Windows Server 2012 Administration Overview

  • 9/15/2012
Contents

Networking Tools and Protocols

Windows Server 2012 has a suite of networking tools that includes Network Explorer, Network And Sharing Center, and Network Diagnostics. Figure 1-2 shows Network And Sharing Center.

Figure 1-2

Figure 1-2 Network And Sharing Center provides quick access to sharing, discovery, and networking options.

Understanding Networking Options

The sharing and discovery configuration in Network And Sharing Center controls basic network settings. When network discovery settings are turned on and a server is connected to a network, the server can see other network computers and devices and is visible on the network. When sharing settings are turned on or off, the various sharing options are allowed or restricted. As discussed in Chapter 12, “Data Sharing, Security, and Auditing,” sharing options include file sharing, public folder sharing, printer sharing, and password-protected sharing.

In Windows 8 and Windows Server 2012, networks are identified as one of the following network types:

  • Domain A network in which computers are connected to the corporate domain to which they are joined.
  • Work A private network in which computers are configured as members of a workgroup and are not connected directly to the public Internet.
  • Home A private network in which computers are configured as members of a homegroup and are not connected directly to the public Internet.
  • Public A public network in which computers are connected to a network in a public place, such as a coffee shop or an airport, rather than an internal network.

These network types are organized into three categories: home or work, domain, and public. Each network category has an associated network profile. Because a computer saves sharing and firewall settings separately for each network category, you can use different block and allow settings for each network category. When you connect to a network, you see a dialog box that allows you to specify the network category. If you select Private, and the computer determines that it is connected to the corporate domain to which it is joined, the network category is set as Domain Network.

Based on the network category, Windows Server configures settings that turn discovery on or off. The On (enabled) state means that the computer can discover other computers and devices on the network and that other computers on the network can discover the computer. The Off (disabled) state means that the computer cannot discover other computers and devices on the network and that other computers on the network cannot discover the computer.

Using either the Network window or Advanced Sharing Settings in Network And Sharing Center, you can enable discovery and file sharing. However, discovery and file sharing are blocked by default on a public network, which enhances security by preventing computers on the public network from discovering other computers and devices on that network. When discovery and file sharing are disabled, files and printers you have shared from a computer cannot be accessed from the network. Additionally, some programs might not be able to access the network.

Working with Networking Protocols

To allow a server to access a network, you must install TCP/IP networking and a network adapter. Windows Server uses TCP/IP as the default wide area network (WAN) protocol. Normally, networking is installed during installation of the operating system. You can also install TCP/IP networking through local area connection properties.

The TCP and IP protocols make it possible for computers to communicate across various networks and the Internet by using network adapters. Windows 7 and later releases of Windows have a dual IP-layer architecture in which both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) are implemented and share common transport and network layers. IPv4 has 32-bit addresses and is the primary version of IP used on most networks, including the Internet. IPv6, on the other hand, has 128-bit addresses and is the next-generation version of IP.

NOTE

DirectAccess clients only send IPv6 traffic across the DirectAccess connection to the DirectAccess server. Thanks to the NAT64/DNS64 support on a Windows Server 2012 DirectAccess server, DirectAccess clients can now initiate communications with IPv4-only hosts on the corporate intranet. NAT64/DNS64 work together to translate incoming connection traffic from an IPv6 node to IPv4 traffic. The NAT64 translates the incoming IPv6 traffic to IPv4 traffic and performs the reverse translation for response traffic. The DNS64 resolves the name of an IPv4-only host to a translated IPv6 address.

Real World

The TCP Chimney Offload feature was introduced with Windows Vista and Windows Server 2008. This feature enables the networking subsystem to offload the processing of a TCP/IP connection from the computer’s processors to its network adapter as long as the network adapter supports TCP/IP offload processing. Both TCP/IPv4 connections and TCP/IPv6 connections can be offloaded. For Windows 7 and later releases of Windows, TCP connections are offloaded by default on 10 gigabits per second (Gbps) network adapters, but they are not offloaded by default on 1-Gbps network adapters. To offload TCP connections on a 1 or 10 Gbps network adapter, you must enable TCP offloading by entering the following command at an elevated, administrator command prompt: netsh int tcp set global chimney=enabled. You can check the status of TCP offloading by entering netsh int tcp show global. Although TCP offloading works with Windows Firewall, TCP offloading won’t be used with IPsec, Windows virtualization (Hyper-V), network load balancing, or the Network Address Translation (NAT) service. To determine whether TCP offloading is working, enter netstat-t and check the offload state. The offload state is listed as offloaded or inhost.

Windows also uses receive-side scaling (RSS) and network direct memory access (NetDMA). You can enable or disable RSS by entering netsh int tcp set global rss=enabled or netsh int tcp set global rss=disabled, respectively. To check the status of RSS, enter netsh int tcp show global. You can enable or disable NetDMA by setting a DWord value under the EnableTCPA registry entry to 1 or 0, respectively. This registry entry is found under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.

IPv4’s 32-bit addresses are commonly expressed as four separate decimal values, such as 127.0.0.1 or 192.168.10.52. The four decimal values are referred to as octets because each represents 8 bits of the 32-bit number. With standard unicast IPv4 addresses, a variable part of the IP address represents the network ID and a variable part of the IP address represents the host ID. A host’s IPv4 address and the internal machine (MAC) address used by the host’s network adapter have no correlation.

IPv6’s 128-bit addresses are divided into eight 16-bit blocks delimited by colons. Each 16-bit block is expressed in hexadecimal form, such as FEC0:0:0:02BC:FF:BECB:FE4F:961D. With standard unicast IPv6 addresses, the first 64 bits represent the network ID and the last 64 bits represent the network interface. Because many IPv6 address blocks are set to 0, a contiguous set of 0 blocks can be expressed as “::”, a notation referred to as double-colon notation. Using double-colon notation, the two 0 blocks in the previous address can be compressed as FEC0::02BC:FF:BECB:FE4F:961D. Three or more 0 blocks would be compressed in the same way. For example, FFE8:0:0:0:0:0:0:1 becomes FFE8::1.

When networking hardware is detected during installation of the operating system, both IPv4 and IPv6 are enabled by default; you don’t need to install a separate component to enable support for IPv6. The modified IP architecture in Windows 7 and later releases of Windows is referred to as the Next Generation TCP/IP stack, and it includes many enhancements that improve the way IPv4 and IPv6 are used.

Save to your account

This chapter is from the book