| Windows Server 2008 Review | | | | can access their remote applications on the road |
| Windows Server 2008 is the most substantial upgrade | | | | without having to configure a VPN client. This is |
| to the Windows Server product line since Windows | | | | particularly useful because VPN connections are often |
| 2000, with a sweeping set of capabilities and a | | | | blocked at wireless access points, whereas HTTPS |
| reengineered core that will usher in a new era of 64-bit | | | | rarely is. |
| server computing. Like its Windows Vista stable mate, | | | | TS gets a few small but useful changes as well. |
| Windows Server 2008 was in development an | | | | These include TS Easy Print, which makes it easy to |
| achingly long time, and some of its many features | | | | print to local printers from remote sessions, 32-bit color |
| were originally slated for its predecessors, Windows | | | | support in TS sessions; and seamless copy and paste |
| Server 2003 and Windows Server 2003 R2. Unlike | | | | operations between the host OS and remote sessions. |
| Vista, however, this lengthy schedule hasn't proven | | | | Network Access Protection |
| problematic. In fact, it's arguably worked to the | | | | Microsoft first planned to ship simple and easily |
| product's advantage: This is a refined, mature, and | | | | configurable network quarantining functionality in |
| stable operating system that will no doubt power | | | | Windows Server 2003, but it's here at last with |
| server systems of all kinds for years to come. | | | | Network Access Protection (NAP). This feature allows |
| Though Windows Server 2008 utilizes an evolved | | | | you to setup security policies for your network: When |
| version of the Active Directory (AD) infrastructure that | | | | a client system connects, NAP examines the device |
| first debuted in Windows 2000, many of the features | | | | to make sure it meets the requirements of your |
| of this new OS are radical and revolutionary. Key | | | | security policies. Those that do are allowed online. |
| among these major advances are Server Core, which | | | | Those that do not–typically machines that only |
| provides a lightweight version of the server aimed at | | | | connect infrequently to the network, such as those |
| specific workloads, and Hyper-V, Microsoft's | | | | used by travelling employees–are pushed aside into |
| hypervisor-based virtualization technology. (This latter | | | | a quarantined part of the network, where they can be |
| technology is currently available only in beta form; see | | | | updated. How these updates happen depends on the |
| below for details.) As befits a major Windows Server | | | | configuration of your environment, but once that's |
| upgrade, however, Windows Server 2008 also | | | | complete, the system is given full access again and |
| includes a slew of smaller functional advances as well | | | | allowed back on the network. NAP includes |
| as key gains in scalability, reliability, manageability, | | | | remediation failback to Windows Update or Microsoft |
| performance, and security | | | | Update if the local Windows Server Update Services |
| Charting the changes: A look at new Windows Server | | | | server is unavailable, and compatibility with Cisco's |
| 2008 functionality | | | | Network Admission Control (NAC) quarantining |
| Windows Server 2008 is feature-rich upgrade with | | | | technologies. |
| numerous functional advantages over its | | | | Windows Firewall |
| predecessors. Here are some the changes in this | | | | For the first time, Windows Server ships with a firewall |
| release that I feel will have the biggest customer | | | | that is enabled by default. The new Windows Firewall |
| impact. | | | | is bidirectional and works seamlessly with all of the |
| Componentization with a purpose | | | | roles and features you can configure in Windows |
| Microsoft has completely rearchitected Windows | | | | Server 2008. In fact, the Firewall is part of the new |
| Server to be functionally componentized, a major | | | | roles-based management model: As you enable and |
| change that has wide-reaching ramifications. At a high | | | | disable various roles and features, Windows Firewall is |
| level, componentization allows for a more easily | | | | automatically configured in the background so that only |
| serviceable system, both for Microsoft and its | | | | the required ports are opened. This is a major change, |
| customers. It also provides for a more secure and | | | | and one that could hamper compatibility with third party |
| reliable system, because communication and | | | | products, so testing will be crucial. |
| dependencies between individual components is kept | | | | Command line and scripting goodness |
| to a minimum. | | | | Those who prefer to automate their servers will |
| More specifically, componentization enables some of | | | | rejoice at the new command line and scripting |
| Windows Server 2008′s most exciting new | | | | enhancements in Windows Server 2008, though I'm a |
| functionality, such as its image-based deployment | | | | bit concerned by the haphazard and temporary nature |
| facilities, roles-based management, and Server Core. | | | | of some of these changes. In this version of Windows |
