When your business is small and you have only one or two
servers on your network, managing them is relatively simple. Whether you have
domain controllers, file and print servers, DNS/WINS servers, remote access/VPN
servers, mail servers, Web servers or some or all of the above, your network
users depend on your servers. Thus, you should follow basic server security
practices from the beginning, regardless of your network’s size. That means:
the servers in a secure physical location (locked server room)
logon access to only those who need it (network administrators)
the server operating systems by disabling or removing unnecessary programs
and services and tweaking security settings.
Expanding your management options
As the organization grows, so will the number of servers you
have online. As organizations grow, they tend to scale out (horizontal scaling)
to a distributed server model, by implementing server clusters or server
“farms.” This can be a more cost effective solution to performance and
accessibility challenges than replacing existing small servers with more
powerful machines, but it also increases management overhead. It’s obviously
more time consuming to manage a hundred small servers than one mainframe.
However, it also offers advantages, such as the elimination of a single point
Another challenge is presented by the fact that you may have
a variety of different server hardware. Standards such as SMASH (Systems
Management Architecture for Server Hardware), created by the Distributed
Management Task Force, address this problem. SMASH makes it possible to manage
different server types with the same script, using the Command Line Protocol
Management of multiple servers is also made easier by tools
such as Microsoft’s Systems Management Server (SMS), HP’s Openview, IBM’s
Tivoli, CA’s Unicenter and Dell’s OpenManage. These software packages allow for
centralized monitoring and management of servers across the network.
As the number of servers on your network grows, they may
also become more spread out geographically — no longer are all of your server
machines locked up together in a single room. You can no longer just go to the
server room to perform management and maintenance tasks on all your servers.
You need a way to manage them remotely.
Remote management software
There are a number of different options for remote
management. Some of the administrative tools included with Windows server
operating systems allow you to connect to and manage remote machines (for
example, the Disk Management MMC, the Network Monitor and others). You can also
install the administration tools for Windows 2000 Server or Windows Server 2003
on a workstation or member server on the network that will allow you to manage
some of your servers’ services. Some tools, such as the Remote Administration
HTML tool, allow you to manage server services (in this case, IIS 6.0)
remotely through a Web browser interface.
For full remote control over your servers, Windows 2000
Server and Windows Server 2003 computers have terminal services built in, with
which administrators can connect to the server desktop and manage the server
over the LAN or Internet. This is implemented as the remote administration mode
of Windows Terminal Services in Windows 2000 Server and as Remote Desktop in
Windows Server 2003.
Third-party remote administration software is also
available. Radmin is a remote control
program for Windows that is optimized to work over low bandwidth connections,
such as with analog modems. TightVNC is
a free open source package that’s available for both Windows and UNIX.
Hardware-based remote management
Another remote management option is KVM over IP. You’re
probably familiar with the humble Keyboard-Video-Mouse switch that installs in
your server room and allows you to share the same input/output devices among
several different servers by pressing a button on the front of the device. They
save you money, since you don’t have to buy a monitor and input peripheral for
every server, and they save space in the often-cramped server room environment.
IP-enabled KVM switches give you even more flexibility.
They’re considerably more expensive, but they allow you to connect remotely to
all of the servers to which they’re connected, over any network that uses the
TCP/IP protocols. The KVM switch has an IP address on the network and you use
proprietary software or a Web browser to access it and control any of its
Emergency remote management
Another Microsoft means of remotely managing your servers
(under certain circumstances) is Emergency
Management Services (EMS). It’s new to Windows Server 2003, and as the name
implies, is designed not for routine management tasks but for emergency
situations, especially when you can’t reach the server through the regular
network connection because it’s gone down.
EMS uses out-of-band management (that is, it isn’t dependent
on the Windows networking components, which don’t load until Windows starts). You
do have to have hardware that supports out-of-band management, through a serial
port, USB or IEEE 1394 (Firewire) connection, and the server’s BIOS has to
support remote console redirection if you need to perform tasks prior to the
booting of the operating system (such as running the recovery console or
selecting the Last Known Good option).
Platform Management Interface (IPMI) is a remote monitoring and management
standard designed for situations in which normal remote management tools don’t
work, such as when the operating system hangs or won’t boot. Through the
command line or using scripts, you can recover from these types of situations
without having to physically visit the server site.
Server management becomes more and more of a challenge as
your organization grows, especially if you scale horizontally, adding more
small servers, rather than scaling up. However, there are a number of tools
that can help to make your life easier along the way. By utilizing them to full
advantage, you can make the transition, all the way from single server office
to full-blown data center, a lot smoother.