IP addresses to hostnames. When dealing with network devices that deal only with IP addresses, this can be extremely useful.
If you’re interested in finding out more about DNS, check out Book 2, Chapter 5, where I cover installing DNS and DHCP. Be sure to also check out Book 2, Chapter 6. In addition, there is a whole section on securing your DNS infrastructure in Book 5, Chapter 7.
Fax Server
The Fax Server role can give a server the ability to act as a fax machine. The server enables users on the network to send and receive fax messages. The server is handling the actual message transmission and requires a fax modem with a connection to a telephone line, as well as a network connection so that it can communicate with your users on the network.
This type of setup is far more efficient than having multiple physical fax machines hanging around the office. The coolest thing about this role is that it can be configured to send faxes to your users by email, and they can send an email or Word document to the server and have it faxed out.
File and Storage Services
The File and Storage Services role has quite a few components that you can install. By default, on a fresh install of Windows Server 2022, the Storage Services component is installed. None of the following components under File and iSCSI Services is installed:
File Server: Manages folder shares and lets users access those shares from the network.
BranchCache for Network Files: A bandwidth optimization technology that caches the contents of servers at your main site with servers at branch sites.
Data Deduplication: Saves disk space by eliminating duplicate data on drives; a single copy is left intact and links are put in place of the file in the other locations.
DFS Namespaces: Allows you to use a logical namespace to access groups of shared folders on different servers, but it appears to be a single folder with multiple subfolders to end users.
DFS Replication: Synchronizes folders across multiple servers.
File Server Resource Manager: Allows you to manage and classify data on your file servers.
File Server VSS Agent Service: Allows you to enable volume shadow copies on your system, which will take backup copies (snapshots) of your files and/or volumes even if something is using them.
iSCSI Target Server: Services and management tools for iSCSI targets. iSCSI allows you to send SCSI commands for storage over regular TCP/IP networks and enables organizations to have a storage area network (SAN) that is not cost prohibitive.
iSCSI Target Storage Provider: Allows applications connected to an iSCSI target to make volume shadow copies of the data on virtual iSCSI disks.
Server for NFS: Allows the server to serve files to Unix and Linux systems that use the NFS protocol.
Work Folders: Synchronizes files across multiple computers.
Host Guardian Service
This role was introduced for the first time in Windows Server 2016. It manages and releases keys for Hyper-V hosts that are considered trusted (known as guarded hosts). This allows the guarded hosts to power on shielded virtual machines (VMs) and perform live migrations. It uses two services to do its work:
Attestation Service: Validates the identity of the hosts that are communicating with it as well as their configuration
Key Protection Service: Gives access to the encrypted transport keys that allows the guarded hosts to work with the shielded VMs
If you want to learn more about shielded VMs, check out Book 7, Chapter 2.
Hyper-V
Installing the Hyper-V role installs a hypervisor on to the Windows Server operating system. On Server Standard edition, you’re limited to two VMs; you can run an unlimited number of VMs on Server Datacenter edition. Datacenter edition also includes the ability to work with shielded VMs.
I cover Hyper-V in great detail in Book 7.
Network Controller
Network Controller is a newer role that was introduced in Windows Server 2016. It’s only available in the Datacenter edition, not the Standard edition. Network Controller allows you to configure, monitor, program, and troubleshoot your physical and virtual network infrastructure. To do this work, it can leverage Windows PowerShell or the Representational State Transfer (REST) application programming interface (API) to communicate with the devices. If your organization wants to begin exploring Software-Defined Networking (SDN), this is a great way to start. Being able to use PowerShell to work with the Network Controller could be very powerful, but the REST API will allow you to build integrations with other products, including those that would not understand PowerShell. The communication is done through HTTP/HTTPS, so you don’t have to worry about opening any uncommon network ports to support REST APIs either.
Network Policy and Access Services
Network Policy and Access Services installs the Network Policy Server (NPS). This provides services like RADIUS and offers authentication, authorization, and accounting (AAA). NPS is very commonly used for authentication of network devices and VPN clients.
Note that you can only install this role on Server with Desktop Experience.
If this sparked your curiosity, check out Book 4, Chapter 3, where I cover the installation and configuration of NPS as a RADIUS server.
Print and Document Services
By installing the Print and Document Services role, you can turn your server into a network print server. This centralizes the management of printing, from working with queues to setting your desired default configurations for network printers. These are commonly things like printing in black and white or printing double-sided.
Remote Access
The Remote Access role allows you to do a few different things. It can provide connectivity to your network with DirectAccess and VPNs, and also offers a web application proxy. At its core, Remote Access is designed to be a VPN solution. Routing and Remote Access Service provides a traditional VPN service to support connectivity to your internal network, while DirectAccess offers end users a more seamless experience with VPN-like functionality. Your users will not have to stop or start their VPN connections; with DirectAccess, they’re connected to your organization when they have a good Internet connection.
