If your Terminal Server environment will consist of more than a few servers, you'll probably want to consider some method of automating their deployment to avoid having to manually install and configure each one.
There are two different methods that you can use to deploy Terminal Servers:
- Server drive imaging.
- Unattended or scripted installations.
Server Drive Imaging
As the name implies, server imaging involves creating a server image (or "clone") that will be used as the base image for target servers, then copying that image to other servers. To do this, you must use third party drive imaging software such as Norton Ghost (www.symantec.com) or StorageSoft ImageCast (www.storagesoft.com).
You can also create hardware-based images. Drive images can be created with an imaging machine that copies a source hard disk to one or more target disks. Alternately, you can configure your source server with two hard drives configured for RAID 1 and then break the mirror and use one of the drives in your target server.
Server imaging works well if all of your servers are going to be identical—both in terms or hardware and software. In order to use imaging to deploy your Terminal Servers, create a source server with a generic configuration. After that server's image has been deployed to your target servers, perform some minor configuration tasks on them to ready them for production use. (These minor tasks include changing the server name and IP address.)
Even though imaging requires that you spend some time configuring the clone and then finalizing each server that has been imaged, you can usually save quite a bit of time overall, even with only a handful of servers. The more servers that you have to deploy, the more time you can save.
Advantages of Server Imaging
- No need to install the base operating system on target servers before you image them.
- Applications can be imaged in addition to the operating system.
Disadvantages of Server Imaging
- Target servers must be "cleaned up" after they are imaged.
- All server hardware must be more or less identical.
- You must take the time to create a source server that is good enough to image.
Imaging a Terminal Server involves three steps:
- Create the source server that will be imaged.
- Create the image and deploy it to your target servers.
- Finalize the target servers by making any post-image modifications.
Step 1. Preparing the Source Server
The source server should be your own version of "gold code." This server should be created from your lessons learned during the pilot and user acceptance testing phases (fully outlined in Chapter 15). A base install of the server may suffice, but if you've modified the server configurations during one of these phases, your changes should also be incorporated into the source server to limit the amount of post-configuration modifications that will need to be done. Items that may be included in your source server are:
- Registry tuning or configuration modifications
- Windows and service configurations
- Custom logoff or logon scripts
- Installed applications or monitoring software
- A modified default profile or mandatory profile
Once all of the required changes have been made, you're ready to prepare the server for imaging following these steps:
- Install the base operating system but do not add the server to a domain.
- Install any hotfixes or service packs required.
- Make any service or server configuration changes.
- Add any registry modifications required.
- Install all of your required applications.
- If you have teamed the network cards, un-team them.
- If you have configured this server in a load balanced cluster, remove it from the cluster.
With these steps complete, your server should look like a production server short of being a member of the domain. You now must decide whether you will use a Microsoft tool or a third party tool for changing the computer's SID. (Remember from your old NT training classes that a SID, or Windows Security Identifier, is a unique identifier for a Windows computer. No two computers should have the same SID, so if you're imaging your servers, you'll need a way to change the SID after you image your server.)
Microsoft supplies a tool with the Windows resource kit called Sysprep. This utility allows you to strip the machine-specific configuration from the machine prior to imaging. When the target servers are booted after the imaging process, they begin the GUI portion of the Windows setup routine. This will requires you to enter any machine-specific information in the setup screen just as if it was a newly installed system. Since the server is imaged, all of your configurations, changes and applications are already installed.
If you do not wish to use Sysprep, there are several third party tools on the market that can be found as freeware or with the imaging product you have purchased. NewSid.exe from www.sysinternals.com can be run after the new target server is up and allows you to rename the server from a command line. Another classic SID changer is Ghost Walker from Symantec, which is included with almost every version of Ghost. Having decided on how the SID will be changed, you can then move on to deploying the image.
Step 2. Copy and Deploy the Image
Once you've prepared your server, perform the imaging process and deploy the image to your new target server or servers.
Step 3. Clean up the Newly-Imaged Target Server
The following steps will need to be performed on each newly-cloned Terminal Server before it can be used:
- If you did not use Sysprep to prep the image, ensure that the server is off the network prior to turning it on.
- Give the server a new SID since it has the same one as the source server. Technically, when you add the server to the domain, it will receive a new domain SID, but you should also use a tool to create a new local SID for the server. If you used Sysprep to prepare the image, a new local SID is created the first time the server is booted.
- Configure the server with its permanent IP address.
- Configure the server with its new computer name.
- Turn off the server.
- Plug in the network cable.
- Turn on the server.
- Add the server to the domain and reboot.
- Re-team the NICs if necessary.
- Configure load balancing if necessary.
Once you've completed these steps, your new server is ready to go. You can configure it just like any server.
Rather than imaging your Terminal Servers, you can perform unattended installations of the operating system and enable Terminal Services during that installation process. When you perform an unattended installation of Terminal Server, the standard installation file is executed on the server. However, an answer file to the installation prompts is supplied and the installation can complete without user interaction.
Advantages of Unattended Installations
- Unattended installations can be sent to many different types of hardware.
Disadvantages of Unattended Installations
- You must manually install the applications or distribute them via package.
- You must create the unattended installation script.
Unattended installations work well for Windows 2003 servers. However, do your homework before beginning to create your attended installation script.
Unattended installation (technically called "Unattended Setup") uses an answer file to automate the answers to the questions that the Windows setup process normally presents to the user during the installation. This answer file can also contain instructions for configuring operating systems and installing applications. You can distribute this answer file using a network share or by storing it on a custom created installation CD. Most people bundle their answer files together with any custom device drivers that are required for the installation.
The topic of unattended installs could fill an entire book in itself. For the sake of maintaining our focus on Terminal Services, we'll only discuss the modifications required in an unattended answer file to enable Terminal Services.
This configuration determines whether the Application Server (the official name for Terminal Server in application mode) is installed. The default is "Off."
This configuration determines whether Terminal Services connections are allowed. The default setting is "1" which allows connections.
This configuration determines the permissions mode for Terminal Services. A value of "1" causes Terminal Services to be installed in the relaxed security mode, and a value of "0" forces Terminal Services to the new full security mode.