Looking Forward to Longhorn?

With a slew of network security enhancements and a new network stack, Longhorn looks promising. Just don't hold your breath.

By Deann Corum | Posted May 3, 2006
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

By now, who hasn't heard of Windows Server Longhorn and all the wonderful things it is going to be someday?

Windows Server Longhorn is Microsoft's next-generation server platform, now slated for release in 2007. Characteristically, one of the things it most definitely is, is late. Anyone trying to keep up with the in-today/out-tomorrow collage of new features that will be included when it finally hits the shelves most likely has a serious migraine by now.

Allow us then, to either alleviate or add to your misery with this article.

The most notable new features to be included concentrate on enhanced security and performance. New Longhorn features in the queue are "secure-at-install", which is designed to help secure new installations of the operating system by automatically finding and applying security updates, and a "self-healing" filesystem in which the system will fix itself on the fly (e.g., if there is a bad sector on a hard disk). "Self-healing" means Microsoft's defrag and chkdsk tools are always running in the background. In addition, new transactional capabilities in the filesystem and registry will enable administrators to more easily roll back any changes to a known good state in case of an error.

The Windows Communication Foundation (WCF) infrastructure (previously code-named Indigo) and updates to the IIS process model are also on the list. WCF is part of WinFX, Microsoft's new set of APIs, which will be included in both Vista and Longhorn.

Dizzy yet? Grab an Ibuprofen, as we highlight a few other things that will be in the box:

More Key Features

Security

Network Access Protection (NAP) is a new policy enforcement platform in Windows Server Longhorn. Network Access Quarantine Control, currently part of Windows Server 2003, is not the same as Longhorn's NAP. Network Access Quarantine Control provides only added protection for remote access connections. In contrast, NAP provides added protection for virtual private network (VPN) connections, Dynamic Host Configuration Protocol (DHCP) configuration, and Internet Protocol security (IPsec)-based communication.

NAP prevents unpatched devices from accessing the network. When a machine connects to the network, NAP performs a health check to make sure the system has the required security patches, virus signatures, firewall, and so on. If it doesn't, NAP can redirect the device to a quarantined network, where update servers either bring the PC into compliance and allow it onto the network or keep it quarantined.

For more information about Network Access Protection, see the Network Access Protection Web site.

New Windows Firewall

Windows Server Longhorn has the following enhancements compared to the current Windows Firewall:

  • Supports both incoming and outgoing traffic
  • New Microsoft Management Console (MMC) snap-in for graphical user interface configuration
  • Firewall filtering and Internet Protocol security (IPsec) protection settings are integrated
  • Exceptions that can be configured for Active Directory directory service accounts and groups, source and destination IP addresses, IP protocol number, source and destination Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports, all or multiple TCP or UDP ports, specific types of interfaces, Internet Control Message Protocol (ICMP) and ICMP for IPv6 (ICMPv6) traffic by Type and Code, and for services.


Performance and Administration

Next-Generation TCP/IP Stack: Windows Server Longhorn will include a new implementation of the TCP/IP protocol suite known as the Next Generation TCP/IP stack. The Next Generation TCP/IP stack in Windows Server Longhorn is a complete redesign. Unlike Windows Server 2003, which used a "dual stack" architecture where each protocol had its own stack that had to be installed separately, Longhorn's redesigned TCP/IP will share common Transport and Framing layers and have both IPv4 and IPv6 enabled by default, so there is no need to install them separately.

Active Directory, Certificate, and Identity Services: Microsoft plans to rename existing services found in Windows Server and add other enhancements for managing user identity and access to Active Directory in Longhorn. Rights management, identity federation, and certificate services currently found in Windows Server 2003 will be moved into Active Directory. These changes are aimed at giving customers a unified experience for managing identity. Their plan also calls for integration with user-centric privacy controls called InfoCard.

As part of this "unification," Microsoft will rename several services currently in Windows Server and Active Directory to reflect their new streamlined approach to identity management.

  • Active Directory Domain Controller will become Active Directory Domain Services
  • Active Directory Application Mode will become Active Directory Lightweight Directory Services
  • Windows Rights Management Services will become Active Directory Rights Management Services
  • Windows Certificate Services will become Active Directory Certificate Services
  • Identity Integration Feature Pack will become Active Directory Metadirectory Services

WinFS Storage Subsystem: Microsoft had planned to include this in its release of Windows Server Longhorn and Vista in 2006. Those release dates have now slipped to 2007, but Microsoft has promised to deliver add-ons for Windows XP and Windows Server 2003 in 2006.

Finally, the WinFS Storage Subsystem will replace the familiar Windows filesystem. It is also part of Microsoft's new WinFX set of APIs. WinFS is a filesystem with database-like indexing and retrieval capabilities. WinFS aims to make it easier to find and cross-reference information.

How Well Will Longhorn Play with Unix?

One big change will be that Windows Services for UNIX (SFU) will be included in Longhorn rather than being a separate add-on. Longhorn's SFU will supposedly enable a single process to run code both from Windows and Unix libraries. However, this feature, which would dramatically ease integration tasks, is not currently available in SFU. Microsoft is further enhancing its concept of "server roles" in Longhorn and there has been speculation that SFU could be just another "server role" in Longhorn. SFU is not currently shipped with Windows because it contains open source software, including the GNU C compiler, which cannot be distributed with commercial software. Microsoft is working to replace all open source code in SFU with commercially licensed alternatives. Last year it licensed Unix software from SCO.

Virtual Server add-ins to support Linux are now available. Microsoft says it will provide support under current Microsoft support contracts for Linux guest operating systems running on Virtual Server 2005 R2, which is now free. Windows "Hypervisor" will also be included in Windows Server Longhorn when it is released and will no longer be an add-on.


Upgrading to Longhorn: How, and Why?

So what are the supported upgrade paths to Longhorn and why should you bother?

If your organization is in need of the specific capabilities Longhorn will provide, by all means look into an upgrade; however, do not bypass the the "pain vs. gain" evaluation. Adopting a new server operating systems from Microsoft is always slow, as well it should be. Most organizations opt not to migrate for at least two years, either because they're waiting for the kinks to be worked out (a service pack or two later) or researching how painful integration and migration might be in their production environments.

Of course, those still stuck in NT4-land will not be able to upgrade. Whether Windows 2000 data centers will be able to upgrade directly to Windows Server Longhorn is still unclear. What is fairly certain is that Windows 2003 SP1 and Windows 2003 R2 shops will be able to upgrade directly to Longhorn.

However, before doing anything, it is critical to test your initial installation on a network isolated from your production environment. Integrate or upgrade to Longhorn only when you're sure Longhorn's new features will 'play nice' with live servers and applications.

Microsoft will undoubtedly provide many more details about upgrade strategies and paths once Longhorn nears its release.

Article courtesy of ServerWatch

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter