WINDOWS

SERVER 2008/2012
AGENDA :
 AD Overview
 OS Patching
 User Account Management
 Backup
 Troubleshooting – Event Viewer , IIS Logs , Site Core Logs
 Application Pool
 IIS Configuration
 Websites , Bindings , SSL
 Windows Services
 AD Overview
The AD DS database stores information on user identity , computers ,
groups , services and resources . AD DS domain controllers also host the
service that authenticates user and computer accounts when they log on to
the domain . Because AD DS stores information about all of the objects in
the domain , and all users and computers must connect to AD DS domain
controllers when signing into the network , AD DS is the primary means by
which you can configure and manage user and computer accounts on your
network .

In Our IMPELLAM Azure Environment , ARM-SCprdDFS-P1 is the

PROD AD Server and ARM-SCdrDFS-P1 is the DR AD Server .
 AD DS is composed of both physical and logical components . You need
to understand the way the components of AD DS work together so that
you can manage your network efficiently and control what resources your
users can access .

 Physical Components include Data Store , Domain Controllers , Global

Catalog Server and RODC .

 Logical Components include Partitions , Schema , Domains , Domain

Trees , Forests , Sites and OU’s .

 OU - An organizational unit (OU) is a container object within a domain that

you can use to consolidate users , groups , computers and other objects .
 OS Patching

 Patching a server is fundamentally different from patching a workstation , both in

terms of the scope of the patches and the process involved . You can usually take
workstations out of commission and rebuild them from a pre-patched image , if it
comes to that . But with servers , there is usually no such luxury . The amount of
downtime you can afford with any server is likely to be minimal , even if you're
dealing with a server that has backup (as , for instance , with an active/passive
cluster).
 One of the toughest jobs that we have to deal with is figuring out the priority of 
patches for servers . We not only have to deal with the server , but also with the
applications running on it , the middleware between applications and a host of
other things .
 In Our IMPELLAM Azure Environment , we follow below mentioned procedure
step by step in order to install Patches on our Windows Servers :
 Open control panel and then click on windows update .
 Then click on check for updates to install new patches on windows server .
 Afterclicking on check for updates , windows will directly start to check new
updates and patches from Microsoft .

 If the system is up to date then there is no need to install any more patches .

 But if windows server comes out with some patches/updates from Microsoft ,
then we will review all of them and then download and install them on the server
accordingly .

 Then we will review all the installed updates again and after that we will verify
that the server is behaving properly after getting updates from Microsoft as the
final confirmation .
 User Account Management
 In our environment , whenever a new user comes/joins our project
team then we manage and create his/her AD account through our
PROD AD Server ( ARM-SCprdDFS-P1 ) & whenever somebody
leave the project or organization then we disable and delete his/her
account through same PROD AD Server .
 Steps :
 Open the server manager and click on tools tab and then click Active Directory
Users and Computers .
 Here in the next slide , we will see our domain , then expand it .
 Right click on users then go to new and then click on user .
 Now fill all the details( i.e first name , last name , users logon name )
 Then click next .
 Now type the password and the retype and tick on any option below as you want .
 Click on next button .
 Now click on finish button .
 New user has been created .
 Backup

In our environment , we take following kind of backups :

First of all , we take Folder level backup through IPERIUS software on

the CD , CM and Mongo servers on daily basis which includes the
folders suggested by our client for the below shown servers .
 Here
, we have already saved the source location and destination location in the
IPERIUS software on all the servers . We just have to run the backup job
manually and below find the screenshots for the same backup process .
 Then , we take another folder level backup which is C & System State backup on
weekly basis for all the 18 servers through Windows Server Backup Feature .

 Components which are backed up by System State :

System Registry , Boot Files , COM + Database , Certificate Services , Active
Directory , SYSVOL and IIS metadata . Some of these items are only included if
the specified service is installed . (AD, IIS, certificates)

Complete process is shown through screenshots in the coming slides .

 Then, we move onto another type of backup which is AD Backup and
we take AD backup through the command line .
 Active directory is a directory service that Microsoft developed for
windows domain . A server running Active directory domain services
is called domain . It contains all necessary data of directory of an
organization unit . So we need to back up the data of AD server at very
safe and secure place .
 Please
find the screenshots for the same backup process in the
upcoming slides .
 Then, we come to SQL backup which is done through an automated job script
on daily basis on all SQL servers .

 Once the SQL backup job gets completed then we move those backup files for
all the databases to the network shared drive .
 Further, Mongo Backups also run through automated job script on Mongo
Servers .

 And Once the Mongo Backup file gets generated then we move those Mongo
Backup files to the network shared drive .
 Troubleshooting – IIS Logs , Site Core Logs , Event Viewer

Whenever in our environment , the live website/websites goes down then the first
thing we do is extracting the IIS Logs , Site Core Logs and Event Viewer Logs in
order to find the root cause .

Then after extracting and analyzing all the logs , we respond accordingly because
there may be anything which would have caused the issue so the most important
thing for any troubleshooting is to study the Logs .

Through the upcoming slides , we can easily locate the IIS Logs , Site Core Logs
and Event Viewer Logs respectively .
 Application Pool

Application Pools are logical groupings of web applications that will execute
in a common process , thereby allowing greater granularity of which programs
are grouped together in a single process . For instance , if you wanted every
Web Application to execute in a separate process , you simply create an
Application Pool for each application . The Application Pool is the heart of a
website . Application Pools enable us to isolate our Web Application for better
security , reliability and availability . The worker process serves as the process
boundary that separates each Application Pool so that when a worker process
or application is having an issue or recycles , other applications or worker
processes are not affected .
 In Our Environment , we have individual application pools for each
website and moreover we have a common application pool as well for
all the websites which is named as IMPELLAM.WEB .
And we have also done the binding for all of our live websites under
same application pool which redirects every one of them from port 80 to
port 443 .
So whenever anyone uses http , it straight away redirects the user to https
which is a secured connection .

And moreover , if come across any application issue through Logs or

New Relic which indicates that we need to clear up the cache then we
can recycle the same application pool in order to resolve the issue and we
can reset IIS as well for the same purpose which can be counted as our
troubleshooting step as well .

Further we will tell you what is application pool recycling in the next
slide .
 What is Application Pool Recycling in IIS ?

Recycling means the worker process that handles requests for that
application pool is terminated and a new one started . This is generally
done to avoid unstable states that can lead to application crashes , hangs ,
or memory leaks .

By default IIS will use overlapped recycle method , which keeps the old
process up until the current requests are finished processing (or a set
timeout elapses) while the new process handles new requests . This
ensures service continuity so that you usually do not notice a recycle .