Windows Server 2008 Foundation Network Guide
Updated: January 14, 2008
Applies To: Windows Server 2008
A foundation network is a collection of network hardware, devices, and software that provides the core services for your organization's information technology (IT) needs.
A Windows Server foundation network provides you with many benefits, including the following.
Core protocols for network connectivity between computers and other Transmission Control Protocol/Internet Protocol (TCP/IP) compatible devices. TCP/IP is a suite of standard protocols for connecting computers and building networks. TCP/IP is network protocol software provided with Microsoft® Windows® operating systems that implements and supports the TCP/IP protocol suite.
Automatic IP addressing with Dynamic Host Configuration Protocol (DHCP). Manual configuration of IP addresses on all computers on your network is time-consuming and less flexible than dynamically providing computers and other devices with IP address leases from a DHCP server.
Name resolution services, such as Domain Name System (DNS) and Windows Internet Name Service (WINS). DNS and WINS allow users, computers, applications, and services to find the IP addresses of computers and devices on the network using the network basic input/output system (NetBIOS) name or Fully Qualified Domain Name of the computer or device.
A forest, which is one or more Active Directory domains that share the same class and attribute definitions (schema), site and replication information (configuration), and forest-wide search capabilities (global catalog).
A forest root domain, which is the first domain created in a new forest. The Enterprise Admins and Schema Admins groups, which are forest-wide administrative groups, are located in the forest root domain. In addition, a forest root domain, as with other domains, is a collection of computer, user, and group objects that are defined by the administrator in Active Directory Domain Services (AD DS). These objects share a common directory database and security policies. They can also share security relationships with other domains if you add domains as your organization grows. The directory service also stores directory data and allows authorized computers, applications, and users to access the data.
A user and computer account database. The directory service provides a centralized user accounts database that allows you to create user and computer accounts for people and computers that are authorized to connect to your network and access network resources, such as applications, databases, shared files and folders, and printers.
A foundation network also allows you to scale your network as your organization grows and IT requirements change. For example, with a foundation network you can add domains, IP subnets, remote access services, wireless services, and other features and server roles provided by Windows Server® 2008 and Windows Vista®.
About this guide
This guide is designed for network and system administrators who are installing a new network or who want to create a domain-based network to replace a network that consists of workgroups. The deployment scenario provided in this guide is particularly useful if you foresee the need to add more services and features to your network in the future.
It is recommended that you review design and deployment guides for each of the technologies used in this deployment scenario to assist you in determining whether this guide provides the services and configuration that you need.
Network hardware requirements
To successfully deploy a foundation network, you must deploy network hardware, including the following:
Ethernet, Fast Ethernet, or Gigabyte Ethernet cabling
A hub, Layer 2 or 3 switch, router, or other device that performs the function of relaying network traffic between computers and devices.
Computers that meet the minimum hardware requirements for their respective client and server operating systems.
This guide depicts the use of four server computers. In some cases, such as on small networks, you can use fewer servers. For example, you can install DHCP and WINS on the same server rather than on separate servers.
What this guide does not provide
This guide does not provide instructions for deploying the following:
Network hardware, such as cabling, routers, switches, and hubs
Additional network resources, such as printers and file servers
Client computer deployment
Client computers running Windows Vista and Windows XP are configured by default to receive IP address leases from the DHCP server. Therefore, no additional DHCP or Internet Protocol version 4 (IPv4) configuration of client computers is required.
The following sections provide brief overviews of the required and optional technologies used to create a foundation network.
Active Directory Domain Services
A directory is a hierarchical structure that stores information about objects on the network. A directory service, such as AD DS, provides the methods for storing directory data and making this data available to network users and administrators. For example, AD DS stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables other authorized users on the same network to access this information.
DNS is a name resolution protocol for TCP/IP networks, such as the Internet or an organization network. A DNS server hosts the information that enables client computers to resolve easily recognized, alphanumeric DNS names to the IP addresses that computers use to communicate with each other.
DHCP is an IP standard for simplifying management of host IP configuration. The DHCP standard provides for the use of DHCP servers as a way to manage dynamic allocation of IP addresses and other related configuration details for DHCP-enabled clients on your network.
Every computer on a TCP/IP network must have an unique IP address. The IP address (together with its related subnet mask) identifies both the host computer and the subnet to which it is attached. When you move a computer to a different subnet, the IP address must be changed. DHCP allows you to dynamically assign an IP address to a client from a DHCP server IP address database on your local network.
For TCP/IP-based networks, DHCP reduces the complexity and amount of administrative work involved in reconfiguring computers.
While DNS is a required component of a foundation network, WINS is optional because, like DNS, it is a naming service. In some cases, you might not need both DNS and WINS, but older operating systems and applications might require WINS. For medium to small networks, WINS is extremely easy to install and manage, and it is not resource-intensive. If you are in doubt about whether you need WINS, you can test your network functionality without it and install it if needed.
WINS provides a distributed database for registering and querying dynamic mappings of NetBIOS names for computers and groups used on your network. WINS maps NetBIOS names to IP addresses and was designed to solve the problems arising from NetBIOS name resolution in routed environments. WINS is the best choice for NetBIOS name resolution in routed networks that use NetBIOS over TCP/IP.
NetBIOS names are used by earlier versions of Windows operating systems to identify and locate computers and other shared or grouped resources required to register or resolve names for use on the network.
NetBIOS names are a requirement for establishing networking services in earlier versions of Windows operating systems. Although the NetBIOS naming protocol can be used with network protocols other than TCP/IP (such as NetBEUI or IPX/SPX), WINS was designed specifically to support NetBIOS over TCP/IP (NetBT).
WINS simplifies the management of the NetBIOS namespace in TCP/IP-based networks.
Network Policy Server (NPS) allows you to centrally configure and manage network policies with the following three features: Remote Authentication Dial-In User Service (RADIUS) server, RADIUS proxy, and Network Access Protection (NAP) policy server.
NPS is an optional component of a foundation network, but you should install NPS if any of the following are true:
You are planning to expand your network to include any remote access servers that are compatible with the RADIUS protocol, such as a computer running Windows Server 2008 and Routing and Remote Access service.
You plan to deploy NAP.
You plan to deploy 802.1X wired or wireless access.
TCP/IP in Windows Server 2008 is the following:
Networking software based on industry-standard networking protocols.
A routable, enterprise networking protocol that supports the connection of your Windows-based computer to both local area network (LAN) and wide area network (WAN) environments.
Core technologies and utilities for connecting your Windows-based computer with dissimilar systems for the purpose of sharing information.
A foundation for gaining access to global Internet services, such as the World Wide Web and File Transfer Protocol (FTP) servers.
A robust, scalable, cross-platform, client/server framework.
TCP/IP provides basic TCP/IP utilities that enable Windows-based computers to connect and share information with other Microsoft and non-Microsoft systems, including:
Windows Server 2003 operating systems
Apple Macintosh systems
Open VMS systems
Network-ready printers, such as HP LaserJet series printers that use HP JetDirect cards