| Server Manager | | | | Server, we're seeing the beginning of the transition |
| While previous versions of Windows Server featured | | | | from the old DOS-like command line to the new |
| separate management consoles for all of the various | | | | .NET-based PowerShell environment. For now, |
| roles and features in the OS and, in Windows Server | | | | however, you'll need to have a toe in both |
| 2003, a simple Manage Your Server dashboard, | | | | environments to best take advantage of the new |
| Windows Server 2008 provides the new Server | | | | capabilities. Server Core, for example, does not |
| Manager. This is a true one-stop shop for daily | | | | support PowerShell. |
| management needs and is the only tool that many | | | | One the command line side, we get two major |
| Windows administrators will need to use on a regular | | | | additions: A Server Core management utility called |
| basis. | | | | oclist.exe and a command line version of Server |
| The MMC-based Server Manager provides a user | | | | Manager called servermanagercmd.exe. Both are |
| interface for managing each installed role and feature | | | | designed with the same premise, providing ways to |
| on the system, including Active Directory Domain | | | | configure and manage the roles that are possible |
| Services, Application Server, DHCP Server, DNS | | | | under each environment. |
| Server, File Services, Terminal Services, Web Server, | | | | PowerShell is a complex but technically impressive |
| and many others. It also includes numerous valuable | | | | environment, with support for discoverable .NET-based |
| troubleshooting tools like Event Viewer, Services, and | | | | objects, properties, and methods. It provides all of the |
| Reliability and Performance utilities, configuration tools | | | | power of UNIX command line environments with none |
| like Task Scheduler, Windows Firewall, WMI Control, | | | | of the inconsistencies. The issue, of course, is whether |
| and Device Manager, and the new Windows Server | | | | Windows-based administers will quickly move to this |
| Backup. | | | | new command line interface. Sadly, Windows Server |
| What makes Server Manager even more useful is | | | | 2008 doesn't help matters much: It doesn't ship with |
| that each section of the console's UI gets its own | | | | any PowerShell commandlets–fully contained scripts |
| dedicated home page, each of which includes | | | | that can be executed from the command line–that |
| information pertinent to the role or feature at hand, | | | | can handle common management tasks. Microsoft tells |
| along with links to fix problems, get more information, | | | | me it will ship Windows Server 2008 commandlets on |
| and access other tools. It's a thoughtful, well-designed | | | | its Web site over time, however, and it expects a |
| application, both logical and useful. | | | | healthy community to quickly evolve as well. |
| Server Core | | | | Hyper-V |
| Unlike previous Windows Server versions, most | | | | One of the most important and future-looking |
| Windows Server 2008 product editions can be | | | | technologies in Windows Server 2008 isn't even |
| installed in two modes, the traditional GUI-based server | | | | available in the initial shipping version of the product. |
| we've had since Windows NT 3.1 and a lightweight | | | | Instead, Microsoft is shipping a beta version of its |
| new command line-based environment called Server | | | | Hyper-V virtualization platform with Windows Server |
| Core. In this new installation mode, Microsoft has | | | | 2008 and will update it automatically when the |
| stripped out virtually all the GUI, so there's no shell | | | | technology is finalized sometime after mid-2008. |
| (Start Menu, taskbar, Explorer windows, etc.), and little | | | | Hyper-V is a hypervisor-based virtualization platform |
| in the way of end user applications; such things as | | | | that brings various performance advantages when |
| Windows Media Player, Internet Explorer, and | | | | compared to application-level virtualization platforms |
| Windows Mail are all missing, though a few GUI-based | | | | like Virtual Server. Compared to market leader |
| applications, like Notepad and Task Manager, are still | | | | VMWare, Microsoft's offering is immature and |
| available. For the most part, the only user interface | | | | unproven, but its inclusion in Windows Server 2008 is |
| you'll see in Server Core is a single command line | | | | sure to garner Microsoft some attention and market |
| window floating over an empty blue backdrop. It's the | | | | share. And there are advantages to this bundling: From |
| ultimate anti-demo. | | | | a management perspective, Hyper-V is installed and |
| So what's the point? Server Core is designed to | | | | managed as a role under Windows 2008, just like |
| reduce the attack surface of the server to be as | | | | DHCP, file and print services, and other standard roles. |
| small as possible. As such, a Server Core install is also | | | | That means it's easy to configure, manage, and |
| more limited than that of a standard Windows Server | | | | service. |
