Core Network Guide and Companion Guides Overview


Published: December 12, 2012

Updated: July 12, 2016

Applies To: Windows Server 2012

A core network is a collection of network hardware, devices, and software that provides the fundamental services for your organization's information technology (IT) needs.

A Windows Server core network provides you with many benefits, including the following.

  • Core protocols for network connectivity between computers and other Transmission Control Protocol/Internet Protocol (TCP/IP) compatible devices. TCP/IP is a suite of standard protocols for connecting computers and building networks. TCP/IP is network protocol software provided with Microsoft® Windows® operating systems that implements and supports the TCP/IP protocol suite.

  • Dynamic Host Configuration Protocol (DHCP) server automatic IP addressing. Manual configuration of IP addresses on all computers on your network is time-consuming and less flexible than dynamically providing computers and other devices with IP address leases from a DHCP server.

  • Domain Name System (DNS) name resolution service. DNS allows users, computers, applications, and services to find the IP addresses of computers and devices on the network by using the Fully Qualified Domain Name of the computer or device.

  • A forest, which is one or more Active Directory domains that share the same class and attribute definitions (schema), site and replication information (configuration), and forest-wide search capabilities (global catalog).

  • A forest root domain, which is the first domain created in a new forest. The Enterprise Admins and Schema Admins groups, which are forest-wide administrative groups, are located in the forest root domain. In addition, a forest root domain, as with other domains, is a collection of computer, user, and group objects that are defined by the administrator in Active Directory Domain Services (AD DS). These objects share a common directory database and security policies. They can also share security relationships with other domains if you add domains as your organization grows. The directory service also stores directory data and allows authorized computers, applications, and users to access the data.

  • A user and computer account database. The directory service provides a centralized user accounts database that allows you to create user and computer accounts for people and computers that are authorized to connect to your network and access network resources, such as applications, databases, shared files and folders, and printers.

A core network also allows you to scale your network as your organization grows and IT requirements change. For example, with a core network you can add domains, IP subnets, remote access services, wireless services, and other features and server roles provided by Windows Server® 2012.

The Windows Server 2012 Core Network Guide provides instructions on how to plan and deploy the core components required for a fully functioning network and a new Active Directory® domain in a new forest. Using this guide, you can deploy computers configured with the following Windows server components:

  • The Active Directory Domain Services (AD DS) server role

  • The Domain Name System (DNS) server role

  • The Dynamic Host Configuration Protocol (DHCP) server role

  • The Network Policy Server (NPS) role service of the Network Policy and Access Services server role

  • The Web Server (IIS) server role

  • Transmission Control Protocol/Internet Protocol version 4 (TCP/IP) connections on individual servers

This guide also serves as a foundation for companion guides that show you how to deploy additional technologies in Windows Server 2012.

This guide is available at the following locations.

While the Core Network Guide provides instructions on how to deploy a new Active Directory forest with a new root domain and the supporting networking infrastructure, Companion Guides provide you with the ability to add features to your network. Each companion guide allows you to accomplish a specific goal after you have deployed your core network. In some cases, there are multiple companion guides that, when deployed together and in the correct order, allow you to accomplish very complex goals in a measured, cost-effective, reasonable manner.

If you deployed your Active Directory domain and core network before encountering the Core Network Guide, you can still use the Companion Guides to add features to your network. Simply use the Core Network Guide as a list of prerequisites, and know that to deploy additional features with the Companion Guides, your network must meet the prerequisites that are provided by the Core Network Guide.

This guide explains how to build upon the foundation network by deploying server certificates for computers that are running Network Policy Server (NPS), Routing and Remote Access Service (RRAS), or both. Server certificates are required when you deploy certificate-based authentication methods with Extensible Authentication Protocol (EAP) and Protected EAP (PEAP) for network access authentication. Deploying server certificates with Active Directory Certificate Services (AD CS) for EAP and PEAP certificate-based authentication methods provides the following benefits:

  • Binding the identity of the NPS or RRAS server to a private key

  • A cost-efficient and secure method for automatically enrolling certificates to domain member NPS and RRAS servers

  • An efficient method for managing certificates and certification authorities

  • Security provided by certificate-based authentication

  • The ability to expand the use of certificates for additional purposes

This guide is available at the following locations.

This guide explains how to build upon a core network by providing instructions about how to deploy Institute of Electrical and Electronics Engineers (IEEE) 802.1X-authenticated IEEE 802.11 wireless access using Protected Extensible Authentication Protocol – Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2).

This guide provides instructions about how to deploy a WiFi access infrastructure that uses the following components:

  • One or more 802.1X-capable 802.11 wireless access points (APs)

  • AD DS Users and Computers

  • Group Policy Management.

  • One or more Network Policy Server (NPS) servers

  • Server certificates for computers running NPS.

  • Wireless client computers running Windows® 8, Windows® 7, Windows Vista® or Windows XP with Service Pack

This guide is available at the following locations.

  1. The Windows Server 2012 Core Network Companion Guide Deploying 802.1X Authenticated Wireless Access in Word format in the Microsoft TechNet Gallery.

  2. The Core Network Companion Guide: Deploying Password-based 802.1X Authenticated Wireless Access in HTML format in the Technical Library.

This companion guide explains how to build on the core network by providing instructions for deploying client computer and user certificates with Active Directory Certificate Services (AD CS).

Certificates are used for network access authentication because they provide strong security for authenticating users and computers and they eliminate the need for less secure password-based authentication methods.

When you deploy Extensible Authentication Protocol with Transport Layer Security (EAP-TLS) or Protected EAP with TLS (PEAP-TLS), certificates are required for the authentication of servers, clients, and users during network connection attempts through network access servers such as 802.1X-capable switches and wireless access points and virtual private network (VPN) servers.

This guide is available at the following locations.

This guide builds upon the core network by showing you how to deploy BranchCache in hosted cache mode in your branch offices. This guide shows how to use new BranchCache features for Windows Server 2012 and Windows 8 to deploy your hosted cache server by Service Connection Point, and how to prehash content on your Web and file content servers so that you can preload the content on your hosted cache servers.

This guide is available at the following locations.

This guide explains how to build on the core network by providing instructions for deploying Group Policy Objects (GPOs) by using membership groups instead of the organizational units (OUs) that form the hierarchy of an Active Directory domain.

This guide is available at the following locations.