核心網路小幫手指南Core Network Companion Guides

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

在 Windows Server 2016核心網路指南上部署新的 Active Directory 的方式指示®的新根網域和支援網路基礎結構,小幫手指南樹系為您提供的功能來將功能新增至您的網路。While the Windows Server 2016 Core Network Guide provides instructions on how to deploy a new Active Directory® forest with a new root domain and the supporting networking infrastructure, Companion Guides provide you with the ability to add features to your network.

每個小幫手指南可讓您以完成部署核心網路後的特定的目標。Each companion guide allows you to accomplish a specific goal after you have deployed your core network. 有時候,有多個小幫手引導,當部署,以正確的順序,讓您完成複雜的目標測量、效益合理的方式。In some cases, there are multiple companion guides that, when deployed together and in the correct order, allow you to accomplish very complex goals in a measured, cost-effective, reasonable manner.

如果您之前遇到核心網路指南部署 Active Directory domain 和 core 網路,您可以使用小幫手指南將功能新增至您的網路。If you deployed your Active Directory domain and core network before encountering the Core Network Guide, you can still use the Companion Guides to add features to your network. 只要使用核心網路節目表清單的必要條件,以和知道您的部署小幫手指南使用的其他功能,您的網路必須符合所提供的節目表核心網路的必要條件。Simply use the Core Network Guide as a list of prerequisites, and know that to deploy additional features with the Companion Guides, your network must meet the prerequisites that are provided by the Core Network Guide.

核心網路小幫手指南:部署 802.1 X 有線與 Wireless 部署伺服器的憑證Core Network Companion Guide: Deploy Server Certificates for 802.1X Wired and Wireless Deployments

這個小幫手指南如何建置核心網路部署電腦正在執行的網路原則伺服器 (NPS)、(RAS) 遠端存取服務,或兩者伺服器的憑證。This companion guide explains how to build upon the core network by deploying server certificates for computers that are running Network Policy Server (NPS), Remote Access Service (RAS), or both.

部署憑證式的驗證方法受保護的 EAP (PEAP) 延伸驗證通訊協定 (EAP) 與網路存取驗證時,所需伺服器的憑證。Server certificates are required when you deploy certificate-based authentication methods with Extensible Authentication Protocol (EAP) and Protected EAP (PEAP) for network access authentication. 部署伺服器的憑證的 Active Directory 憑證服務 EAP 和 PEAP 憑證為基礎的驗證方法 (AD CS) 提供下列優點:Deploying server certificates with Active Directory Certificate Services (AD CS) for EAP and PEAP certificate-based authentication methods provides the following benefits:

  • 繫結私密金鑰 NPS 或 RAS 伺服器的身分Binding the identity of the NPS or RAS server to a private key
  • 自動註冊網域成員 NPS 及遠端存取伺服器的憑證成本效益且安全的方法A cost-efficient and secure method for automatically enrolling certificates to domain member NPS and RAS servers
  • 管理憑證和憑證授權單位有效的方法An efficient method for managing certificates and certification authorities
  • 所提供的認證驗證安全性Security provided by certificate-based authentication
  • 展開憑證用於其他用途的能力The ability to expand the use of certificates for additional purposes

如需部署伺服器的憑證的方式指示,請查看適用於 802.1 X 的有線和無線部署部署伺服器憑證For instructions on how to deploy server certificates, see Deploy Server Certificates for 802.1X Wired and Wireless Deployments.

核心網路小幫手指南:部署密碼為基礎的 802.1 X 驗證 Wireless 存取Core Network Companion Guide: Deploy Password-Based 802.1X Authenticated Wireless Access

這個小幫手指南如何建置提供有關如何將協會和電子工程師 (IEEE) 802.1X\ 部署核心網路-驗證 IEEE 802.11 wireless 存取使用保護延伸驗證 Protocol\ – Microsoft 挑戰交換驗證通訊協定第 2 \ (PEAP-MS-CHAP v2)。This companion guide explains how to build upon the core network by providing instructions about how to deploy Institute of Electrical and Electronics Engineers (IEEE) 802.1X-authenticated IEEE 802.11 wireless access using Protected Extensible Authentication Protocol\–Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2).