| 2008 installation. It supports just nine roles, including AD, | | | | Hyper-V ships only with x64-based versions of the |
| AD LDS, DHCP, DNS, File, Print, Virtualization (Hyper-V), | | | | product and relies on hardware virtualization features |
| Web Server, and WMS, compared to 18 roles in the | | | | that are only available in the latest AMD and Intel |
| full server. | | | | chipsets. It supports both 32-bit and 64-bit guest |
| Because Server Core is still Windows Server 2008, all | | | | operating systems, up to 32 GB of RAM in each guest |
| of the familiar GUI-based management tools will work | | | | OS, and up to 4 CPU cores for each guest OS. |
| just fine remotely against this server. What won't work, | | | | Hyper-V is compatible with virtual machines created |
| in addition to the missing roles, is anything that requires | | | | for Microsoft's earlier virtualization products, like Virtual |
| a true GUI or the .NET Framework. This cancels out | | | | PC and Virtual Server. |
| some key Windows Server 2008 functionality, | | | | Availability and licensing |
| unfortunately, including ASP .NET: Server Core's Web | | | | As with Windows Vista, Windows Server 2008 is |
| Server role is pretty much static only, supporting only | | | | available in several different product editions. These |
| older, non-.NET technologies like ASP. | | | | editions support different hardware platforms (32-bit |
| My expectation is that Server Core will prove hugely | | | | x86, 64-bit x64, and Itanium), some of which include |
| popular as an infrastructure (AD, DNS, DHCP, file, print) | | | | support for the Hyper-V virtualization technologies and |
| server and as a low-cost, low-end Web server. It's a | | | | some that do not. (Note that Hyper-V is only enabled |
| product that should compete well with Linux-based | | | | on x64 versions of Windows Server 2008; Microsoft |
| solutions. | | | | sells versions with and without Hyper-V included.) |
| BitLocker Full-Drive Encryption | | | | Windows Web Server 2008 |
| BitLocker is a full-drive encryption solution that first | | | | Availability: Separate 32-bit (x86) and 64-bit (x64) |
| debuted in Windows Vista as a way to protect data | | | | versions |
| stored on easily lost and stolen executive notebook | | | | Pricing: $469 |
| computers. It requires TPM 1.2-based hardware to | | | | Supported processors: 4 |
| store encryption keys and can be configured via | | | | Supported RAM: 4 GB (x86) or 32 GB (x64) |
| Group Policy. | | | | Notes: Windows Web Server is designed specifically |
| On the server, BitLocker is particularly valuable for | | | | around the Web Server role and cannot be used as |
| machines stored in branch offices, because those | | | | an AD domain controller. (It can, however, be |
| servers are often less well physically protected than | | | | configured as a domain member.) This version does |
| the machines back in the home office. If a thief walks | | | | not include Hyper-V, but does support Server Core |
| off with a BitLocker-protected server, they won't be | | | | installs. |
| able to access any of the data stored on the | | | | Windows Server 2008 Standard, Windows Server |
| system's hard drives. BitLocker also works really well | | | | 2008 Standard without Hyper-V |
| with some of the other technologies discussed here to | | | | Availability: Separate 32-bit (x86), 64-bit (x64), and |
| create a truly secure and useful branch office solution. | | | | 64-bit (x64) without Hyper-V versions |
| (See the RODC section below for an example.) | | | | Pricing: $999 (with five Client Access Licenses, or |
| Read-Only Domain Controller | | | | CALs); $971 without Hyper-V |
| Read-Only Domain Controller (RODC) is new | | | | Supported processors: 4 |
| functionality that allows administrators to optionally | | | | Supported RAM: 4 GB (x86) or 32 GB (x64) |
| configure the AD database as read-only, where only | | | | Notes: Includes one virtual instance per license. |
| locally cached user passwords are stored on the | | | | Windows Server 2008 Enterprise, Windows Server |
| machine and AD replication is unidirectional, rather than | | | | 2008 Enterprise without Hyper-V |
| bidirectional. | | | | Availability: Separate 32-bit (x86), 64-bit (x64), and |
| For more stuff pls visit | | | | 64-bit (x64) without Hyper-V versions |
| So why would you want to do this? Today, many | | | | Pricing: $3,999 (with 25 CALs); $3,971 without Hyper-V |
| organizations are installing servers in branch offices | | | | Supported processors: 8 |
| and other remote locations, and these servers often | | | | Supported RAM: 64 GB (x86) or 2 TB (x64) |
| connect back to the home office using slow or | | | | Notes: Includes four virtual instances per license. Builds |
| unreliable WAN links. That makes AD | | | | on Standard edition and adds Windows Clustering. |
| replication–and even authentication–an arduous | | | | Windows Server 2008 Datacenter, Windows Server |
| and lengthy process. With RODC, the server is | | | | 2008 Datacenter without Hyper-V |
| typically set up and configured in the home office, | | | | Availability: Separate 32-bit (x86), 64-bit (x64), and |
| shipped to the remote location, and then switched on. | | | | 64-bit (x64) without Hyper-V versions |
