM above what the operating system and configured roles, role services, and features require. Processing power is as important as RAM. A server’s processors need to be able to keep up with the processing workload. As you scale up, you need to be able to add proces- sors to handle the additional processing load of additional users. If you are monitoring server performance, pay particular attention to the Copy Read Hits % performance counter of the Cache performance object. This counter tracks the percentage of cache copy read requests that did not require a disk read to provide access to the page in cache. For best performance, you want this counter to be at 95 percent or above (opti- mally at 99 percent). If the counter is below 95 percent, the server is reading from the page file on disk frequently and this can affect performance. You can resolve this prob- lem by adding RAM to the system.
  15. Designing the Terminal Services Infrastructure 931 Also consider network bandwidth and disk configuration in capacity planning. A network running at 100 megabits per second (Mbps) can handle hundreds of Termi- nal Services users. A network running at 1,000 Mbps (Gigabit Ethernet) can handle thousands of Terminal Services users. Consider existing traffic on the network before Terminal Services is deployed as a limiting factor. For capacity planning, you can test the average amount of bandwidth a client uses when working with a terminal server by monitoring the Bytes Total/Sec counter of the Network Interface performance object. If a client uses 1,250 bytes per second on average, this is 10,000 bits per second. In theory, a network running at 100 Mbps could handle 10,000 of these clients. Reduce this by 50 percent to shift from the theoretical to what is probably possible, and then subtract current bandwidth usage to come up with a working number. Disk subsystem performance can also have a substantial impact on overall perfor- mance, especially on a server that makes moderate to heavy use of the paging file. Because the number and frequency of standard read/write operations for files affects the design of the disk subsystem, these operations will also affect overall performance. Ideally, the disk subsystem on a terminal server will be configured with hardware RAID and multiple RAID controllers rather than software RAID. When multiple SCSI/RAID controllers are used, disks should be configured to distribute the load. When you install applications that will be used with Terminal Services, you can help spread the load by installing and configuring applications to use different disk sets on different SCSI/RAID controllers. Planning Organizational Structure for Terminal Services When you are deploying Terminal Services, your planning should include deciding where in the organizational structure your terminal servers should be located. As dis- Chapter 28 cussed in Chapter 19, “Using Remote Desktop for Administration,” servers running in Terminal Server mode should be clearly separated from servers running in Remote Desktop for Administration mode. This ensures that administrators and support per- sonnel can use Remote Desktop for Administration throughout the organization and that selected users can make use of terminal servers. The best way to achieve separation of these services is to deploy terminal servers in a separate organizational unit (OU), which I will call the Terminal Services OU. You can then implement policies and restrictions for Terminal Services separately from those for the rest of the organization. To start, you should place the computer accounts for your terminal servers in the Terminal Services OU. When you do this, you can apply system- wide restrictions to terminal servers and enforce these restrictions using a computer- based policy. These restrictions then replace or are added to the restrictions a Terminal Services user usually has when logging on to the domain. If you need to provide additional restrictions for Terminal Services users, you can do so on a per-user basis by placing the user account in the Terminal Services OU and defin- ing user-based policy restrictions. In this way, the restrictions are enforced wherever the user logs on to the domain.
  16. 932 Chapter 28 Deploying Terminal Services Deploying TS Gateway and TS Web Access requires considerable additional planning. To ensure secure connectivity, you’ll need: A terminal server An IIS server A Network Policy Server A Routing and Remote Access server Although one physical server could act as all these servers in a small installation, the configuration required to make it all work is fairly extensive. You must: Create an authentication certificate for the server using either a certificate author- ity or a self-signed certificate Define authorization policies that control connections and resource access on ter- minal servers Configure network policy and access services that control connections from remote locations Configure IIS to provide the necessary Web hosting services for Terminal Services Not only must you develop plans to configure these servers, but you must also develop maintenance plans that include regular monitoring and periodic optimization of the environment. Chapter 28 Deploying Single-Server Environments Deploying Terminal Services in a single-server environment is much easier than deploying Terminal Services in a multi-server environment. In a single-server deploy- ment, a group of clients always connects to the same server, so that although your organization might have three terminal servers, Group A always uses Server 1, Group B always uses Server 2, and Group C always uses Server 3, as shown in Figure 28-3. A single-server configuration is the easiest to set up, as you need to perform only the following steps: 1. Install the operating system on your designated server and configure the server so it is optimized as appropriate for its intended use. 2. Install the required Terminal Services roles using the Add Roles Wizard to make Terminal Services available to clients. 3. Install applications to be used by clients using the Install Application On Terminal Server tool under Programs in Control Panel, which ensures that the applications are set up using Install mode for Terminal Services rather than Execute mode. 4. Install a Terminal Services license server and configure licenses for use.
