BACK

Information Assurance: Security, Fault Tolerance, Windows Clustering, Windows NLB, Backup and Recovery

 

Security:

Windows 2003 security features: http://www.activewin.com/reviews/software/operating-sys/win2003serv/security.shtml

A Technical Comparison of TTLS and PEAP: http://www.oreillynet.com/pub/a/wireless/2002/10/17/peap.html

According to the (default) password complexity policy, a valid password cannot contain any of the user's account name, and it must be at least six characters long. The password must also contain characters from three of the four categories: uppercase letters, lowercase letters, numbers, and non-alphanumeric characters.

Sites and links:

The Microsoft Baseline Security Analyzer (MBSA)

Certificates:

Fault Tolerance:

Fault Tolerance = FT

Automated System Recovery (ASR) is a part of Backup that you can use to recover a system that will not start. With ASR, you can create ASR sets on a regular basis as part of an overall plan for system recovery in case of system failure. You should use ASR as a last resort in system recovery, only after you have exhausted other options such as the startup options Safe Mode and Last Known Good Configuration.

ASR is a recovery option that has two parts: ASR backup and ASR restore. You can access the backup portion through the Automated System Recovery Preparation Wizard located in Backup. The Automated System Recovery Preparation Wizard creates an ASR set, which is a backup of the System State data, system services, and all disks associated with the operating system components. It also creates a floppy disk, which contains information about the backup, the disk configurations (including basic and dynamic volumes), and how to restore your system.

You can access the restore part of ASR by pressing F2 when prompted in the text mode portion of Setup. ASR reads the disk configurations from the floppy disk and restores all of the disk signatures, volumes and partitions on the disks that are required to start your computer (at a minimum). It will attempt to restore all of the disk configurations, but under some circumstances it might not be able to. ASR then installs a simple installation of Windows and automatically starts to restore from backup using the backup ASR set.

ASR Notes

 

Cluster / NLB stuff

Cluster / load balancing options:

Statefullness - Data or situation unique to the particular client / server session. Something about the session that necessitates that the client continue to communicate with the same server over time. Statefullness can be handled by client-side cookies, or unique statefull strings in URLs. Client state specific data can be stored in a central storage area outside of server host and shared by all the servers. Or, clients can be made to maintain a specific server for the length of the session. An IE to Exchange cluster OWA session is statefull - if the target Exchange server node goes down the client would reconnect to a different node and reopen windows and have to reset things like sort order, sizing, etc..An on-line banking session failing over from one node to anther wouldn't know what check detail you were looking at, for example. However, if the data was a static website were all server nodes had the exact same data, there is no state and thus failover is automatically transparent and stateless.

Cluster / NLB comparison:

CLUSTER NLB
2003 Enterprise or Data Center all 2003 versions
8 nodes max 32 nodes max
cluster aware applications any application
application and server failure aware server failure aware only

 

Windows Cluster Servers:

Requires shared storage:

Quarum: ???

Windows Server 2003 Clustering whitepaper
http://www.microsoft.com/windowsserver2003/techinfo/overview/bdmtdm/default.mspx

 

Windows Network Load Balancing - NLB :

Network Load Balancing (NLB) from 2003 TechCenter:

NLB Fundamentals - FAQ:
http://technet2.microsoft.com/WindowsServer/en/library/b098ca89-c162-4a60-bf47-eab85203d7f41033.mspx?mfr=true

 

Backup and Recovery:

Microsoft names for types of backups:

To reset the Directory Services password before you restart in DS restore mode:

System state data:

You can choose to do a System State backup, and this is very important if you want to be able to get a functional system in the event of a crash. This table shows which components that are backed up on a System State backup.

Component Included in System State Backup
Boot files and system files Yes
Registry Yes
COM+ Yes
System files under Windows File Protection Yes
Active Directory, directory service If it's a domain
SYSVOL directory If it's a domain controller
IIS Metadirectory If it's installed
Certificate Services database If it's a Certificate Services server
Cluster Service information If it's within a cluster

Nice backup EARL: http://www.ilopia.com/Articles/WindowsServer2003/Backup.aspx

BACK