| From then on, only the user names and passwords of | | | | Pricing: $2,999 per processor; $2,971 per processor |
| users who hit the server locally–and not the | | | | without Hyper-V |
| administrator account–are cached locally on the | | | | Supported processors: 32 (x86) or 64 (x64) |
| server. | | | | Supported RAM: 64 GB (x86) or 2 TB (x64) |
| Like BitLocker, RODC is an excellent solution for | | | | Notes: Includes unlimited virtual instances per license. |
| physically insecure remote servers. Indeed, if you | | | | Builds on Enterprise Edition. |
| combine RODC with other new Windows Server | | | | Windows Server 2008 for Itanium-based Systems |
| 2008 technologies like BitLocker and Server Core, you | | | | Availability: A single 64-bit version designed for Intel |
| can configure the most secure remote server possible. | | | | Itanium-based servers |
| That way, even hackers who gain physical control of | | | | Pricing: $2,999 per processor |
| the server can't take over your network. And | | | | Supported processors: 64 |
| removing the stolen RODC from your AD is as simple | | | | Supported RAM: 64 GB |
| as checking a switch: Only those users who logged on | | | | Notes: This version of Windows Server 2008 does not |
| to that machine will need to change their passwords. | | | | support Hyper-V or Server Core and is designed for |
| You won't have to institute an organization-wide | | | | three discrete usage scenarios: Large databases, |
| emergency, because most users' accounts will not | | | | line-of-business (LOB) applications, and custom |
| have been cached on that machine. | | | | applications. |
| RODC is somewhat limited in that it can only support a | | | | Microsoft Hyper-V Server |
| subset of the roles and functionality normally supported | | | | Availability: A single 64-bit (x64) version |
| on Windows Server 2008. For example, RODC-based | | | | Pricing: $28 (no, that's not a typo) |
| servers can support technologies such as ADFS, | | | | Notes: The new Hyper-V Server is a special version |
| DHCP, DNS, Group Policy (GP), DFS, MOM (Microsoft | | | | of Windows Server 2008 that only supports the |
| Operations Manager), and SMS (System Management | | | | Hyper-V role, providing a near "bare metal" install option |
| Server). | | | | for those who wish to run extensively virtualized |
| | | | | environments. This version of the product won't ship |
| | | | | until Microsoft finalized Hyper-V later in 2008. |
| Internet Information Services 7 | | | | In addition to these products, Microsoft recently |
| The new Web server in Windows Server 2008 is | | | | announced that two new Windows Server |
| driven by a major new update to Internet Information | | | | 2008-based products will debut in the second half of |
| Services (IIS). Like the server itself, IIS 7 is completely | | | | 2008, Windows Small Business Server 2008 and |
| componentized so that only those components | | | | Windows Essential Business Server 2008. |
| needed for the desired configuration are installed and, | | | | Windows Small Business Server 2008, codenamed |
| thus, need to be serviced. It sports a drastically | | | | Cougar, is aimed at businesses with up to 50 PCs. It |
| improved management console, supports xcopy Web | | | | will ship in two versions, one of which includes |
| application deployment and delegated administration, | | | | Windows Server 2008, Exchange Server 2007, |
| and is backed by a new .NET-based configuration | | | | SharePoint Services 3.0, and one-year trial |
| store, which replaces the previous, monolithic, | | | | subscriptions to Forefront Security for Exchange |
| configuration store. | | | | Server Small Business Edition and the new Windows |
| Terminal Services | | | | Live OneCare for Server. A Premium version of the |
| Terminal Services (TS) sees some major changes in | | | | product adds a second copy of Windows Server |
| Windows Server 2008. The new TS RemoteApp | | | | 2008 and SQL Server 2008 Standard Edition and can |
| functionality allows admins to remotely deploy individual | | | | be installed on two servers. |
| applications to desktops, instead of entire PC | | | | Windows Essential Business Server 2008, previously |
| environments, which can be confusing to users. These | | | | codenamed Centro, is a new product aimed at |
| applications download and run on user desktops and, | | | | medium sized businesses with up to 250 desktops. |
| aside from the initial logon dialog box, function and look | | | | This product is installed on three separate servers and |
| almost exactly as they would were they installed | | | | includes Windows Server 2008, Exchange Server |
| locally. This functionality requires the new Remote | | | | 2007, Forefront Security for Exchange Server, |
| Desktop client, which shipped in Windows Vista and | | | | System Center Essentials 2007, and the next version |
| can be downloaded for Windows XP with SP2 and | | | | of Internet Security and Acceleration Server. A |
| above. | | | | Premium edition of the product will also include SQL |
| TS Gateway lets you tunnel TS sessions over | | | | Server 2008. Windows Essential Business Server |
| HTTPS outside the corporate firewall, so that users | | | | requires at least three physical servers. |