Monthly Archives: December 2013

Step-by-Step Network Load Balancing in Windows Server 2012

Network Load Balancing is implemented in a special driver installed on each Windows host in a cluster. The cluster presents a single IP address to clients. When client requests arrive, they go to all hosts in the cluster, and an algorithm implemented in the driver maps each request to a particular host. The other hosts in the cluster drop the request. We can set load partitioning to distribute specified percentages of client connections to particular hosts. We also have the option of routing all requests from a particular client to the host that handled that client’s first request. Hosts in the cluster exchange heartbeat messages so they can maintain consistent information about what hosts are members of the cluster. If a host fails, client requests are rebalanced across the remaining hosts, with each remaining host handling a percentage of requests proportional to the percentage we specified in the initial configuration. Network Load Balancing relies on the fact that incoming packets are directed to all cluster hosts and passed to the Network Load Balancing driver for filtering. We can configure a Network Load Balancing cluster in (multicast or unicast) given mode is recommended which is Multicast

Network Load Balancing

For best practices your systems should be  in domain, Steps for adding you systems in domain is given here.

Adding Systems in domain

  • In the bottom right hand corner click on network icon and open network and sharing center

Dashboard

  • Right click on Ethernet and select properties

Network setting

  • Highlight Internet Protocol Version(TCP/IPv4) and click properties

Screenshot (18)

  • Change the preferred DNS IP with your e.g. 192.168.1.112 click ok

Screenshot (20)

  • Click on WORKGROUP

Screenshot (21)

  • Click on change to add you system from workgroup to domain

Screenshot (22)

  • Select domain and enter the domain name

Screenshot (23)

  • Example we have entered trendz.com click OK

Screenshot (24)

  • Enter the admin username and password of domain controller to add system in domain

Screenshot (25)

  • Success will prompt with welcome message in pop-up

Screenshot (26)

  • to apply proper settings it will ask for restart your system

Screenshot (27)

 

Network Load Balancing

Screenshot (35)

  • Select Add roles and Features select next

Screenshot (36)

  • Select role based or feature-based installation click next

Screenshot (37)

  • Select server from server pool and click next

Screenshot (38)

  • Select Add IIS role and NLB feature from the list click next

Screenshot (39)

 

Screenshot (41)

 

Screenshot (42)

  • Select the service for IIS role which you want to install

Screenshot (43)

  • Summery list of roles and features which is going to install.

Screenshot (44)

 

Screenshot (45)

  • Check the IIS is running properly

Screenshot (46)

  • Find the NLB in administrative tool or control panel if the icon is not on the dashboard and open

Screenshot (47)

  • NLB Manager will open as shown below

Screenshot (48)

  • Right click on the NBL select new cluster

Screenshot (49)

  • Add the host IP

Screenshot (50)

  • Set Host Priority

Screenshot (51)

  • Select to add the Cluster IP Addresses

Screenshot (52)

 

Screenshot (53)

  • Setting Cluster IP and Subnet mask

Screenshot (54)

 

Screenshot (55)

  • Set Full internet name of NLB cluster and set it to multicast mode

Screenshot (56)

 

Screenshot (57)

  • Host Added successfully in the cluster

Screenshot (58)

  • Do the same process to install NLB feature for another Host (like 192.168.1.12 )and  Add host in same cluster according to the steps given below.

Screenshot (47)

  • Connect to existing cluster

Screenshot (48)

 

Screenshot (49)

  • Add new host in existing cluster

Screenshot (50)

 

Screenshot (51)

 

Screenshot (52)

  • Set host priority

Screenshot (53)

 

Screenshot (54)

  • Added both host in same NLB cluster and green color is showing good health of cluster

Screenshot (55)

Test your NLB

  • Login to domain Controller

Screenshot (1)

  • Add A record in your domain for newly added cluster IP

Screenshot (2)

Screenshot (3)

  • here we are adding “demo” (FQDN: demo.trendz.com) for 192.168.1.13

Screenshot (4)

Screenshot (5)

  • Check Host 1 Web server is functioning

Screenshot (6)

  • Check Host 2 Web server is functioning

Screenshot (7)

  • Check NLB Cluster  IP is functioning as a Web server

Screenshot (8)

  • Check FQDN is resolving NLB cluster Web server IP

Screenshot (9)

Congratulation !!! your NLB is functioning properly.

