Windows Server 2003: "Inside the Box"
As Microsoft touts Windows Server 2003's reliability and security-minded architecture, Vince Barnes examines what administrators can come to expect in the software giant's latest server OS.
More, better, faster, cheaper...These are the adjectives one expects to see manufacturers use in the descriptions of new products, including operating systems. Microsoft is no exception or are they? "Windows Server 2003 is the fastest, most reliable, most secure Windows Server operating system ever offered by Microsoft," trumpets the company in one of its introductory pieces. This would indicate the firm's focus on reliability and security. Taking a closer look should show us what Microsoft means.
Before reviewing what's in the new OS, it's important to remember what this release is and what it is not. This release is a replacement for the Windows 2000 Server family, which includes the Server, Advanced Server, and Datacenter Server.
However, because of its close cousin, Windows XP, Windows Server 2003 is not entirely new to us. Codenamed Whistler, the new OS was intended to replace the entire Windows 2000 family of workstations and servers. While the workstation systems, in the guises of Windows XP Home and Professional, were released in 2001, the server versions were delayed, in large part due to Microsoft's Trustworthy Computing Initiative (TCI), in which all development was stopped while Microsoft's software engineers looked for security issues in their respective products.
Many of the new features in the 2003 server operating systems are already familiar to us from XP. The time gap between the releases of the workstation and server systems has been used to incorporate the robustness needed for Microsoft to be able to make its "most reliable, most secure" boast.
There are six editions of Windows Server 2003, including Web, Standard, Enterprise, and Datacenter editions for the x86 CPU, and 64-bit Enterprise and Datacenter editions for the Itanium CPU. Windows Server 2003 is the first server operating system to include the .Net Framework as an integrated part of the system. Both versions 1.0 and 1.1 are included in the x86 editions; the 64-bit .Net is not yet ready, however, and as a result is not included in the 64-bit editions at this time.
The Core of the System
The core technologies of the Windows Server 2003 family form the basis of the improved performance, reliability, and security it delivers. The Common Language Runtime (CLR) verifies code before executing it to ensure that the coee runs error free (from the OS point of view not necessarily the user's!). The CLR also monitors memory allocations to clean up memory leakage problems and checks security permissions to ensure that code only performs suitable functions. Thus, the CLR reduces the number of bugs and security holes opened up by programming errors and improves system reliability and performance.
Internet Information Services (IIS) 6.0 is much more security conscious than its predecessor. The default IIS 6.0 installation is configured in a "locked down" state, requiring that administrators open up desired features. In fact, a default installation of Windows Server 2003 doesn't install IIS at all (except for the Web Edition).
In earlier OS versions, IIS was installed by default and had to be removed if it was not needed, such as on a database server. The default install of IIS 6.0 will only serve up static pages and has to be configured to allow dynamic content. Timeouts are also set to aggressive defaults. Authorization and authentication the "who are you?" and "what can you do?" mechanisms are upgraded with the inclusion of .Net Passport support in the Windows Server 2003 authorization framework, enabling the use of these services in the core IIS web server.
IIS 6.0 itself now runs as a low-privileged network services account to help contain security vulnerabilities. Performance has not been forgotten either, with the tuning of many of the underlying service implementations and the addition of support for hardware-based cryptographic service accelerator cards to take the SSL cryptography load off the CPU.
Configuration information for IIS 6.0 is stored in a plain-text XML metabase, as opposed to the proprietary binary file used for IIS 4.0 and 5.0. This metabase can be opened in notepad to make configuration changes such as adding new virtual directories or a new web site (which could be copied from an existing site's configuration). When the changes are saved to disk, the changes are detected, scanned for errors, and applied to the metabase. IIS does not need to be restarted for the changes to take effect.
Additionally, the old metabase file is marked with a version number and automatically saved in a history folder for use in case a rollback or restore is required. All changes made take effect without the need for any restarts. Additionally, there are two new Admin Base Object (ABO) methods that enable export or import of configuration nodes from server to server. A server independent method for backup and restore of the metabase is also available.