Server Administration
About the Picture
About the Picture
This picture is one of the multiple server clusters I have managed and maintained for the State of Oklahoma. This cluster is a collection of Sun Solaris, Windows 2003, Windows 2008R2 servers for running the State of Oklahoma's carrier class microwave system. Additional servers (not in picture) for the 3CX SIP PBX have been installed and setup recently by me in coordination with Ralph the Tower Communications Manager for OMES Wireless as we have worked together to provide Radio over IP functionality to the State of Oklahoma.
I also work with Windows 2012, Red Hat and Centos 7 servers in my duties with Intelligent Transportation Systems.
Windows Server Best Practices
Windows Server Best Practices
- Determine Server Role https://technet.microsoft.com/en-us/library/hh831669(v=ws.11).aspx
- Name your server's hostname with a self-explanatory name indicating its role.
- Use a naming convention.
- Statically assign IP Addresses or exclude in DHCP.
- Ensure that time settings are correct and that the server points to a qualified NTP server.
- Ensure that both remote desktop services and a VNC client are operating for remote access.
- Set security and firewall to highest protection possible and work backwards to admit accounts and change permissions.
- Use IP address whitelisting for access.
- Use strong passwords and require expiration.
- Set automatic updates to enabled but point to one centralized update server to issue the updates to the rest of the domain/branch.
- Document the server configuration and setup.
- Set server for periodic backups.
- Minimize 3rd party software installed on server. Only install tools that may be required to maintain the servers function.
- Run services with the least privilege.
DNS
DNS
- Primary DNS should be a windows server, a redundant DNS should be on a router in case server should fail.
- Do not use public DNS servers on Windows workstations and should never be primary or secondary on server. Only use in the forwarding zone.
- Follow additional tips from Microsoft https://technet.microsoft.com/en-us/library/cc959288.aspx
- Additional tips http://techgenix.com/active-directory-insights-part1/
- Additional forwarding tips https://www.petri.com/best-practices-for-dns-forwarding
DHCP
DHCP
- Follow Microsoft best practices for DHCP https://technet.microsoft.com/en-us/library/cc958920.aspx
- On DHCP http://techgenix.com/windows-server-2012-dhcp-part1/
- Configure longer leases that cover possible down times. If you know power outages are common at a site and can last a long time you may want to consider this, or if the site is a remote site.
Active Directory & Domain Controller
Active Directory & Domain Controller
- Best practice for Active Directory design https://msdn.microsoft.com/en-us/library/bb727085.aspx
- Best practices for Virtualized AD controllers http://www.serverwatch.com/server-tutorials/virtualizing-active-directory-domain-controllers-general-best-practices.html
- Always have a minimum of two domain controllers. More for larger organizations with no single server using more than 66% of its capacity ideally and never more than 75%.
- Updated documentation and diagrams of Domain Controllers, Flexible Single Master Operator (FSMO) and Global Catalog (GC) Servers.
- If high login times are encountered utilize Branch Cache features.
- Understand group policy well and the tools to edit it before adding new policies or removing default policies.
File Serving
File Serving
- File sharing in an Enterprise https://technet.microsoft.com/en-us/library/dd347022.aspx
- File sharing in a workgroup https://technet.microsoft.com/en-us/library/dd345812.aspx
- Understanding Permissions https://technet.microsoft.com/en-us/library/cc783530(v=ws.10).aspx
- Develop a standard for permissions.
- Keep permissions as simple as possible.
- Use user security groups.
- Define permissions based on job role.
- Keep root level folder creation within the administrator realm.
- File and folder permission https://technet.microsoft.com/en-us/library/cc754344(v=ws.11).aspx
- File and folder permissions for developers https://msdn.microsoft.com/en-us/library/bb727008.aspx
- Viewing permissions http://www.thewindowsclub.com/effective-permissions-tool-windows
- Windows 10 Access Controls https://www.youtube.com/watch?v=FFZsXI9sq34
Windows Server Update Services (WSUS)
Windows Server Update Services (WSUS)
- Test patches in a test environment before applying to production environment. With Windows 10 this may be a chore with setting up master update servers for different server role types.
- Determine WSUS capacity requirements.
- Windows as as service in the Enterprise https://technet.microsoft.com/en-us/itpro/windows/manage/waas-update-windows-10
- Article on just allowing Windows to update http://www.windowscentral.com/bad-it-admins-reveal-windows-10-downloads-your-pc
Hyper-V
Hyper-V
Application Services
Application Services
Network Services (VPN/RADIUS/Dial-Up)
Network Services (VPN/RADIUS/Dial-Up)
Virtual Machine Servers (PROXMOX)
Virtual Machine Servers (PROXMOX)
SQL Server
SQL Server
Other
Other
Troubleshooting
Troubleshooting
SQL Server
SQL Server
- http://www.databasejournal.com/features/mssql/article.php/3899851/Nine-Steps-to-Troubleshooting-SQL-Server-problems.htm
- https://www.mssqltips.com/sqlservertip/4111/first-steps-for-sql-server-performance-troubleshooting/
- http://sqlmag.com/database-performance-tuning/troubleshooting-common-sql-server-problems
- http://www.sqlshack.com/dba-guide-sql-server-performance-troubleshooting-part-1-problems-performance-metrics/
- http://www.techrepublic.com/resource-library/downloads/10-common-sql-server-problems-and-solutions/