- Turn the tables on your organization with Adaxes 2018.1’s Web Interface and reporting capabilities - Thu, Sep 20 2018
- Review: Softerra Adaxes – Automating Active Directory management - Thu, Jun 4 2015
- Azure Multi-Factor Authentication – Part 8: Delegating Administration - Tue, Apr 28 2015
As I explained previously in the article titled Windows Server 2012 Server Core – Part 1: Benefits, the best use cases for Server Core are the typical “fire and forget” scenarios, ranging from DHCP Servers to Windows Server Update Servers and from Domain Controllers to Hyper-V hosts. In this article, I’ll provide an overview of the available Server Roles in Server Core installations of Windows Server 2012 and give you the reasons to choose Server Core over Server with a GUI.
Domain Controller
Active Directory Domain Services are the cornerstone to centralized identity and computer management for any organization that wants to seriously provide IT assets to its employees. Domain Controllers provide a distributed way for users to securely log on to domain-joined workstations that can be centrally managed through Group Policies. Server Core Domain Controllers offer these benefits over Server with a GUI installations:
- Higher availability of Active Directory Domain Services due to fewer updates
- Higher performance of Active Directory Domain Services due to more available RAM for caching the database per Domain Controller and more Domain Controllers per pool of memory in virtualized environments
- Faster Domain Controller Cloning due to smaller disk footprint
DNS Server
The Domain Naming System (DNS) offers name resolution between fully qualified domain names and IP addresses. In Microsoft oriented environments, most DNS servers are Windows Servers hosting Active Directory-integrated DNS zones on Domain Controllers. So, Server Core installations, functioning as DNS Servers, benefit from the higher availability and performance of Active Directory Domain Services. When a DNS Server starts an Active Directory-integrated zone, it will read its data from Active Directory, resulting in a significantly faster availability of DNS services on Server Core, compared to Server with a GUI installations.
DHCP Server
Servers hosting the Dynamic Host Configuration Protocol (DHCP) hand out IP addresses to hosts requesting them. Just like DNS servers, most DHCP servers in Microsoft-oriented environments run Windows Server. In other environments, DHCP is offered through active network components like switches and routers. Server Core installations of Windows Server 2012, acting as DHCP servers, come close in performance to these devices and offer comparable availability.
Certificate Server
Active Directory Certificate Services offer certificate enrollment, reenrollment, and revocation to secure user accounts, computers, and their data exchange. Just like Active Directory Domain Services, hosts running Certificate Services, called Certificate Servers, enable other functionality such as DirectAccess, BitLocker Network Unlock, and Active Directory Rights Management Services.
Server Core installations of Windows Server 2012 are the first Server Core installations that are capable of running Certificate Servers. Previously, this Server Role was unavailable in Server Core.
A Server Core Certificate Server benefits most from the typically smaller attack surface of Server Core. With a lot of the typically vulnerable functionality of Windows stripped, attackers have a hard time compromising your Certificate Servers.
File Server
File sharing has been built into each Windows Server. Server Core installations are no exception. Server Core File Servers are full-featured File Servers offering higher availability and higher file sharing performance. You might even consider not running anti-malware on the File Server itself (but only on the workstations, mail servers, and gateways), because the host itself is less vulnerable to worms.
Print Server
Print Servers allow for centralized printer management and spooling, offloading these tasks from workstations. Print Servers on Server Core installations offer higher performance than Server with a GUI installations on the same hardware, allowing for faster printing.
DirectAccess host
As perimeter devices evolve from mere routers to full-fledged VPN and remote access devices, the need for Server Core devices grows in this place. Using a minimal server for this Server Role is most opportunistic, and you can install Server Core on it to achieve the best performance per CPU cycle and the smallest attack surface exposed to the outside world.
When your networking equipment is unable to route IPv6 traffic, Server Core installations can also save your day and provide this functionality with their built-in Server Roles.
Hyper-V Host
The Hyper-V host scenario is one where Server Core really shines. As multiple Hyper-V guests rely on its Hyper-V host, you’ll want the most highly available and best performing platform as the Hyper-V host. Server Core is best suited for this role, but the dedicated and free Hyper-V Server 2012 from Microsoft is the most ideal platform. With it, you’ll be coming close to realizing the benefits of VMware’s ESXi.
Web Server
If your organization wants to deploy highly secure websites, Server Core should be on the top of your list. For hosting companies or organizations with a large Internet presence, Server Core installations offer the highest density web server capacity of all Windows Server installations.
FTP Server
While most companies have already transitioned to SharePoint to exchange data with partners, the File Transfer Protocol (FTP) to date is still a popular protocol to exchange data. Server Core installations can be used to connect secure, highly available, and best-performing FTP Servers to the Internet.
Windows Server Update Server (WSUS)
With the ability to run SQL Server 2012 on Server Core installations, other Server Roles that depend on databases have become available on Server Core installations of Windows Server 2012. One of the most helpful Roles from an infrastructure point of view that depend on databases is the Windows Server Update Server (WSUS). With Server Core, you can dedicate the least amount of resources to keep the workstations in your environment up to date.
Streaming Media Server
Streaming media is used by many organizations to share video on demand. Just like web servers and FTP Services, Server Core gives you the confidence to securely connect a Windows Server to the Internet to help you share data with partners and customers.
Concluding
Server Core installations of Windows Server 2012 offer twelve Server Roles to accommodate most of the infrastructure plumbing needs of your organization. Join me for the next articles in this series to see how to configure each of these roles.
A most useful series; but there's missing one more article…
FW ports for all this.
We're just implementing, and learning to live with Core, and while the ecosystem of admin tools such as Server Manager and Windows Admin Center is great and growing, finding what ports they all use is a night mare!
Right now I can add all my core server in Server Manager, but if I right click on one and chose "computer management" the management MMC opens but the connection fails because of "DCOM"
This and similar is really holding us back!