  17. Designing the Terminal Services Infrastructure 933 5. Install terminal clients and configure them to use the Remote Desktop Connection client or RDC over HTTP. Alternately, configure applications to run as RemoteApps. Steps 2 through 4 are discussed in detail in this chapter. Chapter 19 discussed Remote Desktop Connection client setup and support. Terminal Server 1 Terminal Server 2 Terminal Server 3 Terminal Terminal Terminal Services Services Services Sessions Sessions Sessions Client 1 Client 1 Client 1 Client 2 Client 2 Client 2 Client 3 Client 3 Client 3 ... ... ... Chapter 28 Client N Client N Client N Client Group A Client Group B Client Group C Figure 28-3 Terminal Services in a single-server environment. Deploying Multi-Server Environments Deploying Terminal Services in a multi-server environment requires a lot of planning and an advanced setup. In a multi-server environment, you use load balancing to create a farm of terminal servers whose incoming connections are distributed across mul- tiple servers. Clients see the load-balanced terminal server farm as a single server. The farm has a single virtual IP address, and client requests are directed to this virtual IP address, allowing for seamless use of multiple servers. Multi-server Terminal Services environments can be implemented using load balanc- ing. A variety of techniques is possible, including using TS Session Broker Load Bal- ancing with DNS round robin, TS Session Broker Load Balancing with routing tokens,
  18. 934 Chapter 28 Deploying Terminal Services Microsoft Network Load Balancing, and hardware load balancers. A client that connects to a load-balanced terminal server is said to be in a virtual session. If that session is dis- connected, processing continues in a disconnected state and the client can be config- ured to automatically try to reconnect the session. In a load-balanced farm, you always want a client to connect to the server it was originally working with. This enables users to continue where they left off without loss of data and without having to restart their applications, open documents, and so on. For multi-server Terminal Services environments, session information is managed using a TS Session Broker server (see Figure 28-4). A TS Session Broker server is a server that uses the Terminal Services Session Broker (TS Session Broker) role service to maintain a TS Session Broker database, which contains a record for each session. The record includes the user name under which the session was established, the session ID, and the server to which the session is connected in the load-balanced farm. TS Session Broker servers are a new feature for Windows Server 2008. Whenever a client tries to establish a Terminal Services connection and the user is authenticated, the session database is queried to see if a session record for that user exists. In this way, a user who was disconnected from a session can reconnect to the original session on the correct server. Without session management, the user might be connected to a different server and have to start a new session. The TS Session Broker server can be a separate server running the TS Session Broker service as shown in Figure 28-4, or it can be one of the servers in the load-balanced farm running the TS Session Broker service. The advantage to using a separate server is that the overhead of maintaining sessions doesn’t eat up resources that would other- wise be available to provide network resources to users. Chapter 28 To use a TS Session Broker, all servers in the farm must be running Windows Server 2008 Enterprise or Windows Server 2008 Datacenter. A multi-server environment is more complex to set up than a single-server environment. To configure Terminal Ser- vices in a multi-server environment, you must follow these steps: 1. Install the operating system on your designated server and configure the server so it is optimized as appropriate for its intended use. 2. Install the required Terminal Services roles using the Add Roles Wizard to make Terminal Services available to clients. 3. Install applications to be used by clients using the Install Application On Terminal Server tool under Programs in Control Panel, which ensures that the applications are set up using Install mode for Terminal Services rather than Execute mode. 4. Install and configure the TS Session Broker role service on a separate TS Session Broker server or on one of the member servers in the load-balanced farm. This installs and starts the Terminal Services Session Broker service and creates a local Session Directory Computers group.
  19. Designing the Terminal Services Infrastructure 935 TS Session Broker server Terminal Server 1 Sessions Terminal Server 2 Session Terminal Server Server 3 farm address Client 1 Client 2 Client 3 ... Client N Chapter 28 Figure 28-4 A multi-server Terminal Services deployment. 5. Add each terminal server in the farm to the local Session Directory Computers group on the TS Session Broker server. 6. Configure a terminal server to join a farm in TS Session Broker and to participate in TS Session Broker Load Balancing (or your desired load balancing technique). 7. Install a Terminal Services license server and configure licenses for use. 8. Install terminal clients and configure them to use the Remote Desktop Connection client or RDC over HTTP. Alternatively, configure applications to run as RemoteApps. Steps 2 through 7 are discussed in detail in this chapter. Chapter 39, “Preparing and Deploying Server Clusters,” discussed Microsoft Network Load Balancing setup and support. Chapter 19 discussed Remote Desktop Connection client setup and support.
  20. 936 Chapter 28 Deploying Terminal Services Setting Up Terminal Services The tasks required to set up Terminal Services in single-server and multi-server envi- ronments are discussed in the sections that follow. As you read these sections, remem- ber that if you want to use a multi-server environment with the TS Session Broker service, all the servers involved must be running Windows Server 2008 Enterprise or later. Installing a Terminal Server You can install a terminal server by following these steps: 1. In Server Manager, select the Roles node in the left pane and then click Add Roles. This starts the Add Roles Wizard. If the wizard displays the Before You Begin page, read the welcome text and then click Next. 2. On the Select Server Roles page, select the Terminal Services check box and then click Next. Read the introductory page and then click Next again. 3. On the Select Role Services page, select the check box for one or more role services to install, as shown in Figure 28-5. Chapter 28 Figure 28-5 Select the appropriate role services for the terminal server. 4. Click Next to display the Uninstall And Reinstall Applications For Compatibility page. This page tells you the basic rules for using applications with Terminal
Đồng bộ tài khoản