驗證方法 PEAP-MS-CHAP v2 需要的驗證執行伺服器的憑證,以證明 NPS 伺服器身分 client 的網路原則伺服器 (NPS) 出現 wireless 戶端伺服器,但是驗證使用者無法使用憑證來執行-反而使用者提供網域使用者名稱和密碼。The authentication method PEAP-MS-CHAP v2 requires that authenticating servers running Network Policy Server (NPS) present wireless clients with a server certificate to prove the NPS server identity to the client, however user authentication is not performed by using a certificate - instead, users provide their domain user name and password.

PEAP-MS-CHAP v2 需要使用者驗證程序期間密碼認證,而非憑證提供,因為它是通常會更簡單且更比 EAP\ TLS 或 PEAP\ TLS 部署。Because PEAP-MS-CHAP v2 requires that users provide password-based credentials rather than a certificate during the authentication process, it is typically easier and less expensive to deploy than EAP-TLS or PEAP-TLS.

本指南使用的 PEAP-MS-CHAP v2 驗證方法部署 wireless 存取之前,您必須執行下列動作:Before you use this guide to deploy wireless access with the PEAP-MS-CHAP v2 authentication method, you must do the following:

  1. 依照指示核心網路節目表中的部署核心網路基礎結構,或是已經有技術顯示在網路上部署該指南。Follow the instructions in the Core Network Guide to deploy your core network infrastructure, or already have the technologies presented in that guide deployed on your network.
  2. 請依照核心網路小幫手指南部署伺服器的憑證 802.1 X 的有線和無線部署,或已經有技術顯示在網路上部署該指南。Follow the instructions in the Core Network Companion Guide Deploy Server Certificates for 802.1X Wired and Wireless Deployments, or already have the technologies presented in that guide deployed on your network.

如需如何部署 PEAP-MS-CHAP v2 wireless 存取指示,請查看架構部署密碼 802.1 X 驗證 Wireless 存取For instructions on how to deploy wireless access with PEAP-MS-CHAP v2, see Deploy Password-Based 802.1X Authenticated Wireless Access.

核心網路小幫手指南:部署 BranchCache 裝載快取模式Core Network Companion Guide: Deploy BranchCache Hosted Cache Mode

這個小幫手指南如何部署 BranchCache 一或多個分公司裝載快取模式。This companion guide explains how to deploy BranchCache in Hosted Cache Mode in one or more branch offices.

BranchCache 是隨附於某些版本的 Windows Server 2016 和 Windows 10 作業系統,以及在舊版 Windows 和 Windows Server 的寬形區域網路 (WAN) 頻寬最佳化技術。BranchCache is a wide area network (WAN) bandwidth optimization technology that is included in some editions of the Windows Server 2016 and Windows 10 operating systems, as well as in earlier versions of Windows and Windows Server.

當您在裝載快取模式部署 BranchCache 時,裝載內容快取分公司在上一個或更多伺服器電腦,稱為「裝載快取的伺服器。When you deploy BranchCache in hosted cache mode, the content cache at a branch office is hosted on one or more server computers, which are called hosted cache servers. 工作負載除了裝載快取,可讓您使用多個用途分公司伺服器執行裝載快取的伺服器。Hosted cache servers can run workloads in addition to hosting the cache, which allows you to use the server for multiple purposes in the branch office.

BranchCache 裝載快取模式增加效率快取因為 content 使用即使離線 client 原始要求而且快取的資料。BranchCache hosted cache mode increases the cache efficiency because content is available even if the client that originally requested and cached the data is offline. 因為都可使用裝載快取伺服器,更多 content 快取,可提供更大節省 WAN 的頻寬,並改進 BranchCache 效率。Because the hosted cache server is always available, more content is cached, providing greater WAN bandwidth savings, and BranchCache efficiency is improved.

當您部署裝載快取模式時,分公司多子網路中的所有戶端可以都存取儲存在裝載快取伺服器上,即使戶端不同子網路上的單一快取。When you deploy hosted cache mode, all clients in a multiple-subnet branch office can access a single cache, which is stored on the hosted cache server, even if the clients are on different subnets.

如何部署 BranchCache 裝載快取模式中的指示,請查看部署 BranchCache 裝載快取模式For instructions on how to deploy BranchCache in Hosted Cache Mode, see Deploy BranchCache Hosted Cache Mode.