 

Step-by-Step Guide for Setting Up A Windows Server 2012 Domain Controller

Open server manager and select Dashboard

  • Select Add roles and features

Screenshot (16)

  •  Go through the instructions and if you don’t want to see it in future check the box below and click next

Screenshot (17)

  • Select the installation type as Role-base or Feature based installation

Screenshot (18)

  • Select a server from the server pool and click next

Screenshot (19)

  • Select the Active Directory Domain Services role from the list of options and click next

Screenshot (31) 

  • Select Click Add Features

next 

  • On the “Select Features” Page, Group Policy Management feature automatically installed during the promotion. Click next.

Screenshot (32) 

  • Understand Things to be note for ADDS and click next

Screenshot (33)

  • Click on install button

Screenshot (34)

 

Screenshot (35)

 

Screenshot (36)

  • Click on Close button after completion of installation process

Screenshot (37)

  • Click on more on Highlighted area(In Windows Server 2012, dcpromo has been deprecated.)

Screenshot (38)

  • After “Active Directory Domain Services” role binaries have been installed and now it is time to promote the server to a Domain Controller.

Screenshot (39)

  • PROMOTING WINDOWS 2012 SERVER TO DOMAIN CONTROLLER

Screenshot (40)

  • Type the name like – contoso.com

Screenshot (41)

  • Specify the FFL, DFL, whether or not it should be a DNS Server and also the DSRM administrator strong password. As you can see, it has selected the GC option by default and you cannot deselect it.

Screenshot (42)

 

Screenshot (43)

  • DNS delegation warning ( click on Show more to see details )

Screenshot (44)

  • Checks the NetBIOS name already assigned

Screenshot (45)

  • Specify the location of the AD related folders and then click next

Screenshot (46)

  • Summary details  Of All Installation Options/Selections, you may also click on “view script” for single command  line PowerShell script for dcpromo

Screenshot (47)

  • Before the actual install of ADDC Services, all prerequisites are checked for details click on Show more. If All prerequisite checks are passed successfully then click Install.

Screenshot (48)

  • As  you click Install, DNS and the GPMC are installed automatically

Screenshot (49)

  • After the promotion of the server to a DC finished server restart automatically.Once the server is booted and you logon to it, click on  Server Manager | Tools , you will notice that following have been installed :

new ADDS 

In any case if you want to change you Domain Controller IP Address follow the steps :

  • you may change your domain controller  IP  using network and sharing centre

Screenshot (50)

  • Select change adapter settings 

Screenshot (51)

  • Select properties of Ethernet

Screenshot (52)

  • Highlight Internet Protocol Version(TCP/IPv4) and click properties

Screenshot (53) 

  • Change the details but confirm that preferred DNS should be point local system IP address or 127.0.0.1 

Screenshot (54)

  • Now ,you may explore the Active Directory Service

Screenshot (55)

Screenshot (56)

Run Apps for Office in offline mode

We can publish Apps for Office on Localhost to run locally on my system

Open Visual Studio 2012 (Run as Administrator)

app1

 

Publish Web module of the apps for office application on localhost (or at desired location)

app2

 

app3

Edit Manifest of App for Office

  1. Change the Icon URL with the Icon image at hosted site location.
  2. Change the Source Location with hosted site location.

app4 app4

Build and Deploy the Manifest module

app5

Copy the Manifest Xml from project to Share folder of your system

app6

 

app7

Add the shared folder URL in Trust Center catalog table of Microsoft Office

app8

Insert App from Apps for Office (in Shared Folder tab)

app9

Use the Apps for Office in offline mode

app10

Update huge database using TDE encryption security

Architecture of database distribution in zone

zone

 

Bulk data will be broken into parts on the basis of zone and will be distributed. To secure the database or backup some techniques will be used:

zone1

Several precautions could be taken to secure the database such as designing a secure system, encrypting confidential assets, and building a firewall around the database servers. However, in a scenario where the physical media (such as drives or backup tapes) are stolen, a malicious party can just restore or attach the database and browse the data. One solution could be to encrypt the sensitive data in the database and protect the keys that will be used to encrypt the data with a certificate. This will prevent anyone without the keys from using the data, but this kind of protection must be planned in advance.

Transparent data encryption (TDE) will perform real-time I/O encryption and decryption of the data and log files. The encryption will use a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK will be a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE will protect data “at rest”, meaning the data and log files. It will provide the ability to comply with many laws, regulations, and guidelines established in various industries. This will enable software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.

When enabling TDE, you will have to immediately back up the certificate and the private key associated with the certificate. If the certificate will ever become unavailable or if you will restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database. The encrypting certificate or asymmetric should be retained even if TDE will be no longer enabled on the database. Even though the database is not encrypted, the database encryption key may be retained in the database and may need to be accessed for some operations. A certificate that has exceeded its expiration date could be used to encrypt and decrypt data with TDE.

Encryption of the database file will be performed at the page level. The pages in an encrypted database will be encrypted before they will be written to disk and decrypted when read into memory. TDE will not increase the size of the encrypted database

 

The following illustration shows the architecture of TDE encryption:

zone2

To use TDE, these steps will be followed:

  • Create a master key
  • Create or obtain a certificate protected by the master key
  • Create a database encryption key and protect it by the certificate
  • Set the database to use encryption

 

The following example illustrates encrypting and decrypting the TestDB database using a certificate

TDE ENCRYPTION

USE master;

GO

CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘pass@word1′;

go

CREATE CERTIFICATE MyServerCert WITH SUBJECT = ‘My DEK Certificate’;

go

USE TestDB;

GO

CREATE DATABASE ENCRYPTION KEY

WITH ALGORITHM = AES_128

ENCRYPTION BY SERVER CERTIFICATE MyServerCert;

GO

ALTER DATABASE TestDB

SET ENCRYPTION ON;

GO

Take back of Database

USE master;

GO

BACKUP DATABASE TestDB TO DISK = ‘c:\SQLServerBackups\TestDB.Bak’

WITH FORMAT,

MEDIANAME = ‘c_SQLServerBackups’,

NAME = ‘Full Backup of TestDB’;

GO

Exporting a certificate and a private key

In the following example, the private key of the certificate that is backed up will be encrypted with the password pass@word1.

BACKUP CERTIFICATE MyServerCert

TO FILE = ‘C:\Users\Administrator\Documents\SQLCERT\CERT\newCert.bak’

WITH PRIVATE KEY (FILE = ‘C:\Users\Administrator\Documents\SQLCERT\KEY\newKey.bak’,

ENCRYPTION BY PASSWORD = ‘pass@word1’);

GO

———————OR————————

Exporting a certificate that has an encrypted private key

In the following example, the private key of the certificate is encrypted in the database. The private key will be decrypted with the password 9875t6#6rfid7vble7r. When the certificate is stored to the backup file, the private key will be encrypted with the password 9n34khUbhk$w4ecJH5gh.

BACKUP CERTIFICATE sales09 TO FILE = ‘C:\Users\Administrator\Documents\SQLCERT\CERT\newCert.bak’

WITH PRIVATE KEY (DECRYPTION BY PASSWORD = ’9875t6#6rfid7vble7r’,

FILE = ‘C:\Users\Administrator\Documents\SQLCERT\KEY\newKey.bak’,

ENCRYPTION BY PASSWORD = ’9n34khUbhk$w4ecJH5gh’);

GO

TDE DECRYPTION

USE master;

GO

CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘pass@word1′;

GO

– Recreate the server certificate by using the original server certificate backup file.

– The password must be the same as the password that was used when the backup was created.

 

CREATE CERTIFICATE MyServerCert

FROM FILE = ‘C:\Users\Administrator\Documents\SQLCERT\CERT\newCert.bak’

WITH PRIVATE KEY

(

FILE = ‘C:\Users\Administrator\Documents\SQLCERT\KEY\newKey.bak’,

DECRYPTION BY PASSWORD = ‘pass@word1′

);

GO

RESTORE DATABASE TestDB FROM disk = ‘c:\TestDB.bak’

WITH FILE=1,

MOVE ‘TestDb’ TO ‘C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\TestDB.mdf’,

MOVE ‘TestDb_log’  TO ‘C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\TestDB_log.ldf’

GO

 

In case of Master key reset

Use

ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = ‘dsjdkflJ435907NnmM#sX003′;

The encryption and decryption operations are scheduled on background threads by SQL Server. You can view the status of these operations using the catalog views and dynamic management views in the list that appears later in this topic.

Caution

Backup files of databases that have TDE enabled will be encrypted by using the database encryption key. As a result, when you will restore these backups, the certificate protecting the database encryption key will be available. This will mean that in addition to backing up the database, you will have to make sure that you maintain backups of the server certificates to prevent data loss. Data loss will result if the certificate is no longer available.

Important

When password-protected certificates will be altered, TDE will cause the database to become inaccessible after a restart